The commands are like:
docker run / stop / rm ...
which works in terminal while causes segmentation fault in bash script.
I compared the environments between bash script and terminal, as shown below.
2c2
< BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
---
> BASHOPTS=cmdhist:complete_fullquote:expand_aliases:extquote:force_fignore:hostcomplete:interactive_comments:login_shell:progcomp:promptvars:sourcepath
7,8c7,8
< BASH_LINENO=([0]="0")
< BASH_SOURCE=([0]="./devRun.sh")
---
> BASH_LINENO=()
> BASH_SOURCE=()
10a11
> COLUMNS=180
14a16,18
> HISTFILE=/home/me/.bash_history
> HISTFILESIZE=500
> HISTSIZE=500
19a24
> LINES=49
22a28
> MAILCHECK=60
28c34,37
< PPID=12558
---
> PIPESTATUS=([0]="0")
> PPID=12553
> PS1='[\u#\h \W]\$ '
> PS2='> '
32,33c41,42
< SHELLOPTS=braceexpand:hashall:interactive-comments
< SHLVL=2
---
> SHELLOPTS=braceexpand:emacs:hashall:histexpand:history:interactive-comments:monitor
> SHLVL=1
42,52c51
< _=./devRun.sh
< dao ()
< {
< echo "Dao";
< docker run -dti -v /tmp/projStatic:/var/projStatic -v ${PWD}:/home --restart always -p 50000:50000 --name projDev daocloud.io/silencej/python3-uwsgi-alpine-docker sh;
< echo "Dao ends."
< }
< docker ()
< {
< docker run -dti -v ${PWD}:/home --restart always -p 50000:50000 --name projDev owen263/python3-uwsgi-alpine-docker sh
< }
---
> _=/tmp/env.log
UPDATE:
The info and version:
docker version
Client:
Version: 1.13.1
API version: 1.26
Go version: go1.7.5
Git commit: 092cba3727
Built: Sun Feb 12 02:40:56 2017
OS/Arch: linux/amd64
Server:
Version: 1.13.1
API version: 1.26 (minimum version 1.12)
Go version: go1.7.5
Git commit: 092cba3727
Built: Sun Feb 12 02:40:56 2017
OS/Arch: linux/amd64
Experimental: false
docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 1.13.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: aa8187dbd3b7ad67d
You've rewritten the docker command in a shell, it's entirely possible this is even a recursive definition. Remove this from your environment:
docker ()
{
docker run -dti -v ${PWD}:/home --restart always -p 50000:50000 --name projDev owen263/python3-uwsgi-alpine-docker sh
}
Related
Team,
/bin/bash: line 5: ./repo/clone.sh: No such file or directory
cannot run above file but I can cat it well. I tried my best and still trying to find but no luck so far..
my requirement is to mount bash script from config map to a directory inside container and run it to clone a repo but am getting below message.
cron job
spec:
concurrencyPolicy: Allow
jobTemplate:
metadata:
spec:
template:
metadata:
spec:
containers:
- args:
- -c
- |
set -x
pwd && ls
ls -ltr /
cat /repo/clone.sh
./repo/clone.sh
pwd
command:
- /bin/bash
envFrom:
- configMapRef:
name: sonarscanner-configmap
image: artifactory.build.team.com/product-containers/user/sonarqube-scanner:4.7.0.2747
imagePullPolicy: IfNotPresent
name: sonarqube-sonarscanner
securityContext:
runAsUser: 0
volumeMounts:
- mountPath: /repo
name: repo-checkout
dnsPolicy: ClusterFirst
initContainers:
- args:
- -c
- cd /
command:
- /bin/sh
image: busybox
imagePullPolicy: IfNotPresent
name: clone-repo
securityContext:
privileged: true
volumeMounts:
- mountPath: /repo
name: repo-checkout
readOnly: true
restartPolicy: OnFailure
securityContext:
fsGroup: 0
volumes:
- configMap:
defaultMode: 420
name: product-configmap
name: repo-checkout
schedule: '*/1 * * * *'
ConfigMap
kind: ConfigMap
metadata:
apiVersion: v1
data:
clone.sh: |-
#!bin/bash
set -xe
apk add git curl
#Containers that fail to resolve repo url can use below step.
repo_url=$(nslookup ${CODE_REPO_URL} | grep Non -A 2 | grep Name | cut -d: -f2)
repo_ip=$(nslookup ${CODE_REPO_URL} | grep Non -A 2 | grep Address | cut -d: -f2)
if grep ${repo_url} /etc/hosts; then
echo "git dns entry exists locally"
else
echo "Adding dns entry for git inside container"
echo ${repo_ip} ${repo_url} >> /etc/hosts
fi
cd / && cat /etc/hosts && pwd
git clone "https://$RU:$RT#${CODE_REPO_URL}/r/a/${CODE_REPO_NAME}" && \
(cd "${CODE_REPO_NAME}" && mkdir -p .git/hooks && \
curl -Lo `git rev-parse --git-dir`/hooks/commit-msg \
https://$RU:$RT#${CODE_REPO_URL}/r/tools/hooks/commit-msg; \
chmod +x `git rev-parse --git-dir`/hooks/commit-msg)
cd ${CODE_REPO_NAME}
pwd
output pod describe
Warning FailedCreatePodSandBox 1s kubelet, node1 Failed create pod sandbox: rpc error: code = Unknown desc = failed to start sandbox container for pod "sonarqube-cronjob-1670256720-fwv27": Error response from daemon: OCI runtime create failed: container_linux.go:345: starting container process caused "process_linux.go:303: getting the final child's pid from pipe caused \"EOF\"": unknown
pod logs
+ pwd
+ ls
/usr/src
+ ls -ltr /repo/clone.sh
lrwxrwxrwx 1 root root 15 Dec 5 16:26 /repo/clone.sh -> ..data/clone.sh
+ ls -ltr
total 60
.
drwxr-xr-x 2 root root 4096 Aug 9 08:58 sbin
drwx------ 2 root root 4096 Aug 9 08:58 root
drwxr-xr-x 2 root root 4096 Aug 9 08:58 mnt
drwxr-xr-x 5 root root 4096 Aug 9 08:58 media
drwxrwsrwx 3 root root 4096 Dec 5 16:12 repo <<<<< MY MOUNTED DIR
.
+ cat /repo/clone.sh
#!bin/bash
set -xe
apk add git curl
#Containers that fail to resolve repo url can use below step.
repo_url=$(nslookup ${CODE_REPO_URL} | grep Non -A 2 | grep Name | cut -d: -f2)
repo_ip=$(nslookup ${CODE_REPO_URL} | grep Non -A 2 | grep Address | cut -d: -f2)
if grep ${repo_url} /etc/hosts; then
echo "git dns entry exists locally"
else
echo "Adding dns entry for git inside container"
echo ${repo_ip} ${repo_url} >> /etc/hosts
fi
cd / && cat /etc/hosts && pwd
git clone "https://$RU:$RT#${CODE_REPO_URL}/r/a/${CODE_REPO_NAME}" && \
(cd "${CODE_REPO_NAME}" && mkdir -p .git/hooks && \
curl -Lo `git rev-parse --git-dir`/hooks/commit-msg \
https://$RU:$RT#${CODE_REPO_URL}/r/tools/hooks/commit-msg; \
chmod +x `git rev-parse --git-dir`/hooks/commit-msg)
cd code_dir
+ ./repo/clone.sh
/bin/bash: line 5: ./repo/clone.sh: No such file or directory
+ pwd
pwd/usr/src
Assuming the working directory is different thant /:
If you want to source your script in the current process of bash (shorthand .) you have to add a space between the dot and the path:
. /repo/clone.sh
If you want to execute it in a child process, remove the dot:
/repo/clone.sh
I wrote a readiness_probe for my pod by using a bash script. Readiness probe failed with Reason: Unhealthy but when I manually get in to the pod and run this command /bin/bash -c health=$(curl -s -o /dev/null --write-out "%{http_code}" http://localhost:8080/api/v2/ping); if [[ $health -ne 401 ]]; then exit 1; fi bash script exits with code 0.
What could be the reason? I am attaching the code and the error below.
Edit: Found out that the health variable is set to 000 which means timeout in for bash script.
readinessProbe:
exec:
command:
- /bin/bash
- '-c'
- |-
health=$(curl -s -o /dev/null --write-out "%{http_code}" http://localhost:8080/api/v2/ping);
if [[ $health -ne 401 ]]; then exit 1; fi
"kubectl describe pod {pod_name}" result:
Name: rustici-engine-54cbc97c88-5tg8s
Namespace: default
Priority: 0
Node: minikube/192.168.49.2
Start Time: Tue, 12 Jul 2022 18:39:08 +0200
Labels: app.kubernetes.io/name=rustici-engine
pod-template-hash=54cbc97c88
Annotations: <none>
Status: Running
IP: 172.17.0.5
IPs:
IP: 172.17.0.5
Controlled By: ReplicaSet/rustici-engine-54cbc97c88
Containers:
rustici-engine:
Container ID: docker://f7efffe6fc167e52f913ec117a4d78e62b326d8f5b24bfabc1916b5f20ed887c
Image: batupaksoy/rustici-engine:singletenant
Image ID: docker-pullable://batupaksoy/rustici-engine#sha256:d3cf985c400c0351f5b5b10c4d294d48fedfd2bb2ddc7c06a20c1a85d5d1ae11
Port: 8080/TCP
Host Port: 0/TCP
State: Running
Started: Tue, 12 Jul 2022 18:39:12 +0200
Ready: False
Restart Count: 0
Limits:
memory: 350Mi
Requests:
memory: 350Mi
Liveness: exec [/bin/bash -c health=$(curl -s -o /dev/null --write-out "%{http_code}" http://localhost:8080/api/v2/ping);
if [[ $health -ne 401 ]]; then exit 1; else exit 0; echo $health; fi] delay=10s timeout=5s period=10s #success=1 #failure=20
Readiness: exec [/bin/bash -c health=$(curl -s -o /dev/null --write-out "%{http_code}" http://localhost:8080/api/v2/ping);
if [[ $health -ne 401 ]]; then exit 1; else exit 0; echo $health; fi] delay=10s timeout=5s period=10s #success=1 #failure=10
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-whb8d (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-whb8d:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 24s default-scheduler Successfully assigned default/rustici-engine-54cbc97c88-5tg8s to minikube
Normal Pulling 23s kubelet Pulling image "batupaksoy/rustici-engine:singletenant"
Normal Pulled 21s kubelet Successfully pulled image "batupaksoy/rustici-engine:singletenant" in 1.775919851s
Normal Created 21s kubelet Created container rustici-engine
Normal Started 20s kubelet Started container rustici-engine
Warning Unhealthy 4s kubelet Readiness probe failed:
Warning Unhealthy 4s kubelet Liveness probe failed:
The probe could be failing because it is facing performance issues or slow startup. To troubleshoot this issue, you will need to check that the probe doesn’t start until the app is up and running in your pod. Perhaps you will need to increase the Timeout of the Readiness Probe, as well as the Timeout of the Liveness Probe, like in the following example:
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 2
timeoutSeconds: 10
You can find more details about how to configure the Readlines Probe and Liveness Probe in this link.
Describe the bug
My goal is to run unit test e2e detox for a mobile application in react-native from a Gitlab-ci on a AWS ec2 instance
AWS EC2: c5.xlarge 4 CPU / 8GB RAM
I just create an instance ec2 c5.xlarge on AWS and setup docker and gitlab-runner with docker executor (image: alpine) on it.
Here my .gitlab-ci.yml :
stages:
- unit-test
variables:
LC_ALL: 'en_US.UTF-8'
LANG: 'en_US.UTF-8'
DOCKER_DRIVER: overlay2
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"
before_script:
- node -v
- npm -v
- yarn -v
detox-android:
stage: unit-test
image: reactnativecommunity/react-native-android
before_script:
- echo fs.inotify.max_user_watches=524288 | tee -a /etc/sysctl.conf && sysctl -p
- yarn install:module_only
script:
- mkdir -p /root/.android && touch /root/.android/repositories.cfg
#- $ANDROID_HOME/tools/bin/sdkmanager --list --verbose
- echo yes | $ANDROID_HOME/tools/bin/sdkmanager --channel=0 --verbose "system-images;android-25;google_apis;armeabi-v7a"
- echo no | $ANDROID_HOME/tools/bin/avdmanager --verbose create avd --force --name "Pixel_API_28_AOSP" --package "system-images;android-25;google_apis;armeabi-v7a" --sdcard 200M --device 11
- echo "Waiting emulator is ready..."
- emulator -avd "Pixel_API_28_AOSP" -debug-init -no-window -no-audio -gpu swiftshader_indirect -show-kernel &
- adb wait-for-device shell 'while [[ -z $(getprop sys.boot_completed) ]]; do sleep 1; done; input keyevent 82'
- echo "Emulator is ready!"
- yarn detox-emu:build:android
- yarn detox-emu:test:android
tags:
- detox-android
only:
- ci/unit-test
here the script in my package.json for the ci:
{
scripts: {
"detox-emu:test:android": "npx detox test -c android.emu.release.ci --headless -l verbose",
"detox-emu:build:android": "npx detox build -c android.emu.release.ci"
}
}
here my .detoxrc.json
{
"testRunner": "jest",
"runnerConfig": "e2e/config.json",
"configurations": {
"android.real": {
"binaryPath": "android/app/build/outputs/apk/debug/app-debug.apk",
"build": "cd android && ./gradlew assembleDebug assembleAndroidTest -DtestBuildType=debug && cd ..",
"type": "android.attached",
"device": {
"adbName": "60ac9404"
}
},
"android.emu.debug": {
"binaryPath": "android/app/build/outputs/apk/debug/app-debug.apk",
"build": "cd android && ./gradlew assembleDebug assembleAndroidTest -DtestBuildType=debug && cd ..",
"type": "android.emulator",
"device": {
"avdName": "Pixel_API_28_AOSP"
}
},
"android.emu.release": {
"binaryPath": "android/app/build/outputs/apk/release/app-release.apk",
"build": "cd android && ./gradlew assembleRelease assembleAndroidTest -DtestBuildType=release && cd ..",
"type": "android.emulator",
"device": {
"avdName": "Pixel_API_28_AOSP"
}
},
"android.emu.release.ci": {
"binaryPath": "android/app/build/outputs/apk/release/app-release.apk",
"build": "cd android && ./gradlew assembleRelease assembleAndroidTest -DtestBuildType=release && cd ..",
"type": "android.emulator",
"device": {
"avdName": "Pixel_API_28_AOSP"
}
}
}
}
Here the things I tried many way to setup an android emulator on an EC2 but it's look working only with an emulator armeabi-v7a due to the cpu virtualisation. It's look like the latest emulator available for armeabi-v7a is system-images;android-25;google_apis;armeabi-v7a. It's look like I can only run an emulator with sdkversion 25 on EC2 instance then.
On my mobile app, I'm using mapbox for some features that require with detox minSdkversion 26. That I set on my build.gradle as well.
You can see full logs of my CI in attachement.
Log_CI.txt
I get an error because detox don't find my emulator for the name Pixel_API_28_AOSP. This error could be related to the minSdkVersion ? Or I miss something in my CI ?
Environment (please complete the following information):
Detox: 17.10.2
React Native: 0.63.2
Device: emulator system-images;android-25;google_apis;armeabi-v7a
OS: android
Thanks in advance for your help !
My Error at git lab runner terminal
fatal: remote origin already exists.
warning: failed to remove code/ecom_front_proj/dist/sections: Permission denied
ERROR: Job failed: exit status 1
I am trying to deploy my project to an AWS server by git runner using CI CD. First time the code deploys successfully. If I commit a second time it shows the above error.
If I delete my runner and create new one it is deploying successfully.
I don't know how to delete the remote origin file that already exists.
My Git.yml
image: docker
>
> services:
> - docker:dind
>
> stages:
> - test
> - deploy
>
> test: stage: test only:
> - master
> script:
> - echo run tests in this section
>
> step-deploy-prod: stage: deploy only:
> - master script:
>
> - sudo docker system prune -f
> - sudo docker volume prune -f
> - sudo docker image prune -f
> - sudo docker-compose build --no-cache
> - sudo docker-compose up -d environment: development
My Docker file
FROM node:6 LABEL Aathi <aathi#techardors.com>
>
> RUN apk update && apk add git RUN apk add nodejs RUN apk add nginx
> RUN set -x ; \ addgroup -g 82 -S www-data ; \ adduser -u 82 -D -S
> -G www-data www-data && exit 0 ; exit 1
>
> COPY ./nginx.conf /etc/nginx/nginx.conf
> #COPY ./localhost.crt /etc/nginx/localhost.crt
> #COPY ./localhost.key /etc/nginx/localhost.key COPY ./code/ecom_front_proj /sections WORKDIR sections RUN npm install RUN
> npm install -g #angular/cli RUN ng build --prod
My docker Compose File
version: '2'
>
> services: web:
> container_name: nginx
> build: .
> ports:
> - "4200:4200"
> command: nginx -g "daemon off";
> volumes:
> - ./code/ecom_front_proj/dist/sections:/www:ro
My nginx file
user www-data; worker_processes 1; pid /run/nginx.pid;
>
> events { worker_connections 768; # multi_accept on; }
>
> http { sendfile off; tcp_nopush on; tcp_nodelay on;
> keepalive_timeout 65; types_hash_max_size 2048;
>
> include /etc/nginx/mime.types; default_type
> application/octet-stream;
>
> #access_log /var/log/nginx/access.log; #error_log
> /var/log/nginx/error.log;
>
> gzip on; gzip_disable "msie6";
>
> server { #listen 8443 ssl; listen 4200; #server_name
> localhost;
>
> #ssl_certificate localhost.crt; #ssl_certificate_key
> localhost.key;
>
> location / {
> root /sections/dist/sections;
> index index.html;
> }
>
> } }
Looks like you run gitlab-runner version 11.9.0 and it has a bug.
Alternatively, your gitlab-runner was installed with privileges that not allow it to change file structure in the mentioned path, consider reinstalling or adding these privileges.
I am trying to ship the authentication related of my CentOS 7 to Elasticsearch. Strangely I am not getting any authentication events.
When I ran the debug command auditbeat -c auditbeat.conf -d -e "*" , I found something like below:
{
"#timestamp": "2019-01-15T11:54:37.246Z",
"#metadata": {
"beat": "auditbeat",
"type": "doc",
"version": "6.4.0"
},
"error": {
"message": "failed to set audit PID. An audit process is already running (PID 68504)"
},
"beat": {
"name": "env-cs-westus-devtest-66-csos-logs-es-master-0",
"hostname": "env-cs-westus-devtest-66-csos-logs-es-master-0",
"version": "6.4.0"
},
"host": {
"name": "env-cs-westus-devtest-66-csos-logs-es-master-0"
},
"event": {
"module": "auditd"
}
}
Also there was an error line like below:
Failure receiving audit events {"error": "failed to set audit PID. An audit process is already running (PID 68504)"}
Machine details
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
Audibeat Configuration File
#================================ General ======================================
fields_under_root: False
queue:
mem:
events: 4096
flush:
min_events: 2048
timeout: 1s
max_procs: 1
max_start_delay: 10s
#================================= Paths ======================================
path:
home: "/usr/share/auditbeat"
config: "/etc/auditbeat"
data: "/var/lib/auditbeat"
logs: "/var/log/auditbeat/auditbeat.log"
#============================ Config Reloading ================================
config:
modules:
path: ${path.config}/conf.d/*.yml
reload:
period: 10s
enabled: False
#========================== Modules configuration =============================
auditbeat.modules:
#----------------------------- Auditd module -----------------------------------
- module: auditd
resolve_ids: True
failure_mode: silent
backlog_limit: 8196
rate_limit: 0
include_raw_message: True
include_warnings: True
audit_rules: |
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access
-a always,exit -F dir=/home -F uid=0 -F auid>=1000 -F auid!=4294967295 -C auid!=obj_uid -F key=power-abuse
-a always,exit -F arch=b64 -S setuid -F a0=0 -F exe=/usr/bin/su -F key=elevated-privs
-a always,exit -F arch=b32 -S setuid -F a0=0 -F exe=/usr/bin/su -F key=elevated-privs
-a always,exit -F arch=b64 -S setresuid -F a0=0 -F exe=/usr/bin/sudo -F key=elevated-privs
-a always,exit -F arch=b32 -S setresuid -F a0=0 -F exe=/usr/bin/sudo -F key=elevated-privs
-a always,exit -F arch=b64 -S execve -C uid!=euid -F euid=0 -F key=elevated-privs
-a always,exit -F arch=b32 -S execve -C uid!=euid -F euid=0 -F key=elevated-privs
#----------------------------- File Integrity module -----------------------------------
- module: file_integrity
paths:
- /bin
- /usr/bin
- /sbin
- /usr/sbin
- /etc
- /home/jenkins
exclude_files:
- (?i)\.sw[nop]$
- ~$
- /\.git($|/)
scan_at_start: True
scan_rate_per_sec: 50 MiB
max_file_size: 100 MiB
hash_types: [sha1]
recursive: False
#================================ Outputs ======================================
#-------------------------- Elasticsearch output -------------------------------
output.elasticsearch:
enabled: True
hosts:
- x.x.x:9200
compression_level: 0
protocol: "http"
worker: 1
bulk_max_size: 50
timeout: 90
#================================ Logging ======================================
logging:
level: "info"
selectors: ["*"]
to_syslog: False
to_eventlog: False
metrics:
enabled: True
period: 30s
to_files: True
files:
path: /var/log/auditbeat
name: "auditbeat"
rotateeverybytes: 10485760
keepfiles: 7
permissions: 0600
json: False
Version of Auditbeat
auditbeat version 6.4.0 (amd64), libbeat 6.4.0
Have anyone faced a similar issue and got a resolution?.
Note: this configuration for auditbeat successfully captures authentication events for Ubuntu
So I posted the same in the Elastic beats forum and got a solution. You can find the same here
As per their suggestion, turning off the auditd service would allow Audit events to be captured by Audibeat. I tried the same and it worked for me. But I am not sure of the implications of turning the auditd off. So I might switch to a Filebeat based solution.