Failed to access socket path
Closed this issue · 3 comments
Running the container on a Synology NAS.
Other containers sharing same docker-compose file include Traefik and other typical media server services.
Getting this error when running the following command on the container:
"docker-compose run -T fail2ban fail2ban-client status"
which results in the following error:
[1]: ERROR Failed to access socket path: /var/run/fail2ban/fail2ban.sock. Is fail2ban running?
following excerpt from docker-compose.yml file:
fail2ban:
image: crazymax/fail2ban:latest
container_name: fail2ban
restart: "no"
cap_add:
- NET_ADMIN
- NET_RAW
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
- F2B_LOG_LEVEL=DEBUG
- F2B_DB_PURGE_AGE=1d
- F2B_MAX_RETRY=3
- F2B_DEST_EMAIL=webmaster@example.com
- F2B_SENDER=fail2ban@example.com
- F2B_ACTION=%(action_)s
- F2B_IPTABLES_CHAIN=FORWARD # For Docker version 17.06 and higher, use "DOCKER-USER"; otherwise use "FORWARD"
- SSMTP_HOST=smtp.example.com
- SSMTP_PORT=587
- SSMTP_HOSTNAME=example.com
- SSMTP_USER=smtp@example.com
- SSMTP_PASSWORD=
- SSMTP_TLS=YES
network_mode: host
privileged: true
volumes:
- "${MOUNT_POINT}/docker/fail2ban:/data"
- "${MOUNT_POINT}/docker/fail2ban/log:/var/log"
- "${MOUNT_POINT}/docker/shared:/shared"
- "${MOUNT_POINT}/docker/organizr/www/db:/var/log/organizr:ro" # Organizr login log path
I've also tried running fail2ban on the Traefik docker bridge network rather than host but no luck as well. Not sure what's going wrong.
Can you post complete log output please ?
Can you give me the output of the following commands :
docker infodocker-compose --version
- "${MOUNT_POINT}/docker/fail2ban/log:/var/log"
What's the purpose of this mount ?
privileged: true
Why privileged ?
- PUID=${PUID}
- PGID=${PGID}
What are the values of PUID and PGID ?
@crazy-max Thanks for getting back to me. Please see below.
fwiw, the fail2ban container after it runs is also marked as "unhealthy" by docker.
initial log once the container is initialized:
Setting timezone to America/Toronto...
Setting SSMTP configuration...
Initializing files and folders...
Setting Fail2ban configuration...
Checking for custom actions in /data/action.d...
Checking for custom filters in /data/filter.d...
2019-02-26 22:45:38,857 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban
2019-02-26 22:45:39,197 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
2019-02-26 22:45:39,225 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
2019-02-26 22:45:39,226 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock
2019-02-26 22:45:39,227 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [DEBUG] logging to STDOUT
2019-02-26 22:45:39,579 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban
2019-02-26 22:45:39,602 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf']
2019-02-26 22:45:40,058 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf']
2019-02-26 22:45:40,686 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf']
2019-02-26 22:45:41,303 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local']
2019-02-26 22:45:41,304 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/organizr.conf']
2019-02-26 22:45:41,304 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.local']
2019-02-26 22:45:41,305 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/organizr.conf', '/etc/fail2ban/jail.local']
2019-02-26 22:45:41,321 fail2ban.configreader [1]: INFO Loading configs for filter.d/organizr-auth under /etc/fail2ban
2019-02-26 22:45:41,322 fail2ban.configreader [1]: ERROR Found no accessible config files for 'filter.d/organizr-auth' under /etc/fail2ban
2019-02-26 22:45:41,322 fail2ban.jailreader [1]: ERROR Unable to read the filter 'organizr-auth'
2019-02-26 22:45:41,322 fail2ban.jailsreader [1]: ERROR Errors in jail 'organizr-auth'. Skipping...
2019-02-26 22:45:41,342 fail2ban [1]: ERROR Async configuration of server failed
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/fail2ban/client/fail2banserver.py", line 189, in start
raise ServerExecutionException('Async configuration of server failed')
ServerExecutionException: Async configuration of server failed
Didn't notice this before, but it seems like there's something wrong with my organizr-auth file in jail.d - but I took it from the example on the organizr wiki. Here is it's contents. Also wasn't told to put anything in filter.d but for some reason fail2ban is looking for a file in there?
[organizr-auth]
enabled = true
port = http,https
filter = organizr-auth
logpath = /var/log/organizr/organizrLoginLog.json
"docker-compose run -T fail2ban fail2ban-client status"
And I get a different error with the command above now. Can't even get it running.
ERROR: Cannot create container for service fail2ban: conflicting options: host type networking can't be used with links. This would result in undefined behavior
docker info
Containers: 15
Running: 14
Paused: 0
Stopped: 1
Images: 16
Server Version: 17.05.0-ce
Storage Driver: btrfs
Logging Driver: db
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: N/A (expected: 9048e5e50717ea4497b757314bad98ea3763c145)
runc version: a2d6e07aab95ff37fb63cf5dec3c40d29940194f (expected: 9c2d8d184e5da67c95d601382adf14862e4f2228)
init version: 7a83305 (expected: 949e6fa)
Security Options:
apparmor
Kernel Version: 4.4.59+
Operating System: <unknown>
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.785GiB
Name: SERVERNAME
ID: LVZ6:OCN5:DDL6:VD7Y:XMYR:HMTV:7E7F:XQKP:XNCX:DSN6:67JT:4YRR
Docker Root Dir: /volume1/@docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No kernel memory limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
docker-compose version
docker-compose version 1.14.0, build c7bdf9e
docker-py version: 2.3.0
CPython version: 2.7.13
OpenSSL version: OpenSSL 1.0.1t 3 May 2016
privileged: true
I was reading someone's config file and they recommended putting in that privileged flag. I tried it without first as well but still no go.
- PUID = 1033
- PGID = 65541
The PUID and PGID correspond to my DockerUser account and Docker group that I use for all my docker containers.
@emteedubs Looks like an outdated docker / docker-compose. Please update first.