I'm trying to set up a test cluster using etcd 2.3.7 installed from CentOS RPM on CentOS 7.1. On the Loader 1 I executed:
etcdctl member add loader2 http://10.11.51.231:2380
And received response which confirmed the operation completed successfully.
Similarly:
etcdctl member add loader3 http://10.11.51.231:2380
with all default settings, and here's what I see:
Loader 1 10.11.51.166
systemctl status etcd -ln1
etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled)
Active: active (running) since Sun 2017-02-19 14:33:18 IST; 28min ago
Main PID: 19009 (etcd)
CGroup: /system.slice/etcd.service
└─19009 /usr/bin/etcd --name=default --data-dir=/var/lib/etcd/default.etcd --listen-client-urls=http://localhost:2379
Feb 19 15:02:03 loader3 etcd[19009]: cannot get the version of member a4803061db803edc (Get http://10.11.51.166:2380/version: dial tcp 10.11.51.166:2380: getsockopt: connection refused)
Tried to see cluster health:
etcdctl --debug cluster-health
Cluster-Endpoints: http://127.0.0.1:4001, http://127.0.0.1:2379
cURL Command: curl -X GET http://127.0.0.1:4001/v2/members
cURL Command: curl -X GET http://127.0.0.1:2379/v2/members
member ce2a822cea30bfca is unhealthy: got unhealthy result from http://localhost:2379
member da05b63349d818dc is unreachable: no available published client urls
cluster is unhealthy
Note how this ignores the two nodes added previously, but sends requests to random port on localhost...
Loader 2 10.11.51.174
At first this machine started OK, but after I saw there was something wrong with Loader 1, I tried adding Loader 1 as a member from this machine, and now I see the same picture on this machine too. I.e. it tries to query this 4001 port, where nobody responds. On all machines:
netstat -tupln | grep etcd
tcp 0 0 127.0.0.1:7001 0.0.0.0:* LISTEN 4507/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 4507/etcd
tcp 0 0 127.0.0.1:2380 0.0.0.0:* LISTEN 4507/etcd
Nobody listens on 4001...
Loader 3 10.11.51.231
On this loader I didn't try to add new members. So it looks like this:
etcdctl --debug cluster-health
Cluster-Endpoints: http://127.0.0.1:4001, http://127.0.0.1:2379
cURL Command: curl -X GET http://127.0.0.1:4001/v2/members
cURL Command: curl -X GET http://127.0.0.1:2379/v2/members
member ce2a822cea30bfca is healthy: got healthy result from http://localhost:2379
cluster is healthy
In other words it still sends requests to random port, but this time it isn't bothered by the fact that nobody replied...
Below is the contents of the configuration files:
cat /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
User=etcd
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd --name=\"${ETCD_NAME}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\""
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
And:
cat /etc/etcd/etcd.conf
# [member]
ETCD_NAME=default
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
#ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_LISTEN_PEER_URLS="http://localhost:2380"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#
#[cluster]
#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
#ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
#ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_SRV=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_STRICT_RECONFIG_CHECK="false"
#
#[proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"
#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[security]
#ETCD_CERT_FILE=""
#ETCD_KEY_FILE=""
#ETCD_CLIENT_CERT_AUTH="false"
#ETCD_TRUSTED_CA_FILE=""
#ETCD_PEER_CERT_FILE=""
#ETCD_PEER_KEY_FILE=""
#ETCD_PEER_CLIENT_CERT_AUTH="false"
#ETCD_PEER_TRUSTED_CA_FILE=""
#
#[logging]
#ETCD_DEBUG="false"
# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
#ETCD_LOG_PACKAGE_LEVELS=""
#
#[profiling]
#ETCD_ENABLE_PPROF="false"
So... what is going on? The error messages given by etcd are the typical mindless nonsense produced by Go built-ins. The HTTP server that etcd uses is again, the Go built-in junk, that produces non-standard and absolutely worthless replies. So I cannot understand what was (if at all) misconfigured / missing.
Related
$ docker container ls --format "table {{.ID}}\t{{.Names}}\t{{.Ports}}" -a
CONTAINER ID NAMES PORTS
ae87d83af7d3 hopeful_engelbart
d13e260c4dec unruffled_bouman
db2c482de210 jenkinsci 0.0.0.0:8080->8080/tcp, 50000/tcp
cd201cbd413e xyz 0.0.0.0:5000->5000/tcp
c64c32ac68b8 pqr
$ docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae87d83af7d3 442c97a73937 "/bin/bash" 11 minutes ago Exited (0) 9 minutes ago hopeful_engelbart
d13e260c4dec 442c97a73937 "/bin/bash" 27 minutes ago Exited (0) 24 minutes ago unruffled_bouman
db2c482de210 jenkins/jenkins:lts "/sbin/tini -- /usr/…" 3 days ago Up 41 minutes 0.0.0.0:8080->8080/tcp, 50000/tcp jenkinsci
cd201cbd413e 442c97a73937 "bash" 3 days ago Up 7 minutes 0.0.0.0:5000->5000/tcp xyz
c64c32ac68b8 442c97a73937 "bash" 3 days ago Exited (0) 2 days ago pqr
Above outputs show that the port 5000 has been exposed (I hope).
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' xyz
172.17.0.3
Now when I do from the host machine:
wget -c 172.17.0.3:5000
--2019-12-30 16:26:44-- http://172.17.0.3:5000/
Connecting to 172.17.0.3:5000... failed: Connection refused.
What is the way to access that port since it is exposed and the container is running?
$ wget -c localhost:5000
--2019-12-30 16:41:57-- http://localhost:5000/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
--2019-12-30 16:41:58-- (try: 2) http://localhost:5000/
Connecting to localhost (localhost)|127.0.0.1|:5000... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
First of all, check if you have an application, listening to the port inside your container. Just try to connect to it from your container:
docker exec xyz wget 127.0.0.1:5000
If it'll work then you have a problem with port exposing, otherwise, there is no web server running inside your container.
And the error you get
Read error (Connection reset by peer) in headers.
seems to point to the problem in your web server rather then connectivity issues.
I had this problem running one Quarkus application with Docker.
I found this topic on forum.dockers talking about a similar issue.
In this topic is said:
I was using flask, by default it binds to localhost & 5000, so you have to specify:
app.run(host=“0.0.0.0”)
So, in my case I guess the problem was on my application and not on Docker network.
I added this property on the Java command to start my application on my Dockerfile and everything worked fine:
-Dquarkus.http.host=0.0.0.0
my version of apache
Server version: Apache/2.4.6 (CentOS)
Server built: Apr 20 2018 18:10:38
when I run the command lsof -i :443 it returns nothing
but if I try to run apache (directly by running httpd I got the error, I verified with ps aux that there was no previous httpd/apache process already running)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
However if i try to run a netcat process on 443 nc 0.0.0.0 -l 443 , it does open and I can send data
I'm a bit lost on what could be the problem ?
Found it
Listen 443 was present two times among the different configuration files of apache
it's a pity apache does not have a more explicit error/warning message (i.e "option defined two times" etc.)
It seems another process is using port 443 on your server.
netstat -anp | grep 443
output will be
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
disable port 443 and start
systemctl start httpd.service
I have created a queue manager using
these commands in a linux machine
crtmqm MQ1
strmqm MQ1
runmqsc MQ1
the queue manager is created successfully,
i wanted to know on which port is the queue manager MQ1 running, i tried all possible ways netstat -au and also ps -ef command. It looks like it is running on a different port. I am unable to find the correct port number where it is running, could anyone help?
By default a new IBM MQ queue manager will not have a listener running on any port.
There is one default LISTENER object on a new queue manager which looks like this:
$echo "dis listener(SYSTEM.DEFAULT.LISTENER.TCP)"|runmqsc MQ1
....
1 : dis listener(SYSTEM.DEFAULT.LISTENER.TCP)
AMQ8630: Display listener information details.
LISTENER(SYSTEM.DEFAULT.LISTENER.TCP) CONTROL(MANUAL)
TRPTYPE(TCP) PORT(0)
IPADDR( ) BACKLOG(0)
DESCR( ) ALTDATE(yyyy-mm-dd)
ALTTIME(hh.mm.ss)
If you were to start this LISTENER the PORT(0) means to start on the default port which is 1414.
Best practice is to not use SYSTEM objects and create a new object such as:
DEFINE LISTENER(LISTENER.1414.TCP) TRPTYPE(TCP) PORT(1414) CONTROL(QMGR)
The CONTROL(QMGR) tells the queue manager to start the listener when the queue manager is started and stop it when the queue manager is ended.
You can manually start and stop the above listener with the commands:
START LISTENER(LISTENER.1414.TCP)
STOP LISTENER(LISTENER.1414.TCP)
Use netstat as root with -p option
sudo netstat -nltp
[sudo] password for root:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1362/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1580/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1480/cupsd
The last column gives the PID and 'Program name'. If you are running the queue manager with your user, you don't need to sudo.
Tried installing kubernetes v1.2.0 on azure environment but after installation cannot access kube apis at port 8080.
Following services are running :
root 1473 0.2 0.5 536192 42812 ? Ssl 09:22 0:00 /home/weave/weaver --port 6783 --name 22:95:7a:6e:30:ed --nickname kube-00 --datapath datapath --ipalloc-range 10.32.0.0/12 --dns-effective-listen-address 172.17.42.1 --dns-listen-address 172.17.42.1:53 --http-addr 127.0.0.1:6784
root 1904 0.1 0.2 30320 20112 ? Ssl 09:22 0:00 /opt/kubernetes/server/bin/kube-proxy --master=http://kube-00:8080 --logtostderr=true
root 1907 0.0 0.0 14016 2968 ? Ss 09:22 0:00 /bin/bash -c until /opt/kubernetes/server/bin/kubectl create -f /etc/kubernetes/addons/; do sleep 2; done
root 1914 0.2 0.3 35888 22212 ? Ssl 09:22 0:00 /opt/kubernetes/server/bin/kube-scheduler --logtostderr=true --master=127.0.0.1:8080
root 3129 2.2 0.3 42488 25192 ? Ssl 09:27 0:00 /opt/kubernetes/server/bin/kube-controller-manager --master=127.0.0.1:8080 --logtostderr=true
curl -v http://localhost:8080 returns error
Rebuilt URL to: http://localhost:8080/
Trying 127.0.0.1...
connect to 127.0.0.1 port 8080 failed: Connection refused
Failed to connect to localhost port 8080: Connection refused
Closing connection 0 curl: (7) Failed to connect to localhost port 8080: Connection refused
Same works fine with v1.1.2.
I'm using following guidelines https://github.com/kubernetes/kubernetes/tree/master/docs/getting-started-guides/coreos/azure and updated line https://github.com/kubernetes/kubernetes/blob/master/docs/getting-started-guides/coreos/azure/cloud_config_templates/kubernetes-cluster-main-nodes-template.yml#L187 to user version v1.2.0.
The services you show running do not include the apiserver. For a quick breakdown I can explain what each service does that you show running.
Weave: This is a software overlay network and assigns IP addresses to your pods.
kube-proxy: This runs on your worker nodes allow pods to run and route traffic between exposed services.
kubectl create: Kubectl is actually the management cli tool but in this case using -f /etc/kubernetes/addons/; sleep 2 is watching the /etc/kubernetes/addons/ folder and automatically creating any objects (pods, replication controllers, services, etc.) that are put in that folder.
kube-scheduler: Responsible for scheduling pods onto nodes. Uses policies and rules.
kube-controller-manager: Manages the state of the cluster by always making sure the current state and desired state are the same. This includes starting/stopping pods and creating objects (services, replication-controllers, etc) that do not yet exist or killing them if they shouldn't exist.
All of these services interact with the kube-apiserver which should be a separate service that coordinates all of the information these other services use. You'll need the apiserver running in order for all of the other components to do their jobs.
I won't go into the details of getting it running in your environment but from it looks like in the comments on your original thread you found some missing documentation to get it running.
I'm trying to start up HAProxy on Cygwin. When I do so, I get the following response:
$ /usr/local/sbin/haproxy -f /usr/local/sbin/haproxy.cfg
[ALERT] 313/180006 (4008) : cannot change UNIX socket ownership
(/tmp/haproxy.socket). Aborting.
[ALERT] 313/180006 (4008) : [/usr/local/sbin/haproxy.main()]
Some protocols failed to start
their listeners! Exiting.
It looks like it's due to the following line in my config file, when I rip this it starts up:
stats socket /tmp/haproxy.socket uid haproxy mode 770 level admin
The entire config:
global
log 127.0.0.1 local0 info
stats socket /tmp/haproxy.socket uid haproxy mode 770 level admin
maxconn 1000
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
retries 3
option redispatch
maxconn 1000
timeout connect 5s
timeout client 120s
timeout server 120s
listen rabbitmq_local_cluster 127.0.0.1:5555
mode tcp
balance roundrobin
server rabbit_0 127.0.0.1:5673 check inter 5000 rise 2 fall 3
server rabbit_1 127.0.0.1:5674 check inter 5000 rise 2 fall 3
listen private_monitoring 127.0.0.1:8100
mode http
option httplog
stats enable
stats uri /stats
stats refresh 5s
Any ideas would be appreciated, Thanks!
Simple answer, as I expected. My user "haproxy" which is referenced in the problematic line:
stats socket /tmp/haproxy.socket uid haproxy mode 770 level admin
Did not have necessary permissions on the local machine. Once this was set up, it started up fine.
Nice to know that it still works on cygwin, what version of haproxy is this ? I did not know that UNIX sockets were supported on windows BTW. Or maybe they're emulated via named pipes ?