Quickly fix FTL not starting in Docker

chrkli · March 26, 2022, 10:11am

Hi all,

I’m using the module nethserver-pihole made by @stephdl and it works like a charm.

Today, I’ve updated the docker container as I do regularly, but afterwards, pihole did not came up the way it used to do:

pihole status reported the container in state unhealthy
WebUI showed in top-left status "DNS service not running"
Attaching to the container’s commandline to check and restart FTL inside the container did not work, either

Still inside the container’s bash, displaying the log file finally gave a hint:

tail -f /var/log/pihole-FTL.log
[...snip...]
[2022-03-26 09:34:53.421 11844M]  -> Unique clients: 0
[2022-03-26 09:34:53.421 11844M]  -> Known forward destinations: 0
[2022-03-26 09:34:53.421 11844M] Successfully accessed setupVars.conf
[2022-03-26 09:34:53.423 11844M] FATAL ERROR in dnsmasq core: failed to create listening socket for port 53: Permission denied
[2022-03-26 09:34:53.432 11844M] ########## FTL terminated after 57ms  (code 1)! ##########

After some research, I’ve found out that there was an upstream change in Januar 2022 (Release 2022.01 · pi-hole/docker-pi-hole · GitHub) in regard to the user running FTL inside the container (formerly: root since 01/22: pihole)

I’ve borrowed a workaround from the following Github-Issue:
Docker on Synology keeps stopping with Failed to set capabilities for pihole-FTL. Cannot run as non-root. · Issue #963 · pi-hole/docker-pi-hole · GitHub
Summary: Add the variable DNSMASQ_USER=root to the docker environment.

The following surely is not the best or most elegant way to achieve a running instance on Nethserver, but the only way I managed to think of in my need to get it up running again. @stephdl May it be possible that you include this change inside nethserver-pihole?

1. open the e-smith action file in an editor
nano /etc/e-smith/events/actions/nethserver-pihole-docker-creation

2. insert the line
-e DNSMASQ_USER=root\
in each invocation of docker run

3. save an force upgrade of pihole-container
pihole upgrade

4. watch it boot

[root@nethserver ~]# pihole bash
root@pi:/# tail -f /var/log/pihole-FTL.log

Hopefully this helps in case of an “emergency”
However, I’m sure this cannot be the final solution for it!

pike · March 26, 2022, 10:14am

Thanks for sharing. Maybe @stephdl could take some hints from this littlehowto. And maybe update the wiki about piHole

stephdl · March 26, 2022, 11:24am

thank for the hint, but today I did the upgrade and pihole is up, so I cannot reproduce


[root@firewall ~]# pihole status
# pihole status
healthy
# pihole container ps
4cf47d5979de   pihole/pihole:latest            "/s6-init"               5 hours ago    Up 5 hours (healthy)   53/udp, 53/tcp, 80/tcp, 67/udp   pihole

sometimes the container doesn’t start after an upgrade, I usually do a pihole upgrade again

see my pihole env


[root@firewall ~]# pihole env
# Pihole Environment variable
[IPv6=false
DNS2=9.9.9.10#53
DNSMASQ_LISTENING=local
TZ=UTC
WEBPASSWORD=password
VIRTUAL_HOST=pi.hole
dns=1.1.1.1
DNS1=9.9.9.9#53
PATH=/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
phpver=php
PIHOLE_DOCKER_TAG=2022.02.1
S6_OVERLAY_VERSION=v2.1.0.2
PIHOLE_INSTALL=/etc/.pihole/automated
install/basic-install.sh
PHP_ENV_CONFIG=/etc/lighttpd/conf-enabled/15-fastcgi-php.conf
PHP_ERROR_LOG=/var/log/lighttpd/error.log
S6_LOGGING=0
S6_KEEP_ENV=1
S6_BEHAVIOUR_IF_STAGE2_FAILS=2
ServerIP=0.0.0.0
FTL_CMD=no-daemon
DNSMASQ_USER=pihole]

chrkli · March 26, 2022, 2:23pm

Hi,
Thank you very much for your time invested in trying to replicate my issue.
and for sharing your docker environment, too.

I’ve compared your environment with the the one at my host, however the only differences are the DNS-Server IPs and the variable DNSMASQ_USER=

[root@nethserver ~]# pihole env
# Pihole Environment variable
[IPv6=false
DNS2=192.168.35.30#53
DNSMASQ_LISTENING=local
TZ=Europe/Berlin
WEBPASSWORD=d14b73f42581b8c61fd3a504e9e8cb6c857b4b59
VIRTUAL_HOST=pi.hole
dns=1.1.1.1
DNS1=192.168.35.30#53
PATH=/opt/pihole:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
phpver=php
PIHOLE_DOCKER_TAG=2022.02.1
S6_OVERLAY_VERSION=v2.1.0.2
PIHOLE_INSTALL=/etc/.pihole/automated
install/basic-install.sh
PHP_ENV_CONFIG=/etc/lighttpd/conf-enabled/15-fastcgi-php.conf
PHP_ERROR_LOG=/var/log/lighttpd/error.log
S6_LOGGING=0
S6_KEEP_ENV=1
S6_BEHAVIOUR_IF_STAGE2_FAILS=2
ServerIP=0.0.0.0
FTL_CMD=no-daemon
DNSMASQ_USER=root]

I can confirm this issue but this time the container startet (as I got access to the pihole WebUI). Nevertheless I’ve re-ran pihole upgrade again, testing with and without the modification in nethserver-pihole-docker-creation: Without the addition FTL fails to start.

Two ideas which might change behaviour between our deployments:

I’m using macvlan as network, maybe socket-setup is handled differently?
What about the docker version?

[root@nethserver ~]# docker version
Client: Docker Engine - Community
 Version:           20.10.14
 API version:       1.41
 Go version:        go1.16.15
 Git commit:        a224086
 Built:             Thu Mar 24 01:49:57 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true
Server: Docker Engine - Community
 Engine:
  Version:          20.10.14
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       87a90dc
  Built:            Thu Mar 24 01:48:24 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.5.11
  GitCommit:        3df54a852345ae127d1fa3092b95168e4a88e2f8
 runc:
  Version:          1.0.3
  GitCommit:        v1.0.3-0-gf46b6ba
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

However, at the moment it’s up and running, so everything is fine - let’s see what the next upgrade will bring

stephdl · March 27, 2022, 5:38pm

Name        : docker-ce
Arch        : x86_64
Epoch       : 3
Version     : 20.10.6

I don’t know I will try to update docker, not sure for the macvlan