Is there any way of executing a console command on the host machine when a specific VZ container is started (and/or stopped)? Something like in the /etc/network/interfaces where you can specify an on up and on down command.
Yes, You can setup the cron on your VPS to start the network service. You will have to setup the cron #reboot on your VPS.
Related
We have an application which uses SSH to copy artifact from one node to other. While creating the Docker image (Linux Centos 8 based), I have installed the Openssh server and client, when I run the image from Docker command and exec into it, I am successfully able to run the SSH command and I also see the port 22 enabled and listening ( $ lsof -i -P -n | grep LISTEN).
But if I start a POD/Container using the same image in the Kubernetes cluster, I do not see port 22 enabled and listening inside the container. Even if I try to start the sshd from inside the k8s container then it gives me below error:
Redirecting to /bin/systemctl start sshd.service Failed to get D-Bus connection: Operation not permitted.
Is there any way to start the K8s container with SSH enabled?
There are three things to consider:
Like David said in his comment:
I'd redesign your system to use a communication system that's easier
to set up, like with HTTP calls between pods.
If you put a service in front of your deployment, it is not going to relay any SSH connections. So you have to point to the pods directly, which might be pretty inconvenient.
In case you have missed that: you need to declare port 22 in your deployment template.
Please let me know if that helped.
Background: I need to change the payara-server master-password. According to the docs the master-password must match the password in the keystore & truststore for the SSL Certificates to work properly. To make my website run on https instead of http.
I got Payara-Server running in a Docker Container through the guide:
I tried to change the payaradomain master-password, but I get an acyclic error.
1. made sure the payara-domain isn't running.
- ./asadmin stop-domain --force=true payaradomain
When I run this command, instead domain1 gets killed. & then kicked out of the docker container:
./asadmin stop-domain --kill=true payaradomain
When I execute this command:
./asadmin list-domains
Response:
domain1 running
payaradomain not running
Command list-domains executed successfully.
Then tried command:
./asadmin stop-domain --force=true payaradomain
Response:
CLI306: Warning - The server located at /opt/payara41/glassfish/domains/payaradomain is not running.
I'm happy with that, but when I try:
./asadmin change-master-password payaradomain
I get this response:
Domain payaradomain at /opt/payara41/glassfish/domains/payaradomain is running. Stop it first.
I have attached the picture below: please help...
If you want to configure Payara server in docker, including the master password, you should do it by creating your own docker image by extending the default Payara docker image. This is the simplest Dockerfile:
FROM payara/server-full
# specify a new master password "newpassword" instead of the default password "changeit"
RUN echo 'AS_ADMIN_MASTERPASSWORD=changeit\nAS_ADMIN_NEWMASTERPASSWORD=newpassword' >> /opt/masterpwdfile
# execute asadmin command to apply the new master password
RUN ${PAYARA_PATH}/bin/asadmin change-master-password --passwordfile=/opt/masterpwdfile payaradomain
Then you can build your custom docker image with:
docker build -t my-payara/server-full .
And then run my-payara/server-full instead of payara/server-full.
Also note that with the default Payara docker image, you should specify the PAYARA_DOMAIN variable to run payaradomain instead of domain1, such as:
docker run --env PAYARA_DOMAIN=payaradomain payara/server-full
The sample Dockerfile above redefines this variable so that payaradomain is used by default, without need to specify it when running the container.
Alternative way to change master password
You cn alternatively run the docker image without running Payara Server. Instead, you can run bash shell first, perform necessary commands in the console and the run the server from the shell.
To do that, you would run the docker image with:
docker run -t -i --entrypoint /bin/bash payara/server-full
The downside of this approach is that the docker container runs in foreground and if you restart it then payara server has to be started again manually, so it's really only for testing purposes.
The reason you get the messages saying payaradomain is running is because you have started domain1. payaradomain and domain1 use the same ports and the check to see if a domain is running looks to see if the admin port for a given domain are in use.
In order to change the master password you must either have both domains stopped or change the admin port for payaradomain.
instead of echoing passwords in the dockerfile it is safer to COPY a file during build containing the passwords and remove that when the build is finished.
I have server with debian operating system. I installed docker on it and it works fine, as you can see as follow:
root#3053b0461a3c:/# which wget
/usr/bin/wget
root#3053b0461a3c:/#
An ubuntu based container is running.
Then I started a second terminal, connect via ssh to server and type in console
docker ps
But as output I've got the message:
Cannot connect to the Docker daemon. Is the docker daemon running on this host?
Why the docker service is not running?
Unset the environment variable DOCKER_HOST and it should work.
https://github.com/docker/docker/blob/eff810aed688879f67a3730c41d9adce4637470f/docs/installation/ubuntulinux.md
Try unset DOCKER_HOST
In most unix-based (or -like) environments that I've seen there is the concept of environment variables, which can be considered as dynamic configuration. The 2 functions available are:
set which sets to an environment variable a special value
unset which removes an environment variable.
On the case of DOCKER_HOST, docker uses this variable to know whether it should attach to a network host, e.g. tcp://192.137.23.11 or to a local Unix socket.
I am new to docker. In our docker environment - Apache has been installed and it is up and running.
Now I need to get into the container, modify the httpd.conf, save it and then I need to restart the apache.
Can you guys please let me know, what needs to be done.
I am pretty much confused about -
'exec' and 'attach' commands.
No need to attach or exec (which is really a debug feature anyway)
You can use docker cp to copy a local version of your httpd.conf to the container. (That way, you can modify the file from the comfort of your local environment)
docker cp httpd.conf <yourcontainer_name>:/path/to/httpd.conf
Once that is done, you can send an USR1 signal to ask for a graceful restart (see docker kill syntax):
docker kill --signal="USR1" <yourcontainer_name>
Replace <yourcontainer_name> by the container id or name which is running Apache.
That will only work if the main process launched by your container is
CMD ["apachectl", "-DFOREGROUND"]
See more at "Docker: How to restart a service running in Docker Container"
To update Apache configs you need to:
Replace Apache configs.
If you have config folder mapped from outside of container you should update configs outside of container.
If your apache configs are stored inside of container, you will need to run something like this:
docker cp httpd.conf YOUR_CONTAINER_NAME:/path/to/httpd.conf
Do Graceful Apache restart:
sudo docker exec -it YOUR_CONTAINER_NAME apachectl graceful
Enter a container by opening a bash shell:
docker exec -it containerName bash
I guess you better just reload apache config and not reboot apache.
But I wouldn't go this route and just modify Dockerfile and rebuild and rerun the image.
edit for link: https://docs.docker.com/engine/reference/commandline/exec/
I'm using fabric to remotely start a micro aws server, install git and a git repository, adjust apache config and then restart the server.
If at any point, from the fabfile I issue either
sudo('service apache2 restart') or run('sudo service apache2 restart') or a stop and then a start, the command apparently runs, I get the response indicating apache has started, for example
[ec2-184-73-1-113.compute-1.amazonaws.com] sudo: service apache2 start
[ec2-184-73-1-113.compute-1.amazonaws.com] out: * Starting web server apache2
[ec2-184-73-1-113.compute-1.amazonaws.com] out: ...done.
[ec2-184-73-1-113.compute-1.amazonaws.com] out:
However, if I try to connect, the connection is refused and if I ssh into the server and run
sudo service apache2 status it says that "Apache is NOT running"
Whilst sshed in, if run
sudo service apache start, the server is started and I can connect. Has anyone else experienced this? Or does anyone have any tips as to where I could look, in log files etc to work out what has happened. There is nothing in apache2/error.log, syslog or auth.log.
It's not that big a deal, I can work round it. I just don't like such silent failures.
Which version of fabric are you running?
Have you tried to change the pty argument (try to change shell too, but it should not influence things)?
http://docs.fabfile.org/en/1.0.1/api/core/operations.html#fabric.operations.run
You can set the pty argument like this:
sudo('service apache2 restart', pty=False)
Try this:
sudo('service apache2 restart',pty=False)
This worked for me after running into the same problem. I'm not sure why this happens.
This is an instance of this issue and there is an entry in the FAQ that has the pty answer. Unfortunately on CentOS 6 doesn't support pty-less sudo commands and I didn't like the nohup solution since it killed output.
The final entry in the issue mentions using sudo('set -m; service servicename start'). This turns on Job Control and therefore background processes are put in their own process group. As a result they are not terminated when the command ends.
When connecting to your remotes on behalf of a user granted enough privileges (such as root), you can manage system services as shown below:
from fabtools import service
service.restart('apache2')
https://fabtools.readthedocs.org/en/0.13.0/api/service.html
P.S. Its requires the installation of fabtools
pip install fabtools
Couple of more ways to fix the problem.
You could run the fab target with --no-pty option
fab --no-pty <task>
Inside fabfile, set the global environment variable always_use_pty to False, before your target code executes
env.always_use_pty = False
using pty=False still didn't solve it for me. The solution that ended up working for me is doing a double-nohup, like so:
run.sh
#! /usr/bin/env bash
nohup java -jar myapp.jar 2>&1 &
fabfile.py
...
sudo("nohup ./run.sh &> nohup.out", user=env.user, warn_only=True)
...