Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parsedmarc container is failing to establish connection with elasticsearch and continuously restarting. #59

Open
kkin1995 opened this issue May 7, 2024 · 6 comments
Open

parsedmarc container is failing to establish connection with elasticsearch and continuously restarting. #59

kkin1995 opened this issue May 7, 2024 · 6 comments

Comments

@kkin1995
Copy link

kkin1995 commented May 7, 2024

The parsedmarc container is continuously throwing this exception and then restarting shortly afterwards.

parsedmarc_1     | elasticsearch.exceptions.ConnectionError: ConnectionError(<urllib3.connection.HTTPConnection object at 0x7a72bff966a0>: Failed to establish a new connection: [Errno -3] Try again) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7a72bff966a0>: Failed to establish a new connection: [Errno -3] Try again)

Also, in the Grafana dashboard, the following error pop-up is being thrown in the top right corner:

Templating
Template variable service failed Elasticsearch error: Bad Gateway
@jameswestendorf
Copy link

I had the same issue. If you set the compose container_name property, be sure to go into the two supplied ini files and update the DNS names it's trying to use. If you don't set the container_name property, it can also randomly change the name which might cause it as well.

@BrianT71
Copy link

BrianT71 commented Oct 7, 2024

@jameswestendorf can you elaborate on setting the container_name property. I'm very new to docker so please use small words. I copied the parsedmarc.sample.ini to parsedmarc.ini. I did not change anything else in the configs.

When I run docker-compose images, I get the following:

           Container                                Repository                      Tag       Image Id       Size  
-------------------------------------------------------------------------------------------------------------------
dmarc-visualizer_elasticsearch_1   docker.elastic.co/elasticsearch/elasticsearch   7.17.5   11df7a62573d   609.6 MB
dmarc-visualizer_grafana_1         dmarc-visualizer_grafana                        latest   b0e81f24b9bf   286.4 MB
dmarc-visualizer_parsedmarc_1      dmarc-visualizer_parsedmarc                     latest   7c2852e398d5   301.6 MB

@jameswestendorf
Copy link

@BrianT71
If you don't use the 'container_name' property, docker will add random characters to the end like:
dmarc-visualizer_elasticsearch_3d2345sd
and every time you pull down new images, the name changes.

To fix that, in your docker compose file (if you are using that), this will set a name:
For example, elastic search:
container_name: dmarc-visualizer_elasticsearch_1

Then in the ini files, make sure the names match what you set.

Hope this makes sense?

@BrianT71
Copy link

BrianT71 commented Oct 7, 2024

Thanks. I updated the docker-compose.yml file to include the container name as follows:

version: '3.5'
services:
  parsedmarc:
    container_name: dmarc-visualizer_parsedmarc_1
    build: ./parsedmarc/
    volumes:
      - ./files:/input:ro
      - ./output_files:/output
    command: parsedmarc -c /parsedmarc.ini /input/* --debug
    depends_on:
      - elasticsearch
    restart: on-failure

  elasticsearch:
    container_name: dmarc-visualizer_elasticsearch_1
    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.5
    environment:
      - discovery.type=single-node
    volumes:
      - ./elastic_data:/usr/share/elasticsearch/data

  grafana:
    container_name: dmarc-visualizer_grafana_1
    build: ./grafana/
    ports:
      - 3000:3000
    user: root
    environment:
      GF_INSTALL_PLUGINS: grafana-piechart-panel,grafana-worldmap-panel
      GF_AUTH_ANONYMOUS_ENABLED: 'true'

The only ini file I see is in ./parsedmarc. I just copied the sample ini into parsedmarc.ini. You mentioned matching the container names but I don't see where this config is referencing containers. Also, are there other ini files needed for either elasticsearch or grafana? I don't see where any were creating as part of the install or build.

[general]
save_aggregate = True
save_forensic = True
output = /output/

[elasticsearch]
hosts = elasticsearch:9200
ssl = False

@jameswestendorf
Copy link

jameswestendorf commented Oct 7, 2024 via email
edited
Loading

@BrianT71
Copy link

BrianT71 commented Oct 8, 2024

This error is fixed for me now. For anyone stumbling across this, I still see the connection error for a few cycles in the logs but it's appears to be a timing issue as all the pieces start up. After a few restart cycles, I parsedmarc shows as saving to elasticsearch.

Turns out I also had this issue which may have been the actual cause of my continuous restart.
#53

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kkin1995 @BrianT71 @jameswestendorf