fortiweb docker image deployment - Error - Program (sysinit) exit Caused by receive signal(9)

noamsh88 · ‎03-11-2024

Hello,

we are trying to deploy fortiweb-image docker image according following instructions: https://docs.fortinet.com/document/fortiweb-private-cloud/6.4.0/fortiweb-vm-on-docker/794267/deployi...

and our container is running but with no web server/GUI accessible and getting following error on docker logs:

System is started!!!

Program (sysinit) exit
Caused by receive signal(9)

can you please advise how overcome this error and expose the fortiweb GUI?

adding some info:

1. docker image built and run as follows: (per above documentation instructions)

cd ~/fwb/image-docker-64
docker build -t fortiweb-image .
cd script/
./docker-fwb.sh -i fortiweb-image -n fortiweb-docker -e ChangeMe123 -g 7180 -m 8

1. we selected 7180 port for our testing for http server

2. docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4075ec69f969 fortiweb-image "/bin/docker_init" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:7180->7180/tcp, 0.0.0.0:90->9/tcp, 0.0.0.0:8022->22/tcp, 0.0.0.0:8443->43/tcp fortiweb-docker

3. netstat -plnt

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:7180 0.0.0.0:* LISTEN 869740/docker-proxy
tcp 0 0 0.0.0.0:8022 0.0.0.0:* LISTEN 869801/docker-proxy
tcp 0 0 127.0.0.1:34635 0.0.0.0:* LISTEN 128015/confighandle
tcp 0 0 127.0.0.1:36903 0.0.0.0:* LISTEN 128258/containerd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 639328/sshd: /usr/s
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 869773/docker-proxy
tcp 0 0 0.0.0.0:90 0.0.0.0:* LISTEN 869814/docker-proxy
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 869759/docker-proxy
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 639376/systemd-reso
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 869787/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 639328/sshd: /usr/s

4. ip tables

iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1082K 76M DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 120 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
7 494 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:7180
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:443
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:80
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:43
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:22
0 0 MASQUERADE tcp -- * * 172.17.0.2 172.17.0.2 tcp dpt:9

Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:7180 to:172.17.0.2:7180
2 80 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.17.0.2:443
10 496 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.17.0.2:80
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443 to:172.17.0.2:43
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8022 to:172.17.0.2:22
0 0 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:90 to:172.17.0.2:9

gsharma · ‎03-17-2024

Hello @noamsh88

This should be a documentation issue.

./docker-fwb.sh -i fortiweb-image -n fortiweb-docker -e ChangeMe123 -g 7180 -m 8 <---
Please change 8 to 8192. The unit here is MB, not GB.

Let me know if that works

Gaurav Sharma

View solution in original post

Anthony_E · ‎03-13-2024

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks

Anthony-Fortinet Community Team.

gsharma · ‎03-14-2024

Hello,

Using this command to search the container id about fortiweb

docker ps -a

and then attach it

docker attach <fortiweb_id>

want to know if it is possible to login from the cli. Also May I know what is the Fortiweb version. ?

Gaurav Sharma

noamsh88 · ‎03-17-2024

Thanks Gaurav,

docker attach is throwing same error we see in docker logs:
"

:~$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4075ec69f969 fortiweb-image "/bin/docker_init" 5 days ago Up 5 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:7180->7180/tcp, 0.0.0.0:90->9/tcp, 0.0.0.0:8022->22/tcp, 0.0.0.0:8443->43/tcp fortiweb-docker
:~$ docker attach 4075ec69f969
Program (sysinit) exit
Caused by receive signal(9)

System is started!!!

....

"

regarding login from CLI, whenever try to login to container(docker exec -it 4075ec69f969 /bin/bash), it existing from container after 2-3 seconds

regarding fortiweb docker version, following FWB_DOCKER-v700-build0622-FORTINET.out.docker.zip file downloaded from support website and used

AEK · ‎03-17-2024

Hi
Check if you are using a supported hypervisor version.

From FWB 7.4.2 release notes:
Docker Engine CE 18.09.1 or higher versions, and the equivalent Docker Engine EE versions; Ubuntu18.04.1 LTS or higher versions.

AEK

noamsh88 · ‎03-17-2024

Thanks for replying, we are building FWB image on Ubuntu 22.04 OS and docker 20.10.12 versions, and reviewed if additional pre-requisites on release notes, can you advise what else could we miss?

e.g.

~$ docker version
Client:
Version: 20.10.21
API version: 1.41
Go version: go1.18.1
Git commit: 20.10.21-0ubuntu1~22.04.3
Built: Thu Apr 27 05:57:17 2023
OS/Arch: linux/amd64
Context: default
Experimental: true

Server:
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.17.3
Git commit: 20.10.12-0ubuntu4
Built: Mon Mar 7 15:57:50 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.12-0ubuntu1~22.04.3
GitCommit:
runc:
Version: 1.1.7-0ubuntu1~22.04.2
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:

:~$ cat /etc/*rel*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

gsharma · ‎03-17-2024

Hello @noamsh88

This should be a documentation issue.

./docker-fwb.sh -i fortiweb-image -n fortiweb-docker -e ChangeMe123 -g 7180 -m 8 <---
Please change 8 to 8192. The unit here is MB, not GB.

Let me know if that works

Gaurav Sharma

AEK · ‎03-18-2024

Hi @gsharma

If so then the below doc should be corrected.

https://docs.fortinet.com/document/fortiweb-private-cloud/6.4.0/fortiweb-vm-on-docker/794267/deployi...

AEK

gsharma · ‎03-18-2024

Hi Aek,

The Document is correct only, however at the part where custom port mapping syntax is written there is given 8GB space, however the syntax understand in MB, so giving 8 MB won't work.

Gaurav Sharma

noamsh88 · ‎03-18-2024

Thanks a lot all!

confirm after updating -m 8192 (instead of 8), docker container started as expected

"./docker-fwb.sh -i fortiweb-image -n fortiweb-docker -e ChangeMe123 -g 8888 -m 8192"

in addition to it, it seems web server didn't exposed http port was set to it (8888 or 7180)
but, https is accessible, so modified dk_https on docker-fwb.sh to our desired port (7180)

:~/fwb/image-docker-64/script$ grep dk_https= docker-fwb.sh
#dk_https="8443"
dk_https="7180"