I startes docker-compose up and get error

Ahmad · June 18, 2020, 2:06pm

I couldn’t get where is the problem from log:
maybe this one: if yes, how can solve that:
passbolt_1 | /usr/local/bin/docker-php-entrypoint: 9: exec: /usr/bin/wait-for.sh: Permission denied

error log:
Attaching to passbolt_docker_db_1, passbolt_docker_passbolt_1
db_1 | 2020-06-18 14:04:58+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.3.23+maria~focal started.
passbolt_1 | /usr/local/bin/docker-php-entrypoint: 9: exec: /usr/bin/wait-for.sh: Permission denied
db_1 | 2020-06-18 14:04:58+00:00 [Note] [Entrypoint]: Switching to dedicated user ‘mysql’
db_1 | 2020-06-18 14:04:58+00:00 [Note] [Entrypoint]: Entrypoint script for MySQL Server 1:10.3.23+maria~focal started.
db_1 | 2020-06-18 14:04:58 0 [Note] mysqld (mysqld 10.3.23-MariaDB-1:10.3.23+maria~focal) starting as process 1 …
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Using Linux native AIO
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Uses event mutexes
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Number of pools: 1
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Using SSE2 crc32 instructions
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: Completed initialization of buffer pool
db_1 | 2020-06-18 14:04:58 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: Creating shared tablespace for temporary tables
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: Setting file ‘./ibtmp1’ size to 12 MB. Physically writing the file full; Please wait …
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: File ‘./ibtmp1’ size is now 12 MB.
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: 10.3.23 started; log sequence number 1625565; transaction id 21
db_1 | 2020-06-18 14:04:59 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
db_1 | 2020-06-18 14:04:59 0 [Note] Plugin ‘FEEDBACK’ is disabled.
db_1 | 2020-06-18 14:05:00 0 [Note] Server socket created on IP: ‘::’.
db_1 | 2020-06-18 14:05:00 0 [Warning] ‘proxies_priv’ entry ‘@% root@1f47ec546785’ ignored in --skip-name-resolve mode.
passbolt_docker_passbolt_1 exited with code 126
db_1 | 2020-06-18 14:05:00 0 [Note] InnoDB: Buffer pool(s) load completed at 200618 14:05:00
db_1 | 2020-06-18 14:05:00 0 [Note] Reading of all Master_info entries succeeded
db_1 | 2020-06-18 14:05:00 0 [Note] Added new Master_info ‘’ to hash table
db_1 | 2020-06-18 14:05:00 0 [Note] mysqld: ready for connections.
db_1 | Version: ‘10.3.23-MariaDB-1:10.3.23+maria~focal’ socket: ‘/var/run/mysqld/mysqld.sock’ port: 3306 mariadb.org binary distribution

diego · June 18, 2020, 2:09pm

Hi @Ahmad,

Have you build the docker image yourself or are you using the official docker image from passbolt?

Ahmad · June 18, 2020, 2:24pm

I have the official image! I am using docker-compose.yml

diego · June 18, 2020, 2:29pm

Yeah the permission error on the script is not expected, I have tested it locally and I can’t reproduce with the official image, that is why I was wondering if maybe you have built it yourself.

Could you post the docker-compose you are using? Also are you running your stack on which operating system?

Ahmad · June 18, 2020, 3:18pm

docker-compose-pro.yml

version: ‘3.4’
services:
db:
image: mariadb:10.3
env_file:
- env/mysql.env
volumes:
- database_volume:/var/lib/mysql
ports:
- “127.0.0.1:3306:3306”

passbolt:
image: passbolt/passbolt:latest-pro
#image: passboltlocal
tty: true
depends_on:
- db
env_file:
- env/passbolt.env
volumes:
- gpg_volume:/var/www/passbolt/config/gpg
- images_volume:/var/www/passbolt/webroot/img/public
- ./license:/var/www/passbolt/config/license
- ./scripts/wait-for.sh:/usr/bin/wait-for.sh
- /home/certs:/etc/ssl/certs/
tmpfs:
- /run
command: ["/usr/bin/wait-for.sh", “db:3306”, “–”, “/docker-entrypoint.sh”]
ports:
- 172.16.20.12:80:80
- 172.16.20.12:443:443

volumes:
database_volume:
gpg_volume:
images_volume:
certs:

on CentOS.el7

Ahmad · June 18, 2020, 3:40pm

docker-compose-pro.yml

version: ‘3.4’
services:
db:
image: mariadb:10.3
env_file:

env/mysql.env
volumes:
database_volume:/var/lib/mysql
ports:
“127.0.0.1:3306:3306”

passbolt:
image: passbolt/passbolt:latest-pro
#image: passboltlocal
tty: true
depends_on:

db
env_file:
env/passbolt.env
volumes:
gpg_volume:/var/www/passbolt/config/gpg
images_volume:/var/www/passbolt/webroot/img/public
./license:/var/www/passbolt/config/license
./scripts/wait-for.sh:/usr/bin/wait-for.sh
/home/certs:/etc/ssl/certs/
tmpfs:
/run
command: ["/usr/bin/wait-for.sh", “db:3306”, “–”, “/docker-entrypoint.sh”]
ports:
172.16.20.12:80:80
172.16.20.12:443:443

volumes:
database_volume:
gpg_volume:
images_volume:
certs:

on CentOS.el7

diego · June 18, 2020, 3:41pm

Looks like you are using a volume for the wait-for script. The wait-for script has been included on the image 16 months ago. Check add wait-for.sh to Dockerfile by elisiariocouto · Pull Request #123 · passbolt/passbolt_docker · GitHub
Remove this line:

Ahmad · June 18, 2020, 4:01pm

Great!It passes this one. now I have this

…++++
passbolt_1 | …++++
passbolt_1 | writing new private key to ‘/etc/ssl/certs/certificate.key’
passbolt_1 | req: Can’t open “/etc/ssl/certs/certificate.key” for writing, Permission denied
passbolt_docker_passbolt_1 exited with code 1

diego · June 18, 2020, 4:13pm

Nice,

Looks like the /home/certs directory on the host doesn’t have enough permissions for the container to write the certificate.key

Ahmad · June 18, 2020, 4:23pm

I give full root permission and still the same
drwxrwxrwx. 2 root root 4096 18 jun 15.02 certs

diego · June 18, 2020, 4:27pm

Do you have any certificate.key file inside the certs directory that might have some restrictive permissions?

Ahmad · June 18, 2020, 4:31pm

-rw-r–r--. 1 root root 3562 18 jun 18.30 certificate.crt
-rw-------. 1 root root 1704 18 jun 18.31 certificate.key

diego · June 18, 2020, 4:39pm

I see you have selinux enabled:

Could it be related with that?

Ahmad · June 18, 2020, 4:48pm

I changed to:
drwsrwsrwt. 2 root root 4096 18 jun 18.40 certs
in certs:
-rwxrwxrwx. 1 root root 3562 18 jun 18.30 certificate.crt
-rwxrwxrwx. 1 root root 1704 18 jun 18.31 certificate.key
and still the same:
passbolt_1 | wait-for.sh: db:3306 is available after 1 seconds
passbolt_1 | gpg: key 99E745355330008C: “Passbolt default user ahmad.hashem@netset.com” not changed
passbolt_1 | gpg: Total number processed: 1
passbolt_1 | gpg: unchanged: 1
passbolt_1 | gpg: key 99E745355330008C: “Passbolt default user ahmad.hashem@netset.com” not changed
passbolt_1 | gpg: key 99E745355330008C: secret key imported
passbolt_1 | gpg: Total number processed: 1
passbolt_1 | gpg: unchanged: 1
passbolt_1 | gpg: secret keys read: 1
passbolt_1 | gpg: secret keys unchanged: 1
passbolt_1 | Generating a RSA private key
passbolt_1 | …++++
passbolt_1 | …++++
passbolt_1 | writing new private key to ‘/etc/ssl/certs/certificate.key’
passbolt_1 | req: Can’t open “/etc/ssl/certs/certificate.key” for writing, Permission denied
passbolt_docker_passbolt_1 exited with code 1

diego · June 18, 2020, 4:50pm

Yeah I meant disabling selinux.

You can try with setenforce 0 on the host

Ahmad · June 18, 2020, 4:57pm

woow… You are genius! that was great! it works now
I can now open https://pass.work.com
But i cann’t log in. it doesn’t find me although I have restored the database that have 30 users!

Ahmad · June 18, 2020, 5:02pm

I created a new acoount but all passwords are lost now and all other accounts

remy · June 18, 2020, 5:23pm

@Ahmad it’s unclear, do you still require any help? If yes can you provide more information. Maybe you are not pointing at the right database, etc.

Ahmad · June 18, 2020, 5:29pm

Yes I still need help!

I have restored the database again. when I check that all users are in the database I found them.
then I start docker-compse start
i get this error:
tarting db …
Starting db … error
Starting passbolt … error

ERROR: for db Cannot start service db: driver failed programming external connectivity on endpoint passbolt_docker_db_1 (f834523f9e2c52764efe65c0a3e98b79376d75f5edb6758159eab754d28a6c44): Error starting userland proxy: listen tcp 127.0.0.1:3306: bind: address already in use

systemctl stop mariadb
then start again. it starts but now the database have only one user that I created now.

I need to have the database that i restored!

remy · June 18, 2020, 5:34pm

It seems to me that you have multiple containers with the DB running, e.g. the container you are using in your docker compose cannot bind because there is another one running.

Unfortunately this is not a passbolt issue, but it’s something specific to your configuration / setup, it’s hard to help you as is, but maybe @diego can pitch in.