I installed everything on Debian 8/PHP 7 Docker 1.6 (tried also 1.12).
When I Start my docker instance I got the following errors, repeating every seconds:
wsd-00024-0024 0:00:01.008353 [ loolwsd ] WRN Util::requestTermination: Exception: cannot terminate process
Generating RSA private key, 2048 bit long modulus
..........+++
...................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
..............................+++
.....+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolwsd version details: 1.9.6 - 1.9.6
loolforkit version details: 1.9.6 - 1.9.6
frk-00032-0032 0:00:00.000920 [ loolforkit ] FTL Capability cap_sys_chroot is not set for the loolforkit program.
frk-00032-0032 0:00:00.000974 [ loolforkit ] FTL Capability cap_mknod is not set for the loolforkit program.
frk-00032-0032 0:00:00.001007 [ loolforkit ] FTL Capability cap_fowner is not set for the loolforkit program.
wsd-00023-0023 0:00:01.008631 [ loolwsd ] WRN Util::requestTermination: Exception: cannot terminate process
Can confirm, I am having the same issue with the latest pull. I am running the same stack as righter1983.
Generating RSA private key, 2048 bit long modulus
.+++
....................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
....+++
...........+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolwsd version details: 1.9.6 - 1.9.6
loolforkit version details: 1.9.6 - 1.9.6
frk-00033-0033 0:00:00.001055 [ loolforkit ] FTL Capability cap_sys_chroot is not set for the loolforkit program.
frk-00033-0033 0:00:00.001342 [ loolforkit ] FTL Capability cap_mknod is not set for the loolforkit program.
frk-00033-0033 0:00:00.001670 [ loolforkit ] FTL Capability cap_fowner is not set for the loolforkit program.
wsd-00024-0024 0:00:01.010505 [ loolwsd ] WRN Util::requestTermination: Exception: cannot terminate process
Same problem, with Debian 8, php 5.6, docker 1.12.3:
Generating RSA private key, 2048 bit long modulus
................................................................+++
..................................................................................................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
......+++
..+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolwsd version details: 1.9.6 - 1.9.6
loolforkit version details: 1.9.6 - 1.9.6
frk-00033-0033 0:00:00.000476 [ loolforkit ] FTL Capability cap_sys_chroot is not set for the loolforkit program.
frk-00033-0033 0:00:00.000525 [ loolforkit ] FTL Capability cap_mknod is not set for the loolforkit program.
frk-00033-0033 0:00:00.000559 [ loolforkit ] FTL Capability cap_fowner is not set for the loolforkit program.
wsd-00024-0024 0:00:00.755185 [ loolwsd ] WRN Util::requestTermination: Exception: cannot terminate process
Generating RSA private key, 2048 bit long modulus
.......................................................................................................................................................+++
..........+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
........................................................................................+++
..........................................................+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolwsd version details: 1.9.6 - 1.9.6
loolforkit version details: 1.9.6 - 1.9.6
frk-00032-0032 0:00:00.000436 [ loolforkit ] FTL Capability cap_sys_chroot is not set for the loolforkit program.
frk-00032-0032 0:00:00.000464 [ loolforkit ] FTL Capability cap_mknod is not set for the loolforkit program.
frk-00032-0032 0:00:00.000490 [ loolforkit ] FTL Capability cap_fowner is not set for the loolforkit program.
wsd-00023-0023 0:00:00.757516 [ loolwsd ] WRN Util::requestTermination: Exception: cannot terminate process
Then I ran the same image on my local desktop, with Archlinux but the same docker version (1.12.3), and no php installed, and it seems ok:
Generating RSA private key, 2048 bit long modulus
.+++
.............+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...........................................................+++
.....+++
e is 65537 (0x10001)
Signature ok
subject=/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost
Getting CA Private Key
loolwsd version details: 1.9.6 - 1.9.6
loolforkit version details: 1.9.6 - 1.9.6
office version details: { "ProductName": "Collabora Office", "ProductVersion": "5.1", "ProductExtension": ".10.11", "BuildId": "7512f1e1867672c06d987a94edb07f0a7ea0fc1e" }
If it’s related to loolforkit, then it’s the LO version the cause of the error. On debian 8, LO is on 4.3.3-2 and on archlinux I have 5.2.2-2. I’m going to try with the jessie-backports version, which is 5.2.3-rc1-4.
I have upgraded libreoffice, but I still have the same error, and loolwsd and loolforkit are still in 1.9.6 version. And it’s the same libreoffice online on archlinux too, soo it maybe not a version problem.
Sorry, it must be to early in the morning. The loolwsd and loolforkit must be the docker image versions. It would be usefull to have the dockerfile of the collabora/code image, and also a fewer tags than latest.
@wisdom923 I don’t even know where to signal the problem. I tried to add a comment on docker hub and I’m waiting for an answer next week. I don’t think that the bugzilla of the documentfoundation is the right place for this, maybe I’m wrong.
Maybe it’s a kernel problem, something like this one.
I ran into the same problem on debian wheezy. It seems that the docker storage driver AUFS and debian 8 do not fit together. [EDIT2] As this post is referenced often other systems seem have problems with theyr default storage driver as well.
The solition is to change the docker storage driver, e.g. to devicemapper. Under Debian 8 or 9 proceed as follows (as root user in this example):
[EDIT2] The “systemd” solution I initially posted still should work fine for anybody using it … but as always solutions change over time. @almereyda mentioned below that you can use a json config file (tested with docker ce 17_09 on debian 9) :
editor /etc/docker/daemon.json
That file should (at least) contain:
{
"storage-driver": "devicemapper"
}
If you want to use another storage-driver or change more options for dockerd, at the end of this post there is another EDIT2 Block containing links to other storage driver options and the daemon.json file itself.
If you would want to get rid of all old containers, enter
docker system prune
and confirm that you will delete any and all old containers.
This will delete any and all old containers - which is why you have to consciously enter “y”. If you have more going on in docker please consider how to get your other containers running on the new storage location. You have been warned.
[EDIT2] @almereyda “made me” revisit my solution. I do not disagree with your post. Two thoughts on that:
Docker thankfully provides a userguide on how to choose the storage driver and configuration details for any . As the choice of the storage driver for docker might be a “moving target” as technology evolves, it is defenitely worth taking a look if my post is still up to date (see above)
At the time of updating this article for the 2nd time (November 2017), Docker CE still would use aufs as per default on Debian and Ubuntu. The preference is noted as follows in the docker storagedriver/selectadriver article (Link 2. above):
Docker CE on Debian aufs, devicemapper, overlay2 (Debian Stretch), overlay, vfs
As far as I can see, besides “aufs”, “devicemapper” is still the preferred choice for all OS’es other than Debian and Ubuntu.
So, in order to use collabora which should not store any persistent data I will stick with “devicemapper”, as this is still the “most preffered” way by docker standards besides aufs - which produces the problems leading to this post.
If you have other use cases to consider ( = docker containers that need to persist data, like maybe nextcloud) feel free to use overlay2 storage driver instead - most likely you are correct about the simplicity of that driver .
Dockerd has its own config in /etc/docker/daemon.json …
Finally! - this means that the Systemd unit has not to be touched any more. Sooo…
I test installed docker on a “virgin” Debian 9. Docker CE provides the option which makes the configuration much simpler. If you have special needs that should be configured take a look at (Link 3 above).
Done reading - the recommenced solution by docker is be to use a drop in configuration file under /etc/systemd/system/docker.service.d/
containing all configuration parameters that need change. The docker page contains good information on how to do that.
Still, using a custom docker.service unit is sufficient but an oversized solution knowing there is a better way… I’ll change my configuration and update the solution I initially posted.
In newer Docker versions, you will want to adapt the configuration in /etc/docker/daemon.json. Additionally, devicemapper is hard to configure for production environments and preferably replaced by overlay2 for Debian Stretch hosts.
I am working with centos7 and I have the same error in docker, as I do so that docker can use the self-signed .crt and .key and I do not get the same error … help me please estimate.
Hey guys as far as I could trace this
if you are running collabora in docker or directly on a maschine that has its filesystem mounted as a nfs you can not use capabilities since they are not supported by NFS.
The fix is to disable the capabilities check by passing --o:security.capabilities=false to loolwsd
You have a resolution to work around ?
This will delete any and all old containers - which is why you have to consciously enter “y”. If you have more going on in docker please consider how to get your other containers running on the new storage location. You have been warned.
.