I got a working php-fpm docker container acting as the php backend to a nginx frontend. What I mean by working, is that it renders phpinfo output in the browser as expected.
My php-fpm container was produced by php-fpm-7.4 prod of the devilbox docker repo. It has OCI8 enable.
The issue: I keep getting ORA-28547 when trying oci_connect
What I have done:
1--add /usr/lib/oracle/client64/lib to a file inside ld.so.conf.d and run ldconfig -v
2--restart docker container.
3-- Now phpinfo shows ORACLE_HOME=/usr/lib/oracle/client64/lib
4--Add tnsnames.ora to /usr/lib/oracle/client6/lib/network/admin (there is a README.md file inside that folder that even tells you to do that)
5--Restart docker container again.
6-oci_connect still fails with the same error.
What I am missing?
Thank you very much for any pointers, I think I have browsed to the end of the internet and back without finding a solution yet.
----SOLUTION: reinstall instantclient, relink libraries (ldconfig) to use new instantclient libraries. Create modified dockerfile to do it when container is created.
I modified the Dockerfile file of the php-fpm to add new instant client files and not the one that were provided by the original file. I was not able to make it work with them. I have tried a few times rebuilding the image (docker-compose up --build) and this is the file that does the trick:
FROM devilbox/php-fpm:7.4-work
#instantclient.conf content: /opt/instantclient
RUN echo "/opt/instantclient" >/etc/ld.so.conf.d/instantclient.conf
WORKDIR /opt
RUN wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-sdk-linux.x64-19.8.0.0.0dbru.zip
RUN wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip
RUN wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-basic-linux.x64-19.8.0.0.0dbru.zip
RUN unzip instantclient-sdk-linux.x64-19.8.0.0.0dbru.zip
RUN unzip instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip
RUN unzip instantclient-basic-linux.x64-19.8.0.0.0dbru.zip
RUN mv instantclient_19_8 instantclient
ADD tnsnames.ora /opt/instantclient/network/admin
RUN ldconfig -v
CMD ["php-fpm"]
expose 9000
# Insert following to .bash_profile or .profile of the User starting the php-fpm
export ORACLE_HOME=/usr/lib/oracle/client64
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
export PATH=$PATH:$ORACLE_HOME/bin
export TNS_ADMIN=$ORACLE_HOME/network/admin
# Test to Ping Remote Db to be connected by PHP
tnsping <tns-name of remote DB - i.e. db12c.world>
# restart here the php Engine
Can you please check
https://github.com/caffeinalab/php-fpm-oci8/blob/master/Dockerfile
which seems to create a p-fpm-oci8 docker image
the "wget" for
wget -qO- https://raw.githubusercontent.com/caffeinalab/php-fpm-oci8/master/oracle/instantclient-basic-linux.x64-12.2.0.1.0.zip | bsdtar -xvf- -C /usr/local &&
wget -qO- https://raw.githubusercontent.com/caffeinalab/php-fpm-oci8/master/oracle/instantclient-sdk-linux.x64-12.2.0.1.0.zip | bsdtar -xvf- -C /usr/local &&
wget -qO- https://raw.githubusercontent.com/caffeinalab/php-fpm-oci8/master/oracle/instantclient-sqlplus-linux.x64-12.2.0.1.0.zip | bsdtar -xvf- -C /usr/local && \
can be dropped when you place downloaded instant client files into local host dir
/usr/local
and extract them - resulting in
/usr/local/instantcient_12_2
or 18, 19c equivalents
the 4 "ln" commands have to be adjusted to reflect the local host instantclient dir
the tnsnames.ora for instantclient is available from host by VOLUME command
-------------FINAL SOLUTION------------(it was not network related, I had done a couple of changes to the files, and also tried a different database, all at the same time, so it made me think that it was the different database what fixed the issue)
After many trial and errors, I came up with a Dockerfile that creates the correct configuration of files and connects without any issues to the database:
--Dockerfile: (to build php-fpm 7.4 using devilbox image)
Final solution:
I modified the Dockerfile file of the php-fpm to add new instant client files and not the one that were provided by the original file. I was not able to make it work with them. I have tried a few times rebuilding the image (docker-compose up --build) and this is the file that does the trick:
FROM devilbox/php-fpm:7.4-work
ADD instantclient.conf /etc/ld.so.conf.d/
WORKDIR /opt
RUN wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-sdk-linux.x64-19.8.0.0.0dbru.zip
RUN wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip
RUN wget https://download.oracle.com/otn_software/linux/instantclient/19800/instantclient-basic-linux.x64-19.8.0.0.0dbru.zip
RUN unzip instantclient-sdk-linux.x64-19.8.0.0.0dbru.zip
RUN unzip instantclient-sqlplus-linux.x64-19.8.0.0.0dbru.zip
RUN unzip instantclient-basic-linux.x64-19.8.0.0.0dbru.zip
RUN mv instantclient_19_8 instantclient
ADD tnsnames.ora /opt/instantclient/network/admin
RUN ldconfig -v
CMD ["php-fpm"]
expose 9000
That's why I have suggested to use tnsping - unfortunaly it is not included in any of the instant client files which is a pity - so you have to pick it up from regular client with matching OS, bitsize and Oracle release. As workaround you could place SQL*Plus package files into container and try to connect with a foo user like
sqlplus foo/foo#\<ip>:\<port>/\<dbname>
which should generate an error - if
user/password not matching - ORA-1017 i.e. DB & listener running
listener running - ORA-1034 i.e. DB down
listener down (no return, or TNS-Errors)
I got it!. It was a firewall issue. I launched a tcpdump capture
session and there was nothing wrong with php-fpm, oci8 and
instantclient libraries. The traffic was initiated but there was no
response from the database. I made it work against a different
database where this box has no firewall issues.
I now will try rebuilding the docker image so I can see what I have to
manually add if any.
That was incorrect (the firewall as the origin of the problem). Rebuilding the docker file showed me where I had it wrong. See original question for solution.
Related
I am developping a website which I want to host inside a php-apache docker container.
I use the following command to run the container:
docker run -dit --restart unless-stopped --name my_www -p 8080:80 -v /path/to/repo:/var/www/html/ php:7.4-apache
Since I bind the repository containing the code as a volume to the container, I expect the website to "update live" when I change the code locally. I had this right behaviour last time I tried but I am now unable to get it back.
When I check the website locally at 127.0.0.1 everything is ok and changes are taken into account normaly, but they do not propagate into the docker container...
For some reason, the files in the docker are stuck to an old version of the code, an old "stat" of the repository...
Any ideas how I can manage to fix this and preview changes live ?
Credits to #Don't Panic for helping to debug.
The browser was caching everything so I couldn't see changes live.
The solution was to enable the "expires" apache module inside the docker container:
$ docker exec -it <container_id> bash
root#<container_id>:# a2enmod expires
root#<container_id>:# exit
$ docker restart my_www
Et voilĂ :)
I'm following this guide to set up a PHP development environment with Docker.
I have created a folder on my desktop docker-php and added a docker-compose.yml file into it, with this content:
nginx:
image: nginx:latest
ports:
- 80:80
On my terminal:
$ cd /home/my-username/Desktop/docker-php/
$ docker-compose up -d
I get this error:
ERROR: Couldn't connect to Docker daemon at
http+docker://localunixsocket - is it running?
If it's at a non-standard location, specify the URL with the
DOCKER_HOST environment variable.
I'm on Xubuntu 16.04.
Or perhaps I should put the folder in the specific location that is required by Docker? If so, which is it?
The most common reason for this error is that you ran 'docker-compose up' without sudo. As long as there is docker installed and is up and running, you are likely missing sudo in the docker command.
You could use native Docker
One option is to abandon docker-machine and use a native Docker setup on your system. Since you are on Linux (Xubuntu), this is an option for you. docker-machine is most often used by people who can't run Docker natively (Mac or Windows), and use it to install a Docker-capable VM and some local commands on their OS to talk to it.
You can find install docs for Docker on Linux here.
However, you already have docker-machine installed, so this may be the most disruptive option for you.
Your docker-machine may not be running
The error you are getting is saying the Docker client cannot talk to the server. One potential reason for this is that your docker-machine VM isn't running. You should verify it is running, and if not, start it.
To get a list of your docker-machines (may be one or more):
docker-machine ls
You will probably have one machine named default, but you may have more, depending on how you did your setup.
You can get the current status with:
docker-machine status <machine-name>
And you can use stop, start, restart to manage the docker-machine.
(More in the Docker Machine CLI reference.)
You need the proper environment set
docker-machine relies on environment variables to work properly. Because you may have multiple docker-machine setups, you have to tell the client which one to use.
To set the environment, you can get it from the docker-machine command.
docker-machine env <machine-name>
And you can automatically inject it into the environment (this may be a useful thing to put into your shell startup file).
eval "$(docker-machine env <machine-name>)"
You should end up with env vars similar to these:
DOCKER_HOST=tcp://192.168.99.101:2376
DOCKER_CERT_PATH=/Users/nathanleclaire/.docker/machines/.client
DOCKER_TLS_VERIFY=1
DOCKER_MACHINE_NAME=dev
Keep in mind you should use the eval form here, not just run the env command and paste the output into your shell setup; it may change on a docker-machine restart, etc, so you can't rely on an old setup to still work later.
If your docker-machine is running, and these env vars are set, your docker and docker-compose commands should work.
Solution:
sudo usermod -a -G docker USERNAME
I'm writing a webhook to automatically publish a site when I push to GitHub. Part of the process requires that I build the site with
bundle exec middleman build --clean
I'm trying to invoke that with a PHP script, the script called by the GitHub webhook, so the user is www-data. No matter what I try, however, I'm getting an error that bundle cannot be found.
How can I run a bundle command from a PHP script?
I was able to figure this out. First, I installed rvm as a multi-user installation to ensure the www-data account can access it.
$ curl -sSL https://get.rvm.io | sudo bash -s stable
Install the desired ruby version, in my case 2.3.1, then set rvm to use it:
$ rvm install 2.3.1
$ rvm use 2.3.1
Run gem to install any gems that are needed. Because rvm is a multi-user installation, these gems are stored to the system and not your specific user.
$ gem install packagename
I don't know if this is necessary, but I would close the SSH session and reopen it. rvm messes with environment variables, so better safe than sorry.
Run env to print all environment variables. printenv also works if env doesn't for some reason. You'll get a big list of everything set, you only need the ruby-related ones. Do not copy/paste these values, they are examples I pulled from my system. Yours will be different!
PATH=/usr/local/rvm/gems/ruby-2.3.1/bin:/usr/local/rvm/gems/ruby-2.3.1#global/bin:/usr/local/rvm/rubies/ruby-2.3.1/bin:/usr/local/rvm/bin:/home/steven/bin:/home/steven/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
rvm_bin_path=/usr/local/rvm/bin
GEM_HOME=/usr/local/rvm/gems/ruby-2.3.1
IRBRC=/usr/local/rvm/rubies/ruby-2.3.1/.irbrc
MY_RUBY_HOME=/usr/local/rvm/rubies/ruby-2.3.1
rvm_path=/usr/local/rvm
rvm_prefix=/usr/local
rvm_ruby_string=ruby-2.3.1
GEM_PATH=/usr/local/rvm/gems/ruby-2.3.1:/usr/local/rvm/gems/ruby-2.3.1#global
RUBY_VERSION=ruby-2.3.1
Now we need PHP to recognize these variables. You'll need to find the right file on your system, which can be tricky. I don't have a way of knowing which one is correct, I used trial and error.
The file on my system is /etc/php/5.6/fpm/pool.d/www.conf. Add all of the environment variables you previously grabbed into this file with the below format. Note that you DO need PATH in here as well!
env[rvm_path] = /usr/local/rvm
env[rvm_prefix] = /usr/local
Now restart php-fpm. Your service name may be different from mine; I'm using the 5.6 build from ondrej/php.
Ubuntu 15.04 and newer (systemd):
$ sudo systemctl restart php5.6-fpm
Ubuntu 14.10 and newer:
$ sudo service php5.6-fpm restart
Finally, in the script itself you'll need to cd to the directory you're running the bundle command from. My short script is this:
cd /opt/slate
/usr/bin/git reset --hard
/usr/bin/git pull
bundle exec middleman build --clean
cp -R /opt/slate/build/* /var/www/docs
Works for me!
Elastic Beanstalk does not, by default, install the ElastiCache Cluster Client PHP module. This is needed to connect to an ElastiCache node cluster. Reading around, most of the instructions relate to creating an ElastiCache resource (which I assume will also install the PHP module on the Elastic Beanstalk). I want to install the PHP module without creating the resource as I want to use an existing cluster.
(64bit Linux PHP5.5)
The module is not installed by default in Beanstalk nor any EC2 instances. You have to do this yourself. This also is something completely different than creating a resource. You can do one without the other.
The ElastiCache Cluster Client for PHP is an extension that you can install via pecl on your instances. You can do this manually but if the instance is ever destroyed you have to do this again. Therefore it is much better to include the extension's install procedure as part of your deployment process. In a beanstalk app you can do this by adding configurations files in your .ebextensions dir.
For example, create these two files. I took these from an actual config file:
#.ebextensions/01fileselasticachephp.config
files:
"/tmp/AmazonElastiCacheClusterClient-latest-PHP54-64bit.tgz" :
mode: "000777"
owner: ec2-user
group: ec2-user
source: http://elasticache-downloads.s3.amazonaws.com/ClusterClient/PHP-5.4/latest-64bit
#.ebextensions/02setupelasticachephp.config
commands:
01install:
command: "pecl install /tmp/AmazonElastiCacheClusterClient-latest-PHP54-64bit.tgz"
The actual name of the files don't matter. They are for your own organization purposes. Anything in that directory with a .config extension will be executed in alphabetical order, that's why you want to prefix your files with a number so that they get executed in the right order: first download the extension and then install it. Mind you that you can also do it all at once in one file. I split it in two because because my actual config files were a lot bigger.
Once you have these files in place do a deployment and the Elastic Cache Cluster Client will be installed.
Note that at the time I deployed this, only the 5.4 client was available that's why my example shows that. I don't know if there is a 5.5 client so it's up to you to find out. You should only need to change the file name and URL to point to the 5.5 extension and should be all set to go.
UPDATE (as of 10/2020)
The solution above didn't work for me with the current software versions, but it definitely pointed me in the right direction. What didn't work was specifically the pecl install command (even using pecl7): it always threw the error "could not extract the package.xml file from [...]" and I couldn't find a solution for it.
So here's the config file that worked for me:
commands:
02-get-file:
command: "wget https://elasticache-downloads.s3.amazonaws.com/ClusterClient/PHP-7.3/latest-64bit"
02-untar:
command: "sudo tar -zxf latest-64bit amazon-elasticache-cluster-client.so"
03-move-file:
command: "sudo mv amazon-elasticache-cluster-client.so /usr/lib64/php/7.3/modules/"
04-create-ini:
command: "grep -qF 'extension=amazon-elasticache-cluster-client.so' /etc/php-7.3.d/50-memcached.ini || echo 'extension=amazon-elasticache-cluster-client.so' | sudo tee --append /etc/php-7.3.d/50-memcached.ini"
05-cleanup:
command: "sudo rm latest-64bit*"
06-restart-apache:
command: "sudo /etc/init.d/httpd restart"
Hope this helps other people!
I was trying the Perfect Workflow, with Git, GitHub, and SSH, and i have everything set up, except running the command git pull from php.
When i run exec('git pull') i get:
Could not create directory '/.ssh'. Host key verification failed.
fatal: The remote end hung up unexpectedly
If i run it in the terminal (as root) it works just fine, but i need this hook to work from the Post-Receive URL (Github).
If i do exec('whoami') i get apache.
It's a (dv) from mediatemple with CentOS.
If you want apache (the user) to be able to pull from git, you'll have to create an ssh key for apache, then add that to the read only keys on github.
The flow is something like this (tweak to your needs)
usermod -s /bin/bash apache
su apache
cd ~
ssh-keygen # work through the keygen dance (added a dash)
Upload (tilde here refers to apache's homedir) ~/.ssh/id_rsa.pub to github and give apache access to whichever repos it needs to pull from.
Then you can test on the server by again su'ing to apache and running the git pull
su apache
cd ~/working-copy
git clone my-project
Once that's working you should be able to run a git pull through PHP.