Related
I try to connect to a 3G/4G/5G mobile network using the Telit 5G modem FN990, and I even see an IP address in the logs, however it is not getting assigned to network device wwan0.
the PIN of the SIM is removed, as documented in https://wiki.archlinux.org/title/Mobile_broadband_modem#Remove_the_PIN .
there's basically two routes I took, both of which fail.
a) using nmcli
host:~# nmcli con show
NAME UUID TYPE DEVICE
Wired connection 2 9f1bf5da-f9e9-3f30-9f49-e567adf1f1b7 ethernet eth1
Wired connection 1 67fdb9dc-d570-3d55-ad2b-68281b3ca03d ethernet --
host:~# nmcli connection add type gsm con-name conn5g ifname cdc-wdm0
Connection 'conn5g' (50c76297-5289-452f-a105-2525122cf9c0) successfully added.
host:~# nmcli con show
NAME UUID TYPE DEVICE
Wired connection 2 9f1bf5da-f9e9-3f30-9f49-e567adf1f1b7 ethernet eth1
Wired connection 1 67fdb9dc-d570-3d55-ad2b-68281b3ca03d ethernet --
conn5g 50c76297-5289-452f-a105-2525122cf9c0 gsm --
host:~#
host:~# nmcli con up conn5g
Error: Connection activation failed: No suitable device found for this connection (device lo not available because device is strictly unmanaged).
host:~#
b) using mmcli
host:~# mmcli -m 0 --simple-connect="apn=internet.telekom,user=telekom,password=telekom"
successfully connected the modem
host:~#
during that, /var/log/messages says:
Feb 20 08:45:09 host daemon.debug ModemManager[319]: <debug> [modem0] processing 3GPP info...
Feb 20 08:45:09 host daemon.debug ModemManager[319]: <debug> [modem0] 3GPP cell id updated: '2<XXX>9->2<XXX>1'
Feb 20 08:45:09 host daemon.debug ModemManager[319]: <debug> [modem0] 3GPP location updated (MCC: '262', MNC: '1', location area code: '0', tracking area code: '<XXX>', cell ID: '2<XXX>1')
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] user request to connect modem
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0] simple connect started...
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] PIN: unspecified
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] operator ID: unspecified
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] allowed roaming: yes
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] APN: internet.telekom
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] IP family: unspecified
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] allowed authentication: unspecified
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] User: telekom
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] Password: telekom
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0] simple connect state (4/8): wait to get fully enabled
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0] simple connect state (5/8): register
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] already registered automatically in network '26201', automatic registration not launched...
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0] simple connect state (6/8): bearer
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0] Using already existing bearer at '/org/freedesktop/ModemManager1/Bearer/1'...
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0] simple connect state (7/8): connect
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] connecting...
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0] state changed (registered -> connecting)
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] launching connection with QMI port (cdc-wdm0) and data port (wwan0)
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] no specific IP family requested, defaulting to ipv4
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] defaulting to use static IP method
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] running IPv4 connection setup
[...]
Feb 20 08:46:34 host daemon.debug ModemManager[319]: [/dev/cdc-wdm0] Received generic response (translated)... <<<<<< QMUX: <<<<<< length = 69 <<<<<< flags = 0x80 <<<<<< service = "wds" <<<<<< client = 16 <<<<<< QMI: <<<<<< flags = "response" <<<<<<
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] IP Family: IPv4
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0/bearer1] QMI IPv4 Settings:
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0/bearer1] address: 10.156.137.45/30
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0/bearer1] gateway: 10.156.137.46
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0/bearer1] DNS #1: 10.74.210.210
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0/bearer1] DNS #2: 10.74.210.211
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0/bearer1] MTU: 1500
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] domains:
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/wwan0/net] port now connected
Feb 20 08:46:34 host daemon.debug ModemManager[319]: <debug> [modem0/bearer1] connected
Feb 20 08:46:34 host daemon.info ModemManager[319]: <info> [modem0] state changed (connecting -> connected)
to me this looks good, but wwan0 is down, and has no IP:
host:~# ip a s wwan0
6: wwan0: <POINTOPOINT,MULTICAST,NOARP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/none
the state of the modem at this time:
host:~# mmcli -m 0
-----------------------------------
General | path: /org/freedesktop/ModemManager1/Modem/0
| device id: 4<XXX>e
-----------------------------------
Hardware | manufacturer: Telit
| model: FN990A28
| firmware revision: M0R.000001-B003
| carrier config: default
| h/w revision: 1.00
| supported: gsm-umts, lte, 5gnr
| current: gsm-umts, lte, 5gnr
| equipment id: 359<XXX>7
-----------------------------------
System | device: /sys/devices/platform/soc#0/32f10108.usb/38200000.dwc3/xhci-hcd.1.auto/usb3/3-1
| drivers: option, qmi_wwan
| plugin: telit
| primary port: cdc-wdm0
| ports: cdc-wdm0 (qmi), ttyUSB2 (at), ttyUSB3 (at), ttyUSB4 (at),
| wwan0 (net)
-----------------------------------
Numbers | own: +49<XXX>
-----------------------------------
Status | lock: sim-pin2
| unlock retries: sim-pin (3), sim-puk (10), sim-pin2 (3), sim-puk2 (10)
| state: connected
| power state: on
| access tech: lte
| signal quality: 100% (cached)
-----------------------------------
Modes | supported: allowed: 3g; preferred: none
| allowed: 4g; preferred: none
| allowed: 3g, 4g; preferred: 4g
| allowed: 3g, 4g; preferred: 3g
| allowed: 5g; preferred: none
| allowed: 3g, 5g; preferred: 5g
| allowed: 3g, 5g; preferred: 3g
| allowed: 4g, 5g; preferred: 5g
| allowed: 4g, 5g; preferred: 4g
| allowed: 3g, 4g, 5g; preferred: 5g
| allowed: 3g, 4g, 5g; preferred: 4g
| allowed: 3g, 4g, 5g; preferred: 3g
| current: allowed: 3g, 4g, 5g; preferred: 5g
-----------------------------------
Bands | supported: utran-1, utran-4, utran-6, utran-5, utran-8, utran-2,
| eutran-1, eutran-2, eutran-3, eutran-4, eutran-5, eutran-7, eutran-8,
| eutran-12, eutran-13, eutran-14, eutran-17, eutran-18, eutran-19,
| eutran-20, eutran-25, eutran-26, eutran-28, eutran-29, eutran-30,
| eutran-32, eutran-34, eutran-38, eutran-39, eutran-40, eutran-41,
| eutran-42, eutran-43, eutran-46, eutran-48, eutran-66, eutran-71,
| utran-19
| current: utran-1, utran-4, utran-6, utran-5, utran-8, utran-2,
| eutran-1, eutran-2, eutran-3, eutran-4, eutran-5, eutran-7, eutran-8,
| eutran-12, eutran-13, eutran-14, eutran-17, eutran-18, eutran-19,
| eutran-20, eutran-25, eutran-26, eutran-28, eutran-29, eutran-30,
| eutran-32, eutran-34, eutran-38, eutran-39, eutran-40, eutran-41,
| eutran-42, eutran-43, eutran-46, eutran-48, eutran-66, eutran-71,
| utran-19
-----------------------------------
IP | supported: ipv4, ipv6, ipv4v6
-----------------------------------
3GPP | imei: 359<XXX>7
| enabled locks: fixed-dialing
| operator id: 26201
| operator name: Telekom.de
| registration: home
-----------------------------------
3GPP EPS | ue mode of operation: csps-2
| initial bearer path: /org/freedesktop/ModemManager1/Bearer/0
| initial bearer apn: internet.telekom
| initial bearer ip type: ipv4
-----------------------------------
SIM | primary sim path: /org/freedesktop/ModemManager1/SIM/0
| sim slot paths: slot 1: /org/freedesktop/ModemManager1/SIM/0 (active)
| slot 2: none
-----------------------------------
Bearer | paths: /org/freedesktop/ModemManager1/Bearer/1
host:~#
here's some info about the tool versions:
host:~# nmcli --version
nmcli tool, version 1.30.4
host:~# mmcli --version
mmcli 1.16.2
Copyright (2011 - 2021) Aleksander Morgado
License GPLv2+: GNU GPL version 2 or later <http://gnu.org/licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
host:~#
here's some info about the kernel:
host:~# zcat /proc/config.gz | grep CDC
CONFIG_USB_NET_CDCETHER=y
# CONFIG_USB_NET_CDC_EEM is not set
CONFIG_USB_NET_CDC_NCM=y
# CONFIG_USB_NET_HUAWEI_CDC_NCM is not set
CONFIG_USB_NET_CDC_MBIM=y
# CONFIG_USB_NET_CDC_SUBSET is not set
CONFIG_BRCMFMAC_PROTO_BCDC=y
# CONFIG_MFD_ATMEL_HLCDC is not set
CONFIG_USB_CDC_COMPOSITE=m
CONFIG_USB_G_MULTI_CDC=y
# CONFIG_COMMON_CLK_CDCE706 is not set
# CONFIG_COMMON_CLK_CDCE925 is not set
host:~#
host:~# zcat /proc/config.gz | grep WWAN
CONFIG_USB_NET_QMI_WWAN=y
CONFIG_USB_SERIAL_WWAN=y
host:~#
can anyone point me to what's going wrong, or how I can further debug the issue? Why is wwan0 not assigned the IP despite the line [modem0/wwan0/net] port now connected?
I've been made aware that aiosmtpd logs to the syslog. I'm using a Red Hat Linux distribution and can't find anything related to my SMTP server in the messages or maillog file. I'm trying to debug an issue with a device that can't connect to my SMTP server with basic authentication as I can't find any reason why the device is being rejected by my server. The only way I've been able to debug so far is by using the EHLO and MAIL handlers and printing a message when that stage of the connection is reached. Ideally, I'd like as much as possible to be logged out, like with smtplib that enables you to see each message between the client and server. Is it possible to do this or some basic logging at least and how do I do it if so? The code I'm using is:
import email
from email.header import decode_header
from email import message_from_bytes
from email.policy import default
from aiosmtpd.controller import Controller
from aiosmtpd.smtp import LoginPassword, AuthResult
import os
import json
import re
import sys
import time
import signal
import logging
from datetime import datetime
import configparser
##setting timezone
os.environ['TZ'] = "Europe/London"
time.tzset()
#wildlifeCameraHome = os.getenv('WILDLIFE_CAMERA_HOME')
wildlifeCameraHome = "/home/matthew_gale/smtp-server"
startupConfigURL = "{}/Config/Config.ini".format(wildlifeCameraHome)
validCameraList = "{}/Config/ValidCameraIDs.txt".format(wildlifeCameraHome)
ouboxBaseURL = "{}/outbox".format(wildlifeCameraHome)
spacer = "*"*100
# Get command line parameters
if len( sys.argv ) > 1 and str( sys.argv[1] ) == "DEBUG":
debugMode = True
else:
debugMode = False
if not debugMode:
logFileURL = "{}/Logging/EmailExtractorLog.out".format(wildlifeCameraHome)
sys.stdout = open(logFileURL, 'a', 1)
sys.stderr = sys.stdout
if os.environ.get('VA_LOG_LEVEL') is None:
envlevel = 3
else:
envlevel = int(os.environ.get('VA_LOG_LEVEL'))
def Lprint(logstring, loglevel):
detailedtimeStamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
if loglevel <= envlevel or debugMode:
print(detailedtimeStamp + ":" + logstring)
return True
else:
return None
def onExit( sig, func=None):
Lprint("*************Stopping program*****************",3)
controller.stop()
exit()
signal.signal(signal.SIGTERM, onExit)
# removes the spaces and replaces with _ so they're valid folder names
def clean(text):
return "".join(c if c.isalnum() else "_" for c in text)
#get the configs from the config file
config = configparser.ConfigParser()
config.read(startupConfigURL)
gmailConfig = config['EmailExtractor']
validEmail = gmailConfig['validSender']
# check at the end if there's any validation regarding who sends the email
with open(validCameraList, 'r', encoding='utf-8') as f:
validCameraIDs = f.readlines()
for rowNumber, content in enumerate(validCameraIDs):
validCameraIDs[rowNumber] = content.replace("\n","")
Lprint("Valid cameraIDs are",3)
print (validCameraIDs)
auth_db = {
b"TestCamera1#gmail.com": b"password1",
b"user2": b"password2",
b"TestCamera1": b"password1",
}
def authenticator_func(server, session, envelope, mechanism, auth_data):
# Simple auth - is only being used because of the reolink cam
assert isinstance(auth_data, LoginPassword)
username = auth_data.login
password = auth_data.password
if auth_db.get(username) == password:
return AuthResult(success=True)
else:
return AuthResult(success=False, handled=False)
def configure_logging():
file_handler = logging.FileHandler("aiosmtpd.log", "a")
stderr_handler = logging.StreamHandler(sys.stderr)
logger = logging.getLogger("mail.log")
fmt = "[%(asctime)s %(levelname)s] %(message)s"
datefmt = None
formatter = logging.Formatter(fmt, datefmt, "%")
stderr_handler.setFormatter(stderr_handler)
logger.addHandler(stderr_handler)
file_handler.setFormatter(file_handler)
logger.addHandler(file_handler)
logger.setLevel(logging.DEBUG)
class CustomHandler:
def handle_exception(self, error):
Lprint("exception occured",3)
print(error)
return '542 Internal Server Error'
async def handle_DATA(self, server, session, envelope):
peer = session.peer
data = envelope.content # type: bytes
msg = message_from_bytes(envelope.content, policy=default)
# decode the email subject
Lprint("Msg:{}".format(msg),3)
Lprint("Data:{}".format(data),3)
Lprint("All of the relevant data has been extracted from the email",3)
Lprint(spacer,3)
return '250 OK'
if __name__ == '__main__':
configure_logging()
handler = CustomHandler()
controller = Controller(handler, hostname='0.0.0.0', port=587, authenticator=authenticator_func, auth_required=True,auth_require_tls=False)
# Run the event loop in a separate thread.
controller.start()
#Confirmed that this is needed to keep the SMTP server running constantly
while True:
time.sleep(10)
If you search the aiosmtpd codebase for "logging.getLogger", you can find a few places where logging is being configured with Python's standard logging module.
In order to actually see these log messages, you need to configure the log level and add a log handler. Try calling the following "configure_logging" function early in your program. It will set up basic logging to stderr and to a file named "aiosmtpd.log". Complete example:
import logging
import sys
def configure_logging():
file_handler = logging.FileHandler("aiosmtpd.log", "a")
stderr_handler = logging.StreamHandler(sys.stderr)
logger = logging.getLogger("mail.log")
fmt = "[%(asctime)s %(levelname)s] %(message)s"
datefmt = None
formatter = logging.Formatter(fmt, datefmt, "%")
stderr_handler.setFormatter(formatter)
logger.addHandler(stderr_handler)
file_handler.setFormatter(formatter)
logger.addHandler(file_handler)
logger.setLevel(logging.DEBUG)
configure_logging()
# aiosmtpd example from https://stackoverflow.com/a/43904837/1570972
import aiosmtpd.controller
class CustomSMTPHandler:
async def handle_DATA(self, server, session, envelope):
print(len(envelope.content), repr(envelope.content[:50]))
return '250 OK'
handler = CustomSMTPHandler()
server = aiosmtpd.controller.Controller(handler, hostname="127.0.0.1")
server.start()
input("Server started. Press Return to quit.\n")
server.stop()
Running the above script in one terminal and then running swaks --server '127.0.0.1:8025' --to foo#example.com in another (the Swiss Army Knife for SMTP) to send a test email gives the following output on the terminal:
[2021-12-07 19:37:57,124 INFO] Available AUTH mechanisms: LOGIN(builtin) PLAIN(builtin)
[2021-12-07 19:37:57,124 INFO] Peer: ('127.0.0.1', 44126)
[2021-12-07 19:37:57,125 INFO] ('127.0.0.1', 44126) handling connection
[2021-12-07 19:37:57,125 DEBUG] ('127.0.0.1', 44126) << b'220 alcyone.localdomain Python SMTP 1.4.2'
Server started. Press Return to quit.
[2021-12-07 19:37:57,126 INFO] ('127.0.0.1', 44126) EOF received
[2021-12-07 19:37:57,126 INFO] ('127.0.0.1', 44126) Connection lost during _handle_client()
[2021-12-07 19:37:57,126 INFO] ('127.0.0.1', 44126) connection lost
[2021-12-07 19:38:02,012 INFO] Available AUTH mechanisms: LOGIN(builtin) PLAIN(builtin)
[2021-12-07 19:38:02,012 INFO] Peer: ('127.0.0.1', 44128)
[2021-12-07 19:38:02,013 INFO] ('127.0.0.1', 44128) handling connection
[2021-12-07 19:38:02,013 DEBUG] ('127.0.0.1', 44128) << b'220 alcyone.localdomain Python SMTP 1.4.2'
[2021-12-07 19:38:02,013 DEBUG] _handle_client readline: b'EHLO alcyone.localdomain\r\n'
[2021-12-07 19:38:02,013 INFO] ('127.0.0.1', 44128) >> b'EHLO alcyone.localdomain'
[2021-12-07 19:38:02,013 DEBUG] ('127.0.0.1', 44128) << b'250-alcyone.localdomain'
[2021-12-07 19:38:02,013 DEBUG] ('127.0.0.1', 44128) << b'250-SIZE 33554432'
[2021-12-07 19:38:02,013 DEBUG] ('127.0.0.1', 44128) << b'250-8BITMIME'
[2021-12-07 19:38:02,013 DEBUG] ('127.0.0.1', 44128) << b'250-SMTPUTF8'
[2021-12-07 19:38:02,013 DEBUG] ('127.0.0.1', 44128) << b'250 HELP'
[2021-12-07 19:38:02,014 DEBUG] _handle_client readline: b'MAIL FROM:<rav#alcyone.localdomain>\r\n'
[2021-12-07 19:38:02,014 INFO] ('127.0.0.1', 44128) >> b'MAIL FROM:<rav#alcyone.localdomain>'
[2021-12-07 19:38:02,014 INFO] ('127.0.0.1', 44128) sender: rav#alcyone.localdomain
[2021-12-07 19:38:02,014 DEBUG] ('127.0.0.1', 44128) << b'250 OK'
[2021-12-07 19:38:02,014 DEBUG] _handle_client readline: b'RCPT TO:<foo#example.com>\r\n'
[2021-12-07 19:38:02,014 INFO] ('127.0.0.1', 44128) >> b'RCPT TO:<foo#example.com>'
[2021-12-07 19:38:02,014 INFO] ('127.0.0.1', 44128) recip: foo#example.com
[2021-12-07 19:38:02,014 DEBUG] ('127.0.0.1', 44128) << b'250 OK'
[2021-12-07 19:38:02,014 DEBUG] _handle_client readline: b'DATA\r\n'
[2021-12-07 19:38:02,014 INFO] ('127.0.0.1', 44128) >> b'DATA'
[2021-12-07 19:38:02,015 DEBUG] ('127.0.0.1', 44128) << b'354 End data with <CR><LF>.<CR><LF>'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'Date: Tue, 07 Dec 2021 19:38:02 +0100\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'To: foo#example.com\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'From: rav#alcyone.localdomain\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'Subject: test Tue, 07 Dec 2021 19:38:02 +0100\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'Message-Id: <20211207193802.024948#alcyone.localdomain>\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'X-Mailer: swaks vDEVRELEASE jetmore.org/john/code/swaks/\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'This is a test mailing\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'\r\n'
[2021-12-07 19:38:02,015 DEBUG] DATA readline: b'.\r\n'
283 b'Date: Tue, 07 Dec 2021 19:38:02 +0100\r\nTo: foo#exa'
[2021-12-07 19:38:02,015 DEBUG] ('127.0.0.1', 44128) << b'250 OK'
[2021-12-07 19:38:02,015 DEBUG] _handle_client readline: b'QUIT\r\n'
[2021-12-07 19:38:02,015 INFO] ('127.0.0.1', 44128) >> b'QUIT'
[2021-12-07 19:38:02,015 DEBUG] ('127.0.0.1', 44128) << b'221 Bye'
[2021-12-07 19:38:02,016 INFO] ('127.0.0.1', 44128) connection lost
[2021-12-07 19:38:02,016 INFO] ('127.0.0.1', 44128) Connection lost during _handle_client()
I am having a NodeJS application which runs fine when I start it manually with "npm run server".
My app runs on Linux Centos8.
If I start the app as a service via the unit file below then it doesn't start when setenforce=1 (selinux is enforcing).
If I switch of selinux with setenforce=0 then the service starts when executing
"systemctl start translationtable"
This is mij unitfile which is located in /etc/systemd/system/translationtable.service:
[Unit]
Description=TranslationtableService
After=network.target
[Service]
WorkingDirectory=/opt/nodejs/translationtable
ExecStart=/usr/bin/npm run server
Type=simple
User=sa-builder
Group=sa-builder
[Install]
WantedBy=multi-user.target
This is the error I am getting after starting the service with:
systemctl status translationtable
translationtable.service - TranslationtableService
Loaded: loaded (/etc/systemd/system/translationtable.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-05-17 10:32:04 CEST; 4s ago
Process: 11815 ExecStart=/usr/bin/npm run server (code=exited, status=203/EXEC)
Main PID: 11815 (code=exited, status=203/EXEC)
May 17 10:32:04 ac8app01.myexample.nl systemd[1]: Started TranslationtableService.
May 17 10:32:04 ac8app01.myexample.nl systemd[1]: translationtable.service: Main process exited, code=exited, status=203/EXEC
May 17 10:32:04 ac8app01.myexample.nl systemd[1]: translationtable.service: Failed with result 'exit-code'.
[root#ac8app01 translationtable]# vi /etc/systemd/system/translationtable.service
[root#ac8app01 translationtable]# systemctl status translationtable
translationtable.service - TranslationtableService
Loaded: loaded (/etc/systemd/system/translationtable.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-05-17 10:32:04 CEST; 8min ago
Process: 11815 ExecStart=/usr/bin/npm run server (code=exited, status=203/EXEC)
Main PID: 11815 (code=exited, status=203/EXEC)
May 17 10:32:04 ac8app01.myexample.nl systemd[1]: Started TranslationtableService.
May 17 10:32:04 ac8app01.myexample.nl systemd[1]: translationtable.service: Main process exited, code=exited, status=203/EXEC
May 17 10:32:04 ac8app01.myexample.nl systemd[1]: translationtable.service: Failed with result 'exit-code'.
my app runs in
/opt/nodejs/translationtable
I tryed lot of things for example adding context to selinux as a lucky shot:
semanage fcontext -a --type httpd_sys_rw_content_t '/usr/bin/npm(/.*)?'
chcon -R -t httpd_sys_content_t /usr/bin/npm
chcon -R -t httpd_sys_rw_content_t /usr/bin/npm
semanage fcontext -a --type httpd_sys_rw_content_t '/opt/nodejs/translationtable(/.*)?'
chcon -R -t httpd_sys_content_t /opt/nodejs/translationtable
chcon -R -t httpd_sys_rw_content_t /opt/nodejs/translationtable
I also added the context of my /var/log/audit/audit.log file where there are a lot of denys regarding selinux context things:
type=SERVICE_START msg=audit(1589712010.061:95): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=translationtable comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'^]UID="root" AUID="unset"
type=AVC msg=audit(1589712010.091:96): avc: denied { read } for pid=1974 comm="(npm)" name="npm" dev="dm-0" ino=50690435 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=lnk_file permissive=1
type=SYSCALL msg=audit(1589712010.091:96): arch=c000003e syscall=59 success=yes exit=0 a0=55c7f2a8e1e0 a1=55c7f29fc8f0 a2=55c7f2aaad70 a3=55c7f2852010 items=0 ppid=1 pid=1974 auid=4294967295 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="npm" exe="/usr/bin/node" subj=system_u:system_r:init_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=execve AUID="unset" UID="sa-builder" GID="sa-builder" EUID="sa-builder" SUID="sa-builder" FSUID="sa-builder" EGID="sa-builder" SGID="sa-builder" FSGID="sa-builder"
type=PROCTITLE msg=audit(1589712010.091:96): proctitle=2F7573722F62696E2F6E6F6465002F7573722F62696E2F6E706D0072756E00736572766572
type=AVC msg=audit(1589712010.876:97): avc: denied { execmem } for pid=1974 comm="npm" scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=process permissive=1
type=SYSCALL msg=audit(1589712010.876:97): arch=c000003e syscall=10 success=yes exit=0 a0=84f68104000 a1=7b000 a2=5 a3=0 items=0 ppid=1 pid=1974 auid=4294967295 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="npm" exe="/usr/bin/node" subj=system_u:system_r:init_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=mprotect AUID="unset" UID="sa-builder" GID="sa-builder" EUID="sa-builder" SUID="sa-builder" FSUID="sa-builder" EGID="sa-builder" SGID="sa-builder" FSGID="sa-builder"
type=PROCTITLE msg=audit(1589712010.876:97): proctitle=2F7573722F62696E2F6E6F6465002F7573722F62696E2F6E706D0072756E00736572766572
type=AVC msg=audit(1589712011.007:98): avc: denied { getattr } for pid=1974 comm="npm" path="/usr/bin/npm" dev="dm-0" ino=50690435 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=lnk_file permissive=1
type=SYSCALL msg=audit(1589712011.007:98): arch=c000003e syscall=332 success=yes exit=0 a0=ffffff9c a1=7ffcbba58e78 a2=100 a3=fff items=0 ppid=1 pid=1974 auid=4294967295 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="npm" exe="/usr/bin/node" subj=system_u:system_r:init_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=statx AUID="unset" UID="sa-builder" GID="sa-builder" EUID="sa-builder" SUID="sa-builder" FSUID="sa-builder" EGID="sa-builder" SGID="sa-builder" FSGID="sa-builder"
type=PROCTITLE msg=audit(1589712011.007:98): proctitle=2F7573722F62696E2F6E6F6465002F7573722F62696E2F6E706D0072756E00736572766572
type=AVC msg=audit(1589712012.976:99): avc: denied { read } for pid=1974 comm="npm" name="translationtable" dev="dm-0" ino=51493520 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=dir permissive=1
type=SYSCALL msg=audit(1589712012.976:99): arch=c000003e syscall=257 success=yes exit=18 a0=ffffff9c a1=55e9fe518330 a2=90800 a3=0 items=0 ppid=1 pid=1974 auid=4294967295 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="npm" exe="/usr/bin/node" subj=system_u:system_r:init_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="sa-builder" GID="sa-builder" EUID="sa-builder" SUID="sa-builder" FSUID="sa-builder" EGID="sa-builder" SGID="sa-builder" FSGID="sa-builder"
type=PROCTITLE msg=audit(1589712012.976:99): proctitle="npm"
type=AVC msg=audit(1589712012.995:100): avc: denied { read } for pid=1974 comm="npm" name="package.json" dev="dm-0" ino=51493542 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=1
type=AVC msg=audit(1589712012.995:100): avc: denied { open } for pid=1974 comm="npm" path="/opt/nodejs/translationtable/package.json" dev="dm-0" ino=51493542 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1589712012.995:100): arch=c000003e syscall=257 success=yes exit=19 a0=ffffff9c a1=7ffcbba556e8 a2=80000 a3=0 items=0 ppid=1 pid=1974 auid=4294967295 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="npm" exe="/usr/bin/node" subj=system_u:system_r:init_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=openat AUID="unset" UID="sa-builder" GID="sa-builder" EUID="sa-builder" SUID="sa-builder" FSUID="sa-builder" EGID="sa-builder" SGID="sa-builder" FSGID="sa-builder"
type=PROCTITLE msg=audit(1589712012.995:100): proctitle=2F7573722F62696E2F6E6F6465002F7573722F62696E2F6E706D0072756E00736572766572
type=AVC msg=audit(1589712013.025:101): avc: denied { getattr } for pid=1974 comm="npm" path="/opt/nodejs/translationtable/package.json" dev="dm-0" ino=51493542 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1589712013.025:101): arch=c000003e syscall=332 success=yes exit=0 a0=13 a1=55e9fc9d1339 a2=1000 a3=fff items=0 ppid=1 pid=1974 auid=4294967295 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4294967295 comm="npm" exe="/usr/bin/node" subj=system_u:system_r:init_t:s0 key=(null)^]ARCH=x86_64 SYSCALL=statx AUID="unset" UID="sa-builder" GID="sa-builder" EUID="sa-builder" SUID="sa-builder" FSUID="sa-builder" EGID="sa-builder" SGID="sa-builder" FSGID="sa-builder"
type=PROCTITLE msg=audit(1589712013.025:101): proctitle=2F7573722F62696E2F6E6F6465002F7573722F62696E2F6E706D0072756E00736572766572
Nothing seems to work, I get a terrible headache of selinux.
Anybody have an idea ?
Check /var/log/messages for errors and suggestions.
Example:
SELinux is preventing /usr/lib/systemd/systemd from <permission> on file <file>
For complete SELinux messages run: sealert -l <some-id>
You can then run the sealert command to get detailed information about the problem and how to correct it. (ausearch/audit2allow commands will be in the detailed info output from sealert )
I created a docker registry and want to connect it with GitLab. I followed this documentation https://docs.gitlab.com/ce/user/project/container_registry.html. After that I tried to login to docker, but I received 401 or Access denied, do you know how to fix this ?
docker login url
Username: gitlab-ci-token
Password:
https://<url>/v2/: unauthorized: HTTP Basic: Access denied
docker login <url>
Username: knikolov
Password:
https://<url>/v2/: unauthorized: HTTP Basic: Access denied
docker login <url>
Username: knikolov
Password:
Error response from daemon: login attempt to https://<url>/v2/ failed with status: 401 Unauthorized
production.log
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:42:51 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:42:54 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:42:57 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:43:00 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:43:03 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:43:06 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:43:09 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:43:12 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:43:15 +0000
Started POST "/api/v4/jobs/request" for 172.17.0.1 at 2017-06-22 14:43:18 +0000
Started GET "/jwt/auth?account=knikolov&client_id=docker&offline_token=true&service=container_registry" for 172.17.0.1 at 2017-06-22 14:43:19 +0000
Processing by JwtController#auth as HTML
Parameters: {"account"=>"knikolov", "client_id"=>"docker", "offline_token"=>"true", "service"=>"container_registry"}
Completed 200 OK in 191ms (Views: 0.5ms | ActiveRecord: 5.7ms)
Started GET "/admin/logs" for 172.17.0.1 at 2017-06-22 14:43:21 +0000
Processing by Admin::LogsController#show as HTML
Form the registry log I received:
registry_1 | time="2017-06-25T17:34:31Z" level=warning msg="error authorizing context: authorization token required" go.version=go1.7.3 http.request.host=<url> http.request.id=e088c13e-aa4c-4701-af26-29e12874519b http.request.method=GET http.request.remoteaddr=37.59.24.105 http.request.uri="/v2/" http.request.useragent="docker/17.03.1-ce go/go1.7.5 git-commit/c6d412e kernel/4.4.0-81-generic os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.1-ce \\(linux\\))" instance.id=c8d463e0-cf04-48f5-8daa-d096b4e75494 version=v2.6.1
registry_1 | 172.17.0.1 - - [25/Jun/2017:17:34:31 +0000] "GET /v2/ HTTP/1.0" 401 87 "" "docker/17.03.1-ce go/go1.7.5 git-commit/c6d412e kernel/4.4.0-81-generic os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.1-ce \\(linux\\))"
registry_1 | time="2017-06-25T17:34:32Z" level=info msg="token from untrusted issuer: \"omnibus-gitlab-issuer\""
registry_1 | time="2017-06-25T17:34:32Z" level=warning msg="error authorizing context: invalid token" go.version=go1.7.3 http.request.host=<url> http.request.id=ff0d15e4-3198-4d69-910b-50bc27dd02f2 http.request.method=GET http.request.remoteaddr=37.59.24.105 http.request.uri="/v2/" http.request.useragent="docker/17.03.1-ce go/go1.7.5 git-commit/c6d412e kernel/4.4.0-81-generic os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.1-ce \\(linux\\))" instance.id=c8d463e0-cf04-48f5-8daa-d096b4e75494 version=v2.6.1
registry_1 | 172.17.0.1 - - [25/Jun/2017:17:34:32 +0000] "GET /v2/ HTTP/1.0" 401 87 "" "docker/17.03.1-ce go/go1.7.5 git-commit/c6d412e kernel/4.4.0-81-generic os/linux arch/amd64 UpstreamClient(Docker-Client/17.03.1-ce \\(linux\\))"
this is my config for my registry:
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
delete:
enabled: true
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
auth:
token:
realm: https://<url>/jwt/auth
service: container_registry
issuer: gitlab-issuer
rootcertbundle: /certs/registry.crt
docker-compose.yml
registry:
restart: always
image: registry:2
ports:
- 127.0.0.1:5000:5000
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
volumes:
- ./data:/var/lib/registry
- ./certs:/certs
- ./config.yml:/etc/docker/registry/config.yml
Gitlab docker-compose.yml
web:
image: 'gitlab/gitlab-ce:latest'
restart: always
hostname: '<gitlab_url>'
container_name: gitlab
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url '<gitlab_url>'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
registry_external_url '<docker-registry_url>'
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "172.17.0.1"
gitlab_rails['smtp_domain'] = "<smtp_domain>"
gitlab_rails['gitlab_email_from'] = '<gitlab_email_from>'
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['registry_enabled'] = true
registry_nginx['ssl_certificate'] = '/etc/gitlab/ssl/docker.registry.crt'
registry_nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/docker.registry.key'
registry_nginx['proxy_set_headers'] = {
"Host" => "<dokcer-registry_url>"
}
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
ports:
- '127.0.0.1:5432:80'
- '2224:22'
volumes:
- '/home/gitlab/gitlab-ce/config:/etc/gitlab'
- '/home/gitlab/gitlab-ce/logs:/var/log/gitlab'
- '/home/gitlab/gitlab-ce/data:/var/opt/gitlab'
- '/home/docker-registry/data:/var/opt/gitlab/gitlab-rails/shared/registry'
Make sure the .crt file and .key file exists on the path specified here in gitlab.rb if not make the changes and restart gitlab with - sudo gitlab-ctl restart
external_url 'https://myrepo.xyz.com'
nginx['redirect_http_to_https'] = true
registry_external_url 'https://registry.xyz.com'
registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/registry.xyz.com.crt"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/registry.xyz.com.key"
More details available at - Appychip
It seems like you are not using the same RSA keypair for your Gitlab registry backend and your Docker setup.
Check your gitlab_rails['registry_key_path'] setting in Gitlab.rb and consult this very detailed guide.
https://m42.sh/gitlab-registry.html (unfortunately offline, backup copy here: https://github.com/ipernet/gitlab-docs/blob/master/gitlab-registry.md)
Make Sure that
The Drive on Docker is shared
(If the drive is not shared: Go to Docker and make the settings as Shared)
Username matches
Remove any domain name if included.
Try this
I'm trying to add View Action to my emails. For tests I'm send email from grif#ecwid.com to grif#ecwid.com
Example
Return-Path: <grif#ecwid.com>
Received: from 172.17.10.84 ([87.251.133.106])
by mx.google.com with ESMTPSA id bj7sm8223219lbc.22.2014.06.06.01.11.43
for <grif#ecwid.com>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Fri, 06 Jun 2014 01:11:44 -0700 (PDT)
Date: Fri, 06 Jun 2014 01:11:44 -0700 (PDT)
From: grif#ecwid.com
To: grif#ecwid.com
Message-ID: <1817181170.17.1402042304376.JavaMail.rinatgainullin#Rinats-MacBook-Pro-2.local>
Subject: =?UTF-8?B?0JTQvtCx0YDQviDQv9C+0LbQsNC70L7QstCw0YLRjCDQsiBFY3dpZCE=?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_15_1197020028.1402042304374"
------=_Part_15_1197020028.1402042304374
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
....
------=_Part_15_1197020028.1402042304374
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.=
w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DU=
TF-8">
<title>=D0=94=D0=BE=D0=B1=D1=80=D0=BE =D0=BF=D0=BE=D0=B6=D0=B0=D0=
=BB=D0=BE=D0=B2=D0=B0=D1=82=D1=8C =D0=B2 Ecwid!</title>
=09=09
<style type=3D"text/css">
.....
</style></head>
<body leftmargin=3D"0" marginwidth=3D"0" topmargin=3D"0" marginheight=
=3D"0" offset=3D"0" style=3D"margin: 0;padding: 0;background-color: #ffffff=
;">
....
<div itemscope itemtype=3D"http://schema.org/EmailMessage">
=09<div itemprop=3D"action" itemscope itemtype=3D"http://schema.org/ViewAct=
ion">
=09=09<link itemprop=3D"url" href=3D"https://my.grif.ecwid.com:8443/cp/vali=
date?h=3D123&ownerid=3D0"/>
=09=09<meta itemprop=3D"name" content=3D"=D0=9F=D0=BE=D0=B4=D1=82=D0=B2=D0=
=B5=D1=80=D0=B4=D0=B8=D1=82=D1=8C e-mail"/>
=09</div>
</div>
....
</body>
</html>
------=_Part_15_1197020028.1402042304374--
But my inbox letter looks like this http://i.stack.imgur.com/GAcs7.png
What I should to do to test my schema? Is this feature testing has any restriction?
Update
When I send mail for myself there are no dkim headers, but when my friend send me mail from his acc dkim header is present
No dkim
Return-Path: <grif#ecwid.com>
Received: from test-gmail-actions-0.gen.ec.ecwid.com (ec2-174-129-131-52.compute-1.amazonaws.com. [174.129.131.52])
by mx.google.com with ESMTPSA id s2sm10439008qaj.36.2014.06.26.02.45.56
for <grif#ecwid.com>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Thu, 26 Jun 2014 02:45:56 -0700 (PDT)
Date: Thu, 26 Jun 2014 02:45:56 -0700 (PDT)
From: Ecwid <grif#ecwid.com>
To: grif#ecwid.com
Message-ID: <22158846.2.1403775956083.JavaMail.root#test-gmail-actions-0>
Subject: =?UTF-8?B?0JTQvtCx0YDQviDQv9C+0LbQsNC70L7QstCw0YLRjCDQsiBFY3dpZCE=?=
MIME-Version: 1.0
Content-Type: multipart/alternative;
Dkim is present
Delivered-To: grif#ecwid.com
Received: by 10.229.14.202 with SMTP id h10csp5187qca; Thu, 26 Jun 2014 03:00:03 -0700 (PDT)
X-Received: by 10.140.96.38 with SMTP id j35mr18742954qge.5.1403776803018;Thu, 26 Jun 2014 03:00:03 -0700 (PDT)
Return-Path: <bender#ecwid.com>
Received: from mail-qa0-x22a.google.com (mail-qa0-x22a.google.com [2607:f8b0:400d:c00::22a])
by mx.google.com with ESMTPS id e8si8539327qgf.40.2014.06.26.03.00.02
for <grif#ecwid.com>
(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
Thu, 26 Jun 2014 03:00:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of bender#ecwid.com designates 2607:f8b0:400d:c00::22a as permitted sender) client-ip=2607:f8b0:400d:c00::22a;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of bender#ecwid.com designates 2607:f8b0:400d:c00::22a as permitted sender) smtp.mail=bender#ecwid.com;
dkim=pass header.i=#ecwid.com
Received: by mail-qa0-f42.google.com with SMTP id dc16so2614502qab.
for <grif#ecwid.com>; Thu, 26 Jun 2014 03:00:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;d=ecwid.com; s=google;
....
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
....
The email must be signed with DKIM/SPF, I don't see any of the relevant headers in your example.