SSH 'server refused our key' when using home directory on external EBS volume - linux

Scenario;
AWS EC2 running Red Hat 8.2 with an EBS volume mounted at /data
mount | grep -i data
/dev/nvme1n1 on /data type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
Created a test user with home directory on the external EBS volume /data/home/test and copied authorized_keys from ec2-user. SSH fails, 'Server refused our key'. However, when the home directory is moved to root volume; /home, it is possible to login.
The permissions are the same, what am I missing? Thanks!
# ls -Rla /data/home/test/
/data/home/test/:
total 16
drwx------. 3 test test 88 Oct 19 10:16 .
drwxr-xr-x. 4 root root 30 Oct 19 10:15 ..
-rw-r--r--. 1 test test 18 Aug 30 2019 .bash_logout
-rw-r--r--. 1 test test 141 Aug 30 2019 .bash_profile
-rw-r--r--. 1 test test 312 Aug 30 2019 .bashrc
-rw-r--r--. 1 test test 172 Feb 6 2020 .kshrc
drwx------. 2 test test 29 Oct 19 10:16 .ssh
/data/home/test/.ssh:
total 4
drwx------. 2 test test 29 Oct 19 10:16 .
drwx------. 3 test test 88 Oct 19 10:16 ..
-rw-------. 1 test test 829 Oct 19 10:16 authorized_keys
# ls -Rla /home/test/
/home/test/:
total 16
drwx------. 3 test test 88 Oct 19 10:40 .
drwxr-xr-x. 8 root root 106 Oct 19 10:39 ..
-rw-r--r--. 1 test test 18 Aug 30 2019 .bash_logout
-rw-r--r--. 1 test test 141 Aug 30 2019 .bash_profile
-rw-r--r--. 1 test test 312 Aug 30 2019 .bashrc
-rw-r--r--. 1 test test 172 Feb 6 2020 .kshrc
drwx------. 2 test test 29 Oct 19 10:40 .ssh
/home/test/.ssh:
total 4
drwx------. 2 test test 29 Oct 19 10:40 .
drwx------. 3 test test 88 Oct 19 10:40 ..
-rw-------. 1 test test 829 Oct 19 10:40 authorized_keys

Related

How to view logs of container before restart

I have a container which was restart 14 hours ago. The container is running since 7 weeks. I want to inspect the container logs during a certain interval. When i run below command, I see there is no output
docker container logs pg-connect --until 168h --since 288h
When i run below commands i only see logs since the container was restarted.
docker logs pg-connect
Any idea how to retrieve older logs for the container?
More info if helps
> docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9f08fb6fb0fb kosta709/alpine-plus:0.0.2 "/connectors-restart…" 7 weeks ago Up 14 hours connectors-monitor
7e919a253a29 debezium/connect:1.2.3.Final "/docker-entrypoint.…" 7 weeks ago Up 14 hours pg-connect
>
>
> docker logs 7e919a253a29 -n 2
2022-08-26 06:37:10,878 INFO || WorkerSourceTask{id=relations-0} Committing offsets [org.apache.kafka.connect.runtime.WorkerSourceTask]
2022-08-26 06:37:10,878 INFO || WorkerSourceTask{id=relations-0} flushing 0 outstanding messages for offset commit [org.apache.kafka.connect.runtime.WorkerSourceTask]
> docker logs 7e919a253a29 |head
org.apache.kafka.common.KafkaException: Producer is closed forcefully.
at org.apache.kafka.clients.producer.internals.RecordAccumulator.abortBatches(RecordAccumulator.java:766)
at org.apache.kafka.clients.producer.internals.RecordAccumulator.abortIncompleteBatches(RecordAccumulator.java:753)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:279)
at java.base/java.lang.Thread.run(Thread.java:834)
2022-08-24 16:13:06,567 ERROR || WorkerSourceTask{id=session-0} failed to send record to barclays.public.session: [org.apache.kafka.connect.runtime.WorkerSourceTask]
org.apache.kafka.common.KafkaException: Producer is closed forcefully.
at org.apache.kafka.clients.producer.internals.RecordAccumulator.abortBatches(RecordAccumulator.java:766)
at org.apache.kafka.clients.producer.internals.RecordAccumulator.abortIncompleteBatches(RecordAccumulator.java:753)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:279)
>
> ls -lart /var/lib/docker/containers/7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1/
total 90720
drwx------ 2 root root 6 Jul 1 10:39 checkpoints
drwx--x--- 2 root root 6 Jul 1 10:39 mounts
drwx--x--- 4 root root 150 Jul 1 10:40 ..
-rw-r----- 1 root root 10000230 Aug 24 16:13 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.9
-rw-r----- 1 root root 10000163 Aug 24 16:13 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.8
-rw-r----- 1 root root 10000054 Aug 24 16:16 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.7
-rw-r----- 1 root root 10000147 Aug 24 16:42 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.6
-rw-r----- 1 root root 10000123 Aug 24 16:42 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.5
-rw-r----- 1 root root 10000019 Aug 24 16:42 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.4
-rw-r----- 1 root root 10000159 Aug 24 16:42 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.3
-rw-r----- 1 root root 10000045 Aug 24 16:42 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.2
-rw-r--r-- 1 root root 199 Aug 25 16:30 hosts
-rw-r--r-- 1 root root 68 Aug 25 16:30 resolv.conf
-rw-r--r-- 1 root root 25 Aug 25 16:30 hostname
-rw------- 1 root root 7205 Aug 25 16:30 config.v2.json
-rw-r--r-- 1 root root 1559 Aug 25 16:30 hostconfig.json
-rw-r----- 1 root root 10000085 Aug 25 16:31 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log.1
drwx--x--- 4 root root 4096 Aug 25 16:31 .
-rw-r----- 1 root root 2843232 Aug 26 06:38 7e919a253a296494b74361e258e49d8c3ff38f345455316a15e1cb28cf556fa1-json.log

As stated by [the official guide][1]:
The docker logs command batch-retrieves logs present at the time of execution.```
To solve this issue you should instrument the container software to log its output to a persistent (rotated if you want) log file.
[1]: https://docs.docker.com/engine/reference/commandline/logs/

Jenkinsfile ,by using sh, says No such file or directory, but it exists

I'm studying jenkins, trying to package a maven project to a war, then move it to a previously started tomcat webapps directory(/opt/tomcat/latest/webpass), but it reports 'No such file or directory'.
Already find out what causes this, but don't know why. Jenkins don't use the same filesystem as original?
Here is my troubleshooting:
1、I create a directory in my linux server under / as temp20190808.
2、then in jenkins file add sh 'ls / -l', there is no temp20190808,also the description of each file in ls form show differenly compare with original(there are details under).
3、using jenkins file, i create a file under / as jenkinstmp2019, then ls / -l, it's there, but after rm the code of creating jenkinstmp2019, then rebuild, ls / -l, jenkinstmp2019 no longer there, so the jenkins file system is a onetime job?
Here are code elaboration on point 1,2:
in my linux server, using ls / -l, there is a tmp20190808 i just created.
total 24
lrwxrwxrwx. 1 root root 7 Jun 19 16:53 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 Aug 1 04:55 boot
drwxr-xr-x. 17 root root 2860 Aug 7 02:48 dev
drwxr-xr-x. 86 root root 8192 Aug 7 20:52 etc
drwxr-xr-x. 4 root root 46 Jul 12 08:12 home
lrwxrwxrwx. 1 root root 7 Jun 19 16:53 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Jun 19 16:53 lib64 -> usr/lib64
drwxr-xr-x. 2 root root 6 Apr 11 2018 media
drwxr-xr-x. 2 root root 6 Apr 11 2018 mnt
drwxr-xr-x. 5 root root 53 Jul 23 08:11 opt
dr-xr-xr-x. 101 root root 0 Aug 7 02:47 proc
dr-xr-x---. 7 root root 215 Aug 6 02:53 root
drwxr-xr-x. 28 root root 920 Aug 8 02:03 run
lrwxrwxrwx. 1 root root 8 Jun 19 16:53 sbin -> usr/sbin
drwxr-xr-x. 2 root root 6 Apr 11 2018 srv
dr-xr-xr-x. 13 root root 0 Aug 7 02:47 sys
drwxr-xr-x. 2 root root 6 Aug 8 01:50 temp1
drwxrwxrwt. 20 root root 4096 Aug 8 02:23 tmp
drwxr-xr-x. 2 root root 22 Aug 8 01:39 tmp20190808
drwxr-xr-x. 13 root root 155 Jun 19 16:53 usr
drwxr-xr-x. 20 root root 4096 Jul 12 07:36 var
in jenkins.
total 8448
drwxr-xr-x. 1 root root 19 Jun 9 2016 bin
drwxr-xr-x. 2 root root 6 May 30 2016 boot
-rw-------. 1 root root 8646656 Jun 9 2016 core
drwxr-xr-x. 5 root root 360 Aug 8 01:58 dev
drwxr-xr-x. 1 root root 66 Aug 8 01:58 etc
drwxr-xr-x. 2 root root 6 May 30 2016 home
drwxr-xr-x. 1 root root 45 Jun 9 2016 lib
drwxr-xr-x. 2 root root 34 Jun 8 2016 lib64
drwxr-xr-x. 2 root root 6 Jun 8 2016 media
drwxr-xr-x. 2 root root 6 Jun 8 2016 mnt
drwxr-xr-x. 2 root root 6 Jun 8 2016 opt
dr-xr-xr-x. 123 root root 0 Aug 8 01:58 proc
drwx------. 1 root root 33 Aug 8 01:58 root
drwxr-xr-x. 3 root root 30 Jun 8 2016 run
drwxr-xr-x. 2 root root 4096 Jun 8 2016 sbin
drwxr-xr-x. 2 root root 6 Jun 8 2016 srv
dr-xr-xr-x. 13 root root 0 Aug 7 02:47 sys
drwxrwxrwt. 1 root root 29 Jun 9 2016 tmp
drwxr-xr-x. 1 root root 30 Jun 10 2016 usr
drwxr-xr-x. 1 root root 41 Jun 9 2016 var
As you can see, it's like two totally different linux server, but it's the same one.
So i'm wondering whether jenkins create a temp virtual file server to execute it's job, so can't access to original file except it's own directory.

Find out the reason by myself.
The real cause is agent, i before used agent { docker { image 'XXX' } }, which makes jenkins run its job on docker image.Then i change it to agent any, so job will run on the server jenkins is deployed on.

Searching shared libraries in Linux

please explain me why on x86_64 Scientific Linux no file under /etc/ld.so.conf.d contains the directory /usr/lib64?
The list of directories to be searched by program loader is stored in the file /etc/ld.so.conf. On my distributive, this file stores this row: include ld.so.conf.d/.conf*
And the above directory consists of:
[root#dev_host build]$ ls -la /etc/ld.so.conf.d
total 36
drwxr-xr-x. 2 root root 4096 Aug 29 23:13 .
drwxr-xr-x. 103 root root 12288 Sep 18 03:41 ..
-rw-r--r--. 1 root root 17 Mar 20 2012 atlas-x86_64.conf
-r--r--r--. 1 root root 324 May 7 23:40 kernel-2.6.32-431.17.1.el6.x86_64.conf
-r--r--r--. 1 root root 324 Nov 22 2013 kernel-2.6.32-431.el6.x86_64.conf
-rw-r--r--. 1 root root 17 Feb 12 2014 mysql-x86_64.conf
lrwxrwxrwx 1 root root 31 Aug 11 14:46 postgresql-pgdg-libs.conf -> /etc/alternatives/pgsql-ld-conf
-rw-r--r--. 1 root root 22 Sep 7 2011 qt-x86_64.conf
I examined all these files - there is no /usr/lib64. Why? Is it stored in /etc/ld.so.cache?

Failure to run postgresql on Mac (after reboot)

Whatever I did I couldn't start postgresql 9.2 on Mac 10.9.3 again after reboot.
$ initdb -D /usr/local/var/postgres
The files belonging to this database system will be owned by user "alex".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
initdb: directory "/usr/local/var/postgres" exists but is not empty
If you want to create a new database system, either remove or empty
the directory "/usr/local/var/postgres" or run initdb
with an argument other than "/usr/local/var/postgres"
I decided I should create another directory in it. So I created data directory there and ran initdb again:
$ initdb -D /usr/local/var/postgres/data
The files belonging to this database system will be owned by user "alex".
This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
fixing permissions on existing directory /usr/local/var/postgres/data ... initdb:
could not change permissions of directory "/usr/local/var/postgres/data":
Operation not permitted
I tried to change the permissions but didn't figure out what were the right ones. Here is what I have:
$ ls -ald /usr/local/var/postgres
drwxr-xr-x 22 _postgres staff 748 Jun 13 17:26 /usr/local/var/postgres
ls -ald /usr/local/var/postgres/data
drwxr-xr-x 2 _postgres staff 68 Jun 13 17:26 /usr/local/var/postgres/data
$ ls -al /usr/local/var/postgres
total 96
drwxr-xr-x 22 _postgres staff 748 Jun 13 17:26 .
drwx------ 3 alex admin 102 Jun 1 15:08 ..
-rw------- 1 _postgres _postgres 4 Jun 1 15:08 PG_VERSION
drwx------ 6 _postgres _postgres 204 Jun 2 11:40 base
drwxr-xr-x 2 _postgres staff 68 Jun 13 17:26 data
drwx------ 42 _postgres _postgres 1428 Jun 2 14:18 global
drwx------ 3 _postgres _postgres 102 Jun 1 15:08 pg_clog
-rw------- 1 _postgres _postgres 4465 Jun 2 10:58 pg_hba.conf
-rw------- 1 _postgres _postgres 1636 Jun 1 15:08 pg_ident.conf
drwx------ 4 _postgres _postgres 136 Jun 1 15:08 pg_multixact
drwx------ 3 _postgres _postgres 102 Jun 1 18:24 pg_notify
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_serial
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_snapshots
drwx------ 7 _postgres _postgres 238 Jun 2 21:23 pg_stat
drwx------ 2 _postgres _postgres 68 Jun 2 21:23 pg_stat_tmp
drwx------ 3 _postgres _postgres 102 Jun 1 15:08 pg_subtrans
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_tblspc
drwx------ 2 _postgres _postgres 68 Jun 1 15:08 pg_twophase
drwx------ 4 _postgres _postgres 136 Jun 1 15:08 pg_xlog
-rw------- 1 _postgres _postgres 20571 Jun 1 15:08 postgresql.conf
-rw------- 1 _postgres _postgres 79 Jun 1 18:24 postmaster.opts
-rw------- 1 _postgres _postgres 1482 Jun 2 21:23 server.log
What should I do next? I'm out of ideas. The only guess is that it is related to a file or folder permissions.

Two step process:
Go to your web-browser and search for "postgresql permissions data directory" - look down the list for the page from the official manuals (it's the top one for me).
Read the page from the official manuals and follow the instructions.
Presumably it's complaining that it "could not change permissions" because you aren't running this as user "_postgres". Note - it's normally user "postgres". I don't know if the name-change is something you've done or something common on Mac installations.
Oh - and I can't see why this is tagged "linux"

CHROOT : Allowing outside access to chrooted users with mount bind

I have a chrooted user(username: clientdev) which I have jailed inside their home directory. This chroot directory is /home/clientdev/ which is owned by root.
Now I need this clientdev user to be able access the tomcat web application folder which is residing under /mnt/datadrive/tomcat/webapps.
What I have done is :
chroot the user with a public key of their own to the home
directory.
Create a folder under /home/clientdev called tomcat_ROOT and gave
the ownership to clientdev.
Now when I run the command :
mount -bind /mnn/datadrive/tomcat/webapps /home/clientdev/tomcat_ROOT
The folder disappears from the directory listing inside /home/clientdev if I login with clientdev. My root user can see it but now the desired user.
Any help would be greatly appreciated
Thanks in advance,
Peter
Output of ls -l /home/clientdev/tomcat_ROOT:
drwxr-xr-x. 6 root root 4096 Apr 11 15:07 .
drwxrwxr-x. 12 root root 4096 Apr 11 15:07 ..
drwxr-xr-x. 3 root root 4096 Apr 9 22:10 webapp1
drwxr-xr-x. 4 root root 4096 Mar 18 18:43 webapp2
drwxr-xr-x. 3 root root 4096 Apr 9 22:11 webapp3
drwxrwxr-x. 10 root root 4096 Apr 11 15:20 ROOT
Output of ls -l /home/clientdev/:
drwx------. 4 clientdev clientdev 4096 Apr 10 21:36 .
drwxr-xr-x. 7 root root 4096 Apr 10 22:07 ..
-rw-------. 1 clientdev clientdev 664 Apr 10 21:43 .bash_history
-rw-r--r--. 1 clientdev clientdev 18 Apr 23 2012 .bash_logout
-rw-r--r--. 1 clientdev clientdev 176 Apr 23 2012 .bash_profile
-rw-r--r--. 1 clientdev clientdev 124 Apr 23 2012 .bashrc
drwx------. 2 clientdev clientdev 4096 Apr 10 19:20 .ssh
drwxr-xr-x. 2 clientdev clientdev 4096 Apr 10 21:34 tomcat_ROOT

Resources