I have a docker cluster behind a VPN. I have downloaded TFS agent container, and want to connect to our TFS but it cannot connect with an alarm of:
Determining matching VSTS agent...
Downloading and installing VSTS agent...
curl: (35) gnutls_handshake() failed: Error in the pull function.
gzip: stdin: unexpected end of file
tar: Child returned status 1
tar: Error is not recoverable: exiting now
It can ping google.But cannot ping public TFS. I would consider this as a network issue but nginx container was pulled and started with success.
docker run \
-e VSTS_ACCOUNT= xxx \
-e TFS_HOST= yyy \
-e VSTS_TOKEN= zzz \
-it microsoft/vsts-agent
also tried this:
docker run \
-e VSTS_ACCOUNT= xxx \
-e VSTS_AGENT='$(hostname)-agent'\
-e VSTS_TOKEN= yyy \
-e TFS_URL= zzz \
-e VSTS_POOL= eee \
-e VSTS_WORK='/var/vsts/$VSTS_AGENT' \
-v /var/vsts:/var/vsts \
-it microsoft/vsts-agent:ubuntu-14.04
Although it is behind VPN, I can access the repo from browser btw.
It seems docker shows SSL Handshake issue even if you have network issue. But it showing that connection through curl was OK. This issue was solved by adding IP to whitelist.
Related
I am running docker "rootless" according to this guide: https://docs.docker.com/engine/security/rootless/
The user which actually runs docker is svc_test.
When I try and start a docker container which has diretory mounts which don't exists - the docker daemon (a.k.a. svc_test user) attempts to mkdir these directories, but fails with
docker: Error response from daemon: error while creating mount source path '/dir_path/dir_name': mkdir /dir_path/dir_name: permission denied.
When I (svc_test) them attempt to do mkdir /dir_path/dir_name I succeed without any issues.
What is going on here and why does this happen?
Clearly I am missing something, but I can't trace what is that exactly.
Update 1:
This is the specific docker cmd I use to run the container:
docker run -d --restart unless-stopped \
--name questdb \
-e QDB_METRICS_ENABLED=TRUE \
--network="host" \
-v /my_mounted_volume/questdb:/questdb \
-v /my_mounted_volume/questdb/public:/questdb/public \
-v /my_mounted_volume/questdb/conf:/questdb/conf \
-v /my_mounted_volume/questdb/db:/questdb/db \
-v /my_mounted_volume/questdb/log:/questdb/log \
questdb/questdb:6.5.2 /usr/bin/env QDB_PACKAGE=docker /app/bin/java \
-m io.questdb/io.questdb.ServerMain \
-d /questdb \
-f
For clarity: my final goal is to be able to run the docker container in question from the same user form which I run my docker daemon (the svc_test user). Hence how I stumbled on this problem.
I am very new to docker so please bear with me. I am following the documentation on https://docs.docker.com/registry/deploying/#running-a-domain-registry
I have spin up 2 nodes on play-with-docker.com for my learning.
On Node1 I am able to set up a private registry successfully using the following command
docker run -d \
-p 5000:5000 \
--restart=always \
--name registry \
-v "$(pwd)"/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
registry:2
I was also able to pull and push images from Node1 to the registry. However, when I go on Node2 and try to log in to the registry it gives the following error:
[node2] (local) root#192.168.0.7 ~
$ docker login 192.168.0.8:5000
Username: testuser
Password:
Error response from daemon: Get https://192.168.0.8:5000/v2/: dial tcp 192.168.0.8:5000: connect: connection refused
please let me know what am I missing?
Node2 can't access port 5000 on 192.168.0.8. This looks like a network issue.
Are your nodes in the same network?
Are there firewall rules that might be blocking access to port 5000?
Are you sure 192.168.0.8 is the correct IP address of your Node1 machine?
To test your TCP connection use telnet. For example telnet 192.168.0.8 5000 (assuming 192.168.0.8 is the correct IP address).
I'm trying to run confluent schema registry via docker image (on Mac os Catalina and Docker version 19.03.12)
docker run --network="host" -e \
SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL=localhost:2181 \
-e SCHEMA_REGISTRY_HOST_NAME=localhost \
-e SCHEMA_REGISTRY_LISTENERS=http://0.0.0.0:8081 \
-e SCHEMA_REGISTRY_DEBUG=true confluentinc/cp-schema-registry
I'm running zookeper (3.5.8) and kafka server no the localmachine (no docker). The above picks (3.5.8 client of zookeper). However schema-registry is unable to connect.
[main-SendThread(localhost:2181)]
INFO org.apache.zookeeper.ClientCnxn -
Socket error occurred: localhost/127.0.0.1:2181: Connection refused
[main-SendThread(localhost:2181)]
INFO org.apache.zookeeper.ClientCnxn -
Opening socket connection to server localhost/127.0.0.1:2181.
Will not attempt to authenticate using SASL (unknown error)
I also tried mapping the port, instead of running it in the host network but have the same result
docker run -p 8081:8081 -e \
SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL=host.docker.internal:2181 \
-e SCHEMA_REGISTRY_HOST_NAME=localhost \
-e SCHEMA_REGISTRY_LISTENERS=http://0.0.0.0:8081 \
-e SCHEMA_REGISTRY_DEBUG=true confluentinc/cp-schema-registry
Any ideas? Kafka BTW is running happily I can consume and produce messages.
I have a Neo4J Enterprise server 4.0 running official docker image "neo4j:4.0-enterprise". The server has been up and running for more than a month with 3 configured databases. The server is being executed as:
docker run --rm \
-v /home/neo4j:/data -v /var/log/neo4j:/logs \
-e NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \
-e NEO4J_dbms_mode=SINGLE \
-e NEO4J_AUTH=neo4j/secure-password \
-e NEO4J_dbms_memory_heap_initial__size=5100m \
-e NEO4J_dbms_memory_heap_max__size=5100m \
-e NEO4J_dbms_memory_pagecache_size=6900m \
-p 7474:7474 -p 7687:7687 \
--name neo4j \
neo4j:4.0-enterprise
Executing a very simple CYPHER in the neo4j browser console was failing in one of the databases (sandbox) with the following error message:
MATCH (n:IdentityProviderType) SET n.protocol = n.value
Newly created token should be unique.
The database contains only 2 nodes with the label IdentityProviderType.
After a server restart docker restart neo4j the database failed to get online showing the following message after executing :sysinfo:
An error occurred! Unable to start database with name 'sandbox'
Stoping the Neo4J server and executing:
docker run --rm -it \
-v /home/neo4j:/data \
-e NEO4J_ACCEPT_LICENSE_AGREEMENT=yes \
neo4j:4.0-enterprise \
neo4j-admin check-consistency --database=sandbox
2020-01-29 15:32:57.724+0000 INFO [o.n.k.i.s.f.RecordFormatSelector] Selected RecordFormat:StandardV4_0[SF4.0.0] record format from store /data/databases/sandbox
2020-01-29 15:32:57.726+0000 INFO [o.n.k.i.s.f.RecordFormatSelector] Format not configured for store /data/databases/sandbox. Selected format from the store files: RecordFormat:StandardV4_0[SF4.0.0]
org.neo4j.token.api.NonUniqueTokenException: The PropertyKey NamedToken[name:protocol, id:86, internal:false] is not unique, it existed as null.
at org.neo4j.token.TokenRegistry.checkNameUniqueness(TokenRegistry.java:199)
at org.neo4j.token.TokenRegistry.insertAllChecked(TokenRegistry.java:174)
at org.neo4j.token.TokenRegistry.setInitialTokens(TokenRegistry.java:64)
at org.neo4j.token.AbstractTokenHolderBase.setInitialTokens(AbstractTokenHolderBase.java:46)
at org.neo4j.token.TokenHolders.setInitialTokens(TokenHolders.java:59)
at org.neo4j.consistency.ConsistencyCheckService.runFullConsistencyCheck(ConsistencyCheckService.java:230)
at org.neo4j.consistency.ConsistencyCheckService.runFullConsistencyCheck(ConsistencyCheckService.java:158)
at org.neo4j.consistency.CheckConsistencyCommand.execute(CheckConsistencyCommand.java:137)
at org.neo4j.cli.AbstractCommand.call(AbstractCommand.java:60)
at org.neo4j.cli.AbstractCommand.call(AbstractCommand.java:30)
at picocli.CommandLine.executeUserObject(CommandLine.java:1743)
at picocli.CommandLine.access$900(CommandLine.java:145)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2101)
at picocli.CommandLine$RunLast.handle(CommandLine.java:2068)
at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:1935)
at picocli.CommandLine.execute(CommandLine.java:1864)
at org.neo4j.cli.AdminTool.execute(AdminTool.java:78)
at org.neo4j.cli.AdminTool.main(AdminTool.java:59)
How can I recover from a database that fails to start?
I cannot find anything in the documentation that helps me troubleshoot this type of problems.
Thanks for your help,
Rogelio
I am trying run kafDrop using docker image. I am able to connect to non SSL broker by running command
docker run -d --rm -p 9000:9000 --network=host -e KAFKA_BROKERCONNECT=KafkaServer:9092 obsidiandynamics/kafdrop
But when I tried to connect to same Broker with enabling SSL using command,
docker run -d --rm -p 9000:9000 --network=host -e KAFKA_BROKERCONNECT=KafkaServer:9092 -e KAFKA_PROPERTIES=$(cat kafka.properties | base64) -e KAFKA_TRUSTSTORE=$(cat myTrustStore | base64) -e KAFKA_KEYSTORE=$(cat myKeyStore | base64) obsidiandynamics/kafdrop
getting below error
/usr/bin/docker-current: Error parsing reference: "bmZpZy9wb21LZXlTdG9yZQpzc2wua2V5c3RvcmUucGFzc3dvcmQ9Y2hhbmdlaXQKc3NsLmtleS5w" is not a valid repository/tag: repository name must be lowercase.
and if I dont use base64 in command then I am getting error
/usr/bin/docker-current: Error parsing reference: "ssl.keystore.location=/opt/KafdropConfig/myKeyStore" is not a valid repository/tag: invalid reference format.
I have copied kafka.properties, myTrustStore and myKeyStore on the my machine where docker is running
Can you please help me to identify the mistake I am doing here?
not a valid repository/tag: repository name must be lowercase
This is a docker run error, which means your command was not escaped properly
Try adding quotes around the bash executions
docker run -d --rm -p 9000:9000 \
-e KAFKA_BROKERCONNECT=KafkaServer:9092 \
-e KAFKA_PROPERTIES="$(cat kafka.properties | base64)" \
-e KAFKA_TRUSTSTORE="$(cat myTrustStore | base64)" \
-e KAFKA_KEYSTORE="$(cat myKeyStore | base64)" \
obsidiandynamics/kafdrop
and you can use base64 or just volume mount the files.
https://github.com/obsidiandynamics/kafdrop#connecting-to-a-secure-broker
Note: I removed --network=host because if you really need that, then your Kafka networking needs adjusted to allow external clients