Starting st2 in minikube following the directions on https://github.com/StackStorm/st2-docker/tree/master/runtime/kubernetes-1ppc

minikube version: v0.25.0
kubectl version: Client Version: 1.9.2, Server Version: v1.9.0
Docker version 17.05.0-ce, build 89658be
on Ubuntu 14.04

However the Jobs won't execute successfully:

kubectl get jobs
NAME                        DESIRED   SUCCESSFUL   AGE
init-st2-default-files      1         0            19m
init-st2-register-content   1         0            19m

I found errors related to a read-only mount and missing folders:

# logs for init-st2-default-files
mount: block device /opt/stackstorm is write-protected, mounting read-only
mount: cannot mount block device /opt/stackstorm read-only

# logs for st2-register-content
[...]
ValueError: Directory "/opt/stackstorm/packs/chatops" doesn't exist

Any idea what might be going on, and what I need to do to fix it?

Thanks!

Chatops is not included in these docker images. I didn't realize that until someone mentioned it in slack (iirc). I would like to use chatops eventually.

Please, either include chatops, or, document what it takes to get it installed. A note in the readme saying that it is not included by default (and why) with links to install docs would work for me.

Hi All,

Im getting below error when I'm trying to run any command on st2.

root@784fdededd7:/# st2 action list
ERROR: ('Connection aborted.', error(104, 'Connection reset by peer'))

I see from the logs that, st2 is able to communicate to mongo, postgres and rabbitmq. No issues with that. Im cloning st2-docker on to my machine. The only change I do is, in docker-compose file I will be giving path to stackstorm dockerfile for building image.
Please help, im stuck with the error from last 1 week and I'm not able to proceed with this.

Im adding the stackstorm dockerfile for reference.

ae.txt

1. Problem:
   Mistral server does not start
2. Steps to reproduce:
   -- clone repo
   -- make env
   -- make up
   and run:
   -- docker exec -it stackstorm st2ctl status

##### st2 components status #####
st2actionrunner PID: 86
st2actionrunner PID: 91
st2actionrunner PID: 94
st2actionrunner PID: 102
st2api is not running.
st2stream PID: 54
st2stream PID: 219
st2auth PID: 40
st2auth PID: 220
st2garbagecollector PID: 37
st2notifier PID: 47
st2resultstracker PID: 45
st2rulesengine PID: 50
st2sensorcontainer PID: 35
st2chatops is not running.
mistral-server is not running.
mistral-api is not running.

3. Versions:

# docker --version
Docker version 17.09.1-ce, build 19e2cf6
# docker-compose --version
docker-compose version 1.11.2, build dfed245

The following log entry was seen in st2api.log:

2017-04-27 19:36:15,425 139761017480048 WARNING coordination [-] Coordination backend is not configured. Code paths which use coordination service will use best effort approach and race conditions are possible.

Yuck.

The instructions in the "Adding a rule" section of the README does not appear to be correct. It instructs users to run:

echo "    - /tmp/date.log" >> /opt/stackstorm/packs/linux/config.yaml
st2ctl reload

But this /opt/stackstorm/packs/linux/config.yaml file does not exist. Additionally, after running st2ctl reload, there is an error:

root@03b58f3434ed:/# echo "    - /tmp/date.log" >> /opt/stackstorm/packs/linux/config.yaml
root@03b58f3434ed:/# st2ctl reload
Registering content...[flags = --config-file /etc/st2/st2.conf --register-runners --register-actions --register-aliases --register-sensors --register-triggers --register-configs --register-rules]
2017-07-07 14:56:37,688 INFO [-] Connecting to database "st2" @ "mongo:27017" as user "None".
2017-07-07 14:56:37,772 INFO [-] =========================================================
2017-07-07 14:56:37,772 INFO [-] ############## Registering triggers #####################
2017-07-07 14:56:37,772 INFO [-] =========================================================
2017-07-07 14:56:37,800 WARNING [-] Pack "linux" contains a deprecated config.yaml file (/opt/stackstorm/packs/linux/config.yaml). Support for "config.yaml" files has been deprecated in StackStorm v1.6.0 in favor of config.schema.yaml config schema files and config files in /opt/stackstorm/configs/ directory.Support for config.yaml files will be removed in next major release  (v2.4.0) so you are strongly encouraged to migrate. For more information please refer to https://docs.stackstorm.com/reference/pack_configs.html 
2017-07-07 14:56:37,816 INFO [-] Registered 0 triggers.
2017-07-07 14:56:37,817 INFO [-] =========================================================
2017-07-07 14:56:37,817 INFO [-] ############## Registering sensors ######################
2017-07-07 14:56:37,817 INFO [-] =========================================================
2017-07-07 14:56:37,840 INFO [-] Registered 1 sensors.
2017-07-07 14:56:37,841 INFO [-] =========================================================
2017-07-07 14:56:37,841 INFO [-] ############## Registering runners ######################
2017-07-07 14:56:37,841 INFO [-] =========================================================
2017-07-07 14:56:38,059 INFO [-] Registered 13 runners.
2017-07-07 14:56:38,059 INFO [-] =========================================================
2017-07-07 14:56:38,059 INFO [-] ############## Registering actions ######################
2017-07-07 14:56:38,059 INFO [-] =========================================================
2017-07-07 14:56:38,922 INFO [-] Registered 52 actions.
2017-07-07 14:56:38,922 INFO [-] =========================================================
2017-07-07 14:56:38,922 INFO [-] ############## Registering rules ########################
2017-07-07 14:56:38,922 INFO [-] =========================================================
2017-07-07 14:56:38,970 WARNING [-] Failed to register rules: Failed to register rule "/opt/stackstorm/packs.dev/examples/rules/monitor_file.yaml" from pack "examples": A simple trigger should have been created when registering triggertype. Cannot create trigger: {'type': 'linux.file_watch.line', 'parameters': {}, 'pack': 'linux'}.
Traceback (most recent call last):
  File "/usr/bin/st2-register-content", line 22, in <module>
    sys.exit(content_loader.main(sys.argv[1:]))
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/content/bootstrap.py", line 387, in main
    register_content()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/content/bootstrap.py", line 362, in register_content
    register_rules()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/content/bootstrap.py", line 248, in register_rules
    raise e
ValueError: Failed to register rule "/opt/stackstorm/packs.dev/examples/rules/monitor_file.yaml" from pack "examples": A simple trigger should have been created when registering triggertype. Cannot create trigger: {'type': 'linux.file_watch.line', 'parameters': {}, 'pack': 'linux'}.
##### st2 components status #####
st2actionrunner PID: 137
st2actionrunner PID: 145
st2actionrunner PID: 157
st2actionrunner PID: 161
st2api PID: 71
st2api PID: 240
st2stream PID: 73
st2stream PID: 223
st2auth PID: 62
st2auth PID: 230
st2garbagecollector PID: 60
st2notifier PID: 66
st2resultstracker PID: 64
st2rulesengine PID: 69
st2sensorcontainer PID: 59
st2chatops is not running.
mistral-server PID: 413
mistral-api PID: 405
mistral-api PID: 435
mistral-api PID: 436

Blocked waiting until CircleCI 2.0 is available. In the meantime, we're using docker hub to build image whenever changes are pushed to master.

Hi there, the Ansible Integration Pack install needs some prereqs i.e. a compiler and krb5 libs which is fine on a local install but how to satisfy this in a running container? Do I need to add to the Dockerfile and rebuild?

Many TIA, Phil

Using the docker containers and docker-compose.

My only change is the stackstorm password in conf/stackstorm.env. Everything starts up in docker, but I get this error when trying to login to the gui:

"Unable to reach auth service. [auth:true]"

I can docker exec into the stackstorm container and check the logs, but it looks like the auth tokens are being generated and whatnot, there's just some disconnect between the ui and st2auth service ?

Thanks,
John

Version Tags

Problem Statement

Today, the versioning semantics of the stackstorm/stackstorm docker image do not meet the requirements of all users. In particular, whenever we merge changes to the st2-docker:master branch, CircleCI builds and deploys two images to docker hub. The first image has a version tag based on the most recent git tag in the st2-docker repo, and the second image has a version tag equal to latest. The problem is that the former image changes fairly regularly - which is not desired. The recommendation is that images with a semver-based version tag should be immutable.

With immutable images, it is important to consider how to version security updates (or more generally, patches) to files not provided by the st2 packages. For example, if there's a security flaw in a a system library provided by the underlying OS, then it should be possible to update the image without having to wait for the next version of StackStorm.

Another problem is that the nightly dev images do not have a latest version tag, or any means of retrieving older versions of the dev image using a version tag.

Proposed Solution

An image with a version tag equal to a semver (e.g. 2.5.0) must now be immutable. A version tag
equal to a two digit number (e.g. 2.5) is always mutable and guaranteed to point at the most recent 2.5-based image. Likewise, a version tag equal to latest is always mutable and contains latest changes merged to the st2-docker:master branch.

If a security update/patch is required for an immutable image, we take the version tag of the immutable image and append .nnn, where nnn is a three digit number beginning at 001. This is done in a manner similar to that used by vim. The two digit version tag is updated to point to this image before deploying to docker hub.

We propose creating a new image named stackstorm-dev which always uses the latest unstable StackStorm packages. The semantics of the version tags described in the previous paragraph now apply to both the stackstorm and stackstorm-dev images. However, instead of using a semver to tag the nightly stackstorm-dev image, we propose using the date instead.

While it would be simpler to deploy the stackstorm image from only the master branch, at some point we may need to use a release branch. Can we get away with only branching when required? If a backward incompatible change is made to the Dockerfile, then branch so prior versions do not pick up the change.

Specifying an Image

If a specific image is required, it is best to be explicit. For example:

stackstorm/stackstorm:2.5.0@{4e0e5869e784}

This way, even if the image tagged 2.5.0 ever changed, you would still get the image with the specified hash.

Details

To clear up any potential confusion regarding versioning of the stackstorm/stackstorm image,
we use the following table.

For sake of example, assume that 2.5.0 is the latest stable StackStorm version.

I just get 'network error' when logging in through the WEB UI. I've tried using minikube and the kubernetes bundled in docker 'edge' both give the same result. I'm using 'admin/changeme' as specified in configmaps.yml.

The containers come up fine and I see no errors. This is maybe not a surprise because I don't see any 'errors' in my pods via the dashboard... looks like the st2 processes don't log to stdout/stderr?

Thank you for developing this great software, this is quite useful for me.
BTW, I found a problem, or just my failure, about accessing st2 from host that runs st2-docker.

Through the Nginx, we can access to the st2auth and st2api from remote node when I install st2client and set the environment variables about ST2 like this.

When I run st2 pack install command, an error message was shown and exit status of the st2 command would be 1.

But the packs.install workflow was run normally and install processing was succeeded.

I set a configuration silence_ssl_warnings to ignores the ssl verification warning.

And I registered the CAcert of st2-docker to avoid that probolem.

But that error message was shown and st2 pack install command was failure (although the install processing was run and succeeded) as shown before.
And the case of uninstalling pack, the same phenomenon also be occurred.

Here is the execution environment that causes that phenomenon.

Thank you.

I'm currently trying to use the stackstorm/stackstorm:2.4.1 container with external mongo, rabbitmq, postgres, and redis servers. Everything seems to start up fine but when I try to log in I get an error: "Nginx is unable to reach st2api. Make sure service is running."

In the container I can see that st2api is running but netstat shows nothing is listening on http://127.0.0.1:9101. I've included the st2api log file below.

This one is the initial log file created after the container first started.
st2api_after_container_start.log

After that I enabled debug in st2.conf and deleted the log file and restarted st2api to get this log file.
st2api_after_debug_enabled.log

There are some messages about duplicate keys but nothing that really stands out to me beyond that. But it looks like it might be in a loop trying to initialize.

In StackStorm container, I get warnings from urllib3 when running a module manually. I suspect this will show up in many other places too.

2017-06-28 15:55:36,218 ERROR [-] /opt/stackstorm/st2/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
SNIMissingWarning

2017-06-28 15:55:36,218 ERROR [-] /opt/stackstorm/st2/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning

I've tried forcing requests[secure] and urllib3[secure] but we really need a newer python version to fix the SNI issue.

root@56b83c8b706d:/# python --version
Python 2.7.6

root@56b83c8b706d:/# python --version
Python 2.7.6

I suggest going to 16.04 for the base image, it's the new LTS...

README refers to examples/actions, that is not included in this repo.

cp -R examples/actions/actions.hello.yaml packs.dev/examples/actions

Did I miss something?

Currently all envvars used in container is in *.env file according to docker-compose.yml, which need to be generated by running bin/write-env.sh after cloning this repository to somewhere

I think it is easier and convenient for users to see all supported envvars and those meanings by listing up them on README.md?

The details for the chatops tuts will be helpful

Please do not modify this entry as it will be overwritten. I am maintaining markup in a separate file. Leave a new comment with any suggestions.

Objective

To provide an official Docker-based solution for StackStorm. It may be used for evaluation, pack development, and light production. Long term, we expect to provide a Docker-based solution that makes it easy to scale and build a highly available system that can be used in production.

Roadmap

We welcome you to submit issues and PR's. We expect the roadmap to change as new requests are submitted. The following short and long term tasks and goals have been identified.

Short term

Besides the known issues, we plan to complete the following within the next couple weeks:

• Investigate supporting Docker Stack in addition to Docker Compose.
• Remove VOLUME instruction in current Dockerfile. Update README.md with instructions on how to change docker-compose.yml, or do similar via CLI.
• Remove Dockerfile#L74 and add /entrypoint.d like this: entrypoint.sh#L60-L67. Update README.md with instructions on how to modify pack_base_path.

Long term

These are features or tasks we expect to work on in the future. As we begin work, they will be moved to the "Short term" section.

• Create an image that supports running one app per container (see docker-compose.yml). This makes it easy to scale, and build a highly available system.
  • Heed 12 Fractured Apps, Twelve-Factor App: Logs and Twelve-Factor App: Concurrency
  • Identify any possible required changes to st2 repo.
• Support for K8S.
• Support for Swarm.
• Support for Consul.

I noticed the following in the docker-compose.yml file:

    cap_add:
      - SYS_ADMIN

SYS_ADMIN is effectively root privileges - i.e. if the stackstorm container is compromised, so is the system. Why is SYS_ADMIN required?

I've spun up stackstorm using the docker-compose method, and that seems to work.

... but then I decided that I would rather start to future proof myself, so i decided to try doing it with the new kubernetes support in the Edge channel of Docker-Mac.

Differences: you don't have to use minikube to stand up bits at the beginning. the kubectl that comes with docker-mac 'just works'.

Where I get a little fuzzy is on what I should do to replace the 'minikube service st2web --https' command to find the web endpoint -- there's not a minikube in the docker-mac world, and my attempts to dig around with kubectl have revealed what i suspect are correct IPs, but somehow they're not bridged in properly

Note, i'm a k8s n00b so this is complicated stuff to me right now.

I tried instantiating a new ingress controller - which fails with a mysterious message:

The Service "my-service-st2web" is invalid: spec.ports: Invalid value: []api.ServicePort{api.ServicePort{Name:"port-1", Protocol:"TCP", Port:443, TargetPort:intstr.IntOrString{Type:0, IntVal:443, StrVal:""}, NodePort:0}, api.ServicePort{Name:"port-2", Protocol:"UDP", Port:53, TargetPort:intstr.IntOrString{Type:0, IntVal:53, StrVal:""}, NodePort:0}}: cannot create an external load balancer with mix protocols 

My st2web deployed bits look like this:

Name:                     st2web
Namespace:                default
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"st2web","namespace":"default"},"spec":{"ports":[{"port":443,"protocol":"TCP"}]...
Selector:                 app=st2web
Type:                     NodePort
IP:                       10.111.133.6
Port:                     <unset>  443/TCP
TargetPort:               443/TCP
NodePort:                 <unset>  30012/TCP
Endpoints:                10.1.0.18:443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

and my services look like this:

kubectl get services
NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
kubernetes            ClusterIP   10.96.0.1        <none>        443/TCP           51m
mistral-api           ClusterIP   10.109.190.26    <none>        8989/TCP          44m
mongo                 ClusterIP   10.99.12.89      <none>        27017/TCP         44m
postgres              ClusterIP   10.111.33.231    <none>        5432/TCP          44m
rabbitmq              ClusterIP   10.99.132.4      <none>        5672/TCP          44m
rabbitmq-management   NodePort    10.108.147.233   <none>        15672:30152/TCP   44m
redis                 ClusterIP   10.105.221.53    <none>        6379/TCP          44m
st2api                ClusterIP   10.102.172.108   <none>        9101/TCP          44m
st2auth               ClusterIP   10.110.236.163   <none>        9100/TCP          44m
st2stream             ClusterIP   10.100.144.187   <none>        9102/TCP          44m
st2web                NodePort    10.111.133.6     <none>        443:30012/TCP     44m

Now, I think what I'm missing here is probably an externalip for st2web -- and that things are probably only slightly broken at present. I'd appreciate someone else's quick glance, and maybe some advice on where to dig in further. [I've done a lot of web proxy work in the past - so I'm confident that it's just my lack of k8s knowledge blocking me at this point.]

I already have a container called redis on my machine, so I can't run this as well. Could you please update the container names mongo, rabbitmq, postgres, redis to something stackstorm specific? st2redis or similar?

Normally docker compose sets a prefix for all of the container names - not sure why it's not doing it now?

Yuck. I plan to significantly reduce the size of stackstorm/stackstorm:latest. There's no need for it to be this big. No need at all. For example, there's a bunch of unused packages currently installed by buildpack-deps which have no business being in our image...

Reference: StackStorm/st2#3528

st2sensorcontainer runs as st2 user, not root. So, any files needed by sensor must have permissions for the st2 user inside the container. This requires doing things like chown -R st2 /etc/ssl/private or other files/directories required. It would be nice if there was a best practice / example for how to do this -- should you use a custom entrypoint.sh script to bin place stuff?

I just tried running st2ctl clean in the stackstorm container, but it doesn't work because the mongo client isn't installed. Please add a way so that it doesn't give a (somewhat hidden) message that mongo wasn't found. I went looking for the message because the database was most certainly not deleted as I expected.

root@0d48c69bf146:/# st2ctl clean                                                                                                                                                                                                                                              
This will drop the database and delete all logs.  Are you sure [y/n]?
y
st2actionrunner stop/waiting
st2api stop/waiting
st2stream stop/waiting
st2auth stop/waiting
st2garbagecollector stop/waiting
st2notifier stop/waiting
st2resultstracker stop/waiting
st2rulesengine stop/waiting
st2sensorcontainer stop/waiting
st2chatops: unrecognized service
mistral stop/waiting
Dropping st2 Database...
/usr/bin/st2ctl: line 166: mongo: command not found
Cleaning st2 Logs...
Registering content...[flags = --config-file /etc/st2/st2.conf --register-runners --register-actions --register-aliases --register-sensors --register-triggers --register-configs --register-rules]
[snipped]

I have st2-docker installed on a CentOS 7.3 server where I've installed docker. This server is only accessible from within the our corporate LAN. I can access the default webui via a domain name that is mapped to that server's internal IP. However, I can't use a remote copy of st2web. (remote, but still within the corporate lan)

After verifying that the machine with a git clone of st2web can actually access the default webui on docker host, we can't do more than just authenticate with the dockerized st2 in the cloned copy of st2web. (The dev version of st2web is served by gulp.) All of the /api calls complain about a missing header: Cross Site Request Origin Allowed (or something like that).

I tried several permutations of allow_origin in /etc/st2/st2.conf to resolve that:

• allow_origin = *
• allow_origin = http://localhost:3000,http://127.0.0.1:3000,https://<local domain>
• allow_origin = http://localhost:3000,http://127.0.0.1:3000,http://localhost:9101,http://127.0.0.1:9101,https://<local domain>

In the dev copy of st2web, we tried setting the url several different ways. (snippet is in the hosts section of config.js)

url: https://<local domain>:443/api
auth: https://<local domain>:443/auth

url: https://<local domain>:443
api: https://<local domain>:443/api
auth: https://<local domain>:443/auth

url: https://<local domain>:443

url: https://<local domain>:443
auth: true

Auth was successful when both url and auth were specified. api calls were not with any permutation.

I don't need to modify the nginx config do I? I would imagine that st2api would use the allow_origin setting to send the CORS headers. If I were to modify nginx (I haven't tried it), would I need to do something like this: https://enable-cors.org/server_nginx.html

I'm trying to make stackstorm call Docker API via curl but the one provided by the base image (ubuntu:trusty) is not updated and doesn't have any official package. On the other hand, ubuntu:xenial has curl 7.47 and --unix-socket was introduced in version 7.40

If I can find some time, I'll update the base image from ubuntu:trusty to ubuntu:xenial, test it then submit a PR for this.

Hi,

I try to use Stackstorm 2.5.0 but it doesn't work well.

What I could do is...

1. Copy docker-compose file from github.
2. Set proxy setting file in /etc/default
3. execute $ st2ctl restart-component st2api / $ st2ctl restart-component st2actionrunner
   I tried to execute "$ pack install acos" for test. It works well. :)
4. Create action and workflow file.
5. I execute "$ st2 run test.mistral-basic cmd=date" and get error... :(

Please tell me what I should do...

• /opt/stackstorm/packs/test/actions/mistral-basic.yaml

---
description: Run a local linux command
enabled: true
entry_point: workflows/mistral-basic.yaml
name: mistral-basic
pack: test
parameters:
  cmd:
    required: true
    type: string
runner_type: mistral-v2

• /opt/stackstorm/packs/test/actions/workflows/mistral-basic.yaml

version: '2.0'

test.mistral-basic:
    description: A basic workflow that runs an arbitrary linux command.
    type: direct
    input:
        - cmd
    output:
        stdout: <% $.stdout %>
    tasks:
        task1:
            action: core.local cmd=<% $.cmd %>
            publish:
                stdout: <% task(task1).result.stdout %>
                stderr: <% task(task1).result.stderr %>

• Result

| result          | {                                                            |
|                 |     "traceback": "  File                                     |
|                 | "/opt/stackstorm/st2/local/lib/python2.7/site-               |
|                 | packages/st2actions/container/base.py", line 119, in _do_run |
|                 |     (status, result, context) = runner.run(action_params)    |
|                 |   File "/opt/stackstorm/st2/local/lib/python2.7/site-        |
|                 | packages/retrying.py", line 49, in wrapped_f                 |
|                 |     return Retrying(*dargs, **dkw).call(f, *args, **kw)      |
|                 |   File "/opt/stackstorm/st2/local/lib/python2.7/site-        |
|                 | packages/retrying.py", line 206, in call                     |
|                 |     return attempt.get(self._wrap_exception)                 |
|                 |   File "/opt/stackstorm/st2/local/lib/python2.7/site-        |
|                 | packages/retrying.py", line 247, in get                      |
|                 |     six.reraise(self.value[0], self.value[1], self.value[2]) |
|                 |   File "/opt/stackstorm/st2/local/lib/python2.7/site-        |
|                 | packages/retrying.py", line 200, in call                     |
|                 |     attempt = Attempt(fn(*args, **kwargs), attempt_number,   |
|                 | False)                                                       |
|                 |   File "/opt/stackstorm/runners/mistral_v2/mistral_v2.py",   |
|                 | line 235, in run                                             |
|                 |     result =                                                 |
|                 | self.start_workflow(action_parameters=action_parameters)     |
|                 |   File "/opt/stackstorm/runners/mistral_v2/mistral_v2.py",   |
|                 | line 277, in start_workflow                                  |
|                 |     **options)                                               |
|                 |   File "/opt/stackstorm/st2/local/lib/python2.7/site-        |
|                 | packages/mistralclient/api/v2/executions.py", line 59, in    |
|                 | create                                                       |
|                 |     return self._create('/executions', data)                 |
|                 |   File "/opt/stackstorm/st2/local/lib/python2.7/site-        |
|                 | packages/mistralclient/api/base.py", line 100, in _create    |
|                 |     self._raise_api_exception(resp)                          |
|                 |   File "/opt/stackstorm/st2/local/lib/python2.7/site-        |
|                 | packages/mistralclient/api/base.py", line 160, in            |
|                 | _raise_api_exception                                         |
|                 |     error_message=error_data)                                |
|                 | ",                                                           |
|                 |     "error": "1"                                             |
|                 | }
| liveaction      | {                                                            |
|                 |     "runner_info": {                                         |
|                 |         "hostname": "7ac05376bbec",                          |
|                 |         "pid": 438                                           |
|                 |     },                                                       |
|                 |     "parameters": {                                          |
|                 |         "cmd": "date"                                        |
|                 |     },                                                       |
|                 |     "action_is_workflow": true,                              |
|                 |     "callback": {},                                          |
|                 |     "action": "test.mistral-basic",                          |
|                 |     "id": "5a1b5b2ee4dd3f01d06128e9"                         |
|                 | }

I have confirmed that simple actions described by python works well.
Only mistral actions doesn't work.

st2chatops service in 1ppc mode is missing because it can't specify stream url.

See:

• StackStorm/hubot-stackstorm#143
• StackStorm/st2chatops#97

You will face the following error and tutorial won't work (you get an error says example.hello action is missing, or something similar) because of the pack name confliction.

root@0a69ee1c4c47:/# st2ctl reload --register-all
Registering content...[flags = --config-file /etc/st2/st2.conf --register-all]
2017-11-29 02:30:40,582 INFO [-] Connecting to database "st2" @ "mongo:27017" as user "None".
2017-11-29 02:30:41,023 INFO [-] =========================================================
2017-11-29 02:30:41,023 INFO [-] ############## Registering triggers #####################
2017-11-29 02:30:41,023 INFO [-] =========================================================
2017-11-29 02:30:41,306 WARNING [-] Pack "examples" already found in "/opt/stackstorm/packs", ignoring content from
"/opt/stackstorm/packs.dev"
2017-11-29 02:30:41,360 INFO [-] Registered 2 triggers.
2017-11-29 02:30:41,360 INFO [-] =========================================================
2017-11-29 02:30:41,360 INFO [-] ############## Registering sensors ######################
2017-11-29 02:30:41,361 INFO [-] =========================================================
2017-11-29 02:30:41,370 WARNING [-] Pack "examples" already found in "/opt/stackstorm/packs", ignoring content from
"/opt/stackstorm/packs.dev"
2017-11-29 02:30:41,535 INFO [-] Registered 4 sensors.
2017-11-29 02:30:41,535 INFO [-] =========================================================
2017-11-29 02:30:41,536 INFO [-] ############## Registering runners ######################
2017-11-29 02:30:41,537 INFO [-] =========================================================
2017-11-29 02:30:41,977 INFO [-] Registered 14 runners.
2017-11-29 02:30:41,977 INFO [-] =========================================================
2017-11-29 02:30:41,978 INFO [-] ############## Registering actions ######################
2017-11-29 02:30:41,979 INFO [-] =========================================================
2017-11-29 02:30:41,988 WARNING [-] Pack "examples" already found in "/opt/stackstorm/packs", ignoring content from
"/opt/stackstorm/packs.dev"
2017-11-29 02:30:47,011 INFO [-] Registered 192 actions.

: (snip)

As reported by @erick on #docker, postgres was not pinned in docker-compose.yml.

https://stackstorm-community.slack.com/archives/C4QEPNE85/p1519237731000487

This lead to the situation where the DB (e.g. postgres) was initialized with what's now an incompatible version.

The simplest solution appears to be pinning each of postgres, mongo, redis and rabbitmq. README.md needs to be updated with information how to resolve any version incompatibilities (changing pinned version as required).

If this is insufficient, then let's discuss below. Why is it insufficient? Do we need to go so far as to document the DB upgrade procedure as it relates to StackStorm?

README.md says:

To enable chatops, delete the file /etc/init/st2chatops.override using a script in /st2-docker/entrypoint.d.

#!/bin/bash

sudo rm /etc/init/st2chatops.override

This doesn't work.

To fix this, we need to use following script instead:

#!/bin/bash

# enable st2chatops service
cat << 'EOF' > /etc/init/st2chatops.override
start on runlevel [2345]
stop on runlevel [!2345]
EOF

Following the Sensors troubleshooting guide...

root@56b83c8b706d:/# st2-register-content --register-sensors --register-fail-on-failure -v
2017-06-28 16:25:24,310 INFO [-] Connecting to database "st2" @ "0.0.0.0:27017" as user "None".
2017-06-28 16:25:24,312 DEBUG [-] Ensuring database indexes...
2017-06-28 16:25:24,319 DEBUG [-] Ensuring indexes for model "UserDB"...
Traceback (most recent call last):
File "/usr/bin/st2-register-content", line 22, in
sys.exit(content_loader.main(sys.argv[1:]))
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/content/bootstrap.py", line 386, in main
setup(argv)
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/content/bootstrap.py", line 378, in setup
common_setup(config=config, setup_db=True, register_mq_exchanges=True)
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/script_setup.py", line 86, in setup
db_setup()
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/database_setup.py", line 43, in db_setup
ssl_match_hostname=cfg.CONF.database.ssl_match_hostname)
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/persistence/db_init.py", line 65, in db_setup_with_retry
ssl_match_hostname=ssl_match_hostname)
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/retrying.py", line 206, in call
return attempt.get(self._wrap_exception)
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/retrying.py", line 247, in get
six.reraise(self.value[0], self.value[1], self.value[2])
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/retrying.py", line 200, in call
attempt = Attempt(fn(*args, **kwargs), attempt_number, False)
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/models/db/init.py", line 94, in db_setup
db_ensure_indexes()
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/models/db/init.py", line 137, in db_ensure_indexes
raise exc_cls(msg)
pymongo.errors.ServerSelectionTimeoutError: Failed to ensure indexes for model "UserDB": 0.0.0.0:27017: [Errno 111] Connection refused

Per https://docs.docker.com/compose/faq/, docker-compose down sends SIGTERM to all its containers. If after 10 seconds any are still running, then it sends them a SIGKILL. All containers except stackstorm (and sometimes postgres) stop within 3 seconds. After 10 seconds, stackstorm is still running. docker-compose sends it a SIGKILL.

Determine why stackstorm container either does not respect SIGTERM or takes too long to stop.. and then fix.

We have pulled all images from docker hub, and followed instructions, we can successfully log on webui, but after logged in, we encountered error like "nginx is unable to open st2api service", we almost spent half day and finally found out it was due to python redis module was not installed in the images since the module seems was installing during docker-compose up.

see log below:
stackstorm | Downloading redis-2.10.5-py2.py3-none-any.whl (60kB)
stackstorm | Installing collected packages: redis
stackstorm | Successfully installed redis-2.10.5

so this is very painful for whose environment is production and has not internet connection.

hope you guys can fix this issue by installing redis module with below command in stackstorm images, thanks:

command:

'/opt/stackstorm/st2/bin/pip install redis'
redis version: redis-2.10.5-py2.py3-none-any.whl

cp -R examples/actions/actions.hello.yaml packs.dev/examples/actions
should be
cp -R examples/actions/hello.yaml packs.dev/examples/actions

Currently Packs configuration will lost after reboot.

New to stackstorm ,getting the below error while doing tutorial section am i missing anything with user/group permission with respective to docker or stackstorm

root@bb0476c5210c:/# st2 run examples.hello
ERROR: Resource with id or reference "examples.hello" doesn't exist.

Ansible Pack Install Fails in container because of missing libkrb5-dev package.

Fix ...

sudo docker exec -it  <id of container>  "/bin/bash"

apt-get update && apt -y install libkrb5-dev

exit

Then re-run the ansible pack install via the WebUI

To properly manage lifecycle of all the Stackstorm components in Kubernetes it would be nice to have a way to periodically check health and liveness of them over http or thru a file.
So far there seems to be no way of doing so, there's no easy way to understand if the running process actually responsive and ready to serve requests.

This is to open a discussion on basically monitoring each component of the Stackstorm platform. Any ideas and input is appreciated.

https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ - useful link to understand how Kubernetes can probe running pods for liveness and readiness.

I've added a nodeport to the st2web service to allow external access on port 30000. I'm able to access the web interface but I get this error in the console:

:30000/#/actions:1 WebSocket connection to 'wss://www.socked.io/app/?EIO=3&transport=websocket' failed: WebSocket is closed before the connection is established.

Also, attempting to install a pack fails with the below error in the console:

VM426:1 POST https://server1:30000/api/v1/packs/install 400 (Bad Request) (anonymous) @ VM426:1 xhrAdapter @ st2client.js:1167 (anonymous) @ st2client.js:1330 dispatchRequest @ st2client.js:1326 Promise resolved (async) module.exports @ st2client.js:1210 request @ st2client.js:1006 value @ st2client.js:240 value @ st2client.js:684 handleInstall @ apps.js:3 onClick @ apps.js:3 r @ react.js:14 i @ react.js:12 u @ react.js:12 p @ react.js:12 f @ react.js:12 r @ react.js:15 processEventQueue @ react.js:12 r @ react.js:14 handleTopLevel @ react.js:14 i @ react.js:14 a @ react.js:14 perform @ react.js:15 batchedUpdates @ react.js:14 a @ react.js:15 dispatchEvent @ react.js:14 apps.js:3 {name: "APIError", status: 400, message: "Action "packs.install" cannot be found."}

Here is the change I made to the service to add the nodeport (don't know how to format yaml, apologies):

kind: Service
apiVersion: v1
metadata:
name: st2web
spec:
selector:
app: st2web
type: NodePort
ports:

• protocol: TCP
  port: 443
  nodePort: 30000

In the this section of the documentation, we can see that you can share code through a lib folder but you need to enable it on /etc/st2/st2.conf.
How can I do that with docker before I start the container? How can I be sure that the settings will remain the same if the container goes down?

I really like the introspective capabilities of systemd. The ability to see which services are running which processes is very convenient. /etc/init.d/* status (like say /etc/init.d/nginx status) is less informative than systemd's systemctl equivalent. I think there are also some synergies on hosts with systemd where systemctl can get a container's information without requiring using docker run/exec/whatever.

I know can be a big deal to change the underlying image, but what does everyone think about modifying the base container of the stackstorm container so that it uses an OS with systemd? I'm fine with a newer version of debian, or whatever else.

Note: I'm not talking about the mongo or whatever other containers. I don't even know which images/OSes those are using because I haven't needed to enter them yet. If there happens to be a well maintained version of those containers that uses systemd, great. If not, use the well maintained one.

So what does everybody else think?

I use Windows 10 with Docker on Hyper-V, so some variables are incompatible with windows.

Receiving this error:

ERROR: for client  Cannot start service client: oci runtime error: container_linux.go:247: starting container process caused "exec: \"st2\": executable file not found in $PATH"
ERROR: Encountered errors while bringing up the project.

ST2 API is failing to start. I've logged into the container and retrieved the following traceback while executing st2api directly.

2018-03-12 15:40:31,628 INFO [-] Creating st2api: StackStorm v2.5.1 as OpenAPI app.
2018-03-12 15:40:32,228 INFO [-] Generating grammar tables from /usr/lib/python2.7/lib2to3/Grammar.txt
2018-03-12 15:40:32,247 INFO [-] Generating grammar tables from /usr/lib/python2.7/lib2to3/PatternGrammar.txt
2018-03-12 15:40:32,355 WARNING [-] You must either provide a valid token or a password (api_key) and a user.
2018-03-12 15:40:32,499 INFO [-] Connected to amqp://admin:**@rabbitmq:5672//
2018-03-12 15:40:32,501 INFO [-] Started timer core.9c8418b4-7cc9-47c4-b20f-35593f36bc8c with parameters {u'unit': u'seconds', u'delta': 5}
2018-03-12 15:40:32,505 ERROR [-] (PID=2437) ST2 API quit due to exception.
Traceback (most recent call last):
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2api/cmd/api.py", line 74, in main
    return _run_server()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2api/cmd/api.py", line 63, in _run_server
    wsgi.server(sock, app.setup_app(), custom_pool=worker_pool, log=LOG, log_output=False)
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2api/app.py", line 67, in setup_app
    router.add_spec(spec, transforms=transforms)
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/router.py", line 186, in add_spec
    __import__(module_name)
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2api/controllers/v1/keyvalue.py", line 306, in <module>
    key_value_pair_controller = KeyValuePairController()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2api/controllers/v1/keyvalue.py", line 62, in __init__
    self._coordinator = coordination.get_coordinator()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/services/coordination.py", line 177, in get_coordinator
    COORDINATOR = coordinator_setup()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2common/services/coordination.py", line 161, in coordinator_setup
    coordinator.start()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/tooz/coordination.py", line 687, in start
    super(CoordinationDriverWithExecutor, self).start(start_heart)
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/tooz/coordination.py", line 423, in start
    self._start()
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/tooz/drivers/redis.py", line 447, in _start
    self._server_info = self._client.info()
  File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
    self.gen.throw(type, value, traceback)
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/tooz/drivers/redis.py", line 55, in _translate_failures
    cause=e)
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/tooz/utils.py", line 225, in raise_with_cause
    excutils.raise_with_cause(exc_cls, message, *args, **kwargs)
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/oslo_utils/excutils.py", line 143, in raise_with_cause
    six.raise_from(exc_cls(message, *args, **kwargs), kwargs.get('cause'))
  File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/six.py", line 718, in raise_from
    raise value
ToozError: NOAUTH Authentication required.

The stackstorm container doesn't survive a make down and make up intact. In particular, any packs you install will be missing from /opt/stackstorm/packs, yet exist in the databases because we persist storage used by the dependent services.

At a minimum, we should add data volumes for /opt/stackstorm/packs.

What about adding:

• /etc/st2
• /etc/mistral

Should any of these NOT be created? What other volume related changes should we make now?

added this to docker-compose
- ./entrypoint.d:/entrypoint.d

added a update_st2conf.sh to the folder
crudini --set /etc/st2/st2.conf content system_packs_base_path /opt/stackstorm/custom_packs

made it executable.

The file is present on the container and if I execute it manually it updates the st2.conf. It doesn't do it when I start the container though

@emptywee suggests adding persistent storage to mongo and postgres running in the StackStorm cluster.

It should also be possible to use an instance of mongo or postgres running outside the cluster.

Provide a way to set connection strings via environment variables.

The env files specified in the docker-compose.yml are not present

env_file:
- conf/stackstorm.env
- conf/mongo.env
- conf/rabbitmq.env
- conf/postgres.env

Hi Team,

We could observe the below piece of command in docker-compose.yaml is causing this issue

command: [
      "bash", "-c",
      '
       docker-entrypoint.sh
       --requirepass "$$REDIS_PASSWORD"
      '
    ]

After removing the above in docker-compose.yaml file , the stackstorm is able to connect to all components.Could you please let us know the significance of the piece of code.

Thanks,
Suraj S

It is not ideal to output logs to file In 1ppc mode, especially running on Kubernetes. Instead it should log to stdout/stderr only.