ejabberd arm64 docker image

[devedse]

Hello, I would like to build an image based on the arm64 version of the ejabberd image. However it seems to be missing on docker hub. Only the Github container registry seems to have the arm64 image.

Could you maybe also create an arm64 image and push this to docker hub?

E.g. with the following command:

docker buildx build -f Dockerfile --platform linux/arm64,linux/amd64 -t ejabberd/ecs:1.0.100 -t ejabberd/ecs:latest --push .

Also, what's the difference between the ejabberd image on github and the ejabberd/ecs image on docker hub?

[badlop]

what's the difference between the ejabberd image on github and the ejabberd/ecs image on docker hub?

The image on docker hub was started in 2016. It's built manually after each release. As it supposedly has many users, it is maintained with the minimal changes required to keep working: existing deployments should not require any change.

The image on github ghcr was started a few months ago. It's built automatically for every commit and release. It attempts to maintain most of the features and benefits of the other image, but adding new features when suitable.

[devedse]

Ah ic, I was asking this for another projects that's making use of ejabberd. I tried doing an inplace upgrade (well just editing the paths) but couldn't get it to work easily.

You think it's possible to also either provide an ARM image on docker hub too? Or is there an easy upgrade guide?

[badlop]

I tried doing an inplace upgrade (well just editing the paths) but couldn't get it to work easily.

Ouch. I tried to get the ghcr image to be as close as possible to the dockerhub one (only the path changing hopefully), but I never actually tried a migration myself...

I'll try it the next days and document here the required steps, for you to test, and finally to publish them.

[devedse]

This was the project I was trying it for: https://github.com/deamos/openstreamingplatform

When I ran ejabberd with the ghcr image it showed me this error:

[badlop]

There are several minor differences, but I think in your case those are the two differences that are hitting your migration:

[1]

In docker hub image, when the container is first created, a random erlang node name is picked, for example ejabberd@09ab40244b96

Nowadays it seems preferable to keep it simple, and have a fixed erland node name. This can be done with the ERLANG_NODE_ARG environment variable, for example https://github.com/processone/docker-ejabberd/tree/master/ecs#clustering-example

There's a PR to use as default a fixed node name ejabberd@localhost: https://github.com/processone/docker-ejabberd/pull/73

However, in the Github image, the erlang node name is already fixed to ejabberd@localhost

This means that, to use the old mnesia spool files, you must force the new ejabberd to use the old erlang node name. In this example, I would add this to docker-compose.yml to ensure the same mnesia database can still be used:

    environment:
      - ERLANG_NODE_ARG=ejabberd@09ab40244b96

[2]

Another difference is that, in the docker hub image, the Mnesia spool files are stored in a random location that depends on the erlang node name: /home/ejabberd/database/ejabberd@09ab40244b96/

In the Github image, the Mnesia spool files are stored in a fixed place: /opt/ejabberd/database/

[badlop]

For testing how to migrate from one image to the other, I create a database dir:

mkdir database
sudo chown 9000:9000 database

And setup a service using the docker image. In your case you didn't setup the hostname in advance, it was picked randomly by docker, and then ejabberd used that to build the erlang node name. Check your server, find the hostname it was used, and set that in the docker-compose of the github container.

version: '3.7'

services:

  docker:
    image: ejabberd/ecs
    container_name: docker
    hostname: 42cdd6244813
    environment:
      - CTL_ON_CREATE=register admin localhost asd
    volumes:
      - ./database:/home/ejabberd/database

  github:
    image: ghcr.io/processone/ejabberd
    container_name: github
    hostname: 42cdd6244813
    environment:
      - ERLANG_NODE_ARG=ejabberd@42cdd6244813
      - CTL_ON_START=registered_users localhost ;
                     status
    volumes:
      - ./database/ejabberd@42cdd6244813:/opt/ejabberd/database

Now I create the first container, so it fills the database path:

sudo docker-compose up docker

...
docker    | 2023-01-03 12:33:48.382819+00:00 [info] ejabberd 0.0.0 is started in the node ejabberd@42cdd6244813 in 4.42s
docker    | :> ejabberdctl register admin localhost asd
docker    | User admin@localhost successfully registered

Stop it, and then start the second container, that reads correctly the database files and starts correctly, and ejabberdctl works correctly too:

sudo docker-compose up github

github    | 2023-01-03 12:51:54.840862+00:00 [info] ejabberd 22.10.0 is started in the node ejabberd@42cdd6244813 in 1.69s
github    | :> ejabberdctl registered_users localhost
github    | admin
github    | :> ejabberdctl status
github    | The node ejabberd@42cdd6244813 is started with status: started
github    | ejabberd 22.10.0 is running in that node

[devedse]

Hmm, that's interesting. For my case though I don't specifically need to "migrate" over the data. So a clean start would be fine too. I think I just tried with new clean paths but if my memory serves me correctly I don't think it worked either.

Any clue on what the problem could be there?

Edit: This is the dockerfile OSP uses for Ejabberd: https://github.com/deamos/openstreamingplatform/blob/master/installs/docker/Ejabberd/Dockerfile

[devedse]

I took another good look through all config files from OpenStreamingPlatform and now managed to get it running again using your new image. I've made a PR for OpenStreamingPlatform with the change from ECS to the new ejabberd image.

I hope it get's accepted.

My PR: https://github.com/deamos/openstreamingplatform/pull/19

[badlop]

When I ran ejabberd with the ghcr image it showed me this error:

I took a chance to look at this problem. First of all, I downloaded the files from https://github.com/deamos/openstreamingplatform/tree/master/installs/docker/Ejabberd and build the image with docker hub 20.04, it worked correctly, of course.

Then I changed in Dockerfile the image to GHCR, and it failed obviously, as some paths have changed. After applying the corresponding changes to paths in the OSP files, now the GHCR image builds and starts correctly. I didn't check all the features, but at least it doesn't crash.

I noticed ejabberd reports several warnings about deprecated options... that's normal, as we jumped from ejabberd 20.04 to 23.01

This is the patch to apply to the OSP directory:

```diff diff --git a/Dockerfile b/Dockerfile index d0d180e..3675df4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ejabberd/ecs:20.04 +FROM ghcr.io/processone/ejabberd:23.01 MAINTAINER David Lockwood # OSP Customized EJABBERD Docker Container @@ -43,15 +43,15 @@ COPY docker-files.d/supervisord.conf /run/supervisord.conf USER ejabberd -RUN mkdir /home/ejabberd/run -COPY docker-files.d/ejabberd.yml /home/ejabberd/run/ejabberd.yml -COPY docker-files.d/auth_osp.py /home/ejabberd/run/auth_osp.py -COPY docker-files.d/inetrc /home/ejabberd/conf/inetrc +RUN mkdir /opt/ejabberd/run +COPY docker-files.d/ejabberd.yml /opt/ejabberd/run/ejabberd.yml +COPY docker-files.d/auth_osp.py /opt/ejabberd/run/auth_osp.py +COPY docker-files.d/inetrc /opt/ejabberd/conf/inetrc EXPOSE 5222 EXPOSE 5280 USER root -VOLUME ["/home/ejabberd/database"] +VOLUME ["/opt/ejabberd/database"] ENTRYPOINT ["/bin/sh","-c", "/run/entrypoint.sh"] diff --git a/docker-files.d/ejabberd.yml b/docker-files.d/ejabberd.yml index 0ffbcf4..027f452 100644 --- a/docker-files.d/ejabberd.yml +++ b/docker-files.d/ejabberd.yml @@ -157,7 +157,7 @@ shaper_rules: auth_use_cache: false auth_password_format: scram -extauth_program: "/usr/bin/python3 /home/ejabberd/conf/auth_osp.py" +extauth_program: "/usr/bin/python3 /opt/ejabberd/conf/auth_osp.py" extauth_instances: 3 host_config: diff --git a/docker-files.d/entrypoint.sh b/docker-files.d/entrypoint.sh index 71b9143..0a14f43 100644 --- a/docker-files.d/entrypoint.sh +++ b/docker-files.d/entrypoint.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash -cp -u -p /home/ejabberd/run/ejabberd.yml /home/ejabberd/conf/ejabberd.yml -cp -u -p /home/ejabberd/run/auth_osp.py /home/ejabberd/conf/auth_osp.py +cp -u -p /opt/ejabberd/run/ejabberd.yml /opt/ejabberd/conf/ejabberd.yml +cp -u -p /opt/ejabberd/run/auth_osp.py /opt/ejabberd/conf/auth_osp.py # Configure ejabberd export EJABBERD_DOMAIN -sed -i "s/CHANGEME/$EJABBERD_DOMAIN/g" /home/ejabberd/conf/ejabberd.yml +sed -i "s/CHANGEME/$EJABBERD_DOMAIN/g" /opt/ejabberd/conf/ejabberd.yml #export EJABBERD_XMLRPC_ALLOWIP #IFS="," read -a XMLRPCARRAY <<< $EJABBERD_XMLRPC_ALLOWIP @@ -13,12 +13,12 @@ sed -i "s/CHANGEME/$EJABBERD_DOMAIN/g" /home/ejabberd/conf/ejabberd.yml #do # XMLRPCSTRING+=" - $i\n" #done -#sed -i "s/ALLOWXMLRPC/$XMLRPCSTRING/g" /home/ejabberd/conf/ejabberd.yml +#sed -i "s/ALLOWXMLRPC/$XMLRPCSTRING/g" /opt/ejabberd/conf/ejabberd.yml export OSP_API_PROTOCOL export OSP_API_DOMAIN export EJABBERD_PASSWORD -chown -R ejabberd:ejabberd /home/ejabberd +chown -R ejabberd:ejabberd /opt/ejabberd supervisord --nodaemon --configuration /run/supervisord.conf diff --git a/docker-files.d/supervisord.conf b/docker-files.d/supervisord.conf index 442136f..f879de8 100644 --- a/docker-files.d/supervisord.conf +++ b/docker-files.d/supervisord.conf @@ -2,18 +2,18 @@ nodaemon=true [program:ejabberdctl] -directory=/home/ejabberd/bin/ +directory=/usr/local/bin/ user=ejabberd group=ejabberd -command=/home/ejabberd/bin/ejabberdctl foreground +command=/usr/local/bin/ejabberdctl foreground stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 [program:ejabberdConfig] -directory=/home/ejabberd/bin/ +directory=/usr/local/bin/ user=ejabberd group=ejabberd autorestart=false -command=bash -c "sleep 30 && exec /home/ejabberd/bin/ejabberdctl register admin localhost %(ENV_EJABBERD_PASSWORD)s" +command=bash -c "sleep 30 && exec /usr/local/bin/ejabberdctl register admin localhost %(ENV_EJABBERD_PASSWORD)s" stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 ```

This is how I built the image and started it:

docker build -t personal/osp2 .
docker run --name ejabberd -it -p 5222:5222 personal/osp2:latest live

And this is the log output:

``` 2023-01-24 12:21:38,855 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. 2023-01-24 12:21:38,857 INFO supervisord started with pid 11 2023-01-24 12:21:39,860 INFO spawned: 'ejabberdConfig' with pid 12 2023-01-24 12:21:39,861 INFO spawned: 'ejabberdctl' with pid 13 2023-01-24 12:21:40.613365+00:00 [info] Loading configuration from /opt/ejabberd/conf/ejabberd.yml 2023-01-24 12:21:40.644768+00:00 [warning] Option 'access_commands' is deprecated and has no effect anymore. Use option 'api_permissions' instead. 2023-01-24 12:21:40.644883+00:00 [warning] Option 'extauth_instances' is deprecated and was automatically replaced by 'extauth_pool_size'. Please adjust your configuration file accordingly. Hint: run `ejabberdctl dump-config` command to view current configuration as it is seen by ejabberd. 2023-01-24 12:21:40.711542+00:00 [warning] It is deprecated defining ejabberd_xmlrpc as a listen module in the ejabberd configuration. Support for that configuration method may be removed in a future ejabberd release. You are encouraged to define ejabberd_xmlrpc inside request_handlers option of ejabberd_http listen module. See the ejabberd documentation for details: https://docs.ejabberd.im/admin/configuration/listen/#ejabberd-xmlrpc 2023-01-24 12:21:40.711896+00:00 [warning] It is deprecated defining ejabberd_xmlrpc as a listen module in the ejabberd configuration. Support for that configuration method may be removed in a future ejabberd release. You are encouraged to define ejabberd_xmlrpc inside request_handlers option of ejabberd_http listen module. See the ejabberd documentation for details: https://docs.ejabberd.im/admin/configuration/listen/#ejabberd-xmlrpc 2023-01-24 12:21:41.085867+00:00 [info] Configuration loaded successfully 2023-01-24 12:21:41,086 INFO success: ejabberdConfig entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2023-01-24 12:21:41,086 INFO success: ejabberdctl entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) 2023-01-24 12:21:41.285232+00:00 [info] Got no NOTIFY_SOCKET, notifications disabled 2023-01-24 12:21:41.297037+00:00 [info] Building language translation cache 2023-01-24 12:21:41.459763+00:00 [info] Creating Mnesia ram table 'ejabberd_commands' 2023-01-24 12:21:41.558569+00:00 [info] Creating Mnesia ram table 'route' 2023-01-24 12:21:41.587920+00:00 [info] Creating Mnesia ram table 'route_multicast' 2023-01-24 12:21:41.630030+00:00 [info] Creating Mnesia ram table 'session' 2023-01-24 12:21:41.661029+00:00 [info] Creating Mnesia ram table 'session_counter' 2023-01-24 12:21:41.703616+00:00 [info] Creating Mnesia ram table 's2s' 2023-01-24 12:21:41.727901+00:00 [info] Creating Mnesia ram table 'temporarily_blocked' 2023-01-24 12:21:41.751027+00:00 [info] Loading modules for localhost and stream.example.com 2023-01-24 12:21:41.751212+00:00 [info] Creating Mnesia ram table 'mod_register_ip' 2023-01-24 12:21:41.778810+00:00 [info] Creating Mnesia disc table 'sr_group' 2023-01-24 12:21:41.797023+00:00 [info] Creating Mnesia disc table 'sr_user' 2023-01-24 12:21:41.829064+00:00 [info] Creating Mnesia disc_only table 'privacy' 2023-01-24 12:21:41.880988+00:00 [warning] Mnesia backend for mod_mam is not recommended: it's limited to 2GB and often gets corrupted when reaching this limit. SQL backend is recommended. Namely, for small servers SQLite is a preferred choice because it's very easy to configure. 2023-01-24 12:21:41.881188+00:00 [info] Creating Mnesia disc_only table 'archive_msg' 2023-01-24 12:21:41.916907+00:00 [info] Creating Mnesia disc_only table 'archive_prefs' 2023-01-24 12:21:42.005998+00:00 [info] Creating Mnesia disc table 'muc_room' 2023-01-24 12:21:42.028125+00:00 [info] Creating Mnesia disc table 'muc_registered' 2023-01-24 12:21:42.045924+00:00 [info] Creating Mnesia ram table 'muc_online_room' 2023-01-24 12:21:42.065756+00:00 [info] Creating Mnesia disc_only table 'vcard' 2023-01-24 12:21:42.097451+00:00 [info] Creating Mnesia disc table 'vcard_search' 2023-01-24 12:21:42.132769+00:00 [info] Creating Mnesia disc_only table 'motd' 2023-01-24 12:21:42.174726+00:00 [info] Creating Mnesia disc_only table 'motd_users' 2023-01-24 12:21:42.253903+00:00 [info] Creating Mnesia ram table 'bosh' 2023-01-24 12:21:42.277921+00:00 [info] Creating Mnesia disc_only table 'push_session' 2023-01-24 12:21:42.306671+00:00 [info] Going to offer STUN/TURN service: 172.17.0.3:3478 (udp) 2023-01-24 12:21:42.306993+00:00 [info] Creating Mnesia disc_only table 'roster' 2023-01-24 12:21:42.343583+00:00 [info] Creating Mnesia disc_only table 'roster_version' 2023-01-24 12:21:42.415347+00:00 [info] Creating Mnesia disc_only table 'last_activity' 2023-01-24 12:21:42.457009+00:00 [info] Creating Mnesia disc_only table 'offline_msg' 2023-01-24 12:21:42.531447+00:00 [info] Creating Mnesia disc_only table 'caps_features' 2023-01-24 12:21:42.552896+00:00 [info] Creating Mnesia ram table 'pubsub_last_item' 2023-01-24 12:21:42.572707+00:00 [info] Creating Mnesia disc table 'pubsub_index' 2023-01-24 12:21:42.609335+00:00 [info] Creating Mnesia disc table 'pubsub_node' 2023-01-24 12:21:42.639152+00:00 [info] Creating Mnesia disc table 'pubsub_state' 2023-01-24 12:21:42.666170+00:00 [info] Creating Mnesia disc_only table 'pubsub_item' 2023-01-24 12:21:42.710297+00:00 [info] Creating Mnesia disc table 'pubsub_orphan' 2023-01-24 12:21:42.753183+00:00 [info] Creating Mnesia disc_only table 'private_storage' 2023-01-24 12:21:42.787391+00:00 [info] Creating Mnesia disc_only table 'mqtt_pub' 2023-01-24 12:21:42.823713+00:00 [info] Creating Mnesia ram table 'mqtt_session' 2023-01-24 12:21:42.853028+00:00 [info] Creating Mnesia ram table 'mqtt_sub' 2023-01-24 12:21:42.886516+00:00 [info] Building MQTT cache for localhost, this may take a while 2023-01-24 12:21:42.897774+00:00 [info] Creating Mnesia ram table 'bytestream' 2023-01-24 12:21:42.928288+00:00 [warning] Mnesia backend for mod_mam is not recommended: it's limited to 2GB and often gets corrupted when reaching this limit. SQL backend is recommended. Namely, for small servers SQLite is a preferred choice because it's very easy to configure. 2023-01-24 12:21:42.929917+00:00 [info] Going to offer STUN/TURN service: 172.17.0.3:3478 (udp) 2023-01-24 12:21:42.931621+00:00 [info] Building MQTT cache for stream.example.com, this may take a while 2023-01-24 12:21:42.938033+00:00 [info] Creating Mnesia disc_only table 'passwd' 2023-01-24 12:21:42.961497+00:00 [info] Creating Mnesia ram table 'reg_users_counter' 2023-01-24 12:21:43.015683+00:00 [info] Creating Mnesia disc_only table 'oauth_token' 2023-01-24 12:21:43.043759+00:00 [info] Creating Mnesia disc table 'oauth_client' 2023-01-24 12:21:43.100802+00:00 [info] Waiting for Mnesia synchronization to complete 2023-01-24 12:21:43.200913+00:00 [warning] No certificate found matching localhost 2023-01-24 12:21:43.201107+00:00 [warning] No certificate found matching stream.example.com 2023-01-24 12:21:43.201267+00:00 [warning] No certificate found matching conference.stream.example.com 2023-01-24 12:21:43.201516+00:00 [warning] No certificate found matching pubsub.stream.example.com 2023-01-24 12:21:43.201734+00:00 [warning] No certificate found matching pubsub.localhost 2023-01-24 12:21:43.201923+00:00 [warning] No certificate found matching conference.localhost 2023-01-24 12:21:43.202163+00:00 [warning] No certificate found matching proxy.stream.example.com 2023-01-24 12:21:43.202347+00:00 [warning] No certificate found matching proxy.localhost 2023-01-24 12:21:43.202483+00:00 [info] ejabberd 23.1.0 is started in the node ejabberd@localhost in 2.70s 2023-01-24 12:21:43.203832+00:00 [info] Start accepting UDP connections at 0.0.0.0:3478 for ejabberd_stun 2023-01-24 12:21:43.203886+00:00 [info] Start accepting TCP connections at 172.17.0.3:7777 for mod_proxy65_stream 2023-01-24 12:21:43.206745+00:00 [info] Requesting new certificate for stream.example.com, conference.stream.example.com and 2 more hosts from https://acme-v02.api.letsencrypt.org/directory 2023-01-24 12:21:43.206760+00:00 [info] Start accepting TCP connections at [::]:5222 for ejabberd_c2s 2023-01-24 12:21:43.206927+00:00 [info] Start accepting TCP connections at [::]:5269 for ejabberd_s2s_in 2023-01-24 12:21:43.207075+00:00 [info] Start accepting TLS connections at [::ffff:127.0.0.1]:5443 for ejabberd_http 2023-01-24 12:21:43.207083+00:00 [info] Start accepting TCP connections at [::]:5280 for ejabberd_http 2023-01-24 12:21:43.207211+00:00 [info] Start accepting TCP connections at [::]:1883 for mod_mqtt 2023-01-24 12:21:43.207224+00:00 [info] Start accepting TCP connections at [::]:4560 for ejabberd_xmlrpc 2023-01-24 12:21:43.207311+00:00 [warning] It is deprecated defining ejabberd_xmlrpc as a listen module in the ejabberd configuration. Support for that configuration method may be removed in a future ejabberd release. You are encouraged to define ejabberd_xmlrpc inside request_handlers option of ejabberd_http listen module. See the ejabberd documentation for details: https://docs.ejabberd.im/admin/configuration/listen/#ejabberd-xmlrpc 2023-01-24 12:21:43.207692+00:00 [info] You have several virtual hosts configured, but option 'auth_realm' is undefined and 'auth_type' is set to 'user', so the TURN relay might not be working properly. Using localhost as a fallback 2023-01-24 12:21:43.372772+00:00 [warning] Description: "Authenticity is not established by certificate path validation" Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing" 2023-01-24 12:21:44.532525+00:00 [error] Failed to request certificate for stream.example.com, conference.stream.example.com and 2 more hosts: ACME server reported: Error creating new order :: Cannot issue for "conference.stream.example.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy (and 3 more problems. Refer to sub-problems for more information.) (error type: rejectedIdentifier) ```

[devedse]

@badlop in my last comment I made it all work too. So it's already included in the PR. Feel free to compare your changes with mine and see if I missed something.

[badlop]

Ah, right! Looking at your accumulated changes, they are almost the same :)

The PR description in https://github.com/deamos/openstreamingplatform/pull/19 mentioned another image, and that confused me.

[badlop]

There's a problem building a container image with Erlang/OTP 25 when using QEMU for arm64: it crashes. This problem appeared when attempting to upgrade Erlang to 25 and building the ejabberd container image for arm64.

It's reported for ejabberd in https://github.com/processone/ejabberd/issues/3983

The problem is either in QEMU or Erlang, and has no short solution.

In case of ejabberd's container images, the workaround for now is to build the container image using the ejabberd binary installers... This got implemented in https://github.com/processone/ejabberd/commit/d15cf994a26d744dc2f9b31980f946fa7203180b

I guess there's no need to adopt this solution, or investigate some other workaround to allow building ecs image for arm64, when there's already a working image for that usercase.