Clair V4 installation errors - docker

Can someone help me setting up clair with a docker image which is relatively same as
git#github.com:Charlie-belmer/Docker-security-example.git
version: '2.1'
services:
postgres:
image: postgres:12
restart: unless-stopped
volumes:
- ./docker-utils/postgres-data/:/var/lib/postgresql/data:rw
environment:
- POSTGRES_PASSWORD=ChangeMe
- POSTGRES_USER=clair
- POSTGRES_DB=clair
clair:
image: quay.io/coreos/clair:v4.3.4
restart: unless-stopped
volumes:
- ./docker-utils/clair-config/:/config/:ro
- ./docker-utils/clair-tmp/:/tmp/:rw
depends_on:
postgres:
condition: service_started
command: [-conf, /config/config.yml]
user: root
clairctl:
image: jgsqware/clairctl:latest
restart: unless-stopped
environment:
- DOCKER_API_VERSION=1.41
volumes:
- ./docker-utils/clairctl-reports/:/reports/:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
clair:
condition: service_started
user: root
error i am getting is
2022/02/25 04:20:33 failed to validate config: indexer mode requires a database connection string
It works perfectly with clair's 2.0.6 (https://github.com/Charlie-belmer/Docker-security-example/blob/master/clair/docker-compose.yml).
How exactly I should find out what is the problem ? Clair's github is useless since they do not provide me a single docker file for my CI/CD. Any help would be appreciated.

Related

Persist nifi data and volume

I want to make my nifi data volume and configuration persist means even if I delete container and docker compose up again I would like to keep what I built so far in my nifi. I try to mount volumes as follows in my docker compose file in volumes section nevertheless it doesn't work and my nifi processors are not saved. How can I do it correctly? Below my docker-compose.yaml file.
version: "3.7"
services:
nifi:
image: koroslak/nifi:latest
container_name: nifi
restart: always
environment:
- NIFI_HOME=/opt/nifi/nifi-current
- NIFI_LOG_DIR=/opt/nifi/nifi-current/logs
- NIFI_PID_DIR=/opt/nifi/nifi-current/run
- NIFI_BASE_DIR=/opt/nifi
- NIFI_WEB_HTTP_PORT=8080
ports:
- 9000:8080
depends_on:
- openldap
volumes:
- ./volume/nifi-current/state:/opt/nifi/nifi-current/state
- ./volume/database/database_repository:/opt/nifi/nifi-current/repositories/database_repository
- ./volume/flow_storage/flowfile_repository:/opt/nifi/nifi-current/repositories/flowfile_repository
- ./volume/nifi-current/content_repository:/opt/nifi/nifi-current/repositories/content_repository
- ./volume/nifi-current/provenance_repository:/opt/nifi/nifi-current/repositories/provenance_repository
- ./volume/log:/opt/nifi/nifi-current/logs
#- ./volume/conf:/opt/nifi/nifi-current/conf
postgres:
image: koroslak/postgres:latest
container_name: postgres
restart: always
environment:
- POSTGRES_PASSWORD=secret123
ports:
- 6000:5432
volumes:
- postgres:/var/lib/postgresql/data
pgadmin:
container_name: pgadmin
image: dpage/pgadmin4:4.18
restart: always
environment:
- PGADMIN_DEFAULT_EMAIL=admin
- PGADMIN_DEFAULT_PASSWORD=admin
ports:
- 8090:80
metabase:
container_name: metabase
image: metabase/metabase:v0.34.2
restart: always
environment:
MB_DB_TYPE: postgres
MB_DB_DBNAME: metabase
MB_DB_PORT: 5432
MB_DB_USER: metabase_admin
MB_DB_PASS: secret123
MB_DB_HOST: postgres
ports:
- 3000:3000
depends_on:
- postgres
openldap:
image: osixia/openldap:1.3.0
container_name: openldap
restart: always
ports:
- 38999:389
# Mocked source systems
jira-api:
image: danielgtaylor/apisprout:latest
container_name: jira-api
restart: always
ports:
- 8000:8000
command: https://raw.githubusercontent.com/mvrabel/nifi-postgres-metabase/master/api_examples/jira-api.json
pipedrive-api:
image: danielgtaylor/apisprout:latest
container_name: pipedrive-api
restart: always
ports:
- 8100:8000
command: https://raw.githubusercontent.com/mvrabel/nifi-postgres-metabase/master/api_examples/pipedrive-api.yaml
restcountries-api:
image: danielgtaylor/apisprout:latest
container_name: restcountries-api
restart: always
ports:
- 8200:8000
command: https://raw.githubusercontent.com/mvrabel/nifi-postgres-metabase/master/api_examples/restcountries-api.json
volumes:
postgres:
nifi:
openldap:
metabase:
pgadmin:
Using Registry you can achieve that all changes you are doing or your nifi are committed to git. I.e. if you change some processor configuration, it will be reflected in your git repo.
As for flow files, you may need to fix volumes mappings.

Invalid docker.compose.yaml file

I am trying to get a couple of containers up and running, however I am running into some issues. I run this command:
docker-compose up -d --build itvdflab
and get this error
The Compose file './docker-compose.yaml' is invalid because:
Unsupported config option for services: 'itvdelab'
Unsupported config option for networks: 'itvdelabnw'
Here is the yaml file.
services:
itvdelab:
image: itversity/itvdelab
hostname: itvdelab
ports:
- "8888:8888"
volumes:
- "./itversity-material:/home/itversity/itversity-material"
- "./data:/data"
environment:
SHELL: /bin/bash
networks:
- itvdelabnw
depends_on:
- "cluster_util_db"
cluster_util_db:
image: postgres:13
ports:
- "6432:5432"
volumes:
- ./cluster_util_db_scripts:/docker-entrypoint-initdb.d
networks:
- itvdelabnw
environment:
POSTGRES_PASSWORD: itversity
itvdflab:
build:
context: .
dockerfile: images/pythonsql/Dockerfile
hostname: itvdflab
ports:
- "8888:8888"
volumes:
- "./itversity-material:/home/itversity/itversity-material"
- "./data:/data"
environment:
SHELL: /bin/bash
networks:
- itvdelabnw
depends_on:
- "pg.itversity.com"
pg.itversity.com:
image: postgres:13
ports:
- "5432:5432"
networks:
- itvdelabnw
environment:
POSTGRES_PASSWORD: itversity
networks:
itvdelabnw:
name: itvdelabnw
What changes do I need to make to get this working?
Your docker-compose.yml file is missing a version: line. Until very recently, this caused Docker Compose to interpret this as the original "version 1" Compose format, which doesn't have a top-level services: key and doesn't support Docker networks. The much newer Compose Specification claims that a version: key is optional, but in practice if you can't be guaranteed to use a very new version of Compose (built as a plugin to the docker binary) it's required. The most recent Compose file versions supported by the standalone Python docker-compose tool are 3.8 and 2.4 (you need the 2.x version for some resource-related constraints in non-Swarm installations).
# Add at the very beginning
version: '3.8'
Here is the revised copy:
version: '3.4'
services:
itvdelab:
image: itversity/itvdelab
hostname: itvdelab
ports:
- "8888:8888"
volumes:
- "./itversity-material:/home/itversity/itversity-material"
- "./data:/data"
environment:
SHELL: /bin/bash
networks:
- itvdelabnw
depends_on:
- "cluster_util_db"
cluster_util_db:
image: postgres:13
ports:
- "6432:5432"
volumes:
- ./cluster_util_db_scripts:/docker-entrypoint-initdb.d
networks:
- itvdelabnw
environment:
POSTGRES_PASSWORD: itversity
itvdflab:
build:
context: .
dockerfile: images/pythonsql/Dockerfile
hostname: itvdflab
ports:
- "8888:8888"
volumes:
- "./itversity-material:/home/itversity/itversity-material"
- "./data:/data"
environment:
SHELL: /bin/bash
networks:
- itvdelabnw
depends_on:
- "pg.itversity.com"
pg.itversity.com:
image: postgres:13
ports:
- "5432:5432"
networks:
- itvdelabnw
environment:
POSTGRES_PASSWORD: itversity
networks:
itvdelabnw:
name: itvdelabnw
and now I get the following error
ERROR: The Compose file './docker-compose.yaml' is invalid because:
services.pg.itversity.com.networks.itvdelabnw contains unsupported option: 'name'
for me work try different version. In my case work
version: '2.2'

Docker compose unsupported config option

I'm trying to setup a docker to run mysql Mosquitto and node red but keep getting the unsupported config option errors..
Services:
mysql:
image: mysql
container_name: mysql
restart: always
ports:
- “6603:3306”
Environment:
MYSQL_ROOT_PASSWORD: “abcd1234”
volumes:
- mysql-data
node-red:
image: nodered/node-red:latest
restart: always
container_name: nodered
environment:
-TZ=Europe/London
depends_on:
- mysql
ports:
- “1880:1880”
links:
- mysql:mysql
- mosquitto:mosquitto
volumes:
- node-red-data
mosquitto:
image: eclipse-mosquitto
hostname: mosquitto
container_name: mosquitto
restart: always
ports:
- "1883:1883"
volumes:
mysql-data:
node-red-data:
Any thoughts on why im getting these errors?
Unsupported config option for Services: 'mosquitto'
Unsupported config option for volumes: 'mysql-data'

docker-compose: zipkin cannot connect to elasticsearch

I try to setup zipkin, elasticsearch, prometheus and grafana with docker-compose.yml
When I run dockers, see in the log:
dependencies_zipkin | 19/09/30 14:37:09 ERROR NetworkClient: Node [172.28.0.2:9200] failed (java.net.ConnectException: Connection refused (Connection refused)); no other nodes left - aborting...
I'm on MacOS X with docker 2.1.0.3
the content of my docker-compose.yml is this one:
version: '3.7'
services:
storage:
image: openzipkin/zipkin-elasticsearch7
container_name: elasticsearch
ports:
- "9200:9200"
environment:
- "xpack.security.enabled=false"
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
restart: unless-stopped
prometheus:
image: prom/prometheus:latest
container_name: prometheus
volumes:
- $PWD/prometheus:/etc/prometheus/
- /tmp/prometheus:/prometheus/data:rw
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
ports:
- "9090:9090"
restart: unless-stopped
zipkin:
image: openzipkin/zipkin
container_name: zipkin
depends_on:
- dependencies
- storage
environment:
- "STORAGE_TYPE=elasticsearch"
- "ES_HOSTS=storage"
ports:
- "9411:9411"
restart: unless-stopped
grafana:
image: grafana/grafana
container_name: grafana
ports:
- "3000:3000"
restart: unless-stopped
dependencies:
image: openzipkin/zipkin-dependencies
container_name: dependencies_zipkin
depends_on:
- storage
environment:
- "STORAGE_TYPE=elasticsearch"
- "ES_HOSTS=storage"
When I connect to localhost:9200, I see that elasticsearch is working fine and on port 9411, zipkin is deployed but I have the error:
ERROR: cannot load service names: server error (Service Unavailable)(due to the network error
In the log, I have this information:
105 ^[[35mdependencies_zipkin |^[[0m 19/09/30 14:45:20 ERROR NetworkClient: Node [172.28.0.2:9200] failed (java.net.ConnectException: Connection refused (Connection refused)); no other nodes left - aborting...
and this one
^[[31mzipkin |^[[0m java.lang.IllegalStateException: couldn't connect any of [Endpoint{storage:80, ipAddr=172.28.0.2, weight=1000}]
Any idea?
UPDATE
by using mysql it is working fine, so the problem is at the level of elastic search.
I tried alsoo by using
"STORAGE_PORT_9200_TCP_ADDR=127.0.0.1"
but the issue still occurs.
UPDATE
As mention is the solution gave by Brian, I have to use:
ES_HOSTS=http://storage:9300
the key is on port, I was using the port 9200
The error disappear between zipkin and es but still occurs between es and zipkin-dependencies.
The problem lies in your ES_HOSTS variable, from the docs here:
ES_HOSTS: A comma separated list of elasticsearch base urls to connect to ex. http://host:9200.
Defaults to "http://localhost:9200".
So you will need: ES_HOSTS=http://storage:9200
Finally I have this file:
version: '3.7'
services:
storage:
image: openzipkin/zipkin-elasticsearch7
container_name: elasticsearch
ports:
- 9200:9200
zipkin:
image: openzipkin/zipkin
container_name: zipkin
environment:
- STORAGE_TYPE=elasticsearch
- "ES_HOSTS=elasticsearch:9300"
ports:
- 9411:9411
depends_on:
- storage
dependencies:
image: openzipkin/zipkin-dependencies
container_name: dependencies
entrypoint: crond -f
depends_on:
- storage
environment:
- STORAGE_TYPE=elasticsearch
- "ES_HOSTS=elasticsearch:9300"
- "ES_NODES_WAN_ONLY=true"
prometheus:
image: prom/prometheus:latest
container_name: prometheus
volumes:
- $PWD/prometheus:/etc/prometheus/
- /tmp/prometheus:/prometheus/data:rw
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/usr/share/prometheus/console_libraries'
- '--web.console.templates=/usr/share/prometheus/consoles'
ports:
- "9090:9090"
grafana:
image: grafana/grafana
container_name: grafana
depends_on:
- prometheus
ports:
- "3000:3000"
Main differences are the usage of
"ES_HOSTS=elasticsearch:9300"
instead of
"ES_HOSTS=storage:9300"
and in the dependencies configuration I add the entrypoint in dependencies:
entrypoint: crond -f
This one is really the key to not have the exception when I start docker-compose.
To solve this issue, I check the this project: https://github.com/openzipkin/docker-zipkin
The remaining question is: why do I need to use entrypoint: crond -f

ERROR: In file './docker-compose.yml', service name True must be a quoted string, i.e. 'True'

My docker-compose.yml looks like the below. When i run docker-compose up I get the below error.
ERROR: In file './docker-compose.yml', the service name True must be a quoted string, i.e. 'True'.
version: '3'
services:
db:
restart: always
image: postgres:9.6-alpine
container_name: pleroma_postgres
networks:
- pleroma
volumes:
- ./postgres:/var/lib/postgresql/data
web:
build: .
image: pleroma
container_name: pleroma_web
restart: always
environment:
- VIRTUAL_HOST=<myplaceholderhost>
- VIRTUAL_PORT=4000
- LETSENCRYPT_HOST=<myplaceholderhost>
- LETENCRYPT_EMAIL=<myplaceholderemail>
expose:
- "4000"
volumes:
- ./uploads:/pleroma/uploads
depends_on:
- db
nginx:
image: jwilder/nginx-proxy
container_name: nginx
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker-articles/nginx/certs:/etc/nginx/certs:ro
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
restart: always
ports:
- "80:80"
- "443:443"
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
networks:
- pleroma
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion:v1.5
container_name: letsencrypt
volumes_from:
- nginx
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker/articles/nginx/certs:/etc/nginx/certs:rw
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
networks:
pleroma:
My docker version is
Docker version 18.06.1-ce, build e68fc7a
My docker compose version is
docker-compose version 1.23.1, build b02f1306
Running CoreOS version 1911.3.0
I ended up resolving this issue by modifying the nginx and letsencrypt portions of my docker-compose.yml file to be as follows.
nginx:
image: jwilder/nginx-proxy
container_name: nginx
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker-articles/nginx/certs:/etc/nginx/certs:ro
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
restart: always
ports:
- "80:80"
- "443:443"
labels:
- "NGINX_PROXY_CONTAINER=true"
networks:
- pleroma
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion:v1.5
container_name: letsencrypt
environment:
- NGINX_PROXY_CONTAINER=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker/articles/nginx/certs:/etc/nginx/certs:rw
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
It seems "volumes_from" is deprecated in docker-compose v3. As well as I had forgotted quotes around my label and needed to set my environment within letsencrypt.
in CentOS env your .yml file directory must be /usr/local/bin

Resources