Re: Docker TLS for PGAdmin

Hi Aditya thanks for your help I have given a+rwx to that dir. The container status is now up however I am not getting a pgadmin login screen on my browser when I navigate to publicip:443

Is there a critical connection flaw in the logs below that stops this?

Thanks again :)

WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
NOTE: Configuring authentication for SERVER mode.

WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
Added 1 Server Group(s) and 1 Server(s).
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
[2020-06-26 09:28:34 +0000] [1] [INFO] Starting gunicorn 19.9.0
[2020-06-26 09:28:34 +0000] [1] [INFO] Listening at: http://[::]:443 (1)
[2020-06-26 09:28:34 +0000] [1] [INFO] Using worker: threads
/usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
return io.open(fd, *args, **kwargs)
[2020-06-26 09:28:34 +0000] [91] [INFO] Booting worker with pid: 91

> On 26 Jun 2020, at 09:39, Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>
> Hi Omar,
>
> The logs say there's insufficient permission given to the mapped volume - /private/var/lib/pgadmin. Please go through - https://www.pgadmin.org/docs/pgadmin4/4.23/container_deployment.html#mapped-files-and-directories once and make sure the requirements are satisfied.
>
>> On Fri, Jun 26, 2020 at 1:55 PM Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>> Hi Aditya
>>
>> Please find the lovs below thanks :)
>>
>>
>>
>> ubuntu(at)my-ip:~$ docker logs tender_goodall
>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>> Traceback (most recent call last):
>> File "run_pgadmin.py", line 4, in <module>
>> from pgAdmin4 import app
>> File "/pgadmin4/pgAdmin4.py", line 92, in <module>
>> app = create_app()
>> File "/pgadmin4/pgadmin/__init__.py", line 241, in create_app
>> create_app_data_directory(config)
>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 40, in create_app_data_directory
>> _create_directory_if_not_exists(config.SESSION_DB_PATH)
>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 16, in _create_directory_if_not_exists
>> os.mkdir(_path)
>> PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>> Traceback (most recent call last):
>> File "/pgadmin4/setup.py", line 407, in <module>
>> load_servers(args)
>> File "/pgadmin4/setup.py", line 167, in load_servers
>> app = create_app()
>> File "/pgadmin4/pgadmin/__init__.py", line 241, in create_app
>> create_app_data_directory(config)
>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 40, in create_app_data_directory
>> _create_directory_if_not_exists(config.SESSION_DB_PATH)
>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 16, in _create_directory_if_not_exists
>> os.mkdir(_path)
>> PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
>> sudo: setrlimit(RLIMIT_CORE): Operation not permitted
>> [2020-06-26 08:21:48 +0000] [1] [INFO] Starting gunicorn 19.9.0
>> [2020-06-26 08:21:48 +0000] [1] [INFO] Listening at: http://[::]:443 (1)
>> [2020-06-26 08:21:48 +0000] [1] [INFO] Using worker: threads
>> /usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
>> return io.open(fd, *args, **kwargs)
>> [2020-06-26 08:21:48 +0000] [91] [INFO] Booting worker with pid: 91
>> [2020-06-26 08:21:49 +0000] [91] [ERROR] Exception in worker process
>> Traceback (most recent call last):
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 583, in spawn_worker
>> worker.init_process()
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/gthread.py", line 104, in init_process
>> super(ThreadWorker, self).init_process()
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 129, in init_process
>> self.load_wsgi()
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 138, in load_wsgi
>> self.wsgi = self.app.wsgi()
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/app/base.py", line 67, in wsgi
>> self.callable = self.load()
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 52, in load
>> return self.load_wsgiapp()
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 41, in load_wsgiapp
>> return util.import_app(self.app_uri)
>> File "/usr/local/lib/python3.8/site-packages/gunicorn/util.py", line 350, in import_app
>> __import__(module)
>> File "/pgadmin4/run_pgadmin.py", line 4, in <module>
>> from pgAdmin4 import app
>> File "/pgadmin4/pgAdmin4.py", line 92, in <module>
>> app = create_app()
>> File "/pgadmin4/pgadmin/__init__.py", line 241, in create_app
>> create_app_data_directory(config)
>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 40, in create_app_data_directory
>> _create_directory_if_not_exists(config.SESSION_DB_PATH)
>> File "/pgadmin4/pgadmin/setup/data_directory.py", line 16, in _create_directory_if_not_exists
>> os.mkdir(_path)
>> PermissionError: [Errno 13] Permission denied: '/var/lib/pgadmin/sessions'
>> [2020-06-26 08:21:49 +0000] [91] [INFO] Worker exiting (pid: 91)
>> WARNING: Failed to set ACL on the directory containing the configuration database: [Errno 1] Operation not permitted: '/var/lib/pgadmin'
>> /usr/local/lib/python3.8/os.py:1023: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
>> return io.open(fd, *args, **kwargs)
>> [2020-06-26 08:21:49 +0000] [1] [INFO] Shutting down: Master
>> [2020-06-26 08:21:49 +0000] [1] [INFO] Reason: Worker failed to boot.
>>
>>
>>> On 26 Jun 2020, at 06:53, Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>>
>>> Hi Omar,
>>>
>>> I meant the "docker logs" command. Refer- https://docs.docker.com/engine/reference/commandline/logs/. Run "docker ps -a", grab the container id and user "docker logs <container id>".
>>>
>>>> On Thu, Jun 25, 2020 at 7:03 PM Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>>>> Hi Aditya
>>>>
>>>> Below is the output from when I run it in ubuntu. Moments after running docker ps the first time the container exits
>>>>
>>>> ubuntu(at)my-ip:~$ docker run -p 443:443 -v /private/var/lib/pgadmin:/var/lib/pgadmin -v /etc/ssl/certs/server.cert:/certs/server.cert -v /etc/ssl/private/server.key:/certs/server.key -v /private/var/lib/pgadmin/servers.json:/pgadmin4/servers.json -e 'PGADMIN_DEFAULT_EMAIL=somebody(at)anyemail(dot)com' -e 'PGADMIN_DEFAULT_PASSWORD=userpwd' -e 'PGADMIN_ENABLE_TLS=True' -d dpage/pgadmin4
>>>> f17b1525d62908a8440a3f8caa73c8442de077e652d311e44df6630f5cc3babd
>>>> ubuntu(at)my-ip:~$ docker ps
>>>> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
>>>> f17b1525d629 dpage/pgadmin4 "/entrypoint.sh" 4 seconds ago Up 3 seconds 80/tcp, 0.0.0.0:443->443/tcp gracious_shockley
>>>> ubuntu(at)my-ip:~$ docker ps
>>>> CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
>>>> ubuntu(at)my-ip:~$
>>>>
>>>>
>>>>
>>>>
>>>>> On 25 Jun 2020, at 11:25, Aditya Toshniwal <aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>>>>
>>>>> Hi Omar,
>>>>>
>>>>> Could you please share docker logs ? Might get something helpful there.
>>>>>
>>>>>> On Thu, Jun 25, 2020 at 3:29 PM Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>>>>>>
>>>>>> Hi am I emailing the right mailbox? Dave Page advised this was the correct channel for support on his image.
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Omar
>>>>>>
>>>>>> > On 22 Jun 2020, at 09:38, Omar Francis <omar(dot)francis(at)branchbot(dot)com> wrote:
>>>>>> >
>>>>>> > Hi all
>>>>>> >
>>>>>> > I am looking to run PGAdmin4 over TLS through a Docker container in a Ubuntu terminal. I have been able to run over a simple http connection but when I pass in the arguments below to set up TLS the container ID runs for several seconds before exiting.
>>>>>> >
>>>>>> > docker run -p 443:443 \
>>>>>> > -v /private/var/lib/pgadmin:/var/lib/pgadmin \
>>>>>> > -v /etc/ssl/certs/server.cert:/certs/server.cert \
>>>>>> > -v /etc/ssl/private/server.key:/certs/server.key \
>>>>>> > -v /private/var/lib/pgadmin/servers.json:/pgadmin4/servers.json \
>>>>>> > -e 'PGADMIN_DEFAULT_EMAIL=user(at)email(dot)com' \
>>>>>> > -e 'PGADMIN_DEFAULT_PASSWORD=userpwd' \
>>>>>> > -e 'PGADMIN_ENABLE_TLS=True' \
>>>>>> > -d dpage/pgadmin4
>>>>>> >
>>>>>> > I have created the key, certificates required and am pointing to the correct directories. Would anyone who has connected through Docker be able to shed some light?
>>>>>> >
>>>>>> > Thanks
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks and Regards,
>>>>> Aditya Toshniwal
>>>>> pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
>>>>> "Don't Complain about Heat, Plant a TREE"
>>>
>>>
>>> --
>>> Thanks and Regards,
>>> Aditya Toshniwal
>>> pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
>>> "Don't Complain about Heat, Plant a TREE"
>
>
> --
> Thanks and Regards,
> Aditya Toshniwal
> pgAdmin Hacker | Sr. Software Engineer | EnterpriseDB India | Pune
> "Don't Complain about Heat, Plant a TREE"