I think LXC needs to be privileged container.
I am running Graylog in Docker in LXC in Proxmox and had to set the container to privileged. Been running great for almost a half year now. I will state I have seen the same comments that Docker and LXC can have some stability issues, but it does work for me. The video from Tom was a great foundation to get started.
OK, I am way behind on my container knowledge here, but… Why are you running a container inside another container? That seems like running virtual box inside another VM. Can’t you just run the Graylog container inside the LXC system without having Docker as an additional layer?
This would be the better option. Build this with the available apt packages.
https://go2docs.graylog.org/5-0/downloading_and_installing_graylog/ubuntu_installation.html#
Hi, I can confirm that this runs smoothly in a small homelab with a Raspberry Pi 5 8GB.
Yes it seems illogical, but it works and a LXC container can be moved very easily between proxmox nodes in HA systems. The Docker container provides one more layer of abstraction but really no impact to performance and very easy to update the components with just two commands:
docker compose pull
docker compose up -d
and cleanup easy with the prune command
Plus I don’t have to go all over the file system to make configuration changes just the one file that contains the YAML for the containers.
But it does have an impact on security, if you are running the LXC container in privileged mode:
See here: Linux Container - Proxmox VE
…and here: Linux Containers - LXC - Security
But sure, you can do it that way and it works. However, I would generally recommend using a VM for Docker.
I was wondering if anybody had any examples on how to do this with a connection to an nfs share
1 Like
I just updated the Docker Compose file on my GitHub and the change is not just for new installs but also for people updating existing ones.
OpenSearch now requires that a password be set in the enviroment variables and if that is missing then it will not start.
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=SetPassw0rdL3ttersAndNumb3r5"
1 Like
I will try not too stray too far off-topic. But I’m having trouble converting this particular configuration to run in Google Kubernetes Engine (GKE), and I’m hoping someone can shed some light on this for me. Rather than post the MANY changes in the way things are configured, I’d like to just hone in on one particular problem I’m having with the graylog_data volume and the graylog.conf file.
Essentially, I’m trying to figure out HOW the following files are being created on the persistent volume?
/usr/share/graylog/data/config/graylog.conf
/usr/share/graylog/data/config/log4j2.xml
In particular, when I’m spinning up my kubernetes deployment, it can’t locate the graylog.conf. In testing, I’m spinning the graylog container in Docker AND in GKE. And I’m running the entrypoint of sleep infinity so I can login to both containers to compare them.
In the Docker Compose on Desktop, I can see the file is being created, and in GKE, I can see that it is NOT being created. Can anyone explain how the /usr/share/graylog/data/config/graylog.conf file is being generated/created? I don’t see that particular path spelled out anywhere in the yaml file. I only see it being specified as located at /usr/share/graylog/config/graylog.conf, which turns out to be a directory in the Docker Compose container, not an actual file. So even that is confusing.
I’d really appreciate some pointers in where I might look to start troubleshooting why that file can’t be found in my GKE container.
Ahh, maybe that explains why I’ve had to manually start it and then restart Graylog after any reboots of the VM (I set up a cron script, but didn’t really delve into why I needed to do this). thanks!
UPDATE: So, I just bypassed the problem. I mounted the persistent volume to ./datanew and booted the container. then I copied the data “cp -r ./data/* ./datanew”. Then, I adjusted the yaml file back to data, and then it booted up just fine.
It seems as though, possibly, Kubernetes (GKE) can’t take the data from an image, and then load that data into the persistent volume at spin-up/apply. I can’t know for sure, but I’m moving on with it, the way it is. 
Thanks for the base configuration!
Trying to install graylog, on Proxmox, realized I had to configure the VM as “host”, however, It seems I cannot start docker-compose.
Seems to be complaining about permissions:
javier@ubuntu-server:~/graylog$ docker-compose up
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 791, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 497, in _make_request
conn.request(
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 395, in request
self.endheaders()
File “/usr/lib/python3.12/http/client.py”, line 1331, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.12/http/client.py”, line 1091, in _send_output
self.send(msg)
File “/usr/lib/python3.12/http/client.py”, line 1035, in send
self.connect()
File “/usr/lib/python3/dist-packages/docker/transport/unixconn.py”, line 27, in connect
sock.connect(self.unix_socket)
PermissionError: [Errno 13] Permission denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 486, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 845, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/urllib3/util/retry.py”, line 472, in increment
raise reraise(type(error), error, _stacktrace)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/urllib3/util/util.py”, line 38, in reraise
raise value.with_traceback(tb)
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 791, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/urllib3/connectionpool.py”, line 497, in _make_request
conn.request(
File “/usr/lib/python3/dist-packages/urllib3/connection.py”, line 395, in request
self.endheaders()
File “/usr/lib/python3.12/http/client.py”, line 1331, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File “/usr/lib/python3.12/http/client.py”, line 1091, in _send_output
self.send(msg)
File “/usr/lib/python3.12/http/client.py”, line 1035, in send
self.connect()
File “/usr/lib/python3/dist-packages/docker/transport/unixconn.py”, line 27, in connect
sock.connect(self.unix_socket)
urllib3.exceptions.ProtocolError: (‘Connection aborted.’, PermissionError(13, ‘Permission denied’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/docker/api/client.py”, line 214, in _retrieve_server_version
return self.version(api_version=False)[“ApiVersion”]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/docker/api/daemon.py”, line 181, in version
return self._result(self._get(url), json=True)
^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/docker/utils/decorators.py”, line 46, in inner
return f(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/docker/api/client.py”, line 237, in _get
return self.get(url, **self._set_request_timeout(kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 602, in get
return self.request(“GET”, url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/requests/sessions.py”, line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/requests/adapters.py”, line 501, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: (‘Connection aborted.’, PermissionError(13, ‘Permission denied’))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/usr/bin/docker-compose”, line 33, in
sys.exit(load_entry_point(‘docker-compose==1.29.2’, ‘console_scripts’, ‘docker-compose’)())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/compose/cli/main.py”, line 81, in main
command_func()
File “/usr/lib/python3/dist-packages/compose/cli/main.py”, line 200, in perform_command
project = project_from_options(‘.’, options)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/compose/cli/command.py”, line 60, in project_from_options
return get_project(
^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/compose/cli/command.py”, line 152, in get_project
client = get_client(
^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/compose/cli/docker_client.py”, line 41, in get_client
client = docker_client(
^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/compose/cli/docker_client.py”, line 170, in docker_client
client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/docker/api/client.py”, line 197, in init
self._version = self._retrieve_server_version()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/docker/api/client.py”, line 221, in _retrieve_server_version
raise DockerException(
docker.errors.DockerException: Error while fetching server API version: (‘Connection aborted.’, PermissionError(13, ‘Permission denied’))
I figured out what was the problem:
I missed that after adding the user to the group: sudo usermod -aG docker $USER ,
I HAD to log off and log in
Looking much better now
1 Like
Hope this is not to much off topic, but does the same YML file run as a Portainer Stack?
I have never tested in in Portainer.