Whats the docker run command? #4
Labels
Keine Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Kein Meilenstein
Kein Projekt
Niemand zuständig
2 Beteiligte
Nachrichten
Fällig am
Kein Fälligkeitsdatum gesetzt.
Abhängigkeiten
Keine Abhängigkeiten gesetzt.
Referenz: nickslowinski/JTS3ServerMod-dockerized#4
Laden …
In neuem Issue referenzieren
Keine Beschreibung angegeben.
Branch „%!s()“ löschen
Das Löschen eines Branches ist permanent. Obwohl der Branch für eine kurze Zeit weiter existieren könnte, kann diese Aktion in den meisten Fällen NICHT rückgängig gemacht werden. Fortfahren?
Hey i saw this image and its the only one for JTS3ServerMode which would run on a Raspberry Pi. I already pulled the image in docker but i am not able to run it.
Did not find any documentation about that and could not start it default way. So could you please share the right command to run it?
Hello Bourner,
unfortunately, I haven't had the time to complete the documentation so far, which is why this project is currently still in progress.
A basic start command would be:
This command will start a named container ("jts3servermod-dockerized") with all available volumes (these are named as well).
After your first start, the container will stop and you will find the following log output:
After that you have to edit the bot config inside the jts3_config volume. The default location for named volumes is
/var/lib/docker/volumes.Instead of using these named volumes, you could simply mount the volume to a specific folder on your drive. If you run the default Raspian install for the Pi, the command could look like this:
From here on, everything is identical to the original setup and you can follow the official configuration procedure.
Please note, that the arm based images are currently not 100% checked for errors, it was running successfully when I first started the project. The above commands are performed on the amd64 architecture and I will check it later for the arm64 version. At the moment, I can not test the arm version, because I only have one working Raspberry Pi right now running the 64 bit version of Raspbian.
If you still run into errors, please include the logs and steps you have taken.
I have tested some stuff and found out, that on an old out-of-date installation of Raspian the bot does not start up correctly with the following error:
After updating the system – including the kernel, containerd.io and docker-ce – the bot also starts successfully for me under arm64.
Complete steps that i have taken:
apt-get update && apt-get upgradedocker system prune -a.docker runcommand and it should work. By the end, you should receive a similar output to this:Hey thank you. It kinda works now.
I have another problem which comes from teamspeak. I have no permission for "b_serverinstance_permission_list". Thats why the container wont start.
I googled a bit and found many approaches to fix this but nothing works for me.
Do you have any advice how to give that permission to my user?
Note: That is not a problem with this project and therefor out of scope. I still want to help people where I can and at an later date my community forum will be used for this kind of help. But for now, here is the right place to get it.
That looks like your bot user does not have enough permissions. The bot identity needs to have the "b_serverinstance_permission_list" permission.
From a security perspective it is a good thing that you don't use the serveradmin query login, but you have to make sure the bot identity has all the permission it needs.
If your TeamSpeak server is rented from a company, the following steps could work, but it is not likely. I have no experience in rented TeamSpeak servers except that they are overpriced and very limited in their functions. I can only speak for self-hosted servers.
My recommended steps to resolve this:
That is pretty much everything you have to do. You could use the serveradmin query login for all the stuff, but that is more or less the master account of the server - with all the permissions. If these credentials are leaked, you will have a bad time... With my described way you are limiting the possible fraud that could happen by badly behaving code or some sort of attacker.
Thank you for your detailed answer. I appreciate your help very much. I have a self hosted teamspeak server also on a raspberry also with docker (same system)
I could run the bot with serveradmin query login because this one has all needed rights.
It seems my server admin has no rights do turn on the permission "b_serverinstance_permission_list". Also other global permissions don't work to turn on.
I have no idea why the server admin has not enough permisions. I also have no license, maybe this is the problem?
As you said this is a security issue. Do you have an idea how to fix this?
But for now everything works and i try to figure out how to configure the bot.
Ok i gave myself some more rights via YaTQA and now i could assign a different user. It works!
You solved your problem on your own, so some of the written text is discarded, but I would like to make the following comments:
That is a bit strange, because TeamSpeak does not provide an official image or binary for platforms other than x86_64/amd64. It might be possible to emulate an amd64 architecture with qemu and put everything inside a docker container, but please be careful with 3rd party solutions (especially if they are closed source). And yes, that counts towards my projects as well.
I already expected that. For easy administration of your TeamSpeak Server and to easily get more permissions than the default ones, go to https://yat.qa and download it (YaTQA).
This is a graphical interface to interact with your server via the query protocol. You can use this to grant your admin group all the rights that the serveradmin query has.
(followed by an explanation of how to do it)
There is and will be a community forum (link) for this kind of help - my git service and the issue tracker are for my (and possible your) projects. Do not worry, you do not need an additional login. The login is handled by this git service.
It is still a work in progress, but usable if you speak German 😉. It will be updated with bilingual support (German and English) and better categorization soon.
Some thumb rules for security:
I might write up some more complete rules for security / things that should be considered at a basic level and how you can achieve these and what my experiences are over the years. I might start small and publish everything in my forum and append to it as I go.
ok i was a bit fast with closing the issue.
I thought it would work but i think the user does not get the correct rights from the server group. i know theres a difference between voice user and query user.
how can i put the query user into a query group? or is this no problem to mix these two?
also could you help me with general permissions. i want to be a "root user" which has every possible permission just like the serveradmin query user. is this possible or not recommended?
i would like to get rid of extneral tools and want to change any setting from ts client.
Edit:
ich schreibe mal auf deutsch weiter. ich will das ganze hier eigentlich nicht komplett zu spammen. falls du mir dabei helfen kannst, wäre ich dankbar wenn wir irgendwie weiter schreiben können (mir egal wo)
Das Problem mit dem Docker Image ist ja lange gelöst. Das sind ja jetzt nur noch Hilfen, weil ich absolut keine Ahnung von TS Servern habe. Trotzdem schon mal großen Dank. Du hast echt Ahnung, schreibst das alles sehr schön auf und hilfst obwohl das eigentliche Problem schon längst durch ist. Großes Lob!
The advanced permission system is really complex and many things must be considered. I would like to look at your setup personal to minimize "wasted" time by discussing your problem on my TeamSpeak server (IP:
nick-slowinski.de) and by joining your server or looking at your setup with the help of Anydesk (you can easily limit my permissions to only see your desktop and actions). I am online tomorrow, the 15. october from ~ 16:00 CEST and on saturday from ~ 9:00 to ~ 12:30 CEST. Just join and poke me ("Nick1307 | Nick").To my knowladge there is no diffrence in the way the permissions are working, only some aspects like "Skip", "Negate" and channel permissions can override server group permissions. You could mix them without any problem (I am doing it).
It is possible and easily done personally 😜. If you don't want that done in TeamSpeak, i will write a little how-to tomorrow.
Like uncle Ben said: With great power comes great responsibility. TeamSpeak disabled the option to add voice clients to query groups for a reason, but if you think this through, weigh your decision, and determine that you want to do so, then there is no problem.
If you compromise and remove unnecessary rights from your (voice) admin group, you can have significantly more rights than you have now and still operate your server in a secure way.
And from experience, I can assure you that you do not want certain rights, such as "b_channel_modify_parent" (move channel by drag and drop).
Please note, that you can not edit or view everything that YaTQA can. If you "pimp" out your rights, all daily challenges can be mastered within the TeamSpeak client, but for some things it still will be easier or even necessary to use YaTQA (e.g. reviewing a user avatar if the user is offline and someone complains that his/her avatar is inappropriate in some way or another).
Nachtrag: Gerne schreib ich auch auf Deutsch weiter, Englisch ist auch nicht vorgeschrieben.
Wie oben geschrieben, würde ich das gerne persönlich klären, sodass unter Anderem auch deine Fragen deutlich schneller beantwortet werden können. Wie bereits erwähnt bin ich morgen ab ca. 16 Uhr auf meinem TeamSpeak Server erreichbar (IP:
nick-slowinski.de), halte einfach nach mir (Nick1307) ausschau und stups mich an, falls ich dich nicht eher sehe.Alles klar. Weiterhin vielen Dank. Ich bin dann ca. 16 Uhr auf deinem Teamspeak.
Informationen in English/Englisch
All problems of @Bourner are solved for now, but won't be discussed publicly. This git service and the issue trackers are for the associated projects and bugs, not for "random" help. There will be a dedicated forum (it is online, but currently only available in German) to get help like this with many guides and recommendations on how to do it exactly. Until everything is working, everyone can message me via e-mail at nick@nick-slowinski.de to ask some questions, ask for advice, and so on. This issue ticket will be updated if the forum is available in English.
Informationen in Deutsch/German
Alle Probleme von @Bourner sind vorerst gelöst, werden aber nicht öffentlich diskutiert. Dieser Git-Dienst und die Issue-Tracker sind für die zugehörigen Projekte und Fehler gedacht, nicht für "zufällige" Hilfe. Für solch eine Art Hilfe gibt es ein Forum von mir unter der Internetadresse community.nick-slowinski.de, welches nach für nach auch mit vielen Anleitungen und Empfehlung gefüllt wird. Derzeitig ist dessen Einrichtung noch nicht final und würde jeden Benutzer bitten, alle Anliegen entweder in der Kategorie Support zu posten oder mich persönlich anzuschreiben.
Hinweis: Der Login im Forum läuft über diesen Git-Service und ihr benötigt ein Konto mit bestätigter E-Mail-Adresse.
Deutschsprachige Anfragen an meine obige E-Mail-Adresse werden ignoriert und Ihr handelt euch nicht gerade Pluspunkte bei mir ein.