Zammad as Docker app on Univention

Hi there,

Does anybody know if it is possible to install the ticket support system Zammad as a Docker app (https://docs.zammad.org/en/latest/contributing-install-docker.html) or alike?

Thank you in advance!

I haven’t tried but I guess it is possible. In the example, the port 80 is used maybe you should try another port since port 80 is used on UCS.

Hi,

I’m also trying to install Zammad as a Docker app on an UCS (v4.1, role backup DC) and had found

https://hub.docker.com/r/zammad/zammad-docker-univention/
and
https://github.com/zammad/zammad-docker-univention

So I pulled: docker pull zammad/zammad-docker-univention and a 1st try with:

docker run -ti -p 8010:8010 -e ES_HOST=elasticsearch-host -e DB_HOST=postgresql-host -e DB_NAME=database-name -e DB_USER=postgresql-user -e DB_PASS=postgresql-pass zammad/zammad-docker-univention

aborted with following error:

.
.
Bundle complete! 77 Gemfile dependencies, 136 gems now installed.
Gems in the groups test, development and mysql were not installed.
Bundled gems are installed into `/usr/local/bundle`
could not translate host name "postgresql-host" to address: Name or service not known
Couldn't create database for {"adapter"=>"postgresql", "database"=>"database-name", "pool"=>50, "timeout"=>5000, "encoding"=>"utf8", "username"=>"postgresql-user", "password"=>"postgresql-pass", "host"=>"postgresql-host"}
rake aborted!
PG::ConnectionBad: could not translate host name "postgresql-host" to address: Name or service not known
.
.

As far as I understand it now, I have to provide/install the postgresql DB and elasticsearch service outside the container at UCS host system, or I’m wrong?

I am looking forward to further information for Zammad on UCS.

Is there a possibility to provide such a Zammad docker instance at HTTPS standard port like

https://zammad.my-domain.local, e.g. with some proxy config at UCS host? For my 1st try above I took port 8010 but this wouldn’t be nice as a production URL.

Are there still further integration or App Center efforts as Zammad also won 1st round of ‘Vote for Apps’ in Feb?

THX for any hints or help,
Robert

1 Like

Hello @pro4567,

Zammad is working on providing its product to Univention App Center. I recommend to wait on the release of the app. It is planned that the Zammand app container contains everything needed for the app, except the database. The database though will be triggered by the App Center itself and is installed on the host directly.

Best regards,
Nico

1 Like

Hello Nico,

thanks for your reply, do you have any release ETA of Zammad App for UCS? Is there a (public) (git) repo for this integration work?

Meanwhile I have a little bit more clue about (Univention) docker integration and had setup a running Zammad instance manually for our evaluation purpose.

For those who are interested how it worked for us:

  • Fetching docker image: docker pull zammad/zammad-docker-univention

  • Installed Postgressql: univention-install univention-postgresql-9.1 (or -9.4 for UCS >= 4.2?)

  • Setup zammad DB user & passphrase: sudo -u postgres createuser -P -d zammad

  • Installed elasticsearch (use version 5.6.x, version 6.x still NOT supported by Zammad!):

    1. JRE installed from oracle (if using openjdk this is not necessary)

    2. elasticsearch packages: https://docs.zammad.org/en/latest/install-elasticsearch.html (Debian 8 (UCS 4.2) or 9 (UCS 4.3) section), Note: If using JRE from above, openjdk is not necessary

    3. Changing elasticsearch config (/etc/elasticsearch/elasticsearch.yml) to listen at site-local addresses on the system:

       `network.host: _site_`
      
  • Firewalling rule added for elasticsearch access:

    ucr set security/packetfilter/tcp/9200/all=ACCEPT; service univention-firewall restart
    ucr set security/packetfilter/tcp/9200/all/en="Accept elasticsearch access"
  • Run container: docker run -ti -p 8010:80 -e ES_HOST=yyyyyyy.xxxxxxxx.local -e DB_HOST=yyyyyyy.xxxxxxxx.local -e DB_NAME=zammad -e DB_USER=zammad -e DB_PASS=xxxxxxxxxxx zammad/zammad-docker-univention

  • Detach w/ CTRL-P + CRTL-Q from container console OR user -d instead of -ti

*) Further Setup via web GUI at http://yyyyyyy.xxxxxxxx.local:8010

No assurance of accuracy or completeness, suggestions welcome :wink:

Regards,
Robert

1 Like

Hello @pro4567,

No, I don’t have an ETA yet.

Great to hear that you played around with it a little bit.

Best regards,
Nico

Hi forum,

we now notice issues with Zammad mail channel connection to our IMAP server (Kopano). No mails were synced so we deleted existing mail channel account in Zammad settings. After re-entering credentials, hostname the webgui dialog hangs with “Verifying” for ever.
Because this worked in March/April (Zammad instance wasn’t used so it was only now noticed) it might have root cause with between updatet UCS (from 4.1-5 to 4.2-4). Maybe some docker network/firewall related?

root@XXXXXX ~ # iptables -L                                                                                                                                                                                                
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7636
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:sunrpc
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:32765:32769
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:kshell
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:kerberos
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7389
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:kpasswd
ACCEPT     udp  --  anywhere             anywhere             udp dpt:kerberos
ACCEPT     udp  --  anywhere             anywhere             udp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:postgresql
ACCEPT     udp  --  anywhere             anywhere             udp dpts:32765:32769
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ntp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:kpasswd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:nfs
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:nrpe
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ldaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6670
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ldap
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7777
ACCEPT     udp  --  anywhere             anywhere             udp dpt:7777
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:6669
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bacula-fd
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:9200
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:kerberos-adm
ACCEPT     udp  --  anywhere             anywhere             udp dpt:sunrpc
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:check_mk
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:11212
ACCEPT     tcp  --  172.17.0.0/16        anywhere             tcp dpt:mysql
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-ISOLATION  all  --  anywhere             anywhere            
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain DOCKER (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.1           tcp dpt:http

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

Inside container after installing telnet:

root@22456accf298:/opt/zammad# telnet bigpapa 143    
Trying 10.1.2.7...
Connected to bigpapa.XXXXXXX.local.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ STARTTLS AUTH=PLAIN] IMAP gateway ready

But it is quite strange, that telneting the IMAP server seems to be successful.

Using different (2.4.0-53 and older 2.3.0-24) zammad/zammad-docker-univention images also didn’t solve it.

Thanks for any help.

TIA Robert

I’ve got the following error, when starting the container:

create pipeline (pipeline)... rake aborted!
Unable to process PUT request to elasticsearch URL 'http://remoteesserver:9200/_ingest/pipeline/zammad754413110390'. Check the response and payload for detailed information: 

Response:
#<UserAgent::Result:0x0000000008091f70 @success=false, @body=nil, @data=nil, @code="400", @content_type=nil, @error="Client Error: #<Net::HTTPBadRequest 400 Bad Request readbody=true>!">

Payload:
{:description=>"Extract zammad-attachment information from arrays", :processors=>[{:foreach=>{:field=>"article", :ignore_failure=>true, :processor=>{:foreach=>{:field=>"_ingest._value.attachment", :ignore_failure=>true, :processor=>{:attachment=>{:target_field=>"_ingest._value", :field=>"_ingest._value._content", :ignore_failure=>true}}}}}}]}

Payload size: 0M
/opt/zammad/lib/search_index_backend.rb:113:in `block (2 levels) in processors'
/opt/zammad/lib/search_index_backend.rb:73:in `each'
/opt/zammad/lib/search_index_backend.rb:73:in `block in processors'
/opt/zammad/lib/search_index_backend.rb:70:in `each'
/opt/zammad/lib/search_index_backend.rb:70:in `processors'
/opt/zammad/lib/tasks/search_index_es.rake:90:in `block (2 levels) in <top (required)>'
/opt/zammad/lib/tasks/search_index_es.rake:70:in `block (2 levels) in <top (required)>'
/opt/zammad/lib/tasks/search_index_es.rake:166:in `block (2 levels) in <top (required)>'
/usr/local/bundle/gems/rake-12.3.0/exe/rake:27:in `<top (required)>'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/cli/exec.rb:74:in `load'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/cli/exec.rb:74:in `kernel_load'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/cli/exec.rb:28:in `run'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/cli.rb:424:in `exec'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/vendor/thor/lib/thor/command.rb:27:in `run'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in `invoke_command'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/vendor/thor/lib/thor.rb:387:in `dispatch'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/cli.rb:27:in `dispatch'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/vendor/thor/lib/thor/base.rb:466:in `start'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/cli.rb:18:in `start'
/usr/local/bundle/gems/bundler-1.16.4/exe/bundle:30:in `block in <top (required)>'
/usr/local/bundle/gems/bundler-1.16.4/lib/bundler/friendly_errors.rb:124:in `with_friendly_errors'
/usr/local/bundle/gems/bundler-1.16.4/exe/bundle:22:in `<top (required)>'
/usr/local/bundle/bin/bundle:104:in `load'
/usr/local/bundle/bin/bundle:104:in `<main>'
Tasks: TOP => searchindex:rebuild