docker-compose error: Failed to connect to database: no reachable servers
dneville-pep opened this issue · 4 comments
dneville-pep commented
Here is my config.yaml:
# This section configures the connection to the MongoDB server and the database name to use
MongoDB:
# See https://docs.mongodb.com/manual/reference/connection-string/
ConnectionString: mongodb://localhost:27017
# Example with authentication. Be sure to change the AuthenticationMechanism as well.
# ConnectionString: mongodb://username:password@localhost:27017
# Accepted Values: null, "SCRAM-SHA-1", "MONGODB-CR", "PLAIN"
# Since Mongo version 3.0 the default authentication mechanism is SCRAM-SHA-1
AuthenticationMechanism: null
# The time in hours before RITA's connection to MongoDB times out. 0 waits indefinitely.
SocketTimeout: 2
# For encrypting data on the wire between RITA and MongoDB
TLS:
Enable: false
#If set, RITA will verify the MongoDB certificate's hostname and validity
VerifyCertificate: false
#If set, RITA will use the provided CA file instead of the system's CA's
CAFile: null
# This database holds information about the procesed files and databases.
MetaDB: MetaDatabase
Rolling:
# This is the default number of chunks to keep in rolling databases.
# This only is used if the --numchunks command argument isn't supplied.
DefaultChunks: 24
LogConfig:
# LogLevel
# 3 = debug
# 2 = info
# 1 = warn
# 0 = error
LogLevel: 2
# LogPath is the path for Rita's logs. Make sure permissions are set accordingly.
# Logs will only be written here if LogToFile is true
RitaLogPath: /var/lib/rita/logs
LogToFile: true
LogToDB: true
UserConfig:
# Number of days before checking for a new version of RITA.
# A value of zero here will disable checking.
UpdateCheckFrequency: 14
Filtering:
# These are filters that affect the import of connection logs. They
# currently do not apply to dns or http logs.
# A good reference for networks you may wish to consider is RFC 5735.
# https://tools.ietf.org/html/rfc5735#section-4
# Example: AlwaysInclude: ["192.168.1.2/32"]
# This functionality overrides the NeverInclude and InternalSubnets
# section, making sure that any connection records containing addresses from
# this range are kept and not filtered
AlwaysInclude: []
# Example: NeverInclude: ["255.255.255.255/32"]
# This functions as a whitelisting setting, and connections involving
# ranges entered into this section are filtered out at import time
NeverInclude:
- 0.0.0.0/32 # "This" Host RFC 1122, Section 3.2.1.3
- 127.0.0.0/8 # Loopback RFC 1122, Section 3.2.1.3
- 169.254.0.0/16 # Link Local RFC 3927
- 224.0.0.0/4 # Multicast RFC 3171
- 255.255.255.255/32 # Limited Broadcast RFC 919, Section 7
- ::1/128 # Loopback RFC 4291, Section 2.5.3
- fe80::/10 # Link local RFC 4291, Section 2.5.6
- ff00::/8 # Multicast RFC 4291, Section 2.7
# Example: InternalSubnets: ["10.0.0.0/8","172.16.0.0/12","192.168.0.0/16"]
# This allows a user to identify their internal network, which will result
# in any internal to internal and external to external connections being
# filtered out at import time. Reasonable defaults are provided below
# but need to be manually verified against each installation before enabling.
InternalSubnets:
- 10.0.0.0/8 # Private-Use Networks RFC 1918
- 172.16.0.0/12 # Private-Use Networks RFC 1918
- 192.168.0.0/16 # Private-Use Networks RFC 1918
# Example: AlwaysIncludeDomain: ["mydomain.com","*.mydomain.com"]
# This functionality overrides the NeverIncludeDomain
# section, making sure that any connection records containing domains
# that match this list are kept and not filtered
# NOTE: When using wildcards, make sure the added entry is in quotes,
# ie, '*.mydomain.com'. Only subdomain wildcarding
# (asterisk as the prefix) is supported
AlwaysIncludeDomain: []
# Example: NeverIncludeDomain: ["mydomain.com","*.mydomain.com"]
# This functions as a whitelisting setting, and connections involving
# ranges entered into this section are filtered out at import time
# NOTE: When using wildcards, make sure the added entry is in quotes,
# ie, '*.mydomain.com'. Only subdomain wildcarding
# (asterisk as the prefix) is supported
NeverIncludeDomain: []
# FilterExternalToInternal will ignore any entries where communication
# is occurring from an external host to an internal host
FilterExternalToInternal: false
BlackListed:
Enabled: true
# These are blacklists built into rita-blacklist. Set these to false
# to disable checks against them.
MalwareDomains.com: true
feodotracker.abuse.ch: true
# This is the name of the database which will be created as a master list of
# blacklisted ips and hostnames by rita-blacklist
BlacklistDatabase: "rita-bl"
# These are custom blacklists that you may define. They are lists of either
# file paths or urls. These custom blacklists are expected to be simple,
# line separated text documents containing a list of blacklisted entries.
# Example: CustomIPBlacklists: ["$HOME/.rita/myIPBlacklist.txt"]
# myIPBlacklist.txt would look like this:
# 192.168.0.1
# 10.10.174.1
# Lists containing both IPv4 and IPv6 addresses are acceptable
CustomIPBlacklists: []
# Lists containing hostnames, domain names, and FQDNs are acceptable
CustomHostnameBlacklists: []
Beacon:
Enabled: true
# The default minimum number of connections used for beacons analysis.
# Any two hosts connecting fewer than this number will not be analyzed.
# 20 was chosen as it is a little bit less than once per hour in a day,
# and allows for any packet loss that could occur.
# If you choose a lower value, this will significantly increase both
# the analysis time and the number of false positives. You can safely
# increase this value to improve performance if you are not concerned
# about slow beacons.
DefaultConnectionThresh: 20
BeaconFQDN:
Enabled: true
# The default minimum number of connections used for beacons FQDN analysis.
# Any two hosts connecting fewer than this number will not be analyzed.
# 20 was chosen as it is a little bit less than once per hour in a day,
# and allows for any packet loss that could occur.
# If you choose a lower value, this will significantly increase both
# the analysis time and the number of false positives. You can safely
# increase this value to improve performance if you are not concerned
# about slow beacons.
DefaultConnectionThresh: 20
BeaconProxy:
Enabled: true
# The default minimum number of connections used for beacons proxy analysis.
# Any two hosts connecting fewer than this number will not be analyzed.
# 20 was chosen as it is a little bit less than once per hour in a day,
# and allows for any packet loss that could occur.
# If you choose a lower value, this will significantly increase both
# the analysis time and the number of false positives. You can safely
# increase this value to improve performance if you are not concerned
# about slow beacons.
DefaultConnectionThresh: 20
DNS:
Enabled: true
UserAgent:
Enabled: true
Strobe:
# This sets the maximum number of connections between any two given hosts that are stored.
# Connections above this limit will be deleted and not used in other analysis modules. This will
# also trigger an entry in the strobe module. A lower value will reduce import & analysis time and
# hide more potential false positives from other modules. A higher value will increase import &
# analysis time, increase false positives, but reduce the risk of false negatives.
# Recommended values for this setting are:
# 86400 - One connection every second for 24 hours
# 700000 - Safe max value that is unlikely to cause errors
# The theoretical limit due to implementation limitations is ~1,048,573
# but in practice timeouts have occurred at lower values.
ConnectionLimit: 86400
Here is my docker-compose.yml:
version: '3'
services:
db:
image: mongo:4.2
volumes:
- db:/data/db/
rita:
image: quay.io/activecm/rita:${VERSION:-latest}
build: .
links:
# give db an alias of "localhost" so that RITA's default config works unchanged
- db:localhost
volumes:
- ${CONFIG:?You must provide a path to your CONFIG}:/etc/rita/config.yaml:ro
- ${LOGS:?You must provide a path to your LOGS}:/logs:ro
volumes:
db:
Here's a record of my attempt to run it:
rita $ export CONFIG=/Users/dneville/Documents/scratch/rita/config.yaml && export LOGS=/Users/dneville/Documents/scratch/rita/2022-03-24
rita $ docker-compose run --rm rita import /logs test
[+] Running 1/0
⠿ Container rita-db-1 Running 0.0s
[+] Running 1/1
⠿ Container rita-rita-1 Started 0.6s
Failed to connect to database: no reachable servers
any ideas what could be going wrong here?
Zalgo2462 commented
Thank you for your report. I am able to reproduce this issue. We will reply here when we figure out what is causing the issue.
Steps to reproduce the issue:
- Clone the latest version of RITA
- Install Docker and Docker-Compose
- Run:
sudo LOGS=`realpath .` CONFIG=`realpath ./etc/rita.yaml` docker-compose run --rm rita test-config
Zalgo2462 commented
It looks like there is an issue with the alias to localhost used by the RITA container to contact the database container.
Until we push up a proper fix, you may resolve the issue by editing /Users/dneville/Documents/scratch/rita/config.yaml and setting the MongoDB Connection string to mongodb://rita-db-1:27017. You may need to use rita_db_1 with underscores instead of dashes depending on your version of docker-compose.
Example config change:
MongoDB:
# See https://docs.mongodb.com/manual/reference/connection-string/
ConnectionString: mongodb://rita-db-1:27017
dneville-pep commented
Thank you, mongodb://rita-db-1:27017 worked for me!