Cannot SSH to Docker Container Running on MAC - macos

I cannot access SSH or HTTP-alt. The Ubuntu container is running on MacOSX. I assume both SSH and HTTP-alt are problematic for the same reason. I am using dockerfile and docker-compose for the setup. Because I am a novice with docker, there may be redundant commands. My host machine has the firewall disabled.
dockerfile
<-- output omitted for brevity -->
# ports
EXPOSE 22 8080
docker-compose
version: '3'
services:
base:
image: cox-nams:1.0
container_name: cox-nams
hostname: neteng-docker
stdin_open: true
ports:
- "10000:22" # ssh
- "10001:8080" # jupyter
<-- output omitted for brevity -->
Initializing Commands
$ docker exec -it cox-nams /bin/bash
Docker output
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b37789c4660c ba397d1c07cd "/bin/sh -c 'service…" 34 minutes ago Up 34 minutes 0.0.0.0:10000->22/tcp, 0.0.0.0:10001->8080/tcp cox-nams
Ports within the Container
duser#neteng-docker:~$ netstat -at | grep LISTEN
tcp 0 0 0.0.0.0:http-alt 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.11:46461 0.0.0.0:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
SSH from within the Container
duser#neteng-docker:~$ ssh duser#localhost -p 22
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:la2X7X8gZj7t8DQC7rwHTalMBHYC9oVggfYzATuzkyM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
duser#localhost's password:
Welcome to Ubuntu 18.04.3 LTS (GNU/Linux 4.14.134-boot2docker x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
Last login: Fri Aug 30 18:38:54 2019 from 127.0.0.1
duser#neteng-docker:~$
SSH from the Host
$ ssh duser#localhost -p 10000
ssh: connect to host localhost port 10000: Connection refused
Services
root#neteng-docker:/# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 03:37 ? 00:00:00 /bin/sh -c service ssh restart && bash
root 18 1 0 03:37 ? 00:00:00 /usr/sbin/sshd
root 19 1 0 03:37 ? 00:00:00 bash
root 20 0 0 03:37 pts/0 00:00:00 /bin/bash
root 55 20 0 03:40 pts/0 00:00:00 ps -ef
root#neteng-docker:/# service --status-all
[ - ] dbus
[ ? ] hwclock.sh
[ - ] procps
[ + ] ssh
EDIT: Added services output

You can use this Dockerfile
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:THEPASSWORDYOUCREATED' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/'
/etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's#session\s*required\s*pam_loginuid.so#session optional
pam_loginuid.so#g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
This will expose ssh on port 22 of container. then you can run following command to know which host port is connected to containers 22 port for ssh.
docker port <name of container> 22
This sample application provides solution to your problem. Have a look at it.
https://docs.docker.com/engine/examples/running_ssh_service/

Sadly, this ended up being an appliance firewall issue that I troubleshoot using "nc -l 22" on the server and "telnet IP -p 22" on the client (Linux machines).

Related

vertica database autostart not running

I have an installed vertica cluster with 3 hosts. I want to do autostart database when starting the hosts (when all hosts were shutdown and now I turn on them). At every host in /etc/init.d/ I added script myscript.sh:
sudo -u myuser /opt/vertica/bin/admintools -t start_db -d test
When I run this script manually, it works and database is starting. But when the script is launched at OS startup, the database does not start. In the adminTools.log log I don't see startup errors, I see only pexpecting vsql command... and All nodes in db test are in state DOWN
2020-06-08 16:42:08.526 agent/752:0x7f195dffb700 [vsql._just_connect] <INFO> pexpecting vsql command: /opt/vertica/bin/vsql --no-vsqlrc -n -p 5433 -U myuser -h 192.168.0.5 test -P pager -A
2020-06-08 16:42:08.984 agent/752:0x7f195dffb700 [vsql._just_connect] <INFO> pexpecting vsql command: /opt/vertica/bin/vsql --no-vsqlrc -n -p 5433 -U myuser -h 192.168.0.6 test -P pager -A
2020-06-08 16:42:09.459 agent/752:0x7f195dffb700 [vsql._just_connect] <INFO> pexpecting vsql command: /opt/vertica/bin/vsql --no-vsqlrc -n -p 5433 -U myuser -h 192.168.0.7 test -P pager -A
2020-06-08 16:43:05.639 admintools/3701:0x7f456298c740 [adminExec.getCollapsedClusterState] <INFO> All nodes in db test are in state DOWN
Why is that?
Yes, my OS is Centos 7
But service verticad doesn't work
I run systemctl start verticad
Then I run: systemctl status verticad
verticad.service - Vertica server restart oneshot
Loaded: loaded (/etc/systemd/system/verticad.service; enabled; vendor preset: disabled)
Active: inactive (dead) since Thu 2020-06-11 07:19:43 MSK; 38min ago
Process: 650 ExecStart=/opt/vertica/sbin/verticad start (code=exited, status=0/SUCCESS)
Main PID: 650 (code=exited, status=0/SUCCESS)
Jun 11 07:19:09 verticaserv1 systemd[1]: Starting Vertica server restart oneshot...
Jun 11 07:19:13 verticaserv1 su[706]: (to mydba) root on none
Jun 11 07:19:43 verticaserv1 verticad[650]: Vertica: start OK for users: mydba
Jun 11 07:19:43 verticaserv1 verticad[650]: [ OK ]
Jun 11 07:19:43 verticaserv1 systemd[1]: Started Vertica server restart oneshot.
In logs (/opt/vertica/log/verticad.log and /var/log/messages) I see only:
vertica process is not running
Vertica: start not OK

installed apache with brew but will not start - getting httpd (pid 89) already running

Apache with brew worked before, but it has stoped now, no idea why.
$ sudo apachectl start
httpd (pid 89) already running
But its not running, http://localhost gives me: "This site can’t be reached"
when I do:
$ ps aux | grep httpd
it shows nothing
when I do:
$ lsof -i TCP:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
Google 308 darko 106u IPv4 0x98978f46d14516f9 0t0 TCP 192.168.1.5:50046->ec2-54-204-11-64.compute-1.amazonaws.com:http (ESTABLISHED)

Bash command to return a free port

As part of a build pipeline I would like to start containers with a free port.
Looking for something like this:
docker run --name frontend -p $(gimme-a-free-port):80 frontend:latest
You can use port 0. Applications pass 0 to kernel and kernel assigns unused port to the application.
docker run --name frontend -p 0:80 frontend:latest
Or:
docker run --name frontend -p 80 frontend:latest
In second example I'm just specifying container port, Host port will be assigned automatically.
To verify:
docker port <containerid or container name>
80/tcp -> 0.0.0.0:32768
To get the random port value only:
docker inspect -f '{{ (index (index .NetworkSettings.Ports "80/tcp") 0).HostPort }}' <containerid or container name>
32768
If you don't assign the host-port, docker will automatically pick a random port for publishing the container port.
For example;
$ docker run --name frontend -p 80 -dit busybox
4439bdce51eee473b1e961664839a410754157bf69da2d2545ab51528a42111c
$ docker port 4439bdce51eee473b1e961664839a410754157bf69da2d2545ab51528a42111c
80/tcp -> 0.0.0.0:32768
(or);
$ docker inspect -f '{{json .NetworkSettings.Ports}}' 4439bdce51eee473b1e961664839a410754157bf69da2d2545ab51528a42111c
{"80/tcp":[{"HostIp":"0.0.0.0","HostPort":"32768"}]}
Get Container's External Port
PORT="$(docker ps|grep some_container|sed 's/.*0.0.0.0://g'|sed 's/->.*//g')"
Reference: https://blog.dcycle.com/snippet/2016-10-04/get-docker-container-port/

How to set hosts in docker for mac

When I use docker before, I can use docker-machine ssh default to set hosts in docker's machine /etc/hosts, but in docker for mac I can't access it's VM because of it don't have it.
So, the problem is how to set hosts in docker for mac ?
My secondary domain wants to point the other ip.
I found a solution, use this command
screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
Now, edit the /etc/hosts in the Docker VM.
To exit screen, use Ctrl + a + d.
Here's how I do it with a bash script so the changes persist between Docker for Mac restarts.
cd ~/Library/Containers/com.docker.docker/Data/database
git reset --hard
DFM_HOSTS_FILE="com.docker.driver.amd64-linux/etc/hosts"
if [ ! -f ${DFM_HOSTS_FILE} ]; then
echo "appending host to DFM /etc/hosts"
echo -e "xxx.xxx.xxx.xxx\tmy.special.host" > ${DFM_HOSTS_FILE}
git add ${DFM_HOSTS_FILE}
git commit -m "add host to /etc/hosts for dns lookup"
fi
You can automate it via this script, run this scrip on start up time or login time will save you..
#!/bin/sh
# host entry -> '10.4.1.4 dockerreigstry.senz.local'
# 1. run debian image
# 2. check host entry exists in /etc/hosts file
# 3. if not exists add it to /etc/hosts file
docker run --name debian -it --privileged --pid=host debian nsenter \
-t 1 -m -u -n -i sh \
-c "if ! grep -q dockerregistry.senz.local /etc/hosts; then echo -e '10.4.1.4\tdockerregistry.pagero.local' >> /etc/hosts; fi"
# sleep 2 seconds
# remove stopped debian container
sleep 2
docker rm -f debian
I have created a blog post with more information about this topic.
https://medium.com/#itseranga/set-hosts-in-docker-for-mac-2029276fd448
You must have to create an docker-compose.yml file. This file will be on the same route of your Dockerfile
For example, I use this docker-compose.yml file:
version: '2'
services:
app:
hostname: app
build: .
volumes:
- ./:/var/www/html
working_dir: /var/www/html
depends_on:
- db
- cache
ports:
- 80:80
cache:
image: memcached:1.4.27
ports:
- 11211:11211
rabbitmq:
image: rabbitmq:latest
ports:
- 5672:5672
db:
image: postgres:9.5.3
ports:
- 5432:5432
environment:
- TZ=America/Mazatlan
- POSTGRES_PASSWORD=root
- POSTGRES_DB=restaurantcore
- POSTGRES_USER=rooms
- POSTGRES_PASSWORD=rooms
The ports are binding with the ports of your host docker machine.

How to use sudo in build script for gitlab ci?

When I would like to do something that requiers sudo privelegies, the build process stucks and when ps aux for that command, it hanging in the list but doing nothing.
E.g.:
in the buildscript:
# stop nginx
echo "INFO: stopping nginx. pid [$(cat /opt/nginx/logs/nginx.pid)]"
sudo kill $(cat /opt/nginx/logs/nginx.pid)
in the gitlab ci output console:
INFO: stopping nginx. pid [2741]
kill $(cat /opt/nginx/logs/nginx.pid) # with a spinning wheel
in the bash:
> ps aux | grep nginx
root 6698 0.0 0.1 37628 1264 ? Ss 19:25 0:00 nginx: master process /opt/nginx/sbin/nginx
nobody 6700 0.3 0.3 41776 3832 ? S 19:25 0:00 nginx: worker process
kai 7015 0.0 0.0 4176 580 pts/0 S+ 19:27 0:00 sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
kai 7039 0.0 0.0 7828 844 pts/2 S+ 19:27 0:00 grep nginx
So:
not the sudo kill $(cat /opt/nginx/logs/nginx.pid) is going to execute, but sh -c sudo kill $(cat /opt/nginx/logs/nginx.pid)
it is hanging up, without response (sounds for me like it asks for a password interactively)
There are a couple of ways to resolve this.
Grant sudo permissions
You can grant sudo permissions to the gitlab-runner user as this is who is executing the build script.
$ sudo usermod -a -G sudo gitlab-runner
You now have to remove the password restriction for sudo for the gitlab-runner user.
Start the sudo editor with
$ sudo visudo
Now add the following to the bottom of the file
gitlab-runner ALL=(ALL) NOPASSWD: ALL
Do not do this for gitlab runners that can be executed by untrusted users.
SSH Runner
You can configure the gitlab-ci-runner to connect to a remote host using SSH. You configure this to use a user remotely that has sudo permissions, and perform the build using that user. The remote host can be the same machine that the gitlab runner is executing on, or it can be another host.
This build user account will still need to have sudo and passwordless permissions. Follow the instruction below, except replace gitlab-runner with the build user.
It worked for me as written by Reactgular.
But one little clarification. You must include a % sign before
gitlab-runner ALL = (ALL) NOPASSWD: ALL.
I could not understand for a long time why it doesn’t help me. Then I put the percentage icon and it worked.

Resources