port isolation with bazel and linux - linux

Trying to test out port isolation with bazel and linux and it fails.
My env is as following (started on aws):
$ cat /etc/*-release
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
$ uname -mrs
Linux 3.16.0-4-amd64 x86_64
Bazel version
$ bazel version
Build label: 0.5.1
Build target: bazel-out/local-fastbuild/bin/src/main/java/com/google/devtools/build/lib/bazel/BazelServer_deploy.jar
Build time: Tue Jun 6 10:34:11 2017 (1496745251)
Build timestamp: 1496745251
Build timestamp as int: 1496745251
The repo: https://github.com/ittaiz/bazel-port-isolation
Running the test:
$ bazel test //...
____Loading package:
____Loading package: #bazel_tools//tools/cpp
____Loading package: #local_config_xcode//
____Loading package: #local_jdk//
____Loading package: #local_config_cc//
____Loading complete. Analyzing...
____Loading package: tools/defaults
____Loading package: #bazel_tools//tools/test
____Loading package: #junit_junit//jar
____Found 2 test targets...
____Building...
____[0 / 12] Expanding template SocketIsolation2Test
____[10 / 12] Building SocketIsolationTest.jar (1 source file)
FAIL: //:SocketIsolation2Test (see /home/builduser/.cache/bazel/_bazel_builduser/a589c0f8758972ab3aadcf172c468873/execroot/bazel-port-isolation/bazel-out/local-fastbuild/testlogs/SocketIsolation2Test/test.log)
PASS: //:SocketIsolationTest
____Elapsed time: 11.152s, Critical Path: 7.03s
//:SocketIsolationTest PASSED in 5.3s
//:SocketIsolation2Test FAILED in 0.3s
/home/builduser/.cache/bazel/_bazel_builduser/a589c0f8758972ab3aadcf172c468873/execroot/bazel-port-isolation/bazel-out/local-fastbuild/testlogs/SocketIsolation2Test/test.log
(As you can see - no sandbox failure or warnings)
The tet log show "Address already in use" - which means that there were no port isolation.
Why is it not working?


Found out why...
From here: https://bazel.build/versions/master/docs/bazel-user-manual.html#sandboxing
On some platforms such as Google Container Engine cluster nodes or
Debian, user namespaces are deactivated by default due to security
concerns. This can be checked by looking at the file
/proc/sys/kernel/unprivileged_userns_clone: if it exists and contains
a 0, then user namespaces can be activated with sudo sysctl
kernel.unprivileged_userns_clone=1.
The /proc/sys/kernel/unprivileged_userns_clone existed and had 0 in it.. . so changing it according to the insturction solved it.

Related

Installing with apt succeeds but packages are not installed

I'm using Ansible to install Apt packages on a lxd Ubuntu20.04 container running an Ubuntu 20.04 host.
The container is created successfully and commands execute in the container as expected.
But using apt through Ansible does not. Ansible shows successful task run but when I enter the container the packages have not been installed.
I've recently upgraded the version of Ansible to the latest and have been following along from Ansible docs. I've tried bot the apt and ansible.builtin.apt formats. The results remain the same Ansible fails silently.
I was expecting to see a response from php -v and nginx -t when I enter the container. Expecting configs at /etc/nginx and /etc/php
Tasks
tasks:
- name: apt-get update
ansible.builtin.apt:
update_cache: yes
cache_valid_time: 3600
- name: Install Nginx PHP
delegate_to: "{{ lxd_container_name }}"
ansible.builtin.apt:
state: latest
pkg:
- nginx
- python3-pymysql
- php8.1
- php8.1-mysql
- name: Install PHP Extensions
delegate_to: "{{ lxd_container_name }}"
apt: name={{ item }} update_cache=yes state=latest
loop: "{{ php_modules }}"
Ansible version: 2.11.5
Python version: 3.8
Output of running this playbook:
PLAY [localhost] **************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************
ok: [localhost]
TASK [apt-get update] *********************************************************************************************************************************************
ok: [localhost]
TASK [Install Nginx PHP] ******************************************************************************************************************************************
[DEPRECATION WARNING]: Distribution Ubuntu 20.04 on host localhost should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior
Ansible releases. A future Ansible release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible-
core/2.11/reference_appendices/interpreter_discovery.html for more information. This feature will be removed in version 2.12. Deprecation warnings can be disabled
by setting deprecation_warnings=False in ansible.cfg.
ok: [localhost -> template]
TASK [Install PHP Extensions] *************************************************************************************************************************************
ok: [localhost -> template] => (item=php-curl)
ok: [localhost -> template] => (item=php-gd)
ok: [localhost -> template] => (item=php-mbstring)
ok: [localhost -> template] => (item=php-xml)
ok: [localhost -> template] => (item=php-xmlrpc)
ok: [localhost -> template] => (item=php-soap)
ok: [localhost -> template] => (item=php-intl)
ok: [localhost -> template] => (item=php-zip)
Result in the container shows that the packages where not installed after several attempts.
root#template:~# nginx
bash: nginx: command not found
root#template:~# php
bash: php: command not found
root#template:~# cd /etc/php
bash: cd: /etc/php: No such file or directory
root#template:~# apt install php8.1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
apache2 apache2-bin apache2-data apache2-utils bzip2 file libapache2-mod-php8.1 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libbrotli1
libcurl4 libgdbm-compat4 libgdbm6 libjansson4 libldap-2.5-0 libldap-common liblua5.3-0 libmagic-mgc libmagic1 libnghttp2-14 libperl5.34 libpsl5 librtmp1
libsasl2-2 libsasl2-modules libsasl2-modules-db libssh-4 mailcap mime-support perl perl-modules-5.34 php-common php8.1-cli php8.1-common php8.1-opcache
php8.1-readline psmisc publicsuffix ssl-cert xz-utils
Suggested packages:
apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser ufw bzip2-doc php-pear gdbm-l10n libsasl2-modules-gssapi-mit
| libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql perl-doc libterm-readline-gnu-perl
| libterm-readline-perl-perl make libtap-harness-archive-perl
The following NEW packages will be installed:
apache2 apache2-bin apache2-data apache2-utils bzip2 file libapache2-mod-php8.1 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libbrotli1
libcurl4 libgdbm-compat4 libgdbm6 libjansson4 libldap-2.5-0 libldap-common liblua5.3-0 libmagic-mgc libmagic1 libnghttp2-14 libperl5.34 libpsl5 librtmp1
libsasl2-2 libsasl2-modules libsasl2-modules-db libssh-4 mailcap mime-support perl perl-modules-5.34 php-common php8.1 php8.1-cli php8.1-common php8.1-opcache
php8.1-readline psmisc publicsuffix ssl-cert xz-utils
0 upgraded, 43 newly installed, 0 to remove and 0 not upgraded.
Need to get 17.4 MB of archives.
After this operation, 90.6 MB of additional disk space will be used.
Do you want to continue? [Y/n] n
root#template:~# apt install nginx
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
fontconfig-config fonts-dejavu-core libbrotli1 libdeflate0 libfontconfig1 libfreetype6 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libmaxminddb0
libnginx-mod-http-geoip2 libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip2
libpng16-16 libtiff5 libwebp7 libxpm4 libxslt1.1 nginx-common nginx-core
Suggested packages:
libgd-tools mmdb-bin fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
fontconfig-config fonts-dejavu-core libbrotli1 libdeflate0 libfontconfig1 libfreetype6 libgd3 libjbig0 libjpeg-turbo8 libjpeg8 libmaxminddb0
libnginx-mod-http-geoip2 libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip2
libpng16-16 libtiff5 libwebp7 libxpm4 libxslt1.1 nginx nginx-common nginx-core
0 upgraded, 25 newly installed, 0 to remove and 0 not upgraded.
Need to get 3773 kB of archives.
After this operation, 11.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] n

Error: Platform 'nodejs' version '14.17.1' is unsupported

I am trying to deploy Angular application to Azure. I created a static web app in Azure, and connected it to my Github main branch. When I run the action to deploy the app, I am getting an error in Build and Deploy action as Platform 'nodejs' version '14.17.1' is unsupported.
Here is the snippet of the error message:
Operation performed by Microsoft Oryx, https://github.com/Microsoft/Oryx
You can report issues at https://github.com/Microsoft/Oryx/issues
Oryx Version: 0.2.[20](https://github.com/nimeshshrestha/autoglasslocator-admin-ui-v01/runs/7714362605?check_suite_focus=true#step:5:21)220401.1, Commit: afed4f696a08bfd4c8e4109704a082bf9fb20515, ReleaseTagName: 20220401.1
Build Operation ID: |ZIeL+T275t4=.afcbd56a_
Repository Commit : 848b07de657ce2303e1469a882d68999bed7925a
Detecting platforms...
Error: Platform 'nodejs' version '14.17.1' is unsupported. Supported versions: 10.1.0, 10.10.0, 10.12.0, 10.14.2, 10.16.3, 10.18.0, 10.18.1, 10.19.0, 10.20.0, 10.20.1, 10.[21](https://github.com/nimeshshrestha/autoglasslocator-admin-ui-v01/runs/7714362605?check_suite_focus=true#step:5:22).0, 10.[22](https://github.com/nimeshshrestha/autoglasslocator-admin-ui-v01/runs/7714362605?check_suite_focus=true#step:5:23).0, 10.22.1, 10.[23](https://github.com/nimeshshrestha/autoglasslocator-admin-ui-v01/runs/7714362605?check_suite_focus=true#step:5:24).0, 10.[24](https://github.com/nimeshshrestha/autoglasslocator-admin-ui-v01/runs/7714362605?check_suite_focus=true#step:5:25).1, 12.11.0, 12.11.1, 12.12.0, 12.13.0, 12.14.0, 12.14.1, 12.16.0, 12.16.1, 12.16.2, 12.16.3, 12.18.0, 12.18.1, 12.18.2, 12.18.3, 12.18.4, 12.19.0, 12.20.0, 12.21.0, 12.22.0, 12.22.11, 12.22.4, 12.22.6, 12.22.9, 12.9.1, 13.9.0, 14.0.0, 14.1.0, 14.10.0, 14.10.1, 14.11.0, 14.12.0, 14.13.0, 14.13.1, 14.14.0, 14.15.0, 14.15.1, 14.16.0, 14.17.0, 14.17.4, 14.17.6, 14.18.3, 14.19.1, 14.2.0, 14.3.0, 14.4.0, 14.5.0, 14.6.0, 14.7.0, 14.8.0, 14.9.0, 15.0.0, 15.0.1, 15.1.0, 15.2.0, 15.2.1, 15.3.0, 16.13.1, 16.13.2, 16.14.0, 16.14.2, 16.5.0, 16.6.1, 16.8.0, 17.0.1, 17.1.0, 17.2.0, 17.3.1, 17.4.0, 17.5.0, 17.6.0, 4.4.7, 4.5.0, 4.8.0, 4.8.7, 4.9.0, 4.9.1, 6.10.3, 6.11.0, 6.11.5, 6.17.1, 6.2.2, 6.6.0, 6.9.3, 6.9.5, 8.0.0, 8.1.4, 8.11.2, 8.11.4, 8.12.0, 8.15.1, 8.16.1, 8.16.2, 8.17.0, 8.2.1, 8.8.1, 8.9.4, 9.4.0, 1.17.3, 1.18.0, 1.19.0, 1.19.1, 1.19.2, 1.20.0, 1.21.0, 1.21.1, 1.22.0, 1.22.1, 1.22.2, 1.22.4
---End of Oryx build logs---
Oryx has found build steps, but identified unsupported platform versions. Failing build.
I have tried to use setup-node action by following this link: https://github.com/actions/setup-node.
I edited the yml file, and added this:
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v3 ### Added this line
with:
submodules: true
node-version: 16 ### Added this line
I have also looked at this issue: https://github.com/microsoft/Oryx/issues/650. But there is nothing that is helpful.
EDIT: I have also posted the question here https://github.com/microsoft/Oryx/issues/1504

How i could find my Linux distribution on amazon Linux AMI?

Amazon Web Services (AWS) offers an officially supported Amazon Machine Image AMI, but it doesn't indicate which Linux distribution it's based upon.
And we need the version of Linux distribution when installation software like : vagrant and so one ....
I use : **hostnamectl** command with result shown in the below :
Static hostname: a-1fxzvx1ww7twk
Pretty hostname: A-1FXZVX1WW7TWK
Icon name: computer-vm
Chassis: vm
Machine ID: 10c579b792b74c5bbababbcbd78df49e
Boot ID: e444cb9e35354d53a45c28fe7384bc7f
Virtualization: kvm
***Operating System: Amazon Linux 2***
CPE OS Name: cpe:2.3:o:amazon:amazon_linux:2
Kernel: Linux 4.14.181-142.260.amzn2.x86_64
Architecture: x86-64
As we see there isn't any information about the version of Linux distribution.
Also i use this command : pm –qa centos-release with the result of shown in the below :
Usage: rpm [-aKfgpqVcdLilsiv?] [-a|--all] [-f|--file] [-g|--group]
[-p|--package] [--pkgid] [--hdrid] [--triggeredby] [--whatrequires]
[--whatprovides] [--nomanifest] [-c|--configfiles] [-d|--docfiles]
[-L|--licensefiles] [--dump] [-l|--list] [--queryformat=QUERYFORMAT]
[-s|--state] [--nofiledigest] [--nofiles] [--nodeps] [--noscript]
[--allfiles] [--allmatches] [--badreloc] [-e|--erase <package>+]
[--excludedocs] [--excludepath=<path>] [--force]
[-F|--freshen <packagefile>+] [-h|--hash] [--ignorearch] [--ignoreos]
[--ignoresize] [-i|--install] [--justdb] [--nodeps] [--nofiledigest]
[--nocontexts] [--nocaps] [--noorder] [--noscripts] [--notriggers]
[--nocollections] [--oldpackage] [--percent] [--prefix=<dir>]
[--relocate=<old>=<new>] [--replacefiles] [--replacepkgs] [--test]
[-U|--upgrade <packagefile>+] [--reinstall=<packagefile>+]
[-D|--define 'MACRO EXPR'] [--undefine=MACRO] [-E|--eval 'EXPR']
[--macros=<FILE:...>] [--noplugins] [--nodigest] [--nosignature]
[--rcfile=<FILE:...>] [-r|--root ROOT] [--dbpath=DIRECTORY]
[--querytags] [--showrc] [--quiet] [-v|--verbose] [--version]
[-?|--help] [--usage] [--scripts] [--setperms] [--setugids]
[--setcaps] [--restore] [--conflicts] [--obsoletes] [--provides]
[--requires] [--info] [--changelog] [--xml] [--triggers] [--last]
[--dupes] [--filesbypkg] [--fileclass] [--filecolor] [--fscontext]
[--fileprovide] [--filerequire] [--filecaps]
But, still i couldn't see any information about the version of Linux distribution.
I write it in the answer below.
Do you know any other commands for this propose ?

Finally, i can find the magic command **cat /proc/version**
The result is:
Linux version 4.14.181-142.260.amzn2.x86_64 (mockbuild#ip-10-0-1-132) (gcc version 7.3.1 20180712 (**Red Hat 7.3.1-8**) (GCC)) #1 SMP Wed Jun 24 19:07:39 UTC 2020

./mvnw stuck at "[INFO] Scanning for projects..." on azure vm

I have cloned a jhipster porject in an Azure virtual machine and tried to lauch it using ./mvnw
However, despite working on my pc, this command does not seem to do so on this vm and remains stuck at "[INFO] Scanning for projects..." until it is killed by the vm:
$ ./mvnw
[INFO] Scanning for projects...
Killed
With -X, I get:
$ ./mvnw -X
Apache Maven 3.6.2 (...)
Maven home: /home/ecomg219/.m2/wrapper/dists/apache-maven-3.6.2-bin/795eh28tki48bv3l67maojf0ra/apache-maven-3.6.2
Java version: 11.0.4, vendor: Ubuntu, runtime: /usr/lib/jvm/java-11-openjdk-amd64
Default locale: en, platform encoding: UTF-8
OS name: "linux", version: "5.0.0-1023-azure", arch: "amd64", family: "unix"
[DEBUG] Created new class realm maven.api
...
[DEBUG] Using manager EnhancedLocalRepositoryManager with priority 10.0 for /home/ecomg219/.m2/repository
[INFO] Scanning for projects...
[DEBUG] Extension realms for project com.ecom.app:ecom:jar:0.0.1-SNAPSHOT: (none)
[DEBUG] Looking up lifecycle mappings for packaging jar from ClassRealm[plexus.core, parent: null]
[DEBUG] Resolving plugin prefix spring-boot from [org.apache.maven.plugins, org.codehaus.mojo]
Killed
Any clue about where it can come from or how to correct it is welcome.
Thanks in advance

Centos cgconfig fails to start

I need docker installed on one of my servers, and whenever I try to start the docker service, it fails because of cgconfig. Cgconfig throws the following error:
Starting cgconfig service: Error: cannot mount cpu to /cgroup/cpu: No such file or directory
/sbin/cgconfigparser; error loading /etc/cgconfig.conf: Cgroup mounting failed
Failed to parse /etc/cgconfig.conf or /etc/cgconfig.d [FAILED]
I'm running CentOS 6.5 Final with the following /etc/cgconfig.conf file:
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
I appreciate any responses

To use cgroups on newer versions of CentOS you need to install libcgroup as well as libcgroup-tools:
$ sudo yum install libcgroup
$ sudo yum install libcgroup-tools
To create group use cgcreate, e.g.:
$ sudo cgcreate -g memory,cpu,blkio,cpuset:userlimited
To verify that /etc/cgconfig.conf is correct use cgconfigparser
$ cgconfigparser -l /etc/cgconfig.conf
For details check: https://wiki.archlinux.org/index.php/cgroups
Note: In CentOS 6 and earlier versions one only needed to install libcgroup

This error may be due to kernel you are using is booted with cgroup_disable=memory and/or /etc/cgconfig.conf
contains "memory=/cgroup/memory", in your case you may solve this by commenting out "memory = /cgroup/memory" from cgconfig.conf.
You can also refer 1 or 2 for more information.

Resources