Can’t connect in Docker

Forum / NoMachine for Linux / Can’t connect in Docker

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #12547
    bigtractor
    Participant

    I’m trying to get NoMachine installed in a docker container running lxde on Ubuntu Xenial, but the client fails to connect and keeps showing a spinner.  Is there something wrong with the attached dockerfile setup?

    MacBook-Air:~ o$ docker run -t -p 4000:4000 -p 22:22 -e PASS=password nomachine-test
    NX> 161 Enabled service: nxserver.
    NX> 162 WARNING: Cannot find X servers running on this machine.
    NX> 162 WARNING: A new virtual display will be created on demand.
    NX> 161 Enabled service: nxd.
    2016-10-01 11:12:37 713.940  2645 NXSERVER Starting NoMachine server 5.1.54 and services.
    2016-10-01 11:12:37 726.296  2645 NXSERVER WARNING! Process ‘/bin/bash –login -c dbus-send –system –dest=org.freedesktop.DBus –type=method_call –print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames’ with pid ‘2655/2655’ finished with exit code 127 after 0,006 seconds.
    2016-10-01 11:12:37 727.046  2645 NXSERVER WARNING! Command for net statistics not found.
    2016-10-01 11:12:37 739.286  2633 NXSERVER WARNING! Sending warning message ‘NX> 162 WARNING: Cannot find X servers running on this machine.’
    2016-10-01 11:12:37 739.461  2633 NXSERVER WARNING! Sending warning message ‘NX> 162 WARNING: A new virtual display will be created on demand.’
    2016-10-01 11:53:08 041.396    20 NXSERVER Starting NoMachine server 5.1.54 and services.
    2016-10-01 11:53:08 050.129    20 NXSERVER WARNING! Process ‘/bin/bash –login -c dbus-send –system –dest=org.freedesktop.DBus –type=method_call –print-reply /org/freedesktop/DBus org.freedesktop.DBus.ListNames’ with pid ’30/30′ finished with exit code 127 after 0,004 seconds.
    2016-10-01 11:53:08 050.828    20 NXSERVER WARNING! Command for net statistics not found.
    2016-10-01 11:53:08 061.047     8 NXSERVER WARNING! Sending warning message ‘NX> 162 WARNING: Cannot find X servers running on this machine.’
    2016-10-01 11:53:08 061.936     8 NXSERVER WARNING! Sending warning message ‘NX> 162 WARNING: A new virtual display will be created on demand.’
    2016-10-01 11:53:19 137.867    50 NXSERVER User ‘user’ logged in from ‘172.17.0.1’ using authentication method password.
    2016-10-01 11:53:22 511.039    67 NXSERVER ERROR! Failed to determine the client IP
    2016-10-01 11:53:22 511.130    67 NXSERVER ERROR! Variables NX_CONNECTION,SSH_CONNECTION,SSH_CLIENT,SSH2_CLIENT not provided.
    2016-10-01 11:53:22 511.181    67 NXSERVER ERROR! Please set SSHDCheckIP=1 if you want to refuse the connection.
    2016-10-01 11:53:22 511.232    67 NXSERVER ERROR! Failed to get remote port. Environment NX_CONNECTION,SSH_CONNECTION,SSH_CLIENT,SSH2_CLIENT not set
    2016-10-01 11:53:22 511.278    67 NXSERVER ERROR! Failed to get local IP. Remote IP is 0.
    2016-10-01 11:53:22 515.504    67 NXSERVER ERROR! Wrong process id, received pid 0.
    2016-10-01 11:53:22 515.616    67 NXSERVER WARNING! Could not get SSHD PID: Process 0 does not have expected name.
    2016-10-01 11:53:22 518.235    67 NXSERVER ERROR! Cannot save forward server pid. ‘value’ for key sshdPid cannot be null
    2016-10-01 11:53:22 535.273    20 NXSERVER WARNING! Cannot read nxnode PID from FD#13.
    2016-10-01 11:53:22 536.063    20 NXSERVER WARNING! Process ‘/usr/NX/bin/nxexec –node –user user –priority realtime –mode 0 –pid 16′ with pid ’79/79’ finished with exit code 1 after 0,007 seconds.

    #12565
    bigtractor
    Participant

    I can’t upload the attachments (“Upload Errors: Sorry, this file type is not permitted for security reasons.”).  So here’s the text:

    DockerFile

    FROM ubuntu:xenial

    ENV DEBIAN_FRONTEND noninteractive

    RUN apt update \
    &&  apt -y upgrade \
    &&  apt install -y –no-install-recommends \
    curl \
    sudo \
    openssh-server \
    lxde \
    &&  rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

    RUN useradd –create-home –shell /bin/bash user \
    &&  adduser user sudo

    RUN curl -L http://download.nomachine.com/download/5.1/Linux/nomachine_5.1.54_1_amd64.deb -o /tmp/nomachine.deb \
    &&  dpkg –install /tmp/nomachine.deb \
    &&  rm /tmp/*.deb \
    &&  apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

    RUN mkdir -p /var/run/sshd \
    &&  sed -i “s/.*PasswordAuthentication.*/PasswordAuthentication yes/g” /etc/ssh/sshd_config \
    &&  sed -i “s/.*UsePAM.*/UsePAM yes/g” /etc/ssh/sshd_config

    COPY run.sh /run.sh
    RUN chmod +x run.sh

    EXPOSE 22 4000 4848

    CMD [“/run.sh”]

    Run.sh

    #!/bin/bash

    PASS=${PASS:-$(pwgen -s 6 1)}
    echo “user:$PASS” | chpasswd

    /etc/NX/nxserver –startup
    tail -f /usr/NX/var/log/nxserver.log

    Digging deeper, I found this in the nxerror.log

    2645 2645 11:12:37 718.294 NXDBusConnect: ERROR! Connection failed: Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

    Does this mean NoMachine can’t run in Docker any longer due to issues with DBus?

     

    Thanks

    #12595
    Cato
    Participant

    Hello bigtractor,

    We experienced similar behaviour when AppArmor blocked access to ‘/proc/‘  directory of container. Possible solution is described in section TROUBLESHOOTING of the following article: https://www.nomachine.com/DT08M00100&dn=docker.

    #12602
    bigtractor
    Participant

    Thanks for your suggestion.  It’s not clear whether the AppArmour tips are intended to be run on the host or the docker container, but since I am testing on OS X I ran them in the docker container with no effect.  The error is still there in nxerror.log

    Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory

    I noticed that the docker knowledgebase article you linked to had been updated since I opened this thread, so I tried following the dockerfile and run script exactly, updating only the version and md5 variables.  Unfortunately it still fails in the exactly the same way as with my own dockerfile.

    Assuming your knowledgebase article has been tested, I can’t understand why it’s not working for me when followed exactly.

    #12642
    bigtractor
    Participant

    There was another stealthy update on the docker page the day of my last comment.  Although the instructions themselves just say to run docker normally, there is now a new comment at the very end saying to run it in privileged mode.  This seems to work, though I can’t understand why NoMachine needs privileged mode.

    Happy to have things working, but little concerned about the stealth updates.  They were clearly done in response to this thread, but no comment made here to help me out.  I had planned to buy workstation packs for our devs, but worried about the quality of support now.

    #12653
    Britgirl
    Keymaster

    @bigtractor, I am not quite sure why you are concerned that we updated our KB article concerning the OS version that you are using. We try to keep our KB up-to-date as much as possible, and that sometimes means that when users report issues on the forums, we take time out to check whether specific OS versions are working as they’re supposed to. We also make regular checks on syntax and so forth, so an update will result even for the removal of a comma.

    The team actually added this part to the article specifically for your case which you took the time to report to us on the forums:

    2) We verified that on Ubuntu 16.04, besides following the above instructions, it’s also necessary to run the container in privileged mode as explained here: https://docs.docker.com/engine/reference/run/

    The developer who replied to you may likely have been preparing his next reply to also inform you that some changes have been made to the article, but I beat him to it 🙂  I will leave it up to Cato to answer your question about privileged mode.

    #12736
    Britgirl
    Keymaster

    @bigtractor after investigating thoroughly, we can now say what exactly is triggering ‘privileged mode’. It’s caused by the PTRACE parameter which is not provided by the default docker AppArmor profile.

    It was enabled for Docker on Ubuntu 14.04 by default, so our article was fine for this platform. But not for 16.04. The same workaround also applies to OS X.

    We’ve added a note for 16.04, so the article has been updated since you last wrote here. https://www.nomachine.com/DT08M00100

Viewing 7 posts - 1 through 7 (of 7 total)

This topic was marked as solved, you can't post.