We're trying to get a SAP HanaExpress container running on a VM that has FIPS mode enabled, but it will not start up due to a FATAL FIPS SELFTEST FAILURE error. The VM is running CentOS 7, though I'm not sure that matters. I've read several articles/posts and it appears the running container does recognize that FIPS mode is enabled, but the service still doesn't work. Both of these checks work:
cat /proc/sys/crypto/fips_enabled
sysctl crypto.fips_enabled
The container is running in privileged mode and the /etc/system-fips file is mounted into the container as well. Is there anything else I need to check to make this work or at least debug the issue? I have a feeling there's something small, and not HanaExpress specific, that I'm missing, but I just haven't found it yet.
Edit1: It looks like the issue is Docker and not the container. I finally found info that fips mode should be reported as active when you run the docker info command, but it wasn't showing up. CentOS 7 installs the 1.13.1 version, which appears to be too old, so I downloaded and installed 20.10.9. However, even following the instructions provided by docker, it's not reporting fips mode as active. If anyone else has had this issue and solved it, any advice would be great.
/proc/... files are READ-only files
If you don't need FIPS enabled, then try this and see if it goes away. https://www.thegeekdiary.com/how-to-disable-fips-mode-on-centos-rhel-7/
then test if fips is enabled or not by running sysctl -a 2>/dev/null | grep fips_enabled and see if sudo yum list installed | grep "dracut.fips" shows dracut-fips is installed or not.
I believe that if the HOST OS where you are running Docker container has this disabled, then you may not see this error
Related
I am using PyCharm with docker interpreter on macbook with M1. At some point of time it stopped generating code skeletons, providing autocompletion and run debug mode of my code.
When I've tried to run PyCharm in Debug mode it stated me 502 docker error.
Reseting to factory defaults and re-installations didn't helped.
The reason of issue was Docker Desktop's Beta feature Use containerd for pulling and storing images. It failed the whole process. Uncheck it and live happily.
I have installed a online IDE backend architecture Judge0 for a coding web app. I am running a container in docker. The problem is that judge0 works only with cgroupV1 not with cgroupV2. So I am facing a issue here where on running the app I am getting interal error.
On researching judge0 github repo I found the issue is due to cgroupv2 being used by default.
On running command
grep cgroup /proc/mounts
I am getting output as
cgroup2 /sys/fs/cgroup cgroup2
rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0
I need to change the whole permission to cgroup1 not to cgroup2. Even after running editing the GRUB_CMDLINE_LINUX line in /etc/default/grub and running
sudo update-grub
I am not able to resolve the issue. Need help on how to change permission to cgroup1 in ubuntu 22.04
I am trying to run docker Desktop in my windows 10 Local. have installed it successfully but while running it I am getting the below error.
System.InvalidOperationException:
Failed to deploy distro docker-desktop to <localpath>: exit code: -1
stdout: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
I think it is saying some windows services need to be enabled, but I don't know which service has to be enabled could someone please help me with this concern?
docker version
C:\Users\lenova>docker --version
Docker version 20.10.2, build 2291f61
Uninstall Docker.
Uncheck Containers, Hyper-V, Windows Subsystem for Linux in Windows features
Restart the system
Install Docker Desktop
Restart System
Start Docker Desktop
Right click on docker icon, run as administrator (if you have administrator rights on your computer). It solved the problem for me.
Try delete %USERPROFILE%/.wslconfig. If it helps then you can try to modify it so that it work. As for me I deleted the file, because on my workstation docker didn't want to work with it
Almost sure, that the accepted answer will work. However, it won't be an option, if you utilize WSL for other purposes as well. In that case, you may have several configurations/apps in WSL and just reinstalling or deleting your configuration will probably be a bad solution.
Furthermore: WSL is not the issue for this error! It is created by Docker engine configuration which will kill the WSL service (LxxsManager). This may happen because of
changed configuration (by you) or
because of a Docker update, maybe also
because of Windows updates
You can find a detailed discussion about this issue on Docker's GitHub Issues.
I personally experienced this problem after installing updates on Windows while running Docker v3.5.2. And again, reinstalling/killing WSL is not an option for me! So I tried to kill all services (Docker and WSL) and update Docker. Unfortunately that did not work in first place, since LxxsManager was in some weird state and I could not even kill it any more (even a kill command as admin with force switch did not do it's job!)... So here is my solution to fix that problem:
Remove Docker from autostart
Restart Windows (Yippiee: WSL works again! 🥰)
Install a new version of Docker (in my case v.4.2.0)
Restart Windows again (probably not necessary, but for me it was because Docker engine did not start before a Windows restart)
Start Docker (Yippiee: Docker works again! ☺️)
Note: Since I did not change Docker configuration, I installed an update. If you changed configuration options resulting in that crash, your solution may be different. Literally, instead of updating Docker (step 3) you would probably roll back your Docker configuration changes instead.
The quality of Docker for Windows is very bad. I catch these dangerous very often.
Check list:
(1) Use this tool https://www.nirsoft.net/utils/regscanner.html . Search docker, delete all.
(2) Remove WSL sub system, Hyper-V, then restart
(3). Create file foo.reg has content
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0408F7A3]
"AppFullPath"="C:\\Windows\\System32\\wsl.exe"
"PermittedLspCategories"=dword:80000000
run.
(4) Uninstall Docker
(5) Run cmd type ... . Delete folder .docker
Delete Docker folder in Program Files
(6) delete
(7) Install latest version of Docker.
(8) Re-install feature WSL for Windows.
Install Ubuntu from Windows store
(9) Re-install Docker (as Administrator)
(10) Run Docker as Administrator .
In my case, I was getting a similar error. This was happening because Docker desktop didn't have permissions to access the path C:\Users\Adithya\AppData\Local\Docker\wsl\distro. This started happening after I switched to WSL2 backend.
The solution was to kill all docker process. Next, Run Docker Desktop as Administrator.
System.InvalidOperationException:
Failed to deploy distro docker-desktop to C:\Users\Adithya\AppData\Local\Docker\wsl\distro:
exit code: -1 stdout: The operation timed out because a response was not received from the virtual machine or container.
run as administrator , and you switch the container to windows by clicking the icon bar in the right corner taskbar and choose switch to windows container
https://learn.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-10-linux
If you don't need to run Linux and Windows containers side-by-side, an option is to turn off the WSL and use Hyper-v instead. This should work fine.
I had to exit Private Internet Access (PIA) VPN to get docker to work on my system. Not sure why.
I had the PgAdmin 4 app running, and when I closed it and tried starting Docker Desktop again it booted normally.
Not sure if there is a link, but an easy solution to try.
This worked for me: https://github.com/MicrosoftDocs/WSL/issues/547#issuecomment-873540236
Copy below snippet:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0408F7A3]
"AppFullPath"="C:\\Windows\\System32\\wsl.exe"
"PermittedLspCategories"=dword:80000000
Save it as a file wsl.reg
Execute the file to update the registry
Launch Ubuntu again
Issue resolved
In my case, the issue was caused by Acrylic DNS server. Anything that holds port 53, would be a problem.
Interesting that it all worked fine for a few days after installation, maybe because I did not reboot the laptop all that time, only used the deep hibernation. So it was hard to guess what could break the docker setup, I was sure that it was because of the recently installed windows or docker updates.
Restarting wsl worked for me.
Run the following
wsl --shutdown, wait for it to shutdown
wsl, wait for it to start
Start Docker Desktop after this.
On Windows 10:
Open Services
Right click on LXSSMANAGER -> Restart
Close wsl using cmd with following command:
wsl --shutdown
Execute following start wsl again:
wsl
I solved by the following steps:
Uninstall Docker and WSL 2 kernel.
Uncheck Containers, Hyper-V, Windows Subsystem for Linux in Windows
features
Restart the system
Install Docker Desktop
Restart System
Start Docker Desktop
The problem is in WSL as it becomes unresponsive and returns a service error if you try the following command in PowerShell:
wsl -l -v
I believe the process can be simplified a bit more with:
Uncheck Windows Subsystem for Linux in Windows Features
Reboot
Turn the feature back on
Re-apply the WSL2 update
Reboot
No need to uninstall/reinstall Docker Desktop.
This got me back up and running with Windows 10 Home (which requires WSL2) and Docker Desktop 2.4.0
i installed docker toolbox in Windows 10 pro and when i start the quick start terminal, the error occurs. i already enabled the virtualization and rechecked multiple times also in BIOS. i gone through various sites for solution but haven't found yet.
i also installed Boot 2 docker in Virtual box. even though any command is not running. when i check the version it displays correctly.
I just can't install Docker in a fresh image of Ubuntu 18.04 (in Virtualbox, using Vagrant).
I am using the instruction from the official site:
https://docs.docker.com/install/linux/docker-ce/ubuntu/
Or the short command from https://github.com/docker/docker-install:
curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh
And always got the same errors - Hash sum mismatch:
Failed to fetch https://download.docker.com/linux/ubuntu/dists/bionic/pool/stable/amd64/docker-ce_19.03.8~3-0~ubuntu-bionic_amd64.deb Hash Sum mismatch
Hashes of expected file:
- SHA512:600f2d9b51024e5866a6256f2d08b4e733a6c8428e334d81de483a7138cbe9db00e8d67673a88d46c80ef0aa673e2f0183f8fd58226575a3a6a843f955c49e2a
- SHA256:22fe06851dde23200c835641e234760bbb60b79abc3b2a1fbbd1a9b0f1a2e9d0
- SHA1:7292df34a82e58cab0e45af61036ec19c81eb199 [weak]
- MD5Sum:8d62aefa851deb2f0739b4a1fd232322 [weak]
- Filesize:22879338 [weak]
Hashes of received file:
- SHA512:265e3e4f877e4d060098d88527258335a08c9b421fabd5573bb5c951fd337c2d157c418132ff6a54568e85c6bd0da3e1b66c51196410016b4b409d1cef2df4cd
- SHA256:3d15d2e2a7bacc0840aea09400970328d853eb369585e97ce33c8bebbc5c4d37
- SHA1:da5b39535801e35493cd2f7c6f2b176263bd7da4 [weak]
- MD5Sum:a4e2e8ec89b2d98c218b3931d7845f50 [weak]
- Filesize:22879338 [weak]
Last modification reported: Wed, 11 Mar 2020 19:46:26 +0000
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
I'm also seeing this problem with a large number of packages in multiple Linux distributions. All in VirtualBox 6.1.6 on Windows 10.
Errors include Hash Sum mismatch, LZMA compression corruption, GZIP corruption, and Squashfs decompression failures. Basically anything that involves a checksum.
It seems unlikely that I have downloaded 4 distributions (and dozens of packages) and they're all faulty. Disabling Hyper-V does seem to improve things.
OK guys, as I can understand, this is the fault of the Virtualbox.
Because I don't see this problem in Vagrant when I using the hyperv provider at the same box.
The version of the Virtualbox is 6.1.4 r136177 (Qt5.6.2).
I have check how virtual OS download the packages (just by download it by direct link using wget) and I saw that hashsum of the downloaded package is really different from the original (but the size is absolutely equal).
I have download the same package in the host OS, and the hashsum has match to original.
Output error and the hashsum of the downloaded package inside the virtual OS (different from original):
The hashsum of the downloaded package at the host OS (equal to original):
I was also having these issues constantly!
My setup was Virtual Box 6.1.6 with Vagrant 2.2.7 running on a Win10 host.
Using the above idea that the issue might be inherent to Virtual Box rather than Ubuntu, I uninstalled Virtual Box 6.1.6 then installed an older version of Virtual Box (6.0.10) and re-installed Vagrant 2.2.7. I also uninstalled Hyper-V from Windows.
With these system and software changes made, the automatic Docker provisioning of Vagrant worked as expected without any hash mismatch messages. This worked for me and I hope it helps someone else also.
I had issues with Windows 10, Update 2004. I would get checksum mismatches when updating the software repository index and on installs.
The problem was actually due to networking and the "autotuning" parameter of Windows.
You can check the current state in an elevated command prompt:
netsh int tcp show global
Receive Window Auto-Tuning on normal created problems. By setting it to disabled the problem is gone for me.
You can change it by executing the following in an elevated command prompt.
netsh int tcp set global autotuninglevel=disabled
For anyone who is still getting this error, it's been fixed in the latest version of VirtualBox (since at least version 6.1.16). Check if your version is out of date.
For anyone still having issues with this, I managed to get it working by disabling HyperV (as most people have already suggested). However, on my setup, disabling HyperV using the mentioned approaches didnt actually disable HyperV since my windows machine used HyperV for both CredentialGuard and Secure Boot, both of which needed to be disabled before HyperV was actually fully disabled
If running systeminfo.exe in an elevated terminal shows A hypervisor has been detected. Features required for Hyper-V will not be displayed, then HyperV is not fully disabled. Disabling credential guard and secure boot coupled with a few restarts (and all the commands to disable HyperV that have already been mentioned) solved all issues for me.
Just for reference, if HyperV is fully disabled, you should see
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: Yes
Data Execution Prevention Available: Yes
when running systeminfo.exe
Ok, so here it is.
After studying the most helpful #Kurt Le Breton's answer and repeated testing, my conclusion is as follows.
Virtual Box latest is currently 6.1.12 and this gives the said Hash sum mismatch problem. In fact it seems the entire 6.1.xx gives this problem.
So go to the previous 6.0 version. But when you issue this vagrant up command, vagrant spits the following error right on your face.
There was an error while executing `VBoxManage`, a CLI used by Vagrant
for controlling VirtualBox. The command and stderr is shown below.
Command: ["startvm", "40f50d63-6d70-4ac9-b0d6-02dcf1cdce7c", "--type", "headless"]
Stderr: VBoxManage.exe: error: Call to WHvSetupPartition failed: ERROR_SUCCESS (Last=0xc000000d/87) (VERR_NEM_VM_CREATE_FAILED)
VBoxManage.exe: error: Details: code E_FAIL (0x80004005), component ConsoleWrap, interface IConsole
Now to resolve this, you need to fiddle with Hyper-v settings. You need to run the following command as an administrator.
bcdedit /set hypervisorlaunchtype off
After you run that command, you need to restart your pc.
With this your Vagrant should run without complaining, and docker should be installed on your VM without any Hash Sum Mismatch error.
I tested with 6.0.24, which is the latest 6.0 version, and things look file so far.
But then, there is a catch. Once you set hypervisorlaunchtype to off, docker desktop would not launch. You get this error now. And you will get this error when you are trying to launch Docker on windows for Linux containers. For windows this is not a problem.
An error occured. Cannot enable Hyper-V service.
So now you need to reset this back to its original state.
bcdedit /set hypervisorlaunchtype auto
Note auto this time instead of off.
Again, you need to be an admin to run this, and after you run, you have to restart your pc.
So the workflow should be to first set that to off, launch your vms and provision them with docker using vagrant, then finally, set hypervisorlaunchtype back to auto.
Same problem here in a fresh Debian VM (VBox) amd64 (32GB VDI).
sh get-docker.sh
...
E: Failed to fetch https://download.docker.com/linux/debian/dists/buster/pool/stable/amd64/containerd.io_1.2.13-1_amd64.deb Hash Sum mismatch
Hashes of expected file:
- SHA512:e0f8eb0ed3bd881bf5f278f3736da3e4fb05410014a0103301c135a33061945e013bcf8a9cd704d9d6b4fa088d478ebea27e86e466889d0194a8cbb77e94efdf
- SHA256:a4f244216e54a8a47f2dc5c57acb4cb48a779c54a8588ea2d55c40a57092baf6
- SHA1:90611afda0acabae485f871b09e4c1eba0ac4dc0 [weak]
- MD5Sum:78a039cf82b1bd4a285114bdd030982e [weak]
- Filesize:20114318 [weak]
Hashes of received file:
- SHA512:41c516c077d9941b55b605d4c83a9462c2ec52089f8af55618e5335da7d272d33d57fdd14a51b5a5e433ad6d9671e1a0063f9edeaa8c31525f56474b6ac1d875
- SHA256:57080e5482d92e74c3095b948fc0ba827f43b7b03c8825e5a64b7ef058b5434c
- SHA1:4f114ab71f4622f5785da726b822ad213ec77d44 [weak]
- MD5Sum:9a5d02cb5624219e6715875cc4bc8673 [weak]
- Filesize:20114318 [weak]
Last modification reported: Tue, 03 Mar 2020 04:24:01 +0000
E: Failed to fetch https://download.docker.com/linux/debian/dists/buster/pool/stable/amd64/docker-ce-cli_19.03.8~3-0~debian-buster_amd64.deb Hash Sum mismatch
I encounter the same issue and tried above solutions. none of the them works on my cases. I change box to Debian. All issues are gone.
I had the same problem with Docker or PHP (Debian sury depo - Sury.org)
HyperV was already disabled on my Windows. But I always haved this problem under VirtualBox.
I resolved it in Virtualbox machine configuration :
"System" > "Processor" > "Enable PAE/NX" option.
Then reboot your virtual machine, launch apt install (or upgrade) command and it should works.
It is the same error as me. Hash Sum mismatch...
After I initialized WSL2, Oracle VM ware worked fine.
-Disable Windows Hyper-v