We Keep Coding

Why cant i use apk package manager in my Gitlab pipeline?

Im trying to build a pipeline which ssh's into my server, and executes a bash script. But when i execute the pipeline, it states: bash: line 129: apk: command not found
Why though? Im already specifying to use alpine over my default node image
My runner is configured as a shell executor
image: node:16
build:
only:
- main
script:
- docker build --file Dockerfile --tag $IMAGE_NAME .
push_to_dockerhub:
only:
- main
script:
- docker login --username $DOCKERHUB_USERNAME --password $DOCKERHUB_PASSWORD
- docker push $IMAGE_NAME
deploy:
image: alpine:3.14
only:
- main
before_script:
- apk add openssh-client
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
script:
- ssh myusername#$IP_ADDRESS -p 3000 "/home/myusername/deploy.sh && exit"
I need to be able to use apk on this pipeline to add the openssh client and therefore, stablish an ssh connection

The NodeJS default version you get from docker hub's is a Debian-based distribution. Therefore, apt or apt-get must be used as a package management tool.
You must use an alpine-based Node container if you want to use apk (Alpine Package Keeper).
Example image: node:lts-alpine
The NodeJS docker container is built using a variety of versions and underlying Linux distribution. Please click the link to view them, then select what you require based on your requirements.

Why Molecule is not able to start a docker container (Failed to create temporary directory)

I found similar case here, that I am using molecule to test my ansible roles, but for some reason it is skipping "creation" part and gives error like:
fatal: [rabbitmq]: UNREACHABLE! => {"changed": false, "msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo ~/.ansible/tmp `\"&& mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1638541586.6239848-828-250053975102429 `\" && echo ansible-tmp-1638541586.6239848-828-250053975102429=\"` echo ~/.ansible/tmp/ansible-tmp-1638541586.6239848-828-250053975102429 `\" ), exited with result 1", "unreachable": true}
It is skipping the create process: Skipping, instances already created. However, nothing is running:
name#EEW00438:~/.cache$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
name#EEW00438:~/.cache$
what I tried:
molecule destroy
molecule reset
restart
rm -rf ~/.cache/
changed remote_tmp to /tmp/.ansible/ in /etc/ansible/ansible.cfg
reinstall molecule
This issue is only with one role.
UPDATE:
it is failing on step:
mkdir \"` echo ~/.ansible/tmp/ansible-tmp-1638782939.31706-2913-12516475286623 `\" && echo ansible-tmp-1638782939.31706-2913-12516475286623=
mkdir: cannot create directory ‘"/home/user/.ansible/tmp/ansible-tmp-1638782939.31706-2913-12516475286623"’: No such file or directory

I stumbled upon this issue as well.
When you create the role you need to create it as molecule init role --driver-name docker ns.myrole to enable docker. Be sure to install the docker driver too if you haven't pip install --upgrade molecule-docker
So if you need to tweak the container that runs, edit molecule.yml. It defaults to centos. I switched to ubuntu in there, an created a Dockerfile to provision the container with things that need to exist.
molecule.yml
---
dependency:
name: galaxy
driver:
name: docker
platforms:
- name: instance
image: ubuntu:22.04 # this is required but ignored since I specify a `dockerfile`
pre_build_image: false
dockerfile: Dockerfile
provisioner:
name: ansible
verifier:
name: ansible
For example, Ubuntu 22.04 doesn't use python anymore, so I added an alias at the end of what molecule renders so that Ansible can use python and have it redirect to python3
FROM ubuntu:22.04
RUN if [ $(command -v apt-get) ]; then export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude && apt-get clean && rm -rf /var/lib/apt/lists/*; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python3 sudo bash iproute2 && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python3 sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python3 sudo bash ca-certificates iproute2 && xbps-remove -O; fi
RUN echo 'alias python=python3' >> ~/.bashrc
It's been years since I last used Molecule, and I must say... it's gone downhill. It used to be easy/clear/direct to get things working. Sigh. I guess I should stick to containers and force the migration off VMs sooner!

The problem may be caused by a Docker context change performed at the start of Docker Desktop. Despite this, Molecule does create a container, but in an inactive context.
At startup, Docker Desktop automatically switches the context from default to desktop-linux [1]. The active context determines which containers are available from CLI.
The context cannot be set in the molecule, i.e. the default context is always used to create containers [2].
$ molecule create --scenario-name test
... # The output with the error is skipped because it duplicates the output from the question
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
$ docker context ls
NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR
default moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm
desktop-linux * moby unix:///home/bkarpov/.docker/desktop/docker.sock
$ docker context use default
$ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a71bfd28992f geerlingguy/docker-ubuntu2004-ansible "bash -c 'while true…" 5 minutes ago Up 5 minutes some-instance
$ molecule login --scenario-name test
INFO Running test > login
root#some-instance:/#
Solutions
Switch the context back to default manually
docker context use default
This solution is suitable for one-time execution, since the context will need to be switched every time Docker Desktop is started. Docker Desktop service will continue to work using the desktop-linux context.
Issue with the request to add context switching to Docker Desktop - https://github.com/docker/roadmap/issues/47
Stop Docker Desktop
systemctl --user stop docker-desktop
Stopping the Docker Desktop service will automatically switch to the default context.
Set DOCKER_CONTEXT so that Docker Desktop does not change the context in the current shell
export DOCKER_CONTEXT=default
systemctl --user restart docker-desktop
When stopping, the context returns to default, and when starting, it does not switch to desktop-linux.
References
https://docs.docker.com/desktop/install/ubuntu/#launch-docker-desktop
https://github.com/ansible-community/molecule-docker#faq

Deploy Vue.js build with Gitlab CI

This is my gitlab pipeline. The Vue.js artifacts are build on the runner. How can I deploy the to my testserver? FYI: Fab pull does a git pull on the repo.
deploy_staging:
image: python:3.6
stage: deploy
only:
- master
before_script:
- curl -sL https://deb.nodesource.com/setup_13.x | bash -
- apt-get update -y
- apt-get install -y curl git gnupg nodejs
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- |
cat >~/.ssh/config <<EOF
Host testserver
ForwardAgent yes
HostName dev.testserver.ts
User testuser
EOF
- cat ~/.ssh/config
script:
- pip install -r requirements.txt
- npm install
- npm run production
- fab pull

Since you want to copy files from GitLab runner into your server, This will be possible using scp command.
For example:
⋮
script:
- pip install -r requirements.txt
- npm install
- npm run production
- scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no /PATH/TO/BUILD_ARTIFACTS testserver:~/PATH/TO/DESTINATION
- fab pull
UserKnownHostsFile and StrictHostKeyChecking are SSH options that prevent error Host key verification failed. So they should be used with scp command in your case.
Also, destination path of artifact files must be started from testuser's home directory (Tilde character ~). Otherwise you may face Permission denied error.

Getting gitlab-runner 10.0.2 cloning repo using ssh

I have a gitlab installation and I am trying to setup a gitlab-runner using a docker executor. All ok until tests start running and then since my projects are private and they have no http access enabled, they fail at clone time with:
Running with gitlab-runner 10.0.2 (a9a76a50)
on Jupiter-docker (5f4ed288)
Using Docker executor with image fedora:26 ...
Using docker image sha256:1f082f05a7fc20f99a4ccffc0484f45e6227984940f2c57d8617187b44fd5c46 for predefined container...
Pulling docker image fedora:26 ...
Using docker image fedora:26 ID=sha256:b0b140824a486ccc0f7968f3c6ceb6982b4b77e82ef8b4faaf2806049fc266df for build container...
Running on runner-5f4ed288-project-5-concurrent-0 via 2705e39bc3d7...
Cloning repository...
Cloning into '/builds/pmatos/tob'...
remote: Git access over HTTP is not allowed
fatal: unable to access 'https://gitlab.linki.tools/pmatos/tob.git': The requested URL returned error: 403
ERROR: Job failed: exit code 1
I have looked into https://docs.gitlab.com/ee/ci/ssh_keys/README.html
and decided to give it a try so my .gitlab-ci.yml starts with:
image: fedora:26
before_script:
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
... JOBS...
I setup the SSH_PRIVATE_KEY correctly, etc but the issue is that the cloning of the project happens before before_script. I then tried to start the container with -v /home/pmatos/gitlab-runner_ssh:/root/.ssh but still the cloning is trying to use HTTP. How can I force the container to clone through ssh?

Due to the way gitlab CI works, CI requires https access to the repository. Therefore if you enable CI, you need to have https repo access enabled as well.
This is however, not an issue privacy wise as making the container https accessible doesn't stop gitlab from checking if you're authorized to access it.

I then tried to start the container with -v /home/pmatos/gitlab-runner_ssh:/root/.ssh but still the cloning is trying to use HTTP
Try at least if possible within your container to add a
git config --global url.ssh://git#.insteadOf https://
(assuming the ssh user is git)
That would make any clone of any https URL use ssh.

Ambari 2.2 - exiting with non-zero status code on Ubuntu 14.04 Docker container

TL;DR - Dockerized Ambari on Ubuntu 14.04 Docker container throws error upon startup with default configurations
I'm attempting to Dockerize an Ambari deployment to support running it along side my Hadoop containers. Here is my Dockerfile:
FROM ubuntu:14.04
ENV AMBARI_HOME /opt/ambari
ENV AMBARI_VERSION 2.2.0.0
RUN export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get -y install wget software-properties-common python-software-properties openssh-client openssh-server
# Install Java.
RUN \
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | debconf-set-selections && \
add-apt-repository -y ppa:webupd8team/java && \
apt-get update && \
apt-get install -y oracle-java8-installer && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/oracle-jdk8-installer
# Define commonly used JAVA_HOME variable
ENV JAVA_HOME /usr/lib/jvm/java-8-oracle
RUN mkdir -p "$AMBARI_HOME"
WORKDIR $AMBARI_HOME
# passwordless ssh
RUN export DEBIAN_FRONTEND=noninteractive \
&& echo -e 'y\n'|ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa \
&& cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
RUN export DEBIAN_FRONTEND=noninteractive \
&& wget -nv http://public-repo-1.hortonworks.com/ambari/ubuntu14/2.x/updates/2.2.0.0/ambari.list -O /etc/apt/sources.list.d/ambari.list \
&& apt-key adv --recv-keys --keyserver keyserver.ubuntu.com B9733A7A07513CAD \
&& apt-get update \
&& apt-get -y install ambari-server
#Disable SELinux
RUN echo SELINUX=disabled >> /etc/selinux/config
EXPOSE 8080
RUN ambari-server setup -s --verbose --java-home $JAVA_HOME
CMD ambari-server start
When I start the container I get the following error -
Using python /usr/bin/python2
Starting ambari-server
Ambari Server running with administrator privileges.
About to start PostgreSQL
Organizing resource files at /var/lib/ambari-server/resources...
WARNING: setpgid(73, 0) failed - [Errno 13] Permission denied
Server PID at: /var/run/ambari-server/ambari-server.pid
Server out at: /var/log/ambari-server/ambari-server.out
Server log at: /var/log/ambari-server/ambari-server.log
Waiting for server start.........
ERROR: Exiting with exit code -1.
REASON: Ambari Server java process died with exitcode -1. Check /var/log/ambari-server/ambari-server.out for more information.
There doesn't seem to be anything useful in the ambari-server.log or .out
I found an issue for WARNING: setpgid(73, 0) failed - [Errno 13] Permission denied fixed here: setpgid issue
From reading the HortonWorks docs for deploying to Ubuntu 14.04, this should work:
Install Ambari on Ubuntu 14.04
I've tried to deploy with the embedded Postges as well as an external one with the same results.
One interesting note is that even with the error, Ambari appears to be up and I can login as the default admin/admin, but when calling `ambari-server stop' it says no process is running...
root#3e6d778b43f8:/opt/ambari# ambari-server stop
Using python /usr/bin/python2
Stopping ambari-server
Ambari Server is not running
root#3e6d778b43f8:/opt/ambari# jps
868 AmbariServer
955 Jps
I'll replicate this setup on my Ubuntu box tomorrow and see if the same thing happens.
Thanks!
Edit #1: docker info
vagrant#vagrant-ubuntu-trusty-64:/vagrant/scripts$ docker info
Containers: 14
Images: 161
Server Version: 1.9.1
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 189
Dirperm1 Supported: false
Execution Driver: native-0.2
Logging Driver: json-file
Kernel Version: 3.13.0-44-generic
Operating System: Ubuntu 14.04.1 LTS
CPUs: 1
Total Memory: 3.861 GiB
Name: vagrant-ubuntu-trusty-64
ID: 7AD6:Z5TH:76NW:G54B:IHVK:PWKP:E2LI:CRPI:MIGM:STJU:3D2B:K7EQ
WARNING: No swap limit support
vagrant#vagrant-ubuntu-trusty-64:/vagrant/scripts$ docker version
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.2
Git commit: a34a1d5
Built: Fri Nov 20 13:12:04 UTC 2015
OS/Arch: linux/amd64
Server:
Version: 1.9.1
API version: 1.21
Go version: go1.4.2
Git commit: a34a1d5
Built: Fri Nov 20 13:12:04 UTC 2015
OS/Arch: linux/amd64
docker is running inside of a Vagrant Virtualbox instance (v1.8.1)

I had same problem with ambari-server inside docker on ubuntu 14.04. Could you try the following
Workaround the aufs problem
Inside /etc/default/docker add
DOCKER_OPTS="--storage-driver=devicemapper"
and restart the docker service. Note that after this all your images will disappear (http://muehe.org/posts/switching-docker-from-aufs-to-devicemapper/). Rebuild your images.
To be honest I'm not 100% sure if this part is really needed.
After switching from aufs to devicemapper you might get the following error:
ERROR: Could not find container for entity id
The solution was to remove the old AUFS db and any existing containers:
sudo rm -rf /var/lib/docker/containers/*
sudo rm -rf /var/lib/docker/linkgraph.db
Restarting your docker images/containers should now work on the devicemapper engine.
Put apparmor into complain mode for docker
Inside /etc/apparmor.d/docker comment out (#) line deny #{PROC}/{*,**^[0-9*],sys/kernel/shm*} wkx,, it somehow confuses apparmor utils. Than run
sudo aa-complain /etc/apparmor.d/docker
If aa-complain throws command not found, install:
sudo apt-get install apparmor-utils
After starting the container ambari-server started working for me.
I dont know how docker relies here on apparmor, i.e. what risks the operation above introduces...

It looks like there's an issue deploying Ambari to a docker container.. I broke it out and installed it onto a Vagrant 14.04 Ubuntu VM wit the following scripts:
install_java.sh
#!/bin/bash
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | debconf-set-selections && \
add-apt-repository -y ppa:webupd8team/java && \
apt-get update && \
apt-get install -y oracle-java8-installer && \
rm -rf /var/lib/apt/lists/* && \
rm -rf /var/cache/oracle-jdk8-installer
install_ambari.sh
#!/bin/bash
export DEBIAN_FRONTEND=noninteractive \
&& wget -nv http://public-repo-1.hortonworks.com/ambari/ubuntu14/2.x/updates/2.2.0.0/ambari.list -O /etc/apt/sources.list.d/ambari.list \
&& apt-key adv --recv-keys --keyserver keyserver.ubuntu.com B9733A7A07513CAD \
&& apt-get update \
&& apt-get -y install ambari-server
Followed by:
sudo ambari-server setup -s -v -j $JAVA_HOME
sudo ambari-server start -v
#thaJeztah - what do I need to fix with my Dockerfile setup?