I have a container A with Dockerfile as follows:
...
FROM ubuntu:latest
MAINTAINER arpitaggarwal "aggarwalarpit.89#gmail.com"
EXPOSE 8080
and another container B with Dockerfile as follows:
...
FROM ubuntu:latest
MAINTAINER arpitaggarwal "aggarwalarpit.89#gmail.com"
RUN apt-get install -q -y mysql-server
EXPOSE 3306
Then I started the container B using command:
docker run -P -it --name db B /bin/bash
And running the command: docker run --rm --name web --link db A env
gives me below output:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=a5dd66b72ca8
DB_PORT=tcp://172.17.0.2:3306
DB_PORT_3306_TCP=tcp://172.17.0.2:3306
DB_PORT_3306_TCP_ADDR=172.17.0.2
DB_PORT_3306_TCP_PORT=3306
DB_PORT_3306_TCP_PROTO=tcp
DB_NAME=/web/db
HOME=/root
Then I logged into container A and run the command: ping db
which gives me output:
PING db (172.17.0.2) 56(84) bytes of data.
64 bytes from db (172.17.0.2): icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from db (172.17.0.2): icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from db (172.17.0.2): icmp_seq=3 ttl=64 time=0.065 ms
64 bytes from db (172.17.0.2): icmp_seq=4 ttl=64 time=0.061 ms
64 bytes from db (172.17.0.2): icmp_seq=5 ttl=64 time=0.066 ms
And when I tried telnet command with port 3306, as follows:
telnet 172.17.0.2 3306
gives me output:
root#9b078c1fed82:/# telnet 172.17.0.2 3306
Trying 172.17.0.2...
telnet: Unable to connect to remote host: Connection refused
Any idea, how can I telnet linked container?
Any help will be appreciated!
MySQL usually only listens on 127.0.0.1 by default. You need to modify the my.cnf during build and set bind-address to 0.0.0.0. You could accomplish this with something like:
RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
After receiving the answer by #Andy Shinn, I Updated the container B Dockerfile as below:
FROM ubuntu:latest
MAINTAINER arpitaggarwal "aggarwalarpit.89#gmail.com"
RUN apt-get install -q -y mysql-server
RUN apt-get install -q -y mysql-client
RUN sed -i -e"s/^bind-address\s*=\s*127.0.0.1/bind-address = 0.0.0.0/" /etc/mysql/my.cnf
EXPOSE 3306
And when I tried accessing mysql-server from container A as:
mysql -u root -ppassword -h 172.17.0.2
Gives me error:
ERROR 1130 (HY000): Host '172.17.0.3' is not allowed to connect to this MySQL server
Which I figured it out is because container A was trying to connect to db container through root user. But In mysql do not allow you to connect though root user remotely. So I work around creating another user in mysql-server with root privileges.
Related
I want to configure static IP address in Ubuntu.
Here you can see my configuration file for static IP addressing:
network:
version: 2
renderer: NetworkManager
ethernets:
wlp1s0:
dhcp4: no
addresses: [192.168.0.103/24]
Gateway: 192.168.0.1
Nameservers:
Addresses: [127.0.0.53]
While testing the configuration through $ sudo netplan try, I get the following response:
bind: Address already in use
netplan: fatal error: cannot bind to port 2983, is another daemon running?, exiting.
Netstat shows the port in use by Netplan.
netstat -pnlt | grep ':2983'
tcp 0 0 0.0.0.0:2983 0.0.0.0:* LISTEN 1524/netplan
So can someone please give me a way to solve this issue??
Got same problem today with one of my servers. The reason was because 2 packages exists for Ubuntu with same binary name: netplan and netplan.io. First is "Calendar Service" and the second is for networking. My server have netplan package installed. I just removed it and now netplan for networking works fine. May be it will helps to you.
Same here ...
installed debian server
apt-get update
apt-get upgrade
reboot and it broke networking so I had to go on site and W%%#$ing fix it .. DIAF 'netplan'
apt-get remove --purge netplan* -y
apt-get install netplan.io -y
I have a problem getting Stunnel to work on Ubuntu 18.04. There are tons of websites that tell how to configure it but nothing works with me, I guess I am doing something wrong.
Here are the steps I did:
OS: Ubuntu18.04 (virtual machine, clean install)
sudo apt update
sudo apt upgrade
sudo apt-get install stunnel4
Then enable auto startup by:
sudo nano /etc/default/stunnel4
Switch ENABLE=0 to ENABLE=1
Next step is create a certification file by:
sudo openssl req -new -out config.pem -keyout config.pem -nodes -x509 -days 365
The location of certification file is: /etc/stunnel/
Then create a configuration file, here is a copy for the one I created:
All set, restarting the service is the last step.
sudo /etc/init.d/stunnel4 restart
and here I got the following error :
[....] Restarting stunnel4 (via systemctl): stunnel4.serviceJob for stunnel4.service failed because the control process exited with error code.
See "systemctl status stunnel4.service" and "journalctl -xe" for details.
failed!
(I am looking to encrypt the traffic between two Ubuntu machines)
Thank you in advance.
Install stunnel on both machines i.e server and client
sudo apt-get install stunnel
Once apt-get has finished we will need to enable stunnel by editing the /etc/default/stunnel4 configuration file in both client and server.
Find:
Change to one to enable stunnel automatic startup
ENABLED=0
Replace:
Change to one to enable stunnel automatic startup
ENABLED=1
2 . Install tinyproxy on server --> This is just a proxy server in my case i used custom one.
sudo apt-get install tinyproxy
Configuring tinyproxy
By default TinyProxy starts up listening on all interfaces for a connection to port 8888. Since we don’t want to leave our proxy open to the world, let’s change this by configuring TinyProxy to listen to the localhost interface only. We can do this by modifying the Listen parameter within the /etc/tinyproxy.conf file.
Find:
#Listen 192.168.0.1
Replace With:
Listen 127.0.0.1
Once complete, we will need to restart the TinyProxy service in order for our change to take effect. We can do this using the systemctl command.
server: $ sudo systemctl restart tinyproxy
After systemctl completes, we can validate that our change is in place by checking whether port 8888 is bound correctly using the netstat command.
server: $ netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:8888 0.0.0.0:* LISTEN
Create certificate using openssl on server
Easier way:
(a). openssl genrsa -out key.pem 2048
(b). openssl req -new -x509 -key key.pem -out cert.pem -days 1095
(c). cat key.pem cert.pem >> /etc/stunnel/stunnel.pem
You can opt to do (c) manually
Also remember to transfer the certificate to the client machine also...so both client and server have /etc/stunnel/stunnel.pem
Stunnel server settings
cert = stunnel.pem
[tinyproxy]
accept = 0.0.0.0:3112
connect = 127.0.0.1:8888
Stunnel Client settings
cert = stunnel.pem
client = yes
[tinyproxy]
accept = 127.0.0.1:3112
connect = 10.0.2.15:3112
Assuming your using virtualbox which has your ubuntu server installed there you have to do the following settings
In Settings>>Network change the adpater to NAT
Then in Settings>>Network>>advanced>>port fowarding add port fowarding
*Name* *Protocol* *Host IP* *Host port* *Guest IP* *Guest port*
stunnel TCP 0.0.0.0 3112 3112
Once your done restart Services
In client
sudo systemctl restart stunnel4.service
In server
sudo systemctl restart stunnel4.service
sudo systemctl restart tinyproxy
To test if it worked
In terminal:
export http_proxy="http://localhost:3112"
export https_proxy="https://localhost:3112
then:
curl --proxy-insecure -v https://www.google.com
Credit:
https://bencane.com/2017/04/15/using-stunnel-and-tinyproxy-to-hide-http-traffic/
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ssl-tunnel-using-stunnel-on-ubuntu
I have a Dockerized Zabbix server (3.4) connecting to a CentOS 7 host w/ Mariadb.
This one works fine:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.version
mysql Ver 15.1 Distrib 5.5.56-MariaDB, for Linux (x86_64) using readline 5.1
This one does not:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.ping
mysqladmin: connect to server at 'localhost' failed
error: 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)'
Check that mysqld is running and that the socket: '/var/lib/mysql/mysql.sock' exists!
From /etc/zabbix/zabbix_agentd.d/userparameter_mysql.conf:
UserParameter=mysql.version,mysql -V
UserParameter=mysql.ping,HOME=/etc/zabbix mysqladmin ping | grep -c alive
It does read the .my.cnf in the HOME dir, when change host=localhost to host=127.0.0.1 I get:
# zabbix_get -s <ipOfRemoteHost> -p 10050 -k mysql.ping
mysqladmin: connect to server at '127.0.0.1' failed
error: 'Can't connect to MySQL server on '127.0.0.1' (13)'
Check that mysqld is running on 127.0.0.1 and that the port is 3306.
You can check this by doing 'telnet 127.0.0.1 3306'
Also tried adding the username and password directly in the command, but same result:
UserParameter=mysql.ping,mysqladmin -uroot --password="mypassword" ping | grep -c alive
Running that command on the host works fine:
mysqladmin -uroot --password="mypassword" ping | grep -c alive
1
The agent itself seems to run fine:
$ sudo -u zabbix zabbix_agentd -t mysql.ping
mysql.ping [t|1]
Socket is available:
# ls -l /var/lib/mysql/mysql.sock
srwxrwxrwx. 1 mysql mysql 0 Nov 5 18:01 /var/lib/mysql/mysql.sock
Process details:
# ps -ef | grep mysqld
mysql 3218 1 0 18:01 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
mysql 3488 3218 99 18:01 ? 06:08:26 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
systemd+ 6547 6530 0 Oct31 ? 00:06:15 mysqld --character-set-server=utf8 --collation-server=utf8_bin
Any suggestions?
Note: don't think it is relevant but just in case, on the host I also have a Dockerized mysql running on port 3307
localhost/127.0.0.1 in the container is not the same as localhost/127.0.0.1 on the host, because of cgroup network namespacing. Use proper IP in .my.cnf or run container in the host network namespace (docker run --net host ...).
If you want to use a socket for MySQL connection from the container, then you will need to use Docker volumes. You may have problems with socket permissions, socket owner, ... I recommend IP connecting approach.
The cause is selinux. selinux is prohibiting the Zabbix agent from accessing the mysql socket file and possibly other resources.
Run tail -f /var/log/audit/audit.log while you try zabbix_get and you'll see the denials in real-time.
Then you'll need to devise an selinux policy that enables access as needed.
Question first: Does anyone know why scp won't resolve the dns name wheezy to the ip address 192.168.164.144 while ping does?
Explanation & Details second:
While on OS Mavericks I could scp files from my terminal to my VMWare Fusion Debian instance just fine. I just had to make sure that the ip address and machine name (wheezy) were in both the Debian /etc/hosts file and in the /etc/hosts file of my mac.
However after upgrading to Yosemite I can't scp files to my virtual host using the domain name. I CAN scp files to the virtual machine if I specify the ip address. So this works:
scp test_file.txt dan#192.168.165.144:~/
but this does not:
scp test_file.txt dan#wheezy:~/
This boggles my mind because the host "wheezy" pings just fine:
BASHdan#DanRauxa ~ >>ping wheezy
PING wheezy (192.168.165.144): 56 data bytes
64 bytes from 192.168.165.144: icmp_seq=0 ttl=64 time=0.335 ms
64 bytes from 192.168.165.144: icmp_seq=1 ttl=64 time=0.337 ms
64 bytes from 192.168.165.144: icmp_seq=2 ttl=64 time=0.290 ms
^C
--- wheezy ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.290/0.321/0.337/0.022 ms
and my /etc/hosts file is actually identical on both the Yosemite and Wheezy machine:
127.0.0.1 localhost
192.168.165.1 DanRauxa
192.168.165.144 wheezy
127.0.0.1 drupal-7-31.local
127.0.0.1 drupal8devprep.local
Does anyone know why scp won't resolve the dns name wheezy to the ip address 192.168.164.144 while ping does?
Many thanks.
-d-
Check your ~/.ssh/config to see if there is a wheezy host in there.
Also run the scp in verbose mode:
scp -v test_file.txt dan#wheezy:~/.
Might give you more information on where the failure is happening.
I've tried to configure cluster following through Glassfish clustering tutorials (1, 2), but I'm still having troubles with creating instance in cluster on remote host.
I think it will be better if I give you output with inserted commands, it'll probably explain more:
adam#adam-desktop:~/Pulpit/glassfish-3.1.1/bin$ ./asadmin
Use "exit" to exit and "help" for online help.
asadmin> setup-ssh adam-laptop
Successfully connected to adam#adam-laptop using keyfile /home/adam/.ssh/id_rsa
SSH public key authentication is already configured for adam#adam-laptop
Command setup-ssh executed successfully.
asadmin> install-node --installdir /home/adam/Pulpit/glassfish3 adam-laptop
Created installation zip /home/adam/Pulpit/glassfish-3.1.1/bin/glassfish8196347853130742869.zip
Successfully connected to adam#adam-laptop using keyfile /home/adam/.ssh/id_rsa
Copying /home/adam/Pulpit/glassfish-3.1.1/bin/glassfish8196347853130742869.zip (82498155 bytes) to adam-laptop:/home/adam/Pulpit/glassfish3
Installing glassfish8196347853130742869.zip into adam-laptop:/home/adam/Pulpit/glassfish3
Removing adam-laptop:/home/adam/Pulpit/glassfish3/glassfish8196347853130742869.zip
Fixing file permissions of all files under adam-laptop:/home/adam/Pulpit/glassfish3/bin
Command install-node executed successfully.
asadmin> start-domain domain1
Waiting for domain1 to start ........................
Successfully started the domain : domain1
domain Location: /home/adam/Pulpit/glassfish-3.1.1/glassfish/domains/domain1
Log File: /home/adam/Pulpit/glassfish-3.1.1/glassfish/domains/domain1/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.
asadmin> enable-secure-admin
Command enable-secure-admin executed successfully.
asadmin> restart-domain domain1
Successfully restarted the domain
Command restart-domain executed successfully.
asadmin> create-cluster c1
Command create-cluster executed successfully.
asadmin> create-node-ssh --nodehost adam-laptop --installdir /home/adam/Pulpit/glassfish3 adam-laptop
Command create-node-ssh executed successfully.
asadmin> create-instance --node adam-laptop --cluster c1 i1
Successfully created instance i1 in the DAS configuration, but failed to create the instance files on node adam-laptop (adam-laptop).
Command failed on node adam-laptop (adam-laptop): Could not contact the DAS running at adam-desktop:4848. This could be because a firewall is blocking the connection back to the DAS or because the DAS host is known by a different name on the instance host adam-laptop. To change the hostname that the DAS uses to identify itself please update the DAS admin HTTP listener address.
Command _create-instance-filesystem failed.
To complete this operation run the following command locally on host adam-laptop from the GlassFish install location /home/adam/Pulpit/glassfish3:
asadmin --host adam-desktop --port 4848 create-local-instance --node adam-laptop i1
asadmin>
UPDATE
I'm putting hosts file contents and ping command output for sure, that exists connection between adam-desktop and adam-laptop:
adam#adam-desktop:~$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 adam-desktop
192.168.1.101 adam-laptop
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
adam#adam-desktop:~$ cat /etc/hostname
adam-desktop
adam#adam-desktop:~$ ping adam-laptop
PING adam-laptop (192.168.1.101) 56(84) bytes of data.
64 bytes from adam-laptop (192.168.1.101): icmp_req=1 ttl=64 time=0.786 ms
64 bytes from adam-laptop (192.168.1.101): icmp_req=2 ttl=64 time=0.694 ms
64 bytes from adam-laptop (192.168.1.101): icmp_req=3 ttl=64 time=0.687 ms
Any help?
After the domain is started, can you reach http://localhost:4848 or http://adam-desktop:4848 in your browser ?
If not, on linux glassfish requires you to set up the /etc/hosts file correctly and this is where most of my problems like this come from. Also set up the appropriate network config. On Redhat it is /etc/sysconfig/network and on Ubuntu it is /etc/hostname
It seems that error was caused by entry in /etc/hosts file.
127.0.0.1 localhost
127.0.1.1 adam-desktop
192.168.1.101 adam-laptop
after changing to:
127.0.0.1 localhost
127.0.0.1 adam-desktop
192.168.1.101 adam-laptop
it works. I had to make changes on two machines, it means on adam-desktop and adam-laptop.