Docker installation fails - maybe because exposing ports fails

  • Platform information:
    • Hardware: RasPi 4B, 4GB
    • OS: Raspbian GNU/Linux 10 (buster), 5.10.103
    • Java Runtime Environment: zulu11.64.19-ca-jdk11.0.19-linux_aarch32hf
    • openHAB version: 3.4.4
  • Issue of the topic:
    Followed the documentation / OH Docker Hub page
  • Created openhab user and group on host
  • Create the openHAB conf, userdata, and addon directories and chown’ed
  • docker run --name openhab-debug --net=host --cpus=“2” -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro -v /opt/openhab/conf:/openhab/conf -v /opt/openhab/userdata:/openhab/userdata -v /opt/openhab/addons:/openhab/addons -e USER_ID=9001 -e GROUP_ID=9001 -e “CRYPTO_POLICY=unlimited” -e “EXTRA_JAVA_OPTS=-Duser.timezone=Europe/Berlin” openhab/openhab:3.4.4 ./start_debug.sh

Output shows (only) the following errors (several times repeated):
p11-kit: ‘now >= 0’ not true at century_for_two_digit_year
p11-kit: ‘century >= 0 && century <= 9900’ not true at calc_date

…and at the end:
++ echo ./start_debug.sh

  • ‘[’ ./start_debug.sh == ‘gosu openhab tini -s ./start.sh’ ‘]’
  • exec ./start_debug.sh
    Launching the openHAB runtime…

There it sits forever, not returning, no OH console prompt, JVM processes taking up 50% CPU resources continuously.

Directories beneath /opt/openhab get filled after starting docker/OH, but nothing gets written into openhab.log.

Running docker exec -it openhab-debug /openhab/runtime/bin/client in a second session leaves me at nothing (does not show output, echoes input but Ctrl-C, Ctrl-D or logout do nothing).

netstat -na on the host does show NO open port from OH!

Any ideas? How to troubleshoot further, how to get more log / debug info?

Thank you and kind regards,
Carsten

Did you set the uid and gid to 9001? If not, change the environment variables USER_ID and GROUP_ID to match the id of the user/group you created.

Thanks for answering - hoped, that yo will pick up :wink:

From /etc/passwd (host):
openhab:x:9001:9001::/home/openhab:/sbin/nologin

From /etc/group:
openhab:x:9001:

If it’s not a file permission I’m not sure what it could be. You’d get a bind exception in openhab.log and/or docker logs if a port OH needs is taken by another process. Usually when the logs end up empty it’s because of a file permission problem.

You can try to log into the karaf console and see if you can see anything being logged there.

1 Like

Can you tell me what / how to log into the karaf console, please?

It seems I can not get to any prompt indeed the running container.
Also please tell me how to get to the logs I should review then.

You are using --net=host so port 8106 should be open and available. However, you might need to change it to allow connections outside of localhost (see The Console | openHAB). The container will see it’s own IP address as local host even with --net=host.

Then see Logging | openHAB for how to monitor the log.

Set org.apache.karaf.shell:sshHost = 0.0.0.0 in /opt/openhab/conf/services/runtime.cfg.

BUT, as said, it seems NO ports of the docker container get mapped. Here netstat -nat on the host:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:40161 0.0.0.0:* LISTEN
tcp 0 0 192.168.x.y:22 192.168.x.z:47077 ESTABLISHED
tcp 0 0 192.168.x.y:22 192.168.x.z:46788 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN

From the host
ssh pi-user@127.0.0.1 -p 8106 or
ssh pi-user@192.168.x.y -p 8106

shows: ssh: connect to host port 8106: Connection refused

For starting the docker container created files under /opt/openhab on the host, I am not convinced of a (file) permission problem. It seems somehow network related.

Here something from docker inspect:

```yaml "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 15746, "ExitCode": 0, "Error": "", "StartedAt": "2023-07-03T22:18:55.307250264Z", "FinishedAt": "0001-01-01T00:00:00Z", "Health": { "Status": "starting", "FailingStreak": 1, "Log": [ { "Start": "2023-07-04T00:23:55.309542268+02:00", "End": "2023-07-04T00:23:56.803114535+02:00", "ExitCode": 1, "Output": " % Total % Received % Xferd Average Speed Time Time Time Current\n Dload Upload Total Spent Left Speed\n\r 0 0 0 0 0 0 0 0 --:--:-- 17d 04h --:--:-- 0\n**curl: (28) Resolving timed out after 1091229457065 milliseconds**\n" } ] } },

The only thing that I can imagine that would be wrong is a file permission problem. Are you certain that the ownership of the files the container created in the volume match the openhab user you created? Does this user own the folders on the host you are mounting as volumes?

It can’t be because of missmatched java version or a corrupted install. The logs you see from docker logs is showing what I would expect. “Launching the openHAB runtime…” is what gets printed just before it switches over to openhab.log.

1 Like

But file permission seems weird, because subdirectories and empty file bottles (openhab.log) get created with 0 bytes for e.g. openhab.log and prefilled with content like /opt/openhab/userdata/etc/log4j2.xml.

Trying: chmod -r 777 /opt/openhab
No success - same outcome.

OK, went for an apt install openhab package installation (no docker). Result:

# openhab-cli info

awk: cannot open /etc/version.properties (No such file or directory)
awk: cannot open /etc/version.properties (No such file or directory)
Version:      ()

User:        openhab (Active Process 9841)
User Groups: openhab tty dialout audio bluetooth

Directories: Folder Name      | Path                        | User:Group
             -----------      | ----                        | ----------

URLs:        http://192.168.x.y:
                  https://192.168.x.y:

No ports, no directories?!

Yes, indeed - only Karaf Console on IPv6:

Active Internet connections (servers and established)
Proto    Recv-Q    Send-Q    Local Address           Foreign Address         State      
tcp         0             0              0.0.0.0:22                  0.0.0.0:*                      LISTEN     
tcp         0             0              127.0.0.1:36343        0.0.0.0:*                      LISTEN     
tcp         0             208          192.168.x.x:22          192.168.x.z:58709      ESTABLISHED
tcp6       0             0               :::8181                      :::*                               LISTEN     
tcp6       0             0               :::22                          :::*                               LISTEN     
tcp6       0             0               :::8101                      :::*                               LISTEN     
tcp6       0             0               :::5007                      :::*                               LISTEN     
tcp6       0             0               127.0.0.1:42671       :::*                               LISTEN

Think I’m going to reinstall the whole RasPi thing and start all over again.

Well it’s certainly not going to find the file there. With an apt install it should be looking at /var/lib/openhab/etc/version.properties. Something is messed up with your install.

Consider openHABian.

Have openHABian running on my (other) Pi, a model 3, since several months (years?). There are some aspects, why I want my new openHAB 4 and other services running in containers and use MQTT for communication between some services or even openHAB instances (running on different Pis in different security boundaries).

In fact I had openHAB 3.2 running for testing on the Pi4 this thread has been on for approx. 18 months (more or less, can‘t remember when 3.2 went RTM)

But something I did broke this Pi4. There, I agree with you: my fault. Considering the time I spent searching and the time you spent guessing, I feel it‘s a rational and efficient decision to do it over.

Guess what: now it‘s happily running openHAB 4.0 Milestone (guess it‘s M4) in a docker container :slight_smile:

Nice side effect: now running Pi OS 6.x 64bit.

One lesson learned: netstat won‘t display IPv4 ports, which the container opened. Instead these ports will be displayed as tcp6 on the address :::. The rest will be handled by iptables. You can find explanations s on the internet.

So, this is my start into this container thing. Hope going gets easier :wink: