I have result after grep truststore.jks
Command for grep
keytool -list -v -keystore ./truststore.jks -storepass **** | grep "until"
Result
Valid from: Mon Jun 04 13:17:22 MSK 2018 until: Fri Jun 04 13:27:21 MSK 2038
Valid from: Mon Jun 04 16:17:00 MSK 2018 until: Sun Jun 04 16:27:00 MSK 2023
Valid from: Mon Mar 07 12:35:36 MSK 2022 until: Sun Mar 07 12:45:36 MSK 2027
Then i need to get only date after "until:" but in format like 'dd-mm-yyyy HH:MM:SS'
Result must be
04-06-2038 13:27:21
04-06-2023 16:27:00
07-03-2027 12:45:36
I do it for task, which can monitoring when certificates will be end
Related
I have been trying to get a OpenVPN client running with docker. But I got this error while setting up. My VPN provider is Private Internet Access. This is the Docker Image I used.
docker-compose up -d && docker logs -f openvpn
openvpn
openvpn
Creating openvpn
Wed Dec 18 02:17:32 2019 OpenVPN 2.4.7 armv6-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 6 2019
Wed Dec 18 02:17:32 2019 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Wed Dec 18 02:17:32 2019 TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1197
Wed Dec 18 02:17:32 2019 UDP link local: (not bound)
Wed Dec 18 02:17:32 2019 UDP link remote: [AF_INET][IP]:1197
Wed Dec 18 02:17:32 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Dec 18 02:17:33 2019 [[LONG_RANDOM_STRING]] Peer Connection Initiated with [AF_INET][IP]:1197
Wed Dec 18 02:17:39 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Dec 18 02:17:39 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Wed Dec 18 02:17:39 2019 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Wed Dec 18 02:17:39 2019 TUN/TAP device tun0 opened
Wed Dec 18 02:17:39 2019 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 18 02:17:39 2019 /sbin/ip addr add dev tun0 local [SHORTER_IP] peer [SHORTER_IP]
Wed Dec 18 02:17:39 2019 Initialization Sequence Completed
Wed Dec 18 02:17:49 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Dec 18 02:17:59 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Dec 18 02:18:05 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Dec 18 02:18:05 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Dec 18 02:18:15 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Dec 18 02:18:25 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Dec 18 02:18:35 2019 Authenticate/Decrypt packet error: packet HMAC authentication failed
Wed Dec 18 02:18:39 2019 [[LON_RANDOM_STRING]] Inactivity timeout (--ping-restart), restarting
Wed Dec 18 02:18:39 2019 SIGUSR1[soft,ping-restart] received, process restarting
Wed Dec 18 02:18:44 2019 TCP/UDP: Preserving recently used remote address: [AF_INET][IP]:1197
Wed Dec 18 02:18:44 2019 UDP link local: (not bound)
Wed Dec 18 02:18:44 2019 UDP link remote: [AF_INET][IP]:1197
Wed Dec 18 02:18:45 2019 [[LONG_RANDOM_STRING]] Peer Connection Initiated with [AF_INET][IP]:1197
Wed Dec 18 02:18:46 2019 AUTH: Received control message: AUTH_FAILED
Wed Dec 18 02:18:46 2019 SIGUSR1[soft,auth-failure (auth-token)] received, process restarting
These are the files I use:
[pia.ovpn]
client
dev tun
proto udp
remote [server].privateinternetaccess.com 1197
resolv-retry infinite
keepalive 10 60
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
auth-user-pass /vpn/vpn.auth
comp-lzo
verb 1
reneg-sec 0
redirect-gateway def1
disable-occ
fast-io
ca /vpn/ca.rsa.2048.crt
crl-verify /vpn/crl.rsa.2048.pem
vpn.auth contains my username and password. ca.rsa.2048.crt and crl.rsa.2048.pem I both got from this PIA support page.
Not sure if it is relevant, but this is the dockerfile I used.
version: '2'
services:
openvpn:
image: dperson/openvpn-client:armhf
container_name: openvpn
cap_add:
- net_admin
environment:
- TZ=[timezone]
networks:
- vpn
read_only: true
tmpfs:
- /run
- /tmp
restart: always
security_opt:
- label:disable
stdin_open: true
tty: true
volumes:
- /dev/net:/dev/net:z
- [PATH_TO]/vpn:/vpn
networks:
vpn:
I hope that someone sees what goes wrong here!
As I can see in your logs you've received Inactivity timeout (--ping-restart), restarting message after successfull connection in short period of time.
I had the same issue.
My client successfully connected and in few seconds (20-40) has been restarted.
In my case I've actually run two clients with the same client name (CN) on different hosts.
To fix it I've generated different clients for each host.
For me, the problem was using default PIA config. Once I switched to OPENVPN CONFIGURATION FILES (STRONG), the problem was gone.
You can find the configs at https://www.privateinternetaccess.com/helpdesk/kb/articles/where-can-i-find-your-ovpn-files-2, and if the link goes down, try googling "pia config".
We started to monitor docker events in our k8s cluster and noticed that are a lot of Kill/Die/Stop/Destroy for various containers in a short time period.
Is that normal? (I assume it's not)
Aparently is not a capacity problem:
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
---- ------ ----------------- ------------------ ------ -------
OutOfDisk False Thu, 16 Aug 2018 11:19:30 -0300 Tue, 14 Aug 2018 14:02:37 -0300 KubeletHasSufficientDisk kubelet has sufficient disk space available
MemoryPressure False Thu, 16 Aug 2018 11:19:30 -0300 Tue, 14 Aug 2018 14:02:37 -0300 KubeletHasSufficientMemory kubelet has sufficient memory available
DiskPressure False Thu, 16 Aug 2018 11:19:30 -0300 Tue, 14 Aug 2018 14:02:37 -0300 KubeletHasNoDiskPressure kubelet has no disk pressure
PIDPressure False Thu, 16 Aug 2018 11:19:30 -0300 Fri, 11 May 2018 16:37:48 -0300 KubeletHasSufficientPID kubelet has sufficient PID available
Ready True Thu, 16 Aug 2018 11:19:30 -0300 Tue, 14 Aug 2018 14:02:37 -0300 KubeletReady kubelet is posting ready status
All Pods shows status "Running"
Any tips on how debug it further?
You can inspect the docker container status as following commands on the node hosts where runs pods on.
docker inspect <container id>
More option is here
And events logs and journal logs are helpful to debug.
kubectl get events
journalctl --no-pager
While running the docker-compose up for git project
Linked-Data-Theater
I am getting error standard_init_linux.go:195: exec user process caused "no such file or directory
Below is a stack trace,
ifour.techno#ifour-137 MINGW64 /d/test/Docker/LinkData_Theater_Repo/Linked-Data-Theatre (master)
$ docker-compose up
Starting virtuoso ...
Starting ldt ... done
Attaching to virtuoso, ldt
virtuoso | standard_init_linux.go:195: exec user process caused "no such file or directory"
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Server version: Apache Tomcat/7.0.85
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Server built: Feb 7 2018 18:52:33 UTC
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Server number: 7.0.85.0
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: OS Name: Linux
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: OS Version: 4.4.111-boot2docker
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Architecture: amd64
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Java Home: /usr/lib/jvm/java-8-openjdk-amd64/jre
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: JVM Version: 1.8.0_151-8u151-b12-1~deb9u1-b12
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: JVM Vendor: Oracle Corporation
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: CATALINA_BASE: /usr/local/tomcat
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: CATALINA_HOME: /usr/local/tomcat
virtuoso exited with code 1
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Command line argument: -Dignore.endorsed.dirs=
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Command line argument: -Dcatalina.base=/usr/local/tomcat
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Command line argument: -Dcatalina.home=/usr/local/tomcat
ldt | Mar 01, 2018 7:35:47 AM org.apache.catalina.startup.VersionLoggerListener log
ldt | INFO: Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
ldt | Mar 01, 2018 7:35:48 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
ldt | INFO: Loaded APR based Apache Tomcat Native library 1.2.16 using APR version 1.5.2.
ldt | Mar 01, 2018 7:35:48 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
ldt | INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
ldt | Mar 01, 2018 7:35:48 AM org.apache.catalina.core.AprLifecycleListener initializeSSL
ldt | INFO: OpenSSL successfully initialized (OpenSSL 1.1.0f 25 May 2017)
ldt | Mar 01, 2018 7:35:48 AM org.apache.coyote.AbstractProtocol init
ldt | INFO: Initializing ProtocolHandler ["http-apr-8080"]
ldt | Mar 01, 2018 7:35:48 AM org.apache.coyote.AbstractProtocol init
ldt | INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
ldt | Mar 01, 2018 7:35:48 AM org.apache.catalina.startup.Catalina load
ldt | INFO: Initialization processed in 890 ms
ldt | Mar 01, 2018 7:35:48 AM org.apache.catalina.core.StandardService startInternal
ldt | INFO: Starting service Catalina
ldt | Mar 01, 2018 7:35:48 AM org.apache.catalina.core.StandardEngine startInternal
ldt | INFO: Starting Servlet Engine: Apache Tomcat/7.0.85
ldt | Mar 01, 2018 7:35:48 AM org.apache.coyote.AbstractProtocol start
ldt | INFO: Starting ProtocolHandler ["http-apr-8080"]
ldt | Mar 01, 2018 7:35:48 AM org.apache.coyote.AbstractProtocol start
ldt | INFO: Starting ProtocolHandler ["ajp-apr-8009"]
In this stack trace, you can see that standard_init_linux.go:195: exec user process caused "no such file or directory
below is my docker-compose.yml file,
version: '2'
services:
ldt:
privileged: true
container_name: ldt
image: tomcat:7-jre8
hostname: ldt.local
ports:
- "8080:8080"
volumes:
- ./webapps:/usr/local/tomcat/webapps
- ./shared_import:/usr/local/tomcat/temp:z
networks:
- ldt
virtuoso:
privileged: true
container_name: virtuoso
build:
context: virtuoso
hostname: virtuoso.local
ports:
- "1111:1111"
- "8890:8890"
environment:
DBA_PASSWORD: "dba"
SPARQL_UPDATE: "true"
VIRTUOSO_DBA_PWD: dba
volumes:
- ./virtuoso_data:/var/lib/virtuoso/db:z
- ./shared_import:/var/lib/virtuoso/usr/local/tomcat/temp:z
networks:
- ldt
networks:
ldt:
external:
name: ldt
What is missing? I am a beginner in docker so please help me regarding this problem also give me suggestions. I have googled it but didn't find the problem solution anywhere.
I have also tried the docker-compose up --build but getting the same error as above.
There might be couple of reasons for the issue you are facing, I resolved the same issue by trying the following:-
Ensure all the folders exists, which looks fine in your docker compose
Copying some shell script files from windows to unix docker container, ensure you execute dos2unix command after copy. While copying special characters are added which may result in the above issue.
Please add your docker file, its possible issue is in docker file and not in docker-compose
This answer is applicable if you use Windows as host OS.
Yml file does not allow to pinpoint the exact place of the problem.
The problem seems to be inside your virtuoso container. You need to look at the files that this container runs when it starts. Quite likely it has an .sh file that has wrong line endings format. Line endings in the file(s) were converted at some point from Unix format (LF) to Windows format (CR LF).
If such conversion happens to .sh file that will be running inside Docker container, Linux will not recognize Windows format of end of line and will treat the whole file as a single line. It will lead to an error like standard_init_linux.go:XXX: exec user process caused "no such file or directory"
Cause
The EOL conversion could happen because one of the following:
your local Git is configured to automatically convert line endings to Windows format (autocrlf = true) when you git pull sources
you saved one of the files in some editor in Windows, so it was saved with CR LF line endings
Solution
As a quick fix you can open the file in Notepad++, go to menu Edit/EOL Conversion/Unix, and then save the file
Another quick fix: use CLI tool dos2unix to convert files from command line
Change git configuration by turning off automatic conversion to Windows EOL format:
git config --global core.autocrlf input
It will change the setting globally, for all repositories on your machine.
You can also set it per repository.
See https://help.github.com/articles/dealing-with-line-endings/ for more details.
I have a dockerized server process that merely listens on a port 5000
[admin#gol05854 compose]$ cat ../proc1/server.sh
#!/bin/sh
echo `date` "Starting server"
nc -v -l -p 5000
echo `date` "Exiting server"
I have a client that is expected to continuously send messages to the server:
[admin#gol05854 compose]$ cat ../client/client.sh
#!/bin/sh
echo `date` "Starting client"
while true
do
date
done | nc my_server 5000
echo `date` "Ending client"
I start these together using compose. However, the server exits with following messages:
[admin#gol05854 compose]$ docker logs e1_my_server_1
Wed Oct 26 04:10:34 UTC 2016 Starting server
listening on [::]:5000 ...
connect to [::ffff:172.27.0.2]:5000 from e1_my_client_1_1.e1_default:36500 ([::ffff:172.27.0.3]:36500)
Wed Oct 26 04:10:36 UTC 2016
Wed Oct 26 04:10:36 UTC 2016
Wed Oct 26 04:10:36 UTC 2016
Wed Oct 26 04:10:36 UTC 2016
Wed Oct 26 04:10:36 UTC 2016
Exiting server
What is surprising is that if the same containers are started without compose, using docker run, the server remains running.
What is it that docker compose does that causes the server to exit after receiving a few messages?
The code can be found at https://github.com/yashgt/dockerpoc
I installed mongodb using this: http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/
When I run mongod, I get this:
mongod --help for help and startup options
Fri Mar 1 18:11:06
Fri Mar 1 18:11:06 warning: 32-bit servers don't have journaling enabled by default. Please use --journal if you want durability.
Fri Mar 1 18:11:06
Fri Mar 1 18:11:06 [initandlisten] MongoDB starting : pid=6265 port=27017 dbpath=/data/db/ 32-bit host=aboelseoud
Fri Mar 1 18:11:06 [initandlisten]
Fri Mar 1 18:11:06 [initandlisten] ** NOTE: when using MongoDB 32 bit, you are limited to about 2 gigabytes of data
Fri Mar 1 18:11:06 [initandlisten] ** see http://blog.mongodb.org/post/137788967/32-bit-limitations
Fri Mar 1 18:11:06 [initandlisten] ** with --journal, the limit is lower
Fri Mar 1 18:11:06 [initandlisten]
Fri Mar 1 18:11:06 [initandlisten] db version v2.2.3, pdfile version 4.5
Fri Mar 1 18:11:06 [initandlisten] git version: f570771a5d8a3846eb7586eaffcf4c2f4a96bf08
Fri Mar 1 18:11:06 [initandlisten] build info: Linux bs-linux32.10gen.cc 2.6.21.7-2.fc8xen #1 SMP Fri Feb 15 12:39:36 EST 2008 i686 BOOST_LIB_VERSION=1_49
Fri Mar 1 18:11:06 [initandlisten] options: {}
Fri Mar 1 18:11:06 [initandlisten] exception in initAndListen: 10296
*********************************************************************
ERROR: dbpath (/data/db/) does not exist.
Create this directory or give existing directory in --dbpath.
See http://dochub.mongodb.org/core/startingandstoppingmongo
*********************************************************************
, terminating
Fri Mar 1 18:11:06 dbexit:
Fri Mar 1 18:11:06 [initandlisten] shutdown: going to close listening sockets...
Fri Mar 1 18:11:06 [initandlisten] shutdown: going to flush diaglog...
Fri Mar 1 18:11:06 [initandlisten] shutdown: going to close sockets...
Fri Mar 1 18:11:06 [initandlisten] shutdown: waiting for fs preallocator...
Fri Mar 1 18:11:06 [initandlisten] shutdown: closing all files...
Fri Mar 1 18:11:06 [initandlisten] closeAllFiles() finished
Fri Mar 1 18:11:06 dbexit: really exiting now
When I type mongo, I get this:
MongoDB shell version: 2.2.3
connecting to: test
Fri Mar 1 18:13:00 Error: couldn't connect to server 127.0.0.1:27017 src/mongo/shell/mongo.js:91
exception: connect failed
When I browse into localhost:3000, I get this:
Moped::Errors::ConnectionFailure in MembersController#lawlab
Could not connect to any secondary or primary nodes for replica set <Moped::Cluster nodes=[<Moped::Node resolved_address="127.0.0.1:27017">]>
What am I missing here?
Should create data/db/ folder and give access to your user to that folder.
For clarity sake: there is a difference between creating data/db folder vs. /data/db. One is installed in the root, one is not. So, you should create /data/db/ folder and then give access to the folder by using sudo chown -R /data/db/