search

wazuh / wazuh-docker

Wazuh - Docker containers
https://wazuh.com
Other
710 stars 401 forks source link

Error bringing up contrainers - v4.3.6 #711

Open alphaDev23 opened 2 years ago

alphaDev23 commented 2 years ago

Below is the full log of the issue. This may be an issue with the generation of the certs per the following:

ubuntu@bionic-4:~/wazuh-docker/single-node$ sudo ls -al config/wazuh_indexer_ssl_certs/ total 56 dr-x------ 2 root root 4096 Aug 18 04:57 . drwxrwxr-x 6 ubuntu ubuntu 4096 Aug 18 04:57 .. -r-------- 1 ubuntu ubuntu 1708 Aug 18 05:01 admin-key.pem -r-------- 1 ubuntu ubuntu 1119 Aug 18 05:01 admin.pem -r-------- 1 systemd-resolve systemd-journal 1704 Aug 18 05:01 root-ca-manager.key -r-------- 1 systemd-resolve systemd-journal 1204 Aug 18 05:01 root-ca-manager.pem -r-------- 1 ubuntu ubuntu 1704 Aug 18 05:01 root-ca.key -r-------- 1 ubuntu ubuntu 1204 Aug 18 05:01 root-ca.pem -r-------- 1 ubuntu ubuntu 1704 Aug 18 05:01 wazuh.dashboard-key.pem -r-------- 1 ubuntu ubuntu 1261 Aug 18 05:01 wazuh.dashboard.pem -r-------- 1 ubuntu ubuntu 1704 Aug 18 05:01 wazuh.indexer-key.pem -r-------- 1 ubuntu ubuntu 1257 Aug 18 05:01 wazuh.indexer.pem -r-------- 1 systemd-resolve systemd-journal 1704 Aug 18 05:01 wazuh.manager-key.pem -r-------- 1 systemd-resolve systemd-journal 1257 Aug 18 05:01 wazuh.manager.pem

LOG:

ubuntu@bionic-4:~/wazuh-docker/single-node$ sudo -E docker-compose -f generate-indexer-certs.yml run --rm generator WARNING: Found orphan containers (single-node_wazuh.manager_1, single-node_wazuh.indexer_1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up. Creating single-node_generator_run ... done % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 25130 100 25130 0 0 240k 0 --:--:-- --:--:-- --:--:-- 242k Cert tool exists in Packages bucket 18/08/2022 05:01:01 INFO: Admin certificates created. 18/08/2022 05:01:01 INFO: Wazuh indexer certificates created. 18/08/2022 05:01:01 INFO: Wazuh server certificates created. 18/08/2022 05:01:02 INFO: Wazuh dashboard certificates created. Moving created certificates to destination directory changing certificate permissions Setting UID indexer and dashboard Setting UID for wazuh manager and worker ubuntu@bionic-4:~/wazuh-docker/single-node$ sudo rm -f $(sudo docker ps -aq --filter name=wazuh) ubuntu@bionic-4:~/wazuh-docker/single-node$ sudo -E docker-compose up -d Starting single-node_wazuh.indexer_1 ... Starting single-node_wazuh.manager_1 ... error

ERROR: for single-node_wazuh.manager_1 Cannot start service wazuh.manager: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\"/home/ubuntu/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem\\" to rootfs \\"/var/lib/docker/overlay2/a528354d356d24e101aadbd1009dc40ead9c39cda4966aba9be2b7721d44e283/merged\\" at \\"/var/lib/docker/overlay2/a528354d356d24e101aadbd1009dc40Starting single-node_wazuh.indexer_1 ... error sa)? Check if the specified host path exists and is the expected type

ERROR: for single-node_wazuh.indexer_1 Cannot start service wazuh.indexer: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\"/home/ubuntu/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem\\" to rootfs \\"/var/lib/docker/overlay2/534407e71da0526a40690adeb30eb19bbdb7b35b627ba34608146f2c50e79018/merged\\" at \\"/var/lib/docker/overlay2/534407e71da0526a40690adeb30eb19bbdb7b35b627ba34608146f2c50e79018/merged/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key\\" caused \\"not a directory\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

ERROR: for wazuh.manager Cannot start service wazuh.manager: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\"/home/ubuntu/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager.pem\\" to rootfs \\"/var/lib/docker/overlay2/a528354d356d24e101aadbd1009dc40ead9c39cda4966aba9be2b7721d44e283/merged\\" at \\"/var/lib/docker/overlay2/a528354d356d24e101aadbd1009dc40ead9c39cda4966aba9be2b7721d44e283/merged/etc/ssl/filebeat.pem\\" caused \\"not a directory\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

ERROR: for wazuh.indexer Cannot start service wazuh.indexer: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\"/home/ubuntu/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem\\" to rootfs \\"/var/lib/docker/overlay2/534407e71da0526a40690adeb30eb19bbdb7b35b627ba34608146f2c50e79018/merged\\" at \\"/var/lib/docker/overlay2/534407e71da0526a40690adeb30eb19bbdb7b35b627ba34608146f2c50e79018/merged/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key\\" caused \\"not a directory\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type ERROR: Encountered errors while bringing up the project.

vcerenu commented 2 years ago

Hello @alphaDev23

In the description of the issue, I see that you removed the containers from a previous deployment, but surely the previous volumes are still created.

To be able to deploy from scratch again you also have to delete the created volumes:

docker volume rm $(docker volume ls -q -f name=single-node)

Also if your user is not inside the docker group to be able to use the binary with your user, try not to use the "-E" option for sudo command for deployment.

jedagda commented 2 years ago

Hello @alphaDev23 and @vcerenu, I had this same issue and could resolve it by making some edits to the docker-compose.yml file. Just for context, I am running Docker version 20.10.17 and Docker Compose plugin version v2.6.1.

For some reason, docker-compose is treating the generated key files and YAML configuration files as directories. My solution was to envelop every relative path under volumes with double quotation marks as such: "./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem"

I hope that helps!

alphaDev23 commented 2 years ago

@jedagda Thank you for the suggestion but after adding quotes around the docker volumes that reference individual files, I'm still getting the same issue.

@vcerenu Thank you for your suggestion but it did not work. Has the the docker-compose file been tested and if yes, against which docker and compose versions?

Server Version: 18.06.1-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local local-persist Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog

scglenn commented 1 year ago

I get this issue when attempting to: sudo docker-compose up

Error: Attaching to single-node-wazuh.dashboard-1, single-node-wazuh.indexer-1, single-node-wazuh.manager-1 Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/home/parallels/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin.pem" to rootfs at "/usr/share/wazuh-indexer/config/certs/admin.pem": mount /home/parallels/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

not sure if this is a related issue or what

vcerenu commented 1 year ago

Hello @alphaDev23

Have you tried to start the stack with docker-compose before generating the stack certificates?

In the docker-compose.yaml file are all the certificates mounted in their respective locations, so if they are not generated when starting the stack, directories with the names of the certificates are generated, which is the default action that docker performs when you mount a directory or file and it doesn't exist on the host.

Another problem that can be generated is when the deployment is done from another OS other than linux or docker does not have root permissions. It is necessary that the docker agent have root permissions to be able to mount the generated certificates, which can only be accessed by this user when they are created. Can you tell me with which OS you are running the stack?

alphaDev23 commented 1 year ago

@vcerenu

I'm still receiving the same issue using 4.3.10. The certs are generated prior to bringing up the stack per the readme file. I execute docker-compose using sudo. Here is the issue again with the directory listing of the volume referenced in the compose file. Thoughts?

ubuntu@bionic-4:~/DevOps/wazuh-docker/single-node$ sudo -E docker-compose up -d Starting single-node_wazuh.manager_1 ... Starting single-node_wazuh.manager_1 ... error

ERROR: for single-node_wazuh.manager_1 Cannot start service wazuh.manager: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\"/home/ubuntu/DevOps/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem\\" to rootfs \\"/var/lib/docker/overlay2/8129cd2ff13d6c6dff35feee05c0d05d1f4561d3c28190125d19d089bd9845d9/merged\\" at \\"/var/lib/docker/overlay2/8129cd2ff13d6c6dff35feee05c0d05d1f4561d3c28190125d19d089bd9845d9/merged/etc/ssl/filebeat.key\\" caused \\"not a directory\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type

ERROR: for wazuh.manager Cannot start service wazuh.manager: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\"/home/ubuntu/DevOps/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem\\" to rootfs \\"/var/lib/docker/overlay2/8129cd2ff13d6c6dff35feee05c0d05d1f4561d3c28190125d19d089bd9845d9/merged\\" at \\"/var/lib/docker/overlay2/8129cd2ff13d6c6dff35feee05c0d05d1f4561d3c28190125d19d089bd9845d9/merged/etc/ssl/filebeat.key\\" caused \\"not a directory\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type ERROR: Encountered errors while bringing up the project. ubuntu@bionic-4:~/DevOps/wazuh-docker/single-node$ ls /home/ubuntu/DevOps/wazuh-docker/single-node/config/wazuh_indexer_ssl_certs/ -al total 56 dr-x------ 2 ubuntu ubuntu 4096 Dec 26 19:17 . drwxrwxr-x 6 ubuntu ubuntu 4096 Aug 18 01:50 .. -r-------- 1 ubuntu ubuntu 1704 Dec 26 19:17 admin-key.pem -r-------- 1 ubuntu ubuntu 1119 Dec 26 19:17 admin.pem -r-------- 1 systemd-resolve systemd-journal 1704 Dec 26 19:17 root-ca-manager.key -r-------- 1 systemd-resolve systemd-journal 1204 Dec 26 19:17 root-ca-manager.pem -r-------- 1 ubuntu ubuntu 1704 Dec 26 19:17 root-ca.key -r-------- 1 ubuntu ubuntu 1204 Dec 26 19:17 root-ca.pem -r-------- 1 ubuntu ubuntu 1704 Dec 26 19:17 wazuh.dashboard-key.pem -r-------- 1 ubuntu ubuntu 1261 Dec 26 19:17 wazuh.dashboard.pem -r-------- 1 ubuntu ubuntu 1704 Dec 26 19:17 wazuh.indexer-key.pem -r-------- 1 ubuntu ubuntu 1257 Dec 26 19:17 wazuh.indexer.pem -r-------- 1 systemd-resolve systemd-journal 1704 Dec 26 19:17 wazuh.manager-key.pem -r-------- 1 systemd-resolve systemd-journal 1257 Dec 26 19:17 wazuh.manager.pem

sapentiae commented 1 year ago

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting rlimits for ready process: error setting rlimit type 8: operation not permitted: unknown

levisre commented 1 year ago

The root cause for this error is you probably ran docker compose up on a SELinux-enabled Host OS. I've encountered the same problem and found a solution for it by using :z flag for every volume mount in docker-compose.yaml (More information: Link). And the problem was solved. Will make a PR soon.

Emanlui commented 11 months ago

You can also try to install the correct docker, I had the same issue

https://documentation.wazuh.com/current/deployment-options/docker/docker-installation.html