InfluxDB on Docker-Compose can't read SSL cert file - docker

I'm having some troubles trying to configure SSL with InfluxDB v1.8 running on Docker Compose.
I followed the official documentation to enable HTTPS with self-signed certificate, but the container crashes with the following error:
run: open server: open service: open "/etc/ssl/influxdb-selfsigned.crt": no such file or directory
It works if I run this configuration using docker run command:
docker run -p 8086:8086 -v $PWD/ssl:/etc/ssl \
-e INFLUXDB_DB=db0 \
-e INFLUXDB_ADMIN_USER=admin \
-e INFLUXDB_ADMIN_PASSWORD=supersecretpassword \
-e INFLUXDB_HTTP_HTTPS_ENABLED=true \
-e INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt" \
-e INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key" \
-d influxdb
My docker-compose.yml is the following:
version: "3"
services:
influxdb:
image: influxdb
ports:
- "8086:8086"
volumes:
- influxdb:/var/lib/influxdb
- ./ssl:/etc/ssl/
environment:
- INFLUXDB_DB=db0
- INFLUXDB_ADMIN_USER=admin
- INFLUXDB_ADMIN_PASSWORD=supersecretpassword
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE="/etc/ssl/influxdb-selfsigned.crt"
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY="/etc/ssl/influxdb-selfsigned.key"
- INFLUXDB_HTTP_AUTH_ENABLED=true
volumes:
influxdb:
If I set INFLUXDB_HTTP_HTTPS_ENABLED to false, I can see that cert and key files are mounted as they should in /etc/ssl in the container ( docker exec -it airq_influxdb_1 ls -la /etc/ssl )
Do you have any idea why this is happening and how to solve it?

The environment variables passed in the docker-compose.yml are strings. You don't need to pass the quotes.
The influx DB is looking for the certificate under "/etc/ssl/influxdb-selfsigned.crt"...literally
Simply remove the quotes and the DB will start:
...
- INFLUXDB_HTTP_HTTPS_ENABLED=true
- INFLUXDB_HTTP_HTTPS_CERTIFICATE=/etc/ssl/influxdb-selfsigned.crt
- INFLUXDB_HTTP_HTTPS_PRIVATE_KEY=/etc/ssl/influxdb-selfsigned.key
...

Related

How to install sonarqube developer edition via Docker?

I’m trying to install Sonarqube Developer Edition server but after installation, in footer page, it shows that it’s the Community Edition that is installed.
Here is my docker command:
docker run -d --name sonarqube --restart=always -p 9000:9000 -e sonar.jdbc.url=<my_jdbc_url> -e sonar.jdbc.username=<my_db_user> -e sonar.jdbc.password=<my_db_password> --network sonarqube_network --volume sonarqube:/opt/sonarqube sonarqube:9.7.1-developer
Thanks for you help !
Can you try:
docker run -d -p 9000:9000 -p 9092:9092 sonarqube:developer
Navigate to http://localhost:9000
Or you may be able pass your variables directly in by running:
docker run -d -e SONAR_TOKEN=<YOUR_TOKEN> -e SONAR_EDITION=developer -p 9000:9000 -p 9092:9092 sonarqube:developer
Maybe I missed something in my script, but otherwise I managed to solve my problem with docker compose
version: "3"
services:
sonarqube:
image: sonarqube:9.7.1-developer
environment:
SONAR_JDBC_URL: <my_jdbc_url>
SONAR_JDBC_USERNAME: <my_db_username>
SONAR_JDBC_PASSWORD: <my_db_password>
volumes:
- sonarqube_data:/opt/sonarqube/data
- sonarqube_extensions:/opt/sonarqube/extensions
- sonarqube_logs:/opt/sonarqube/logs
ports:
- "9000:9000"
volumes:
sonarqube_data:
sonarqube_extensions:
sonarqube_logs:

How to write the good syntax of --user u=in a docker-Compose file

With influxdb2 and telegraf docker container, I want to read some value from a device by modbutcp. For that I use the telegraf modbus plugin.
When I use the telegraf run command
docker run -d --name=telegraf \
-v $(pwd)/telegraf.conf:/etc/telegraf/telegraf.conf \
-v /var/run/docker.sock:/var/run/docker.sock \
--net=influxdb-net \
--user telegraf:$(stat -c '%g' /var/run/docker.sock) \
--env INFLUX_TOKEN=EcoDMFzGnFkeCLsHiyoaTA-m3VXHl_RG7QqYt6Wt7D5Bdq6Bk9BQlmdO2S47OXaOA-wIz2dLu1aebiZCf2JmFQ==\
telegraf
Everything is ok, I get my device values in influxdb dashboard.
Now I want to use a docker-compose.yml file.
I have a problem with the following command part:
--user telegraf:$(stat -c '%g' /var/run/docker.sock)
My yml file
telegraf:
image: telegraf:latest
container_name: telegraf2
volumes:
- ./telegraf/telegraf.conf:/etc/telegraf/telegraf.conf
- /var/run/docker.sock:/var/run/docker.sock
environment:
INFLUX_TOKEN : Lweb-ZjlKzpA6VFSPqNC5CLy86ntIlvGbqMGUvIS1zrA==
user: telegraf$("stat -c '%g' /var/run/docker.sock")
When run the command docker-compose up -d I have an error
Error response from daemon: unable to find user telegraf$("stat -c '%g' /var/run/docker.sock"): no matching entries in passwd file
Can you tell where is my mistake. Why with the first method it's ok and not with the second.

docker-compose environment not the same as Docker -e

I am using docker-compose file and want to add some ENV variables to it, which are not related to redis itself.
redis-master:
environment:
- REDIS_REPLICATION_MODE=master
- ALLOW_EMPTY_PASSWORD=yes
# Domains
- VIRTUAL_HOST=redis-master.xxx.com
- VIRTUAL_PORT=6379
ports:
- '6379:6379'
expose:
- '6379'
image: bitnami/redis:latest
But the problem is that this two ENV were not added to Docker:
VIRTUAL_HOST and VIRTUAL_PORT
If I am doing like
docker run -d -p 6379:6379 --name redis-master -e VIRTUAL_PORT=6379 --expose 6379 -e VIRTUAL_HOST=redis-master.xxx.com bitnami/redis:latest
then I can see this two ENV. Why? What is the difference?
I used your Compose file and I can see the ENVs:
➜ ~ docker-compose up -d
prometherion_redis-master_1 is up-to-date
➜ ~ docker-compose exec redis-master sh
$ env | grep -i virtual
VIRTUAL_HOST=redis-master.xxx.com
VIRTUAL_PORT=6379
If you want to be sure that ENVs are injected: docker inspect <container_id> | jq '.[0].Config.Env' (you need jq installed)

Build from linuxserver\deluge

I'd like to be able to use a Dockerfile with the linuxserver\deluge image but I'm unsure what is the correct way to do this in a docker-compose.yaml file.
docker create \
--name=deluge \
--net=host \
-e PUID=1001 \
-e PGID=1001 \
-e UMASK_SET=<022> \
-e TZ=<timezone> \
-v </path/to/deluge/config>:/config \
-v </path/to/your/downloads>:/downloads \
--restart unless-stopped \
linuxserver/deluge
Can someone help me convert this please so that I can use a Dockerfile
Thanks :)
The following docker-compose.yml file is similar to your command :
version: "3"
services:
deluge:
container_name: deluge
image: linuxserver/deluge
environment:
- PUID=1001
- PGID=1001
- UMASK_SET=<022>
- TZ=<timezone>
volumes:
- </path/to/deluge/config>:/config
- </path/to/your/downloads>:/downloads
restart: unless-stopped
network_mode: host
Documentation is a great place to find the mapping between docker options and docker-compose syntax. Here is a recap of what have been used for this example :
--name => container_name
-e => environment (array of key=value)
-v => volumes (array of volume_or_folder_on_host:/path/inside/container)
--restart <policy> => restart: <policy>
--net=xxxx => network_mode
You can now run docker-compose up to start all your services (only deluge here) instead of your docker run command.

docker-compose SSL error: hostname '192.168.99.100' doesn't match 'localhost'

I'm trying to run docker-compose behind a proxy masked by cntlm. In other words, my proxy settings are simply localhost:3128.
1) First of all, I created a new docker-machine setting the proxy and regenerating the certs:
HOST=10.16.13.232 # IP address of my Mac
PORT=3128 # port cntlm is listening
docker-machine create \
--engine-env HTTP_PROXY=http://$HOST:$PORT \
--engine-env HTTPS_PROXY=http://$HOST:$PORT \
--engine-env NO_PROXY=*.local,169.254/16,localhost,127.0.0.*,10.*,192.168.*,*.example.com \
-d virtualbox \
--virtualbox-memory 2048 \
--virtualbox-disk-size 102400 \
my_new_machine
yes | docker-machine regenerate-certs my_new_machine
2) I set the ENV variables by hitting:
eval $("docker-machine env my_new_machine")
3) And in the current directory I've created my docker-compose.yml containing:
zookeeper:
image: jplock/zookeeper
container_name: zookeeper
ports:
- "2181:2181"
- "2888:2888"
- "3888:3888"
solr1:
image: makuk66/docker-solr:4.10.4
container_name: solr1
ports:
- "8983:8983"
links:
- "zookeeper:ZK"
command: /opt/solr/bin/solr start -f -c -z zookeeper -a "-Dbootstrap_confdir=./solr/collection1/conf -Dcollection.configName=myconf -DnumShards=2"
solr2:
image: makuk66/docker-solr:4.10.4
container_name: solr2
ports:
- "8984:8983"
links:
- "zookeeper:ZK"
command: /opt/solr/bin/solr start -f -c -z zookeeper
4) As final step, I proceed to hit docker-compose up, but I get the following error only if I'm behind my cntlm proxy:
ERROR: SSL error: hostname '192.168.99.100' doesn't match 'localhost'
Instead at home, WITHOUT ANY PROXY, docker-compose works well.
I tried by looking for any solution outside but I was not able to find/understand such solutions.
Any idea?
Thanks in advance :-)
On Linux, if you installed docker compose with pip, uninstall it with:
pip uninstall docker-compose
and try to install it manually. This worked for me:
curl -L https://github.com/docker/compose/releases/download/1.8.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
If you have permission problems then you most probably cannot write to /usr/local/bin/docker-compose. --> Try with "sudo su".
Here the reference: https://docs.docker.com/compose/install/
enjoy! :-)
With the last version of docker (1.11.1) docker-compose works well (also behind proxy)

Resources