Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't start with volume #184

Open
4piu opened this issue Mar 19, 2023 · 5 comments
Open

Can't start with volume #184

4piu opened this issue Mar 19, 2023 · 5 comments
Labels
checking check if the problem is reproducible

Comments

@4piu
Copy link

4piu commented Mar 19, 2023

Trying to create a new container with an empty volume

docker logs:

Sun Mar 19 11:34:14 2023 Creating tun/tap device.

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.


Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.

Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
140293891382088:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
140293891382088:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
140166525840200:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
140166525840200:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
140686698994504:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
140686698994504:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
140145662180168:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
140145662180168:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory
Can't open /opt/Dockovpn_data/pki/serial for writing, No such file or directory
139698458774344:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/opt/Dockovpn_data/pki/serial','w')
139698458774344:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
cat: can't open '/opt/Dockovpn_data/pki/serial': No such file or directory

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.

2023-03-19 11:34:14 WARNING: Using --genkey --secret filename is DEPRECATED.  Use --genkey secret filename instead.

Easy-RSA error:

EASYRSA_PKI does not exist (perhaps you need to run init-pki)?
Expected to find the EASYRSA_PKI at: /opt/Dockovpn_data/pki
Run easyrsa without commands for usage and command help.

cp: can't stat 'pki/ca.crt': No such file or directory
cp: can't stat 'pki/issued/MyReq.crt': No such file or directory
cp: can't stat 'pki/private/MyReq.key': No such file or directory
cp: can't stat 'pki/crl.pem': No such file or directory
Sun Mar 19 11:34:14 2023 Dockovpn v1.9.0

2023-03-19 11:34:14 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2023-03-19 11:34:14 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
Options error: --ca fails with '/etc/openvpn/ca.crt': No such file or directory (errno=2)
Options error: --cert fails with '/etc/openvpn/MyReq.crt': No such file or directory (errno=2)
2023-03-19 11:34:14 WARNING: cannot stat file '/etc/openvpn/MyReq.key': No such file or directory (errno=2)
Options error: --key fails with '/etc/openvpn/MyReq.key': No such file or directory (errno=2)
Options error: --crl-verify fails with '/etc/openvpn/crl.pem': No such file or directory (errno=2)
Options error: Please correct these errors.
Use --help for more information.
cp: can't stat 'pki/private/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi.key': No such file or directory
cp: can't stat 'pki/issued/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi.crt': No such file or directory
cp: can't stat 'pki/ca.crt': No such file or directory
cat: can't open '/opt/Dockovpn_data/clients/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi/ca.crt': No such file or directory
cat: can't open '/opt/Dockovpn_data/clients/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi.crt': No such file or directory
cat: can't open '/opt/Dockovpn_data/clients/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi.key': No such file or directory
Sun Mar 19 11:34:15 2023 /opt/Dockovpn_data/clients/ymOQNoLP4t1DjXTlSPaAmwYMeK7aEhhi/client.ovpn file has been generatedSun Mar 19 11:34:15 2023 Config server started, download your client.ovpn config at http:https://my.domain.com:80/
Sun Mar 19 11:34:15 2023 NOTE: After you download your client config, http server will be shut down!

docker inspect:

[
    {
        "Id": "36e87140227f8fef96a51b9cf490a549b39735b0b11dabc84757a601fbe8c032",
        "Created": "2023-03-19T11:34:10.912555949Z",
        "Path": "dumb-init",
        "Args": [
            "./start.sh",
            ""
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 26292,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2023-03-19T11:34:14.526067315Z",
            "FinishedAt": "0001-01-01T00:00:00Z",
            "StartedTs": 1679225654,
            "FinishedTs": -62135596800
        },
        "Image": "sha256:0dc22e6ee8a402412038e103834817efcf959570fbaa7ac0caa430b11a665d04",
        "ResolvConfPath": "/volume1/@docker/containers/36e87140227f8fef96a51b9cf490a549b39735b0b11dabc84757a601fbe8c032/resolv.conf",
        "HostnamePath": "/volume1/@docker/containers/36e87140227f8fef96a51b9cf490a549b39735b0b11dabc84757a601fbe8c032/hostname",
        "HostsPath": "/volume1/@docker/containers/36e87140227f8fef96a51b9cf490a549b39735b0b11dabc84757a601fbe8c032/hosts",
        "LogPath": "/volume1/@docker/containers/36e87140227f8fef96a51b9cf490a549b39735b0b11dabc84757a601fbe8c032/log.db",
        "Name": "/alekslitvinenk-openvpn1",
        "RestartCount": 0,
        "Driver": "btrfs",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": [
                "/volume1/docker/openvpn:/opt/Dockovpn_data:rw"
            ],
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "db",
                "Config": {}
            },
            "NetworkMode": "host",
            "PortBindings": null,
            "RestartPolicy": {
                "Name": "always",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": [
                "NET_ADMIN"
            ],
            "CapDrop": [],
            "CgroupnsMode": "host",
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "APP_NAME=Dockovpn",
                "APP_INSTALL_PATH=/opt/Dockovpn",
                "APP_PERSIST_DIR=/opt/Dockovpn_data",
                "NET_ADAPTER=eth0",
                "HOST_ADDR=my.domain.com",
                "HOST_TUN_PORT=1194",
                "HOST_CONF_PORT=80"
            ],
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": null,
            "Name": "btrfs"
        },
        "Mounts": [
            {
                "Type": "bind",
                "Source": "/volume1/docker/openvpn",
                "Destination": "/opt/Dockovpn_data",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            }
        ],
        "Config": {
            "Hostname": "alekslitvinenk-openvpn1",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "1194/udp": {},
                "8080/tcp": {}
            },
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "APP_NAME=Dockovpn",
                "APP_INSTALL_PATH=/opt/Dockovpn",
                "APP_PERSIST_DIR=/opt/Dockovpn_data",
                "NET_ADAPTER=eth0",
                "HOST_ADDR=my.domain.com",
                "HOST_TUN_PORT=1194",
                "HOST_CONF_PORT=80"
            ],
            "Cmd": [
                ""
            ],
            "Image": "alekslitvinenk/openvpn:latest",
            "Volumes": {
                "/opt/Dockovpn_data": {}
            },
            "WorkingDir": "/opt/Dockovpn",
            "Entrypoint": [
                "dumb-init",
                "./start.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "maintainer": "Alexander Litvinenko <[email protected]>"
            },
            "DDSM": false
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "241b1459ae9a05bf4762a8531d8424fe9d5f0825791e4b99235df9390324ba79",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {},
            "SandboxKey": "/var/run/docker/netns/default",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "host": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "8c3e6f62951366aa89fed5de3a07d81ed3f3f0d96526128acc9ddffddfe557fa",
                    "EndpointID": "144d3dababcc3def4c06a2b31071e63f29461b629d305025f327ddc2c0201ae4",
                    "Gateway": "",
                    "IPAddress": "",
                    "IPPrefixLen": 0,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "",
                    "DriverOpts": null
                }
            }
        }
    }
]
@misha-plus
Copy link
Contributor

Hello. I've encountered the same error.
As I understand this is caused due to this:

    easyrsa init-pki && \
    easyrsa gen-dh && \
    # DH parameters of size 2048 created at /usr/share/easy-rsa/pki/dh.pem
    # Copy DH file
    cp pki/dh.pem /etc/openvpn

In Dockerfile to bypass the error you probably can run this for your volume.
And usage of same DH.pem file and PKI for all users of dockovpn is bad idea. And better to create new them for each instance of dockovpn or probably for each run of container.

@misha-plus misha-plus mentioned this issue Mar 30, 2023
Merged
@tacyuuhon
Copy link

I think you can mount it this way:

volumes:
    - ./openvpn_conf/clients:/opt/Dockovpn_data/clients

@alekslitvinenk alekslitvinenk added the checking check if the problem is reproducible label Jul 6, 2023
@JnManso
Copy link

JnManso commented Jul 10, 2023
edited
Loading

Possible temporary solution:

Initialize the container without the persistent volume data:

version: '3'
services:
  dockovpn:
    image: alekslitvinenk/openvpn:latest
    restart: always
    cap_add:
      - NET_ADMIN
    environment:
      - HOST_ADDR=potatoes.com
    ports:
      - 1194:1194/udp
      - 8080:8080/tcp
    volumes:
      - ./openvpn_conf:/opt/Dockovpn_data

Check the container id using the "docker ps" command

CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS         PORTS                                            NAMES
9da2d86deffe   alekslitvinenk/openvpn:latest     "dumb-init ./start.s…"   2 minutes ago   Up 2 minutes   0.0.0.0:1194->1194/udp, 0.0.0.0:8081->8080/tcp   dockovpn_dockovpn_1

Use the "docker cp" to copy all the /opt/Dockovpn_data content

cd /download
docker cp 9da2d86deffe:/opt/Dockovpn_data .

Now you should have something like "/download/Dockovpn_data"

Now we can start the Dockovpn with the volume persistent data

version: '3'
services:
  dockovpn:
    image: alekslitvinenk/openvpn:latest
    restart: always
    cap_add:
      - NET_ADMIN
    environment:
      - HOST_ADDR=potatoes.com
    ports:
      - 1194:1194/udp
      - 8080:8080/tcp
    volumes:
      -  /download/Dockovpn_data/:/opt/Dockovpn_data

@JnManso JnManso mentioned this issue Jul 10, 2023
Open
@leniervm
Copy link

leniervm commented Sep 8, 2023

I think you can mount it this way:

volumes:
    - ./openvpn_conf/clients:/opt/Dockovpn_data/clients

Thank you, I solved it.

@s0ftcorn
Copy link

I think you can mount it this way:

volumes:
    - ./openvpn_conf/clients:/opt/Dockovpn_data/clients

Doesnt work with an empty volume.

Possible temporary solution:

Initialize the container without the persistent volume data:

version: '3'
services:
  dockovpn:
    image: alekslitvinenk/openvpn:latest
    restart: always
    cap_add:
      - NET_ADMIN
    environment:
      - HOST_ADDR=potatoes.com
    ports:
      - 1194:1194/udp
      - 8080:8080/tcp
    volumes:
      - ./openvpn_conf:/opt/Dockovpn_data

Check the container id using the "docker ps" command

CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS         PORTS                                            NAMES
9da2d86deffe   alekslitvinenk/openvpn:latest     "dumb-init ./start.s…"   2 minutes ago   Up 2 minutes   0.0.0.0:1194->1194/udp, 0.0.0.0:8081->8080/tcp   dockovpn_dockovpn_1

Use the "docker cp" to copy all the /opt/Dockovpn_data content

cd /download docker cp 9da2d86deffe:/opt/Dockovpn_data .

Now you should have something like "/download/Dockovpn_data"

Now we can start the Dockovpn with the volume persistent data

version: '3'
services:
  dockovpn:
    image: alekslitvinenk/openvpn:latest
    restart: always
    cap_add:
      - NET_ADMIN
    environment:
      - HOST_ADDR=potatoes.com
    ports:
      - 1194:1194/udp
      - 8080:8080/tcp
    volumes:
      -  /download/Dockovpn_data/:/opt/Dockovpn_data

Also doesnt work. Which makes sense, since the first compose file is the exact same as in the repo. But the idea of starting without a volume, getting the data from inside the container, and then adding the volume back works.
In short:

  1. Start container without volume
  2. docker cp the data from within the container
  3. mount the data
  4. profit

I have no idea about security, so this might be insecure as @misha-plus stated earlier.

@FeeeeK FeeeeK mentioned this issue Dec 29, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
checking check if the problem is reproducible
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@tacyuuhon @JnManso @s0ftcorn @misha-plus @alekslitvinenk @4piu @leniervm