I'm trying to get SteVe OCPP server to run in an Azure Container Instance. But the web application won't connect to the database when running docker-compose up in an Azure ACI context. It runs just fine locally.
Here's the docker compose file:
version: "3.0"
volumes:
db-data:
external: false
services:
db:
image: mariadb:10.4
ports:
- 3306:3306
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
MYSQL_DATABASE: stevedb
MYSQL_USER: steve
MYSQL_PASSWORD: changeme
web:
image: rainmakers/steve:latest
links:
- "db:mariadb"
ports:
- 8180:8180
- 8443:8443
depends_on:
- db
This is the only thing I'm getting in the web service logs:
2021/11/23 13:20:57 Waiting for: tcp://mariadb:3306
2021/11/23 13:20:57 Problem with dial: dial tcp: lookup mariadb on 168.63.129.16:53: no such host. Sleeping 1s
2021/11/23 13:20:58 Problem with dial: dial tcp: lookup mariadb on 168.63.129.16:53: no such host. Sleeping 1s
2021/11/23 13:20:59 Problem with dial: dial tcp: lookup mariadb on 168.63.129.16:53: no such host. Sleeping 1s
2021/11/23 13:21:00 Problem with dial: dial tcp: lookup mariadb on 168.63.129.16:53: no such host. Sleeping 1s
2021/11/23 13:21:01 Problem with dial: dial tcp: lookup mariadb on 168.63.129.16:53: no such host. Sleeping 1s
2021/11/23 13:21:02 Problem with dial: dial tcp: lookup mariadb on 168.63.129.16:53: no such host. Sleeping 1s
2021/11/23 13:21:03 Problem with dial: dial tcp: lookup mariadb on 168.63.129.16:53: no such host. Sleeping 1s
This continues for a minute, before the service terminates.
Any idea how to proceed here?
I geuss you should connect with http://db:3306 instead of mariadb:3306.
By default Docker Compose version 3 uses the service name as hostname of inter-container networking.
Related
I need to run, from docker compose, three containers: a fastapi server, a keycloack server and a postgres database.
This works well if I run the uvicorn command from my local bash instead of from docker-compose service. I also noted that if I run the code from outside docker-compose, I get the authorization option OpenIdConnect (OAuth2, authorization_code) and from docker-compose: OpenIdConnect (OAuth2, authorization_code with PKCE).
My docker-compose.yaml:
version: '3.9'
services:
web:
build: ./foo
command: uvicorn main:app --reload --workers 1 --host 0.0.0.0 --port 8000
volumes:
- ./foo:/usr/src
ports:
- 8000:8000
depends_on:
- db
- kc
environment:
BAR_ENV: local
LOGGER_NAME: local
BAR_DB_LOCAL_USERPASS: bar:bar
BAR_DB_LOCAL_DB_NAME: bar
BAR_DB_LOCAL_HOST: localhost:5438
BAR_HOSTNAME: bar.local
BAR_AUTH_URL: http://auth.bar.local:8087
BAR_FRONT_URL: bar.local:3000
kc:
image: quay.io/keycloak/keycloak-x:latest
command: start-dev --db=postgres --db-url-host=$$DB_HOST --db-url-database=$$DB_DATABASE --db-username=$$DB_USER --db-password=$$DB_PASS --http-port=8087
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
DB_HOST: db
DB_DATABASE: &KC_DB_DB keycloak
DB_USER: &KC_DB_USER keycloak
DB_PASS: &KC_DB_PASS keycloak
domainname: auth.bar.local
ports:
- 8087:8087
depends_on:
- db
volumes:
- ./resources/keycloak-themes:/opt/keycloak/themes/theme
db:
image: postgres:14
environment:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
KC_DB_DB: *KC_DB_DB
KC_DB_USER: *KC_DB_USER
KC_DB_PASS: *KC_DB_PASS
BAR_DB_DB: bar
BAR_DB_USER: bar
BAR_DB_PASS: bar
ports:
- 5438:5432
volumes:
- ./data/pg-data:/var/lib/postgresql/data
- ./resources/init-kc-db.sh:/docker-entrypoint-initdb.d/init-kc-db.sh
- ./resources/init-bar-db.sh:/docker-entrypoint-initdb.d/init-bar-db.sh
I'm able to access http://<realm>.bar.local:8000/docs from the browser and to authenticate on OpenIdConnect (OAuth2, authorization_code with PKCE). It redirects me to keycloak login page and, then, back to swagger. But, if I try one of my endpoints in swagger, for example, /whoami, I get a 500 internal server error.
Logs from web_1 service:
web_1 | keycloak.exceptions.KeycloakConnectionError: Can't connect to server (HTTPConnectionPool(host='auth.bar.local', port=8087): Max retries exceeded with url: /realms/<realm>/protocol/openid-connect/userinfo (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fd38041a6b0>: Failed to establish a new connection: [Errno 111] Connection refused')))
web_1 | {"asctime": "2022-04-26 11:31:54,929", "threadName": "MainThread", "filename": "httptools_impl.py", "lineno": 437, "message": "172.18.0.1:63454 - \"GET /api/v1_0/whoami HTTP/1.1\" 500", "severity": "INFO"}
the error above occurs in my keycloak_auth.py, when it tries to fetch user info from self.kc_clients[org]:
class OpenIdConnectMultipleViaKeycloak(SecurityBase):
def __init__(
self, *, internal_well_known_url: str, server_url: str,
client_template: str, realm_template: str):
self.model = OpenIdConnectModel(
openIdConnectUrl=internal_well_known_url)
self.scheme_name = 'OpenIdConnect'
self.auto_error = True
self.server_url = server_url
self.client_template = client_template
self.realm_template = realm_template
self.kc_clients = {}
async def __call__(self, request: Request) -> Optional[str]:
org = get_org_from_host(request.base_url.hostname)
if org not in self.kc_clients:
self.kc_clients[org] = KeycloakOpenID(
server_url=self.server_url,
client_id=self.client_template.format(org=org),
realm_name=self.realm_template.format(org=org))
authorization: str = request.headers.get("Authorization")
if not authorization:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated")
try:
userinfo = self.kc_clients[org].userinfo(
authorization.replace('Bearer ', ''))
userinfo['keycloak_realm'] = org
except KeycloakGetError as e:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail=str(e))
return userinfo
Inspecting kc_1 service from inside container:
[root#e3e5d33ce08b /]# nmap -O localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2022-04-26 17:01 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000080s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 999 closed ports
PORT STATE SERVICE
8087/tcp open simplifymedia
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.21 seconds
and
root#e3e5d33ce08b /]# netstat -nlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8087 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.11:41567 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:37927 0.0.0.0:* LISTEN -
udp 0 0 127.0.0.11:57222 0.0.0.0:* -
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
Active Bluetooth connections (only servers)
Proto Destination Source State PSM DCID SCID IMTU OMTU Security
Proto Destination Source State Channel
[root#e3e5d33ce08b /]#
Inspecting domain auth.bar.local from web_1 container:
root#0cf70e1cef7f:/usr/src/barz# nmap -p 8087 auth.bar.local
Starting Nmap 7.80 ( https://nmap.org ) at 2022-04-26 17:02 UTC
Nmap scan report for auth.bar.local (127.0.0.1)
Host is up (0.000068s latency).
rDNS record for 127.0.0.1: localhost
PORT STATE SERVICE
8087/tcp closed simplifymedia
Nmap done: 1 IP address (1 host up) scanned in 15.06 seconds
It seems that domainname is reachable from other containers and from outside, but requests made to port 8087 from outside don't work. I've tried to ps aux | grep start-dev and it is running under PID 1. I can even wget it inside kc_1 container and receive a response. I also tried code proposed in https://stackoverflow.com/a/50355857/6328506 , but the behavior did not change.
What am I supposed to do to successfully get http://auth.bar.local:8087/realms/<realm>/protocol/openid-connect/userinfo using docker compose?
Changing localhost for host.docker.internal and adopting solution proposed in https://stackoverflow.com/a/60026589/6328506 for service kc solved the problem. It worth mention that ping/nmap <service_name>, localhost and <network_alias> has different effects.
I'm installing zookeeper on my container.
What I've done is:
root#46966b33c3a1:/opt:> wget https://downloads.apache.org/zookeeper/zookeeper-3.6.2/apache-zookeeper-3.6.2-bin.tar.gz
root#46966b33c3a1:/opt:> tar zxf apache-zookeeper-3.6.2-bin.tar.gz
root#46966b33c3a1:/opt:> cd apache-zookeeper-3.6.2-bin
root#46966b33c3a1:/opt/apache-zookeeper-3.6.2-bin:> cp conf/zoo_sample.cfg conf/zoo.cfg
root#46966b33c3a1:/opt/apache-zookeeper-3.6.2-bin:> vi conf/zoo.cfg
root#46966b33c3a1:/opt/apache-zookeeper-3.6.2-bin:> ./bin/zkServer.sh start
ZooKeeper JMX enabled by default
Using config: /opt/apache-zookeeper-3.6.2-bin/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
zoo.cfg
tickTime=2000
dataDir=/opt/apache-zookeeper-3.6.2-bin/data
clientPort=2181
initLimit=5
syncLimit=2
It looked like zk sever started without a problem.
However, when I try to connect to zk CLI, an error occurs:
2021-02-09 22:59:16,920 [myid:localhost:2181] - INFO [main-SendThread(localhost:2181):ClientCnxn$SendThread#1167] - Opening socket connection to server localhost/127.0.0.1:2181.
2021-02-09 22:59:16,921 [myid:localhost:2181] - INFO [main-SendThread(localhost:2181):ClientCnxn$SendThread#1169] - SASL config status: Will not attempt to authenticate using SASL (unknown error)
JLine support is enabled
2021-02-09 22:59:17,001 [myid:localhost:2181] - WARN [main-SendThread(localhost:2181):ClientCnxn$SendThread#1285] - Session 0x0 for sever localhost/127.0.0.1:2181, Closing socket connection. Attempting reconnect except it is a SessionExpiredException.
java.net.ConnectException: Connection refused
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:717)
at org.apache.zookeeper.ClientCnxnSocketNIO.doTransport(ClientCnxnSocketNIO.java:344)
at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1275)
So, I checked a connection to 2181 port.
root#46966b33c3a1:/opt/apache-zookeeper-3.6.2-bin:> telnet localhost 2181
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Trying ::1...
telnet: connect to address ::1: Network is unreachable
root#46966b33c3a1:/opt/apache-zookeeper-3.6.2-bin:> hostname -i
172.17.0.2
root#46966b33c3a1:/opt/apache-zookeeper-3.6.2-bin:> telnet 172.17.0.2 2181
Trying 172.17.0.2...
telnet: connect to address 172.17.0.2: Connection refused
Connection is refused.
How can I resolve this?
You can use the zookeeper official docker image. You can use docker-compose instead of doing manual zookeeper installation inside a docker.
Here is a sample docker-compose file. You can modify other configs from documentation based on your requirement.
version: '3.9'
services:
zoo1:
image: zookeeper
restart: always
hostname: zoo1
ports:
- 2181:2181
environment:
ZOO_MY_ID: 1
ZOO_SERVERS: server.1=0.0.0.0:2888:3888;2181 server.2=zoo2:2888:3888;2181 server.3=zoo3:2888:3888;2181
ZOO_TICK_TIME: 2000
ZOO_INIT_LIMIT: 5
ZOO_SYNC_LIMIT: 2
zoo2:
image: zookeeper
restart: always
hostname: zoo2
ports:
- 2182:2181
environment:
ZOO_MY_ID: 2
ZOO_SERVERS: server.1=zoo1:2888:3888;2181 server.2=0.0.0.0:2888:3888;2181 server.3=zoo3:2888:3888;2181
ZOO_TICK_TIME: 2000
ZOO_INIT_LIMIT: 5
ZOO_SYNC_LIMIT: 2
zoo3:
image: zookeeper
restart: always
hostname: zoo3
ports:
- 2183:2181
environment:
ZOO_MY_ID: 3
ZOO_SERVERS: server.1=zoo1:2888:3888;2181 server.2=zoo2:2888:3888;2181 server.3=0.0.0.0:2888:3888;2181
ZOO_TICK_TIME: 2000
ZOO_INIT_LIMIT: 5
ZOO_SYNC_LIMIT: 2
Can anyone help me fixing below error. I'm trying to install chaincode on peer via cli. I configured cli container correctly. But somehow Im getting this error..
grpc: addrConn.createTransport failed to connect to {peer0.org1.example.com:7051 0 <nil>}. Err :connection error: desc = “transport: Error while dialing dial tcp: lookup peer0.org1.example.com on 127.0.0.11:53: connection refused
Here is my docker-compose-cli.yaml
You can run into odd DNS resolution issues depending on the configuration of DNS on your host system. The easiest thing to try is to add the dns_search config value to your Compose file:
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
dns_search: .
See https://stackoverflow.com/a/45916717/6160507 as well ... you might need this for all of your services.
solution 1 :
use the command: sudo echo "nameserver 8.8.8.8" and start once again
Solution 2 : check your container logs and see
use the command "docker logs container-id"
Solution 3 :add "dns_serach: ." in docker-compose.yaml file and start
once again as below
**
dns_search: .
**
Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: dial tcp: lookup proxy.example.com on 168.63.129.16:53: no such host
Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: dial tcp: lookup proxy.example.com on 168.63.129.16:53: no such host
Look at your ~/.docker/config.json. Docker registry proxy settings stored there.
More info about using proxy: https://docs.docker.com/network/proxy/
What am I doing wrong?
I'm trying to familiarize myself with Hyperledger. I thought I'd run the Fabric locally and use the Marbles demo. I think the errors below explain why Marbles is unable to access the local Fabric. I deployed Blockchain on Bluemix per the Marbles' instructions and that worked correctly.
I'm following the instructions here:
https://hyperledger-fabric.readthedocs.io/en/latest/Setup/Network-setup/
Running Docker 1.12.5 on Ubuntu (4.4.0-57-generic)
Regardless of whether I run a single peer or multiple, I receive the following errors for each of the peers. It makes no difference whether I remove 7050:7050 from the vp0 peer's published ports. I'm unable to curl what I think should be a REST endpoint on 7050.
vp0_1 | 2017-01-08 04:46:42.723 UTC [committer] initDeliver -> ERRO 129 Cannot dial to 0.0.0.0:7050, because of grpc: timed out when dialing
vp0_1 | 2017-01-08 04:46:42.723 UTC [committer] startDeliver -> ERRO 12a Can't initiate deliver protocol [grpc: timed out when dialing]
vp1_1 | 2017-01-08 04:46:43.443 UTC [committer] initDeliver -> ERRO 12d Cannot dial to 0.0.0.0:7050, because of grpc: timed out when dialing
vp1_1 | 2017-01-08 04:46:43.443 UTC [committer] startDeliver -> ERRO 12e Can't initiate deliver protocol [grpc: timed out when dialing]
Here's the docker-compose.yml that I mangled from the instructions [unfamiliar with docker-compose]:
vp0:
image: hyperledger/fabric-peer
ports:
- "7050:7050"
- "7051:7051"
- "7052:7052"
environment:
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_VM_ENDPOINT=unix:///var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=vp0
command: peer node start
vp1:
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_VM_ENDPOINT=unix:///var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=vp1
- CORE_PEER_DISCOVERY_ROOTNODE=vp0:7051
command: peer node start
links:
- vp0
Running docker-compose up subsequently, the issue appears to no longer occur. The only changes that I'm aware of are:
-- I did some Docker house-keeping, cleaning up old containers/images
-- Time passed
I think your problem is that u don't declare the orderer service
try to add
orderer:
container_name: orderer
image: hyperledger/fabric-orderer:latest
environment:
- ORDERER_GENERAL_LEDGERTYPE=ram
- ORDERER_GENERAL_BATCHTIMEOUT=10s
- ORDERER_GENERAL_BATCHSIZE_MAXMESSAGECOUNT=10
- ORDERER_GENERAL_MAXWINDOWSIZE=1000
- ORDERER_GENERAL_ORDERERTYPE=solo
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_RAMLEDGER_HISTORY_SIZE=100
command: orderer
ports:
- 7050:7050
volumes:
- ./orderer-config.yaml:/etc/hyperledger/fabric/orderer.yaml
networks:
- bridge