Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2022.08 S6 overlay bug #1176

Closed
b-m-f opened this issue Aug 23, 2022 · 18 comments
Closed

2022.08 S6 overlay bug #1176

b-m-f opened this issue Aug 23, 2022 · 18 comments

Comments

@b-m-f
Copy link

b-m-f commented Aug 23, 2022

Details

s6-overlay-suexec: fatal: can only run as pid 1

Related Issues

How to reproduce the issue

Pihole runs rootless with podman.

HostUser=pihole
HostGroup=pihole

Environment="PIHOLE_UID=1000"
Environment="PIHOLE_GID=1000"
Environment="WEB_GID=1000"
Environment="WEB_UID=1000"

It has a supervisor running and this is the process hierarchy from systemctl in 2022.07.1:

             ├─pihole.service …
             │ ├─supervisor
             │ │ └─1726889 /usr/bin/conmon --api-version 1 -c a_random_hash -u some_random_hash>
             │ └─container
             │   ├─1726894 /dev/init -- /s6-init
             │   ├─1726978 s6-svscan -t0 /var/run/s6/services
             │   ├─1727020 s6-supervise s6-fdholderd
             │   ├─1727521 s6-supervise lighttpd-access-log
             │   ├─1727522 s6-supervise lighttpd
             │   ├─1727523 s6-supervise pihole-FTL
             │   ├─1727525 s6-supervise lighttpd-error-log
             │   ├─1727526 s6-supervise cron
             │   ├─1727527 bash ./run
             │   ├─1727528 bash ./run
             │   ├─1727530 bash ./run
             │   ├─1727545 /usr/sbin/cron -f
             │   ├─1727563 lighttpd -D -f /etc/lighttpd/lighttpd.conf
             │   ├─1727593 /bin/bash -c /usr/bin/pihole-FTL no-daemon >/dev/null 2>&1
             │   ├─1727595 /usr/bin/pihole-FTL no-daemon
             │   ├─1727609 /usr/bin/php-cgi
             │   ├─1727641 /usr/bin/php-cgi
             │   ├─1727642 /usr/bin/php-cgi
             │   ├─1727643 /usr/bin/php-cgi
             │   └─1727644 /usr/bin/php-cgi

Fix

Revert to 2022.07.1 for now, as it runs fine here.

@PromoFaux
Copy link
Member

Can we get a complete dump of your logs please? I've not really got a lot to go on here.

Given the following compose file, on my PC (docker, not rootless)

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    # For DHCP it is recommended to remove these ports and instead add: network_mode: "host"
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      PIHOLE_UID: 1000
      PIHOLE_GID: 1000
      WEB_UID: 1000
      WEB_GID: 1000
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole:/etc/pihole'
      - './etc-dnsmasq.d:/etc/dnsmasq.d'
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
    restart: unless-stopped

I am running the container with no issue here:

adam@adam-pc:~/playground$ docker-compose up
Creating network "playground_default" with the default driver
Creating pihole ... done
Attaching to pihole
pihole    | s6-rc: info: service cron: starting
pihole    | s6-rc: info: service s6rc-oneshot-runner: starting
pihole    | s6-rc: info: service cron successfully started
pihole    | s6-rc: info: service s6rc-oneshot-runner successfully started
pihole    | s6-rc: info: service fix-attrs: starting
pihole    | s6-rc: info: service _startup: starting
pihole    | Starting crond
pihole    | fix-attrs: info: applying /etc/fix-attrs.d/01-resolver-resolv
pihole    | fix-attrs: warning: fix-attrs is deprecated, please fix volume permissions in your container manager instead
pihole    | s6-rc: info: service fix-attrs successfully started
pihole    | s6-rc: info: service legacy-cont-init: starting
pihole    | cont-init: info: running /etc/cont-init.d/05-changer-uid-gid.sh
pihole    | Changing ID for user: www-data (33 => 1000)
pihole    |  ::: Starting docker specific checks & setup for docker pihole/pihole
pihole    | 
pihole    |   [i] Installing configs from /etc/.pihole...
pihole    |   [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
pihole    | 
  [✓] Installing latest logrotate script
pihole    | Creating empty /etc/pihole/setupVars.conf file.
pihole    | Changing ID for group: www-data (33 => 1000)
pihole    | Changing ID for user: pihole (999 => 1000)
pihole    | cont-init: info: /etc/cont-init.d/05-changer-uid-gid.sh exited 0
pihole    | s6-rc: info: service legacy-cont-init successfully started
pihole    | Assigning random password: eLaZfZLr
pihole    |   [✓] New password set
pihole    | Added ENV to php:
pihole    |                     "TZ" => "America/Chicago",
pihole    |                     "PIHOLE_DOCKER_TAG" => "2022.08",
pihole    |                     "PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
pihole    |                     "CORS_HOSTS" => "",
pihole    |                     "VIRTUAL_HOST" => "0.0.0.0",
pihole    | Using IPv4 and IPv6
pihole    | ::: setup_blocklists now setting default blocklists up: 
pihole    | ::: TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
pihole    | ::: Blocklists (/etc/pihole/adlists.list) now set to:
pihole    | https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
pihole    | Configuring default DNS servers: 8.8.8.8, 8.8.4.4
pihole    | Applying pihole-FTL.conf setting REPLY_ADDR4=0.0.0.0
pihole    | FTL binding to default interface: eth0
pihole    | ::: Enabling Query Logging
pihole    | ::: Testing lighttpd config: Syntax OK
pihole    | ::: All config checks passed, cleared for startup ...
pihole    | ::: Docker start setup complete
pihole    |   Pi-hole version is v5.11.4 (Latest: v5.11.4)
pihole    |   AdminLTE version is v5.13 (Latest: v5.13)
pihole    |   FTL version is v5.16.3 (Latest: v5.16.3)
pihole    |   Container tag is: 2022.08
pihole    | s6-rc: info: service _startup successfully started
pihole    | s6-rc: info: service pihole-FTL: starting
pihole    | s6-rc: info: service pihole-FTL successfully started
pihole    | s6-rc: info: service _gravityonboot: starting
pihole    | s6-rc: info: service lighttpd: starting
pihole    | s6-rc: info: service _gravityonboot successfully started
pihole    |   Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
pihole    | s6-rc: info: service lighttpd successfully started
pihole    | s6-rc: info: service legacy-services: starting
pihole    | Starting lighttpd
pihole    | s6-rc: info: service legacy-services successfully started
pihole    |   [i] Creating new gravity database
pihole    | Starting pihole-FTL (no-daemon) as pihole
pihole    |   [i] Migrating content of /etc/pihole/adlists.list into new database
pihole    |   [i] Neutrino emissions detected...
  [✓] Pulling blocklist source list into range
pihole    | 
  [✓] Preparing new gravity database
pihole    |   [i] Using libz compression
pihole    | 
pihole    |   [i] Target: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
  [✓] Status: Retrieval successful
pihole    |   [i] Analyzed 136495 domains
pihole    | 
  [✓] Creating new gravity databases
  [✓] Storing downloaded domains in new gravity database
  [✓] Building tree
  [✓] Swapping databases
pihole    |   [✓] The old database remains available.
pihole    |   [i] Number of gravity domains: 136495 (136495 unique domains)
pihole    |   [i] Number of exact blacklisted domains: 0
pihole    |   [i] Number of regex blacklist filters: 0
pihole    |   [i] Number of exact whitelisted domains: 0
pihole    |   [i] Number of regex whitelist filters: 0
  [✓] Cleaning up stray matter
pihole    | 
pihole    |   [✓] FTL is listening on port 53
pihole    |      [✓] UDP (IPv4)
pihole    |      [✓] TCP (IPv4)
pihole    |      [✓] UDP (IPv6)
pihole    |      [✓] TCP (IPv6)
pihole    | 
pihole    |   [i] Pi-hole blocking will be enabled
pihole    |   [i] Enabling blocking
  [✓] Pi-hole Enabled

@PromoFaux
Copy link
Member

Also a little more detail about how you are starting your container. What your (equivalent of?) docker-compose script / run command looks like

@tehSmoogs
Copy link

Had same issue.

Fixed by removing "--init" from the docker run command.

@zmcandee
Copy link

I ran into the same s6-overlay-suexec: fatal: can only run as pid 1 error trying to run on fly.io. MicroVM docker alternatives like podman and fly.io typically have their own process management that doesn't allow running as pid 1 which is now a hard requirement for s6-overlay v3.

@PromoFaux
Copy link
Member

Fixed by removing "--init" from the docker run command.

AH. I had seen something like this in HomeAssistant's changelogs, but I didn't want to say anything in case I was barking up the wrong tree

MicroVM docker alternatives like podman and fly.io typically have their own process management that doesn't allow running as pid 1 which is now a hard requirement for s6-overlay v3.

Thanks for this info. I've never used such systems,, so interesting to know. I wonder if there is a way around this that does not require downgrading S3 back to V2...

@b-m-f
Copy link
Author

b-m-f commented Aug 25, 2022

I am starting my containers using quadlet.

The main issue seems to be the PID requirement of S6. Mostly colliding with conmon in podman.

@mlankamp
Copy link

I'm running pihole om a Unify UDMpro, I start the container with the following command:

podman run --network pihole \
    --name pihole \
    -v "/mnt/data/pihole/etc-pihole/:/etc/pihole/" \
    -v "/mnt/data/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" \
    --dns=127.0.0.1 \
    --dns=192.168.1.1 \
    --hostname pi.hole \
    -e TZ="Europe/Amsterdam" \
    -e VIRTUAL_HOST="pi.hole" \
    -e PROXY_LOCATION="pi.hole" \
    -e DNSMASQ_USER="root" \
    -e ServerIP="10.0.5.3" \
    -e IPv6="False" \
    -e DNS1="192.168.1.1" \
    -e DNS2="1.1.1.1" \
    -e REV_SERVER="true" \
    -e REV_SERVER_DOMAIN="home.local" \
    -e REV_SERVER_TARGET="192.168.1.1" \
    -e REV_SERVER_CIDR="192.168.1.0/24" \
    pihole/pihole:latest

the output is the following:

/package/admin/s6-overlay-3.1.1.2/libexec/stage0: 79: exec: /run/s6/basedir/bin/init: Permission denied

@b-m-f
Copy link
Author

b-m-f commented Aug 25, 2022

So, it seems that more people have problems since the update.

My fix was the following:

Applying these changes makes 2022.8 run on my machine

@PromoFaux
Copy link
Member

OK, all this talk of init reminded me of something.

Before I updated the version of s6-overlay in the container, there was this line that moved /init to /s6-init, and the entrypoint was set to /s6-init.

I've just tested reverting this change (here: 18360d1), and pushed a new image with the :exp tag

Can you folk that are running into issues with podman please try pihole/pihole:exp and report back? Thanks!

(From a very brief test on my UDM running podman, it at least starts the container)

@PromoFaux
Copy link
Member

Related: just-containers/s6-overlay#158

@jsermer
Copy link

jsermer commented Aug 25, 2022

Seems to work using the :exp tag on my udmp as well

@Rikj000
Copy link

Rikj000 commented Aug 25, 2022

Sadly the :exp tag doesn't seem to solve the issue on dokku deployments.
See: #1176 (comment)

Environment

  • OS: Dietpi v8.7.1 - Debian GNU/Linux 11 (bullseye) aarch64
  • Host: Raspberry Pi 4 Model B Rev 1.4
  • Kernel: 5.15.56-v8+
  • Shell: fish 3.1.2
  • Docker: 20.10.17, build 100c701
  • Dokku: 0.28.1
  • Ledokku: 0.7.0 PR#421

PiHole

  • Docker Tag: 2022.07.1
    • Pi-hole: v5.11.4
    • FTL: v5.16.1
    • Web Interface: v5.13

Tag exp - Failing

Show/Hide `dokku git:from-image pihole pihole/pihole:exp` logs

Fails with: s6-overlay-suexec: fatal: can only run as pid 1

dokku git:from-image pihole pihole/pihole:exp
=============================================

-----> Generating build context
       Setting Dockerfile
-----> Updating git repository with specified build context
-----> Cleaning up...
-----> Building pihole from Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/8 : FROM pihole/pihole:exp
exp: Pulling from pihole/pihole
...
e8473bd76bc8: Pull complete
Digest: sha256:7bc5fe59f13c7e045b3c8abcc6a0bfde519c2de65e0ed95579c8f354b7ea9180
Status: Downloaded newer image for pihole/pihole:exp
 ---> 554a0a7f884c
Step 2/8 : LABEL com.dokku.docker-image-labeler/alternate-tags=[\"pihole/pihole:exp\"]
 ---> Running in 9c7f1dd64d37
Removing intermediate container 9c7f1dd64d37
 ---> d8874341548b
Step 3/8 : LABEL com.dokku.app-name=pihole
 ---> Running in ff92605e5f98
Removing intermediate container ff92605e5f98
 ---> 90ddcad3606a
Step 4/8 : LABEL com.dokku.builder-type=dockerfile
 ---> Running in afa4af7bf25c
Removing intermediate container afa4af7bf25c
 ---> 77b79cf2b7f8
Step 5/8 : LABEL com.dokku.image-stage=build
 ---> Running in 3f90c136615f
Removing intermediate container 3f90c136615f
 ---> 70690f399178
Step 6/8 : LABEL dokku=
 ---> Running in 8588e0bd35f1
Removing intermediate container 8588e0bd35f1
 ---> becc649010ca
Step 7/8 : LABEL org.label-schema.schema-version=1.0
 ---> Running in 94f677c8a573
Removing intermediate container 94f677c8a573
 ---> b26aba0e9758
Step 8/8 : LABEL org.label-schema.vendor=dokku
 ---> Running in e2187b6516f5
Removing intermediate container e2187b6516f5
 ---> c3d4d3dcd519
Successfully built c3d4d3dcd519
Successfully tagged dokku/pihole:latest
-----> Setting config vars
       DOKKU_DOCKERFILE_PORTS:  53/tcp 53/udp 67/udp 80/tcp
-----> Releasing pihole...
-----> Checking for predeploy task
       No predeploy task found, skipping
-----> Checking for release task
       No release task found, skipping
-----> Checking for first deploy postdeploy task
       No first deploy postdeploy task found, skipping
-----> No Procfile found in app image
=====> Processing deployment checks
       No CHECKS file found. Simple container checks will be performed.
       For more efficient zero downtime deployments, create a CHECKS file. See https://dokku.com/docs/deployment/zero-downtime-deploys/ for examples
-----> Deploying pihole via the docker-local scheduler...
-----> Deploying web (count=1)
       Attempting pre-flight checks (web.1)
       Waiting for 10 seconds (web.1)
efa4a88ddc2f56bad87a3c6c63c477b79fc1661d8f943f15fee0d9bf7694ce97
 !     App container failed to start (web.1)
=====> Start of pihole container output (web.1)
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
=====> End of pihole container output (web.1)
parallel: This job failed:
/var/lib/dokku/plugins/available/scheduler-docker-local/bin/scheduler-deploy-process-container pihole dockerfile dokku/pihole:latest latest web 1 1

Tag latest - Failing

Show/Hide `dokku git:from-image pihole pihole/pihole:latest` logs

Fails with: s6-overlay-suexec: fatal: can only run as pid 1

dokku git:from-image pihole pihole/pihole:latest
================================================

-----> Generating build context
       Setting Dockerfile
-----> Updating git repository with specified build context
-----> Cleaning up...
-----> Building pihole from Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/8 : FROM pihole/pihole:latest
latest: Pulling from pihole/pihole
...
4b69808e513c: Pull complete
Digest: sha256:0077a645483b2152048bc3f42a0f88150806debaf7539f2ccd2bfd9d2f491835
Status: Downloaded newer image for pihole/pihole:latest
 ---> ac953a8efeb0
Step 2/8 : LABEL com.dokku.docker-image-labeler/alternate-tags=[\"pihole/pihole:latest\"]
 ---> Running in ae1c5fcf6e13
Removing intermediate container ae1c5fcf6e13
 ---> 224382ab6030
Step 3/8 : LABEL com.dokku.app-name=pihole
 ---> Running in 8aea695434a2
Removing intermediate container 8aea695434a2
 ---> 8143d594d537
Step 4/8 : LABEL com.dokku.builder-type=dockerfile
 ---> Running in 2a08dd5bcd68
Removing intermediate container 2a08dd5bcd68
 ---> 79ee7ef9dc51
Step 5/8 : LABEL com.dokku.image-stage=build
 ---> Running in 245b28db0d72
Removing intermediate container 245b28db0d72
 ---> 12048eff9548
Step 6/8 : LABEL dokku=
 ---> Running in ecba2579e597
Removing intermediate container ecba2579e597
 ---> 8bc9daa51e23
Step 7/8 : LABEL org.label-schema.schema-version=1.0
 ---> Running in 04395c732334
Removing intermediate container 04395c732334
 ---> ed0c0cc60548
Step 8/8 : LABEL org.label-schema.vendor=dokku
 ---> Running in 574d60a6fba1
Removing intermediate container 574d60a6fba1
 ---> 4a45b79e768c
Successfully built 4a45b79e768c
Successfully tagged dokku/pihole:latest
-----> Setting config vars
       DOKKU_DOCKERFILE_PORTS:  53/tcp 53/udp 67/udp 80/tcp
-----> Releasing pihole...
-----> Checking for predeploy task
       No predeploy task found, skipping
-----> Checking for release task
       No release task found, skipping
-----> Checking for first deploy postdeploy task
       No first deploy postdeploy task found, skipping
-----> No Procfile found in app image
=====> Processing deployment checks
       No CHECKS file found. Simple container checks will be performed.
       For more efficient zero downtime deployments, create a CHECKS file. See https://dokku.com/docs/deployment/zero-downtime-deploys/ for examples
-----> Deploying pihole via the docker-local scheduler...
-----> Deploying web (count=1)
       Attempting pre-flight checks (web.1)
       Waiting for 10 seconds (web.1)
0bcafa0c09fac5f7f640691cd4d5a5b32aecad7b734b911f61242c3530b3a97a
 !     App container failed to start (web.1)
=====> Start of pihole container output (web.1)
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
       s6-overlay-suexec: fatal: can only run as pid 1
=====> End of pihole container output (web.1)
parallel: This job failed:
/var/lib/dokku/plugins/available/scheduler-docker-local/bin/scheduler-deploy-process-container pihole dockerfile dokku/pihole:latest latest web 1 1

Tag v2022.07.1 - Success

Show/Hide `dokku git:from-image pihole pihole/pihole:2022.07.1` logs

Builds without issues

dokku git:from-image pihole pihole/pihole:2022.07.1
===================================================

-----> Generating build context
       Setting Dockerfile
-----> Updating git repository with specified build context
-----> Cleaning up...
-----> Building pihole from Dockerfile
Sending build context to Docker daemon  2.048kB
Step 1/8 : FROM pihole/pihole:2022.07.1
2022.07.1: Pulling from pihole/pihole
...
3734d50778a6: Pull complete
Digest: sha256:f7624f452b7a6320405b6ff00a9ed253d99fd33a22abced1954633ceb5bae24e
Status: Downloaded newer image for pihole/pihole:2022.07.1
 ---> 850e9721d3c2
Step 2/8 : LABEL com.dokku.docker-image-labeler/alternate-tags=[\"pihole/pihole:2022.07.1\"]
 ---> Running in 7b9052c9fe4f
Removing intermediate container 7b9052c9fe4f
 ---> 053e40291a35
Step 3/8 : LABEL com.dokku.app-name=pihole
 ---> Running in 62d504ef64c4
Removing intermediate container 62d504ef64c4
 ---> 8bb94de7cdb2
Step 4/8 : LABEL com.dokku.builder-type=dockerfile
 ---> Running in c379d48bd29d
Removing intermediate container c379d48bd29d
 ---> feedd13ad51c
Step 5/8 : LABEL com.dokku.image-stage=build
 ---> Running in 0d7d29735707
Removing intermediate container 0d7d29735707
 ---> a15ce03edcf9
Step 6/8 : LABEL dokku=
 ---> Running in 35329281c635
Removing intermediate container 35329281c635
 ---> e0d89bc8c02f
Step 7/8 : LABEL org.label-schema.schema-version=1.0
 ---> Running in 81cebfcce603
Removing intermediate container 81cebfcce603
 ---> 4ddb017e7679
Step 8/8 : LABEL org.label-schema.vendor=dokku
 ---> Running in 4425e5e2ca92
Removing intermediate container 4425e5e2ca92
 ---> 4f2189a274dc
Successfully built 4f2189a274dc
Successfully tagged dokku/pihole:latest
-----> Setting config vars
       DOKKU_DOCKERFILE_PORTS:  53/tcp 53/udp 67/udp 80/tcp
-----> Releasing pihole...
-----> Checking for predeploy task
       No predeploy task found, skipping
-----> Checking for release task
       No release task found, skipping
-----> Checking for first deploy postdeploy task
       No first deploy postdeploy task found, skipping
-----> No Procfile found in app image
=====> Processing deployment checks
       No CHECKS file found. Simple container checks will be performed.
       For more efficient zero downtime deployments, create a CHECKS file. See https://dokku.com/docs/deployment/zero-downtime-deploys/ for examples
-----> Deploying pihole via the docker-local scheduler...
-----> Deploying web (count=1)
       Attempting pre-flight checks (web.1)
       Waiting for 10 seconds (web.1)
       Default container check successful (web.1)
-----> Running post-deploy
-----> Creating new app virtual host file...
-----> Configuring pihole.my-domain.com...(using built-in template)
-----> Creating http nginx.conf
       Reloading nginx
-----> Renaming containers
       Renaming container pihole.web.1.upcoming-32687 (5b69fea5d7af) to pihole.web.1
-----> Checking for postdeploy task
       No postdeploy task found, skipping
=====> Application deployed:
       http://pihole.my-domain.com
       http://pihole.my-domain.com:53
Show/Hide `dokku run pihole` logs

Throws s6-svc: fatal: unable to control /var/run/s6/services/lighttpd-access-log: supervisor not listening when entering container CLI.
Which should be safe to ignore as mentioned by @PromoFaux here

dokku run pihole
================

dokku run pihole                                                       36.8s  Thu 25 Aug 2022 10:57:09 PM CEST
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] 01-resolver-resolv: applying... 
[fix-attrs.d] 01-resolver-resolv: exited 0.
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 05-changer-uid-gid.sh: executing... 
[cont-init.d] 05-changer-uid-gid.sh: exited 0.
[cont-init.d] 20-start.sh: executing... 
 ::: Starting docker specific checks & setup for docker pihole/pihole

  [i] Installing configs from /etc/.pihole...
  [i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
  [✓] Installed /etc/dnsmasq.d/01-pihole.conf
  [✓] Installed /etc/dnsmasq.d/06-rfc6761.conf
Existing DNS servers detected in setupVars.conf. Leaving them alone
Assigning random password: XXXXXXX
  [✓] New password set
DNSMasq binding to default interface: eth0
Added ENV to php:
			"TZ" => "",
			"PIHOLE_DOCKER_TAG" => "2022.07.1",
			"PHP_ERROR_LOG" => "/var/log/lighttpd/error-pihole.log",
			"ServerIP" => "0.0.0.0",
			"CORS_HOSTS" => "",
			"VIRTUAL_HOST" => "0.0.0.0",
Using IPv4 and IPv6
::: setup_blocklists now setting default blocklists up: 
::: TIP: Use a docker volume for /etc/pihole/adlists.list if you want to customize for first boot
::: Blocklists (/etc/pihole/adlists.list) now set to:
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
::: Enabling Query Logging
  [i] Enabling logging...
  [✓] Restarting DNS server
  [✓] Logging has been enabled!
 ::: Docker start setup complete
  Checking if custom gravity.db is set in /etc/pihole/pihole-FTL.conf
  Pi-hole version is v5.11.4 (Latest: v5.11.4)
  AdminLTE version is v5.13 (Latest: v5.13)
  FTL version is v5.16.1 (Latest: v5.16.1)
  Container tag is: 2022.07.1
[cont-init.d] 20-start.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
Starting pihole-FTL (no-daemon) as pihole
Starting crond
Starting lighttpd
[services.d] done.
root@6636747900ab:/# cat /var/log/lighttpd/error-pihole.log
2022-08-25 20:57:14: server.c.1513) server started (lighttpd/1.4.59)
root@6636747900ab:/# exit
exit
[cmd] /bin/bash exited 0
Stopping lighttpd
Stopping cron
Stopping pihole-FTL
s6-svc: fatal: unable to control /var/run/s6/services/lighttpd-access-log: supervisor not listening
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
s6-svc: fatal: unable to control /var/run/s6/services/lighttpd-error-log: supervisor not listening
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

@Rikj000
Copy link

Rikj000 commented Aug 25, 2022

Sadly the :exp tag doesn't seem to solve the issue on dokku deployments.

Great news, it does fix the issue on dokku deployments too! 🎉

However it does require an additional command,
to disable the injection of the default --init process.
See: dokku/dokku#5300

# 1. Disable default --init injection
dokku scheduler-docker-local:set pihole init-process false
# 2. Deploy the exp tag
dokku git:from-image pihole pihole/pihole:exp

@PromoFaux
Copy link
Member

PromoFaux commented Aug 25, 2022

This should be fixed in latest once it has built (tag 2022.08.2)

@mlankamp
Copy link

mlankamp commented Aug 26, 2022

Good news, the :2022.08.2 tag works great on Unifi UDM!

@PromoFaux
Copy link
Member

Closing this issue out as it the reported issues appear to be fixed in lastest / 2022.08.2

@b-m-f
Copy link
Author

b-m-f commented Aug 26, 2022

That was so quick. Thanks alot!

@darkrain42
Copy link

darkrain42 commented Aug 31, 2022

MicroVM docker alternatives like podman and fly.io typically have their own process management that doesn't allow running as pid 1 which is now a hard requirement for s6-overlay v3.

Thanks for this info. I've never used such systems,, so interesting to know. I wonder if there is a way around this that does not require downgrading S3 back to V2...

I fixed this in my fly.io-based docker-pihole deployment, so I'll mention the fix here for future readers. It's not suitable (as-is) for inclusion in docker-pihole, I think. (It's also only lightly-tested so far.)

Use the unshare utility to run s6 is in its own PID namespace where it's PID 1. The workaround also needs to avoid a signal handling bug in unshare that caused services spawned by s6 to ignore SIGTERM and SIGINT. Without the signal-handling bugfix, making changes in the GUI that need to restart pihole-FTL causes the GUI to just hang/stall, waiting for service pihole-FTL restart to complete, which it never will.

FROM pihole/pihole:latest

ENTRYPOINT [ \
    "unshare", "--pid", "--fork", "--kill-child=SIGTERM", "--mount-proc", \
    "perl", "-e", "$SIG{INT}=''; $SIG{TERM}=''; exec @ARGV;", "--", \
    "/s6-init" ]

https://gist.github.com/darkrain42/02fa589002afa645912d8f8d87bf55f8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants