I had a working MySQL install and I tried to migrate it to MariaDB. I also have Docker, which seems to block /usr/sbin/mysqld via AppArmor.
To be clear, I’m not using Docker currently (but I’d like to not have to remove it since I will be using it soon).
The problem I’m having is when I’m trying to load my project, served by good old Apache, in the browser. I’m getting a SQLSTATE[HY000] [2002] No such file or directory error message.
The workaround right now is to force AppArmor to unblock mysqld:
sudo apparmor_parser -v -R /etc/apparmor.d/usr.sbin.mysqld && sudo systemctl restart mariadb
This works, but I have to redo it after every system boot.
aa-status clearly shows who the culprit is:
4 processes are in enforce mode.
...
/usr/sbin/mysqld (2960) docker-default
After running the workaround above, this line disappears from aa-status and everything works perfectly.
How can I permanently disable this "protection" from the docker-default profile?
Related
I have installed a online IDE backend architecture Judge0 for a coding web app. I am running a container in docker. The problem is that judge0 works only with cgroupV1 not with cgroupV2. So I am facing a issue here where on running the app I am getting interal error.
On researching judge0 github repo I found the issue is due to cgroupv2 being used by default.
On running command
grep cgroup /proc/mounts
I am getting output as
cgroup2 /sys/fs/cgroup cgroup2
rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0
I need to change the whole permission to cgroup1 not to cgroup2. Even after running editing the GRUB_CMDLINE_LINUX line in /etc/default/grub and running
sudo update-grub
I am not able to resolve the issue. Need help on how to change permission to cgroup1 in ubuntu 22.04
We're trying to get a SAP HanaExpress container running on a VM that has FIPS mode enabled, but it will not start up due to a FATAL FIPS SELFTEST FAILURE error. The VM is running CentOS 7, though I'm not sure that matters. I've read several articles/posts and it appears the running container does recognize that FIPS mode is enabled, but the service still doesn't work. Both of these checks work:
cat /proc/sys/crypto/fips_enabled
sysctl crypto.fips_enabled
The container is running in privileged mode and the /etc/system-fips file is mounted into the container as well. Is there anything else I need to check to make this work or at least debug the issue? I have a feeling there's something small, and not HanaExpress specific, that I'm missing, but I just haven't found it yet.
Edit1: It looks like the issue is Docker and not the container. I finally found info that fips mode should be reported as active when you run the docker info command, but it wasn't showing up. CentOS 7 installs the 1.13.1 version, which appears to be too old, so I downloaded and installed 20.10.9. However, even following the instructions provided by docker, it's not reporting fips mode as active. If anyone else has had this issue and solved it, any advice would be great.
/proc/... files are READ-only files
If you don't need FIPS enabled, then try this and see if it goes away. https://www.thegeekdiary.com/how-to-disable-fips-mode-on-centos-rhel-7/
then test if fips is enabled or not by running sysctl -a 2>/dev/null | grep fips_enabled and see if sudo yum list installed | grep "dracut.fips" shows dracut-fips is installed or not.
I believe that if the HOST OS where you are running Docker container has this disabled, then you may not see this error
while deploying docker images on the production server using docker-compose, I got the following error.
Cannot create container for service xxx: open /var/lib/docker/overlay2/969rf5...fdf-init/merged/etc/resolv.conf: Operation not permitted
What I tried:
Changed permissions ( So much so that gave 777 for all the directories involved)
Upgraded kernel (Saw somewhere that it could be kernel issue)
Removed ACL using setfacl -Rb /var/lib/docker
Added the "graph: /var/lib/docker" line in daemon.json
Restarted docker service couple of times.
Tried running the images individually and not using docker-compose.
Tried running with sudo
Set the --storage-opt overlay2.override_kernel_check=1 (Since it is rhel and kernel version supported for docker overlay2 is >4.0, so was suggested to override it.)
I failed everytime!
Have no idea what the issue is or what it could be. Every time I run the docker-compose file, it creates a new directory in /var/lib/docker/overlay2 with old permissions even though I change the permissions for all the other directories in it. At this point I'm not even sure if it is permissions issue or not.
Any help would be appreciated! Thank you!
Finally after trying everything on the internet and nothing working out, the issue was resolved. It was due to the Antivirus that was installed on the server. Had it removed by the client and docker/docker-compose started working absolutely fine.
To give a little more information on the antivirus, it was some FIM antivirus that was installed on a rhel 3.10-xxx which was blocking docker. It was an older version and thank goodness newer versions are compatible with docker. So that's a wrap, thank you all!
I'm reading through makeitopen.com and want to run the F8 app.
The instructions say to install the following dependencies:
Yarn
Watchman
Docker
Docker Compose
I've run brew install on all of these, and none appeared to indicate that any of them had already been installed. I have not done any config or setup or anything on any of these new packages.
The next step is to run yarn server and here's what I got from that:
$ docker-compose up
ERROR: Couldn't connect to Docker daemon at http+docker://localhost - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
error Command failed with exit code 1.
Not having any experience with any of these packages, I don't really know what to do (googling brings up so many different scenarios). What do I do now?
PS. Usually when I work with React Native I run npm start to start the expo-ready app, but the F8 project doesn't respond to npm start.
UPDATE (sort of):
I ran docker-compose up which appeared to run all the docker tasks, and I'm assuming the server is running (although I haven't tried yarn server again).
I continued with the instructions, installing dependencies with yarn (which did appear to throw some errors. quite a few, actually, but also a lot of success).
I then ran yarn ios, and after I put the Facebook SDK in the right folder on my computer, the XCode project opened.
The Xcode build failed. Surprise, right? It did make it through a lot of the tasks. But it can't find FBSDKShareKit/FBSDKShareKit.h (although that file does appear to exist in FBSDKShareKit/Headers/)
Any thoughts? Is there any way in the world I can just run this in expo?
If docker and docker-compose are installed properly, you either need root priviledges or use the docker group to add yourself:
usermod -aG docker your-username
Keep in mind, that all members of the docker usergroup de facto have root access on the host system. Its recommended to only add trusted users and keep precautionary measures to avoid abuse, but this is another topic.
When docker is not working properly, check if it's daemon is running and maybe restart the service:
# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; enabled)
Active: active (running) since Thu 2019-02-28 19:41:47 CET; 3 weeks 3 days ago
Then create the container again using docker-compose up.
Why a simple npm start doesn't work
The package.json file shows that those script exists, but it runs npm start. Looking at the docker-compose.yml file, we see that it creates 5 containers for it's mongo database as well as grapql and the frontend/backend. Without docker, it wouldn't be possible to set up a lot of services that fast. You'd need to install and configure them manually.
At the end your system may be messed up with software, when playing around with different software or developing for multiple open source projects. Docker is a great way to deploy modern applications with keeping them flexible and separated. It's worth to get started with those technology.
I had to force a restart of my linux computer and upon turning back on, nothing related to my Mongodb installation is functioning properly.
My rails app, using Mongoid, is giving this error:
Could not connect to any secondary or primary nodes for replica set <Moped::Cluster nodes=[<Moped::Node resolved_address="127.0.0.1:27017">]>
on attempting to load a page and a similar error in the rails console.
Everything was running smoothly before and I am not sure how to right this ship.
I generally get this error when the mongo daemon is not running. Try running something like this:
sudo mongod --fork --logpath /var/log/mongodb.log --logappend
The method used to automatically start on system boot will vary depending on your OS. What flavor of Linux do you run?
i don't know it is right or wrong way but it always work for me
rm /data/db/mongod.lock
mongod --dbpath /data/db --repair
mongod --dbpath /data/db