I am starting a fuseki server with the provided configuration file (see below). What I would like to do is to retrieve the capabilities of the service once it is created. The reason being, there could be multiple such SPARQL services (available over the net but capabilities are not know to me) and I want to select some based on their capabilities (e.g., services with update capabilities). Is there anyway to find that (i.e., service capabilities) out programmatically? Any advice regarding this would be much appreciated.
Configuration file
#prefix : <#> .
#prefix fuseki: <http://jena.apache.org/fuseki#> .
#prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
#prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
#prefix tdb: <http://jena.hpl.hp.com/2008/tdb#> .
#prefix ja: <http://jena.hpl.hp.com/2005/11/Assembler#> .
[] rdf:type fuseki:Server ;
fuseki:services (
<#animal_service_pellet>
) .
# TDB
[] ja:loadClass "com.hp.hpl.jena.tdb.TDB" .
tdb:DatasetTDB rdfs:subClassOf ja:RDFDataset .
tdb:GraphTDB rdfs:subClassOf ja:Model .
<#animal_service_pellet> rdf:type fuseki:Service ;
rdfs:label "TDB Service (RW)" ;
fuseki:name "animals/pellet" ;
fuseki:serviceQuery "query" ;
fuseki:serviceQuery "sparql" ;
fuseki:serviceUpdate "update" ;
fuseki:serviceUpload "upload" ;
fuseki:serviceReadWriteGraphStore "data" ;
fuseki:serviceReadGraphStore "get" ;
fuseki:dataset <#inferred_pellet> ;
.
<#inferred_pellet>
a ja:RDFDataset;
ja:defaultGraph [
a ja:InfModel;
ja:reasoner [
ja:reasonerClass "org.mindswap.pellet.jena.PelletReasonerFactory";
];
ja:baseModel <#data_and_ontology_graph>
];
.
<#data_and_ontology_graph>
a tdb:GraphTDB ;
tdb:location "TDB_LOC" ;
.
The same question has been asked on the Jena users mailing list.
http://mail-archives.apache.org/mod_mbox/jena-users/201206.mbox/%3C4FC884AE.5020409%40apache.org%3E
Try the DatasetRegistry - there is one global one, accessed via it's get() static.
org.apache.jena.fuseki.server.DatasetRegistry
The other way is to read the configuration file as RDF and look in that.
The configuration parser is in FusekiConfig
In the future, there will be support for SPARQL service descriptions [1]. Contributions welcome.
[1] http://www.w3.org/TR/sparql11-service-description/
Related
I need to access a physical device from a container on a windows host (running Docker desktop). The device has a fixed ip-address in a separate subnet (192.168.0.5/24). How to properly setup the network for the container (via docker run or docker-compose)?
I first thought of just opening the relevant port but for one, it is chosen by random (e.h. 52714, 63575) and for second if the port is open, I cannot reach the device.
So I tried to fetch a ipvlan but in this configuration I am not reaching the container at all.
version: "3.8"
services:
python-fastapi:
container_name: fast_api
build:
context: Python
dockerfile: Vision_fastAPI.Dockerfile
ports:
- "5001:5000"
networks:
- myVLan
networks:
myVLan:
driver: ipvlan
driver_opts:
parent: host
ipvlan_mode: l2
ipam:
config:
- subnet: 192.168.0.0/24
Actually, I was trying to reproduce a tutorial (from a Ubuntu host):
docker network create -d ipvlan --subnet=192.168.0.0/24 --ip-range=192.168.0.0/24 -o ipvlan_mode=l2 -o parent=enp11s0f1 myVLan
Obviously, I struggle with the parent option. I thought, I would be the physical ethernet adapter but I have no idea of the naming in windows (docker-compose doesn't accept names like "Ethernet 8" so I guess, I am getting something wrong here). It works with a docker network ("default") but just in the way that it doesn't produce an error.
The configuration of the ethernet adapter is the following:
Ethernet adapter Ethernet 8:
Connection-specific DNS Suffix:
Description . . . . . . . . . . . : Lenovo USB Ethernet #4
Physical Address . . . . . . . . : 3C-18-A0-52-43-C1
DHCP Enabled . . . . . . . . . . : no
Autoconfiguration Enabled . . . . : Yes
IPv4 Address . . . . . . . . . . : 192.168.0.210(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip . . . . . . . : Enabled
Do absolutely nothing. Delete all of the networks: blocks in the Compose file. Connect to the external IP address as normal; Docker provides a network address translation (NAT) mechanism that will let you connect to the off-box service.
If you set up a Domain Name Service (DNS) server for your environment (highly recommended), make sure to use a fully-qualified domain name (FQDN) when you connect to the service, other-host.example.com. If you use a short name other-host then Docker will try to interpret that as a container name.
Running Wireshark 3.2.5 64bit on Windows 10 as administrator.
Mozilla VPN creates this interface as shown in IPCONFIG
Unknown adapter FirefoxPrivateNetworkVPN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WireGuard Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fc00:bbbb:bbbb:bb01::*:*(Preferred)
IPv4 Address. . . . . . . . . . . : 10.65.*.*(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.64.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireshark does not display this interface, although all other interfaces (real and virtual) are available.
I can see the encrypted data on the primary Ethernet interface.
I need Wireshark to monitor the traffic going through the Wireguard tunnel.
Other VPNs interfaces are visible in Wireshark, why not this one?
I have also noticed that Windows Wireguard implementation currently doesn't cooperate with other standard network tools. Not only WG interfaces are invisible to Wireshark, Wireshark connections could not be blocked by Windows Firewall for some reason. I see it as a security issue.
Currently Wireguard for Windows uses Wintun interface. For comparison, OpenVPN has had an option to use Wintun interface for some time now too. And when you use it its interface is also invisible to Wireshark. But you can still block OpenVPN in the Windows Firewall.
EDIT:
Solution (2021-08-22): Update npcap Windows driver to the most recent one. Then Wintun interfaces will appear for Wireshark.
Now the problem is that Wireshark currently incorrectly dissects what it captures on the Wintun interface - it sees "Ethernet II" packets going around with unknown protocol 0xXXXX inside, while actually it's IPv4 packets not "Ethernet II", and 0xXXXX is just a part of an IP address. The data is not encrypted though, so you can identify packets by data contents: for example, it's an ICMP echo on the screenshot.
I have a gMSA credential spec working with docker run but not with docker-compose. Details for the compose file and the docker run command are below. I'm completely lost as to what I'm missing. I did a lot of googling and I'm not sure what's going on. My primary thoughts is that something with the docker-compose file is off, but I'm not sure.
Docker-compose
version: '3.3'
services:
basic:
image: mcr.microsoft.com/windows/servercore:ltsc2019
entrypoint: ping -t localhost
hostname: server01
security_opt:
- credentialspec=file://server01.json
dns:
- "192.168.43.2"
user: "NT AUTHORITY\\NETWORK SERVICE"
networks:
default:
external:
name: "Net"
After running docker-compose up
C:\Users\administrator> docker exec -it b9e2a783ab09 powershell
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\> ipconfig
Windows IP Configuration
Ethernet adapter vEthernet (Ethernet) 10:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::4416:3381:8d1a:122a%43
Autoconfiguration IPv4 Address. . : 169.254.18.42
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
PS C:\> ipconfig /renew
Windows IP Configuration
Ethernet adapter vEthernet (Ethernet) 10:
Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::4416:3381:8d1a:122a%43
IPv4 Address. . . . . . . . . . . : 192.168.43.198
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
PS C:\> nslookup testdomain.local
Server: UnKnown
Address: 192.168.43.2
Name: testdomain.local
Addresses: 192.168.43.2
192.168.52.133
PS C:\> nltest /sc_verify:testdomain.local
I_NetLogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED
docker run
docker run -it --security-opt "credentialspec=file://server01.json" --user="nt authority\system" --hostname="server01" --network="Net" --dns="192.168.43.2" mcr.microsoft.com/windows/servercore:ltsc2019 powershell
PS C:\> nslookup testdomain.local
Server: UnKnown
Address: 192.168.43.2
Name: testdomain.local
Addresses: 192.168.43.2
192.168.52.133
PS C:\> nltest /sc_verify:testdomain.local
Flags: b0 HAS_IP HAS_TIMESERV
Trusted DC Name \\dc01.testdomain.local
Trusted DC Connection Status Status = 0 0x0 NERR_Success
Trust Verification Status = 0 0x0 NERR_Success
The command completed successfully
PS C:\>
Hey so I'm leaving this up as a mark of shame.
Notice that I used different users? Turns out I needed to use system and not the network service account. That fixed it.
Use double-quoted:
security_opt:
- "credentialspec=file://server01.json"
I'm following the instructions for this Docker image, which describes how to set up a new containerized RDF triplestore using Apache Fuseki. I think I can automate all the steps in those instructions for my data set using a Dockerfile, but there's one step, under "recognizing the dataset in Fuseki," that has you enter the GUI interface and add a new dataset there. Since I'd eventually like to automate this process, I'd like to find a command-line way to add a new dataset. It doesn't need to be anything fancy, just add a new dataset with a given name, like "db." Is there a way to do that? (And also, I guess, a way to run that command in the docker container?)
Here is what you need to do:
(1) Start your container with docker run -p 3030:3030 -it stain/jena-fuseki.
(2) Find your container's id $$$ with docker ps.
(3) Copy a config.ttl file to your docker container with docker container cp config.ttl $$$:config.ttl. An example config.ttl can look as follows:
#prefix fuseki: <http://jena.apache.org/fuseki#> .
#prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
#prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
#prefix tdb: <http://jena.hpl.hp.com/2008/tdb#> .
#prefix ja: <http://jena.hpl.hp.com/2005/11/Assembler#> .
#prefix : <#> .
<#service1> rdf:type fuseki:Service ;
fuseki:name "ds" ; # http://host:port/ds
fuseki:serviceQuery "sparql" ; # SPARQL query service
fuseki:serviceQuery "query" ; # SPARQL query service (alt name)
fuseki:serviceUpdate "update" ; # SPARQL update service
fuseki:serviceUpload "upload" ; # Non-SPARQL upload service
fuseki:serviceReadWriteGraphStore "data" ; # SPARQL Graph store protocol (read and write)
# A separate read-only graph store endpoint:
fuseki:serviceReadGraphStore "get" ; # SPARQL Graph store protocol (read only)
fuseki:dataset <#dataset> ;
.
<#dataset> rdf:type tdb:DatasetTDB ;
tdb:location "DB" ;
# Query timeout on this dataset (1s, 1000 milliseconds)
ja:context [ ja:cxtName "arq:queryTimeout" ; ja:cxtValue "1000" ] ;
# Make the default graph be the union of all named graphs.
## tdb:unionDefaultGraph true ;
.
(4) Commit the changes to your container with docker container commit $$$ stackoverflow/jena-fuseki:latest.
(5) Restart your container with: docker run -p 3030:3030 -it stackoverflow/jena-fuseki ./fuseki-server --config=/config.ttl.
(6) If you now go to http://localhost:3030 you should see your dataset.
I am running a web API on the host system and it's not exposed on public IP.
I want to access from a docker windows container running on the same system.
By initial analysis, it seems windows container does not support to access host system from within a container.
Tried to access API with the following address but on none of them are working.
https://host_system_ip:port/api/controller/action
https://default_gateway_ip:port/api/controller/action
https://localhost:port/api/controller/action
https://127.0.0.1:port/api/controller/action
For security reasons I cannot make that API to be accessed on public IP, the only host system and containers running on same host machine should be allowed to access web API.
This works fine for me from within container. Make sure you are on latest OS etc and nothing is missing.
PS C:\> docker run --rm microsoft/windowsservercore powershell invoke-webrequest 192.168.1.221 -useBasicParsing
StatusCode : 200
StatusDescription : OK
Content : Application 995184 and started on 3/21/2018 8:59:09 AM
RawContent : HTTP/1.1 200 OK
Content-Length: 54
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Wed, 21 Mar 2018 14:01:22 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Pow...
Forms :
Headers : {[Content-Length, 54], [Cache-Control, private],
[Content-Type, text/html; charset=utf-8], [Date, Wed, 21
Mar 2018 14:01:22 GMT]...}
Images : {}
InputFields : {}
Links : {}
ParsedHtml :
RawContentLength : 54
PS C:\> ipconfig
Windows IP Configuration
Ethernet adapter vEthernet (nat):
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::94d6:434:c0b6:8fdc%56
IPv4 Address. . . . . . . . . . . : 172.29.112.1
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
Ethernet adapter vEthernet (Internet):
Connection-specific DNS Suffix . : lan
Link-local IPv6 Address . . . . . : fe80::342a:be30:c7c:c1de%24
IPv4 Address. . . . . . . . . . . : 192.168.1.221
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1