我尝试在Docker容器中设置Mandos,并因DBUS错误而失败。可以在没有DBU的情况下运行服务器,但是Mandos-CTL和Mandos-Monitor需要DBU才能运行。
我的dockerfile
FROM ubuntu:16.04
RUN locale-gen de_DE.UTF-8
ENV TERM=xterm
RUN apt-get update
&& apt-get install -y mandos
fping
dbus
&& rm -rf /var/lib/apt/lists/*
构建它:docker build -t mandos-server .
如果我托管Mount /var/run/dbus并使用以下方式启动容器 docker run -v /dev/log:/dev/log -v /var/run/dbus:/var/run/dbus -it mandos-server bash并开始mandos --debug我会得到以下错误:
2016-06-16 15:26:30,278 root [11]: DEBUG: Did setuid/setgid to 108:111
2016-06-16 15:26:30,280 root [11]: ERROR: Disabling D-Bus:
Traceback (most recent call last):
File "/usr/sbin/mandos", line 3009, in main
do_not_queue=True)
File "/usr/lib/python2.7/dist-packages/dbus/service.py", line 131, in __new__
retval = bus.request_name(name, name_flags)
File "/usr/lib/python2.7/dist-packages/dbus/bus.py", line 303, in request_name
'su', (name, flags))
File "/usr/lib/python2.7/dist-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
DBusException: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.362" is not allowed to own the service "se.recompile.Mandos" due to security policies in the configuration file
第二次试验:启动容器而不安装DBU docker run -v /dev/log:/dev/log -it mandos-server bash并手工启动DBU: /etc/init.d/dbus start
* Starting system message bus dbus [ OK ]
mandos --debug LEEDS到以下错误:
2016-06-16 15:36:38,338 root [40]: DEBUG: Did setuid/setgid to 108:111
2016-06-16 15:36:38,353 root [40]: WARNING: Could not load persistent state: No such file or directory
2016-06-16 15:36:38,359 root [40]: WARNING: No clients defined
2016-06-16 15:36:38,361 root [40]: INFO: Now listening on address '::', port 39145, flowinfo 0, scope_id 0
2016-06-16 15:36:38,363 dbus.proxies [40]: ERROR: Introspect error on org.freedesktop.Avahi:/: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.Spawn.FileInvalid: Cannot do system-bus activation with no user
2016-06-16 15:36:38,363 dbus.proxies [40]: DEBUG: Executing introspect queue due to error
2016-06-16 15:36:38,363 root [40]: CRITICAL: D-Bus Exception
Traceback (most recent call last):
File "/usr/sbin/mandos", line 3415, in main
service.activate()
File "/usr/sbin/mandos", line 470, in activate
self.server_state_changed(self.server.GetState())
File "/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 70, in __call__
return self._proxy_method(*args, **keywords)
File "/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 145, in __call__
**keywords)
File "/usr/lib/python2.7/dist-packages/dbus/connection.py", line 651, in call_blocking
message, timeout)
DBusException: org.freedesktop.DBus.Error.Spawn.FileInvalid: Cannot do system-bus activation with no user
任何想法是怎么了,也许是解决方案?
该错误消息(在该行上)并未指曼多斯对D-Bus的用法可以由mandos-ctl和mandos-monitor控制 - 它是指曼多斯的使用D-bus与Avahi沟通,以要求Avahi宣布Mandos的Zeroconf服务。您可以避免使用--no-zeroconf选项,或或,您可以确保曼多斯能够与Avahi进行通信从码头容器内部。
docker plex提供以下说明,以解决可比的问题:
安全方法
注意:由于PLEX内部的某些问题,似乎不知道它是Docker子网内部的本地IP地址,从而避免了局部发现的工作。如果您真的想使用此功能,请在下面查看不安全的方法。
avahi守护程序通常用于帮助您的计算机找到服务器提供的服务。
avahi并不内置在此Docker映像中,因为由于Docker的网络限制,Avahi无法传播其消息以在Docker Virtual Network中宣布服务。
如果要启用此功能,则可以按照此步骤(Ubuntu版本)在主机中安装Avahi守护程序:
- 安装avahi-daemon:运行sudo apt-get安装avahi-daemon avahi-utils
- 将文件从avahi/nsswitch.conf复制到/etc/nsswitch.conf
- 从avahi/plex.service复制服务描述文件到/etc/avahi/services/plex.service
- 重新启动Avahi的守护程序:sudo/etc/init.d/avahi-daemon restart
但是为什么您需要在主机上而不是在容器中安装它?因为如果您不这样做,发现消息将无法到达您的计算机。
使用这种方法我会得到什么?:该服务将在网络上宣布,但是您将不得不使用帐户登录以检测服务器。另外,您收到的所有流媒体都将减少,就像您在外部网络中一样。
虽然这可能是正确的Ideai,但在Mandos中找不到足够的相似之处来成功完成该过程。特别是,我在任何安装目录中都没有找到mandos.service(或类似)。我还将注意陈述 The service will be announced on the network, but you will have to login with your account to detect your server.我不清楚这是否对曼多斯致命。
我不知道怎么了...但是我对此帖子的回答被删除了...这是完整的解决方案:
dockerfile:
FROM ubuntu:14.04
RUN apt-get update
&& apt-get install -y supervisor
mandos
fping
rsyslog
dbus
avahi-daemon
avahi-utils
libnss-mdns
&& mkdir -p /var/log/supervisor
&& mkdir -p /var/run/rsyslog
&& mkdir -p /var/run/dbus
&& sed -i.bak s/xconsole/console/g /etc/rsyslog.conf
&& rm -rf /var/lib/apt/lists/*
COPY ./config/mandos.conf /etc/mandos/mandos.conf
COPY ./config/clients.conf /etc/mandos/clients.conf
COPY ./config/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
EXPOSE 55555
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
Substisord配置文件:
[supervisord]
nodaemon=true
#loglevel=debug
[program:rsyslog]
command=/usr/sbin/rsyslogd -n
autostart=true
autorestart=true
redirect_stderr=true
[program:dbus]
command=/bin/sh -c "rm /var/run/dbus/pid || true && dbus-daemon --system --nofork"
priority=1
redirect_stderr=true
[program:avahi-daemon]
command=/usr/sbin/avahi-daemon --no-chroot
[program:mandos]
command=mandos --foreground
mandos.conf和clients.conf文件来自默认的Mandos安装。
希望这对他人有用。