New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dashboard header reports an incorrect status when running on docker #734
Comments
Thanks for the report. I'm not 100% this is reproducible - but I'm a bit green when it comes to docker. But, short story - I don't have I'm currently running the edit: just switched back to |
Hi @PromoFaux,
Me too 😉. $ docker -v
Docker version 20.10.1, build 831ebea and I'm running pihole not via a docker compose but a simple run: $ docker run -d \
--name pihole \
--restart=unless-stopped \
--hostname=pihole-container \
--dns=127.0.0.1 --dns=8.8.8.8 \
--add-host="pi401 pi401.scaramuccia.home:127.0.0.1" \
--cap-add=NET_BIND_SERVICE \
--cap-add=SYS_NICE \
--cap-add=SYS_PTRACE \
--cap-drop=NET_RAW \
-p 53:53/udp -p 53:53/tcp \
-p 80:80/tcp \
-p 443:443/tcp \
-v /srv/pihole/etc/pihole:/etc/pihole \
-v /srv/pihole/etc/dnsmasq.d:/etc/dnsmasq.d \
-e ServerIP=192.168.0.5 \
-e IPv6=False \
-e DNS1=8.8.8.8 \
-e DNS2=8.8.4.4 \
-e DNSMASQ_USER=pihole \
-e TZ=Europe/Rome \
-e WEBPASSWORD=******** \
-e VIRTUAL_HOST=pi401.scaramuccia.home \
pihole/pihole:v5.2.1 If I remove the HTH, |
Hmm, I'm on a Synology Nas with version: '3.5'
services:
pihole:
container_name: pihole
hostname: pihole-docker
depends_on:
- unbound
image: pihole/pihole:dev
environment:
- TZ=Europe/London
- ServerIP=192.168.1.253
#- DNS1=8.8.8.8 #not needed in dev image
#- DNS2=8.8.4.4 #not needed in dev image
- PIHOLE_DNS_=8.8.8.8;8.8.4.4;127.0.0.1#5353 #new in dev image
- REV_SERVER=true
- REV_SERVER_DOMAIN=lan
- REV_SERVER_TARGET=192.168.0.1
- REV_SERVER_CIDR=192.168.0.0/16
- SKIPGRAVITYONBOOT=1
volumes:
- ./pihole/configs/pihole/:/etc/pihole/
- ./pihole/configs/dnsmasq.d:/etc/dnsmasq.d/
mac_address: d0:ca:ab:cd:ef:fe
networks:
home:
ipv4_address: 192.168.1.253
restart: always Paging @diginc for thoughts |
I also ran into this after upgrading from |
Adding a cross-reference about the HTH, |
I am also seeing this issue , only happens when DNSMASQ_USER=pihole , if left root this issue is not present. |
This issue has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/dns-service-not-running/42450/3 |
This env says "experimental" - And eventhough the webui states "DNS service not running" it's running and 53 requests are handled like they always have. I like seeing more and more containers focusing on permissions and --cap-add=SYS_PTRACE kindda defeats the purpose of this env. |
Hi @benlenau, BTW I agree w/ you, something should be done: My vote is: HTH, |
My bad. Also hoping for a. :-) |
FYI something related and very weird happens when running PiHole on K3s (kubernetes distribution) - Maybe we could move to |
I've installed today rocky linux 8.5 and moved my pihole installation from my rapspberry pi to amdoxker container on my nuc. setting cap or user to root seems to workaround the issue but it would be nice to have a better solution. |
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
I've added a note to the readme for the time being, as we recently defaulted to running |
We should indeed replace Check out my branch Note 1: These are poof-of-concept branches. I did not check dependencies that may need to be installed. Note 2: I prefer the long-options as it makes it easier to see what is happening without having to go the the Note 3: Once we have settled to one of the solutions, I will replace the remaining use of |
This issue has been mentioned on Pi-hole Userspace. There might be relevant details there: https://discourse.pi-hole.net/t/dns-service-not-running-on-raspberry-pi-4b/52195/14 |
Hi @DL6ER,
where did you push your PoCs? Edit: found them ;):
TIA, |
If you want to try these in docker easily - you can use the |
Obviously |
This will be fixed shortly in the next release |
Looks like it was fixed in pihole v5.8 |
At the moment the best answer I can give you is "when it's ready", was hoping to tag straight away but have come up against a snag |
Should now be fixed... please report back! |
I can confirm the fix, thank you for your work and have a great day! |
Fixed for me, thanks! |
Confirm that the issue resolved in docker tag 2022.01.1. Thankyou for the prompt fix! |
same here 👍 |
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Can also confirm docker tag 2022.01.1 is running fine on top of Kubernetes cluster. |
Hi @PromoFaux and @DL6ER,
Thanks for the hard work! |
Great stuff, thanks for letting us know! |
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
Versions
Running docker tag image
v5.2.1
,$ docker exec -it pihole pihole -v
:Platform
Running using docker tag image
v5.2.1
,10.5
Expected behavior
Status in the dashboard should show: "Active"
Actual behavior / bug
Status in the dashboard shows: "DNS service not running"
Steps to reproduce
Steps to reproduce the behavior:
Asking for the
pihole status
shows:$ docker exec -it pihole pihole status [✗] DNS service is NOT listening
while if you add the following argument to the
docker run
command,--cap-add=SYS_PTRACE
, you'll get:$ docker exec -it pihole pihole status [✓] DNS service is listening [✓] UDP (IPv4) [✓] TCP (IPv4) [✓] UDP (IPv6) [✓] TCP (IPv6) [✓] Pi-hole blocking is enabled
This is a regression added w/ pi-hole/pi-hole@6009e86 since
lsof
requires to read/proc/*/stat
. See ptrace(2).When the cap is there:
Shortly:
lsof
is not Docker friendly unless usingCAP_SYS_PTRACE
.I'm not sure if the fix here is just to make a clear mention of the new cap requirement in the README or to find another way to provide that beautiful report.
HTH,
Matteo
The text was updated successfully, but these errors were encountered: