We have a Docker Swarm with manager and several workers (in OpenStack) and encounter a problem that services cannot send emails using SMTP-SSL. Indeed from bash in-container this gets stuck:
# openssl s_client -debug -connect smtp.gmail.com:465 -crlf
CONNECTED(00000003)
write to 0x15bd2e0 [0x15bd360] (305 bytes => 305 (0x131))
0000 - 16 03 01 01 2c 01 00 01-28 03 03 50 0f 63 7c a4 ....,...(..P.c|.
0010 - 3f 96 d0 e4 e1 be 9a 0c-2b de 29 16 c9 54 b4 9d ?.......+.)..T..
0020 - 56 8d d7 76 f5 18 10 93-96 90 87 00 00 aa c0 30 V..v...........0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1 .,.(.$..........
0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37 ...k.j.i.h.9.8.7
0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a .6.........2...*
0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0 .+.'.#..........
0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31 ...g.#.?.>.3.2.1
0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43 .0.........E.D.C
00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c .B.1.-.).%......
00b0 - 00 3c 00 2f 00 96 00 41-c0 11 c0 07 c0 0c c0 02 .<./...A........
00c0 - 00 05 00 04 c0 12 c0 08-00 16 00 13 00 10 00 0d ................
00d0 - c0 0d c0 03 00 0a 00 ff-01 00 00 55 00 0b 00 04 ...........U....
00e0 - 03 00 01 02 00 0a 00 1c-00 1a 00 17 00 19 00 1c ................
00f0 - 00 1b 00 18 00 1a 00 16-00 0e 00 0d 00 0b 00 0c ................
0100 - 00 09 00 0a 00 23 00 00-00 0d 00 20 00 1e 06 01 .....#..... ....
0110 - 06 02 06 03 05 01 05 02-05 03 04 01 04 02 04 03 ................
0120 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01 ................
0130 - 01 .
^C
Moreover, apt update/install nor pip install works:
# apt update
Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease
0% [Waiting for headers] [Waiting for headers]
pip install httpie
^CERROR: Operation cancelled by user
^CTraceback (most recent call last):
File "/usr/local/bin/pip", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/main.py", line 75, in main
return command.main(cmd_args)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/base_command.py", line 105, in main
return self._main(args)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/base_command.py", line 224, in _main
self.handle_pip_version_check(options)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/cli/req_command.py", line 149, in handle_pip_version_check
pip_self_version_check(session, options)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/self_outdated_check.py", line 207, in pip_self_version_check
best_candidate = finder.find_best_candidate("pip").best_candidate
File "/usr/local/lib/python3.8/site-packages/pip/_internal/index/package_finder.py", line 881, in find_best_candidate
candidates = self.find_all_candidates(project_name)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/index/package_finder.py", line 825, in find_all_candidates
package_links = self.process_project_url(
File "/usr/local/lib/python3.8/site-packages/pip/_internal/index/package_finder.py", line 790, in process_project_url
html_page = self._link_collector.fetch_page(project_url)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 497, in fetch_page
return _get_html_page(location, session=self.session)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 337, in _get_html_page
resp = _get_html_response(url, session=session)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/index/collector.py", line 126, in _get_html_response
resp = session.get(
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/usr/local/lib/python3.8/site-packages/pip/_internal/network/session.py", line 405, in request
return super(PipSession, self).request(method, url, *args, **kwargs)
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/cachecontrol/adapter.py", line 53, in send
resp = super(CacheControlAdapter, self).send(request, **kw)
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/urllib3/connectionpool.py", line 994, in _validate_conn
conn.connect()
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/urllib3/connection.py", line 386, in connect
self.sock = ssl_wrap_socket(
File "/usr/local/lib/python3.8/site-packages/pip/_vendor/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/local/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/local/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
KeyboardInterrupt
(Terminated after significant wait time.)
Of course, everything works well on hosts (manager as well as workers)... For wget I have strange problem, that works for some and for some not:
# wget seznam.cz
--2020-04-30 06:14:34-- http://seznam.cz/
Resolving seznam.cz (seznam.cz)... 77.75.75.172, 77.75.75.176, 2a02:598:4444:1::1, ...
Connecting to seznam.cz (seznam.cz)|77.75.75.172|:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://www.seznam.cz/ [following]
--2020-04-30 06:14:34-- https://www.seznam.cz/
Resolving www.seznam.cz (www.seznam.cz)... 77.75.75.172, 77.75.74.172, 77.75.75.176, ...
Connecting to www.seznam.cz (www.seznam.cz)|77.75.75.172|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html.1'
# wget google.com
--2020-04-30 06:15:10-- http://google.com/
Resolving google.com (google.com)... 216.58.201.110, 2a00:1450:4014:801::200e
Connecting to google.com (google.com)|216.58.201.110|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.google.com/ [following]
--2020-04-30 06:15:10-- http://www.google.com/
Resolving www.google.com (www.google.com)... 172.217.23.196, 2a00:1450:4014:80c::2004
Connecting to www.google.com (www.google.com)|172.217.23.196|:80... connected.
HTTP request sent, awaiting response...
Any ideas how to identify and fix the problem please? I am kinda out of ideas.
UPDATE: Now I suspect that the problem could be MTU (Docker default 1500 but ens3 has 1442 on all nodes) - need to figure out how to change it everywhere... But surprising I still DID NOT SOLVE this - adding --mtu, adjusting daemon.json, using --opt when creating networks, etc. still results in MTU 1500!
The problem was caused by MTU mismatch (1500 vs. 1442 used in OpenStack cloud).
I had to change /etc/docker/daemon.json, "break" my swarm, customize ingress network (docs) and docker_gwbridge (on each node before forming swarm again) (docs), remove the interfaces, restart Docker (it created interfaces again), and finally also change MTU on interfaces:
sudo ifconfig docker0 mtu 1442
sudo ifconfig docker_gwbridge mtu 1442
Because it seems that /etc/docker/daemon.json affects only interfaces in containers and not those on host.
If anyone knows a better solution, please let me know...
You can add a service to modify the mtu value After the docker.service
Create a script setdockermtu.sh
#!/bin/bash
sudo ifconfig docker0 mtu 9000
Create a service to run after docker.service
[Unit]
Description=Change docker0 default mtu
# When systemd stops or restarts the docker.service, the action is propagated to this unit
PartOf=docker.service
# Start this unit after the docker.service start
After=docker.service
[Service]
# The program will exit after running the script
Type=oneshot
# Execute the shell script
ExecStart=/usr/local/bin/setdockermtu.sh
# This service shall be considered active after start
RemainAfterExit=yes
[Install]
# This unit should start when docker.service is starting
WantedBy=docker.service
Copy it to /etc/systemd/system/setdockermtu.service
Make sure to add proper execute permission to both script and service
chmod a+x /usr/local/bin/setdockermtu.sh
chmod a+x /etc/systemd/system/setdockermtu.service
Reload changes and start service
sudo systemctl daemon-reload
sudo systemctl start setdockermtu.service
sudo systemctl enable setdockermtu.service
I'm looking for method about to convert little endian.pfm file from imageMagick.
As I know we can get a pfm file like this.
convert input.bmp output.pfm
This output file is made by Big endian. But I want to convert as Little endian.
So is there any method to convert to Little endian from Big endian on ImageMagick?
Thanks
Endian can be controlled with -endian option.
Example. Create a 2x2 red PFM image with little endian, and write to hexdump.
$ convert -size 2x2 xc:red -endian LSB PFM:- | hexdump
0000000 50 46 0a 32 20 32 0a 2d 31 2e 30 0a 00 00 80 3f
0000010 00 00 00 00 00 00 00 00 00 00 80 3f 00 00 00 00
0000020 00 00 00 00 00 00 80 3f 00 00 00 00 00 00 00 00
0000030 00 00 80 3f 00 00 00 00 00 00 00 00
000003c
You can confirm the little endian by translating the header.
50 46 0a 32 20 32 0a 2d 31 2e 30 0a 00 00 80 3f
| | | |
little endian -------| "-1.0" | | LSM data|
Repeat above with big endian.
$ convert -size 2x2 xc:red -endian MSB PFM:- | hexdump
0000000 50 46 0a 32 20 32 0a 31 2e 30 0a 3f 80 00 00 00
0000010 00 00 00 00 00 00 00 3f 80 00 00 00 00 00 00 00
0000020 00 00 00 3f 80 00 00 00 00 00 00 00 00 00 00 3f
0000030 80 00 00 00 00 00 00 00 00 00 00
000003b
and observe...
50 46 0a 32 20 32 0a 31 2e 30 0a 3f 80 00 00 00
| | | |
big endian ----------| "1.0"| | MSB data|
Using the official Docker registry container I'm trying to run a private docker-registry on AWS EC2, but I keep running into connection errors. The command to run the standard container is:
docker run -d \
-e SETTINGS_FLAVOR=s3 \
-e AWS_BUCKET=mybucket \
-e STORAGE_PATH=/registry \
-e AWS_KEY=whateffa \
-e AWS_SECRET=verysecret \
-e SEARCH_BACKEND=sqlalchemy \
-e AWS_REGION=eu-west-1 \
-e STORAGE_REDIRECT=true \
-p 443:5000 \
registry
But when I try to push a local image to that new registry using:
docker push zite.com:443/test
I get:
FATA[0014] Error: v1 ping attempt failed with error:
Get https://zite.com:443/v1/_ping: dial tcp 1.2.3.4:443: i/o timeout.
If this private registry supports only HTTP or HTTPS with an unknown CA
certificate, please add `--insecure-registry zite.com:443` to the daemon's
arguments. In the case of HTTPS, if you have access to the registry's CA
certificate, no need for the flag; simply place the CA certificate at
/etc/docker/certs.d/zite.com:443/ca.crt
I've added --insecure-registry zite.com:443 to a number of places (because I'm not sure where the proper place for the docker daemon options is:
/etc/sysconfig/docker
/etc/docker/default
/etc/docker/default
To get some more detail I've tried:
OpenSSL s_client -connect zite.com:443/v1/_ping -prexit -debug
which gave me:
CONNECTED(00000003)
write to 0x7f906b700000 [0x7f906d001000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 39 00 00 ......W... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 9a 00 00 99 00 ..3..2../.......
0030 - 00 96 03 00 80 00 00 05-00 00 04 01 00 80 00 00 ................
0040 - 15 00 00 12 00 00 09 06-00 40 00 00 14 00 00 11 .........#......
0050 - 00 00 08 00 00 06 04 00-80 00 00 03 02 00 80 00 ................
0060 - 00 ff fe c8 6e d6 d0 17-f7 e9 6c b2 2f ee 09 83 ....n.....l./...
0070 - e4 c0 71 11 be 86 77 5d-b9 9b 9f 54 c9 07 a6 fa ..q...w]...T....
0080 - e2 ef ..
read from 0x7f906b700000 [0x7f906d006600] (7 bytes => 0 (0x0))
9308:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-52.10.1/src/ssl/s23_lib.c:185:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 130 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
I'm too new to this to understand how to solve this issue.
GETting the '_ping' url works fine btw:
curl -v http://zite.com:80/_ping
gives:
* Hostname was NOT found in DNS cache
* Trying 52.17.133.30...
* Connected to zite.com (1.2.3.4) port 80 (#0)
> GET /_ping HTTP/1.1
> User-Agent: curl/7.37.1
> Host: zite.com
> Accept: */*
>
< HTTP/1.1 200 OK
* Server gunicorn/19.1.1 is not blacklisted
< Server: gunicorn/19.1.1
< Date: Tue, 31 Mar 2015 22:04:06 GMT
< Connection: keep-alive
< X-Docker-Registry-Standalone: True
< Expires: -1
< Content-Type: application/json
< Pragma: no-cache
< Cache-Control: no-cache
< Content-Length: 2
<
* Connection #0 to host zite.com left intact
{}~
I've tried running the container on ports 80, 443, 500, but to no avail (and opened these ports on the AWS EC2 machine). The error stays. I also tried building a brand new image from the github source. I've tried getting an answer at the official repo, but that has stalled and I have to move on.
A number of guides I've followed:
http://blog.50projects.com/2014/08/build-your-own-private-docker-registry.html
https://blog.docker.com/2013/07/how-to-use-your-own-registry/
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04
OK, found it. It turns out that you have to run the LOCAL docker daemon with the '--insecure-registry' option, not the docker daemon of the remote docker registry.
Maxmind offers a GeoIP.DAT file format like this (http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz)
0100 007e 0000 0200 003f 0000 0300 0021
0000 0400 0013 0000 0500 000c 0000 0600
0009 0000 0700 0008 0000 dd00 00e3 0000
1f01 00e1 ffff 0a00 000b 0000 5301 007c
0100 e1ff ff84 0100 0d00 0010 0000 0e00
000f 0000 8c01 00a8 0100 00ff ffe1 ffff
How do I interpret the binary information which is shown above? How di I correlate with what is shown in the spec http://maxmind.github.io/MaxMind-DB/
I've been trying to inject sctp packets in linux environment with no success,
This is what I have done, I've created an association between two points(one terminal with sctp server and another terminal with sctp client).
Then I sent a char from client to the server and it's been delivered successfully, then I copied the packets from wireshark and put in my source code and incremented the TCN and stream sequence number and send it but i didn't receive it on the sctp server. as you can see below that my packets are exactly the same,
my packet is this:
IP Part
0000 45 00 00 34 00 00 40 00 40 84 3c 44 7f 00 00 01
0010 7f 00 00 01
SCTP Part
0000 0b 5e 0b 59 c2 e5 f8 00 00 00 00 00 00 03 00 13
0010 fe aa 43 3e 00 00 00 0c 00 00 00 00 64 0a 00 00
then after my packet failed to be delivered to the sctp server i sent with the sctp client just to compare it with my packet and it arrived to the sctp server,
IP Part
0000 45 02 00 34 00 00 40 00 40 84 3c 42 7f 00 00 01
0010 7f 00 00 01
SCTP Part
0000 0b 5e 0b 59 c2 e5 f8 00 00 00 00 00 00 03 00 13
0010 fe aa 43 3e 00 00 00 0c 00 00 00 00 64 0a 00 00
Regards,
devbag
Your SCTP Message seems badly formatted see RFC4960.
Regards
0b 5e :src port
0b 59 :dst port
c2 e5 f8 00 :verification tag
00 00 00 00 : checksum - WRONG
00 : chunk type (payload data)
03 : chunk flags (beginning and end fragment)
00 13 : chunk length
00 10 fe aa : TSN
43 3e : STREAM
00 00 : STREAM Sequence
00 0c 00 00 : PPID
00 00 64 0a 00 00 : User Data