We Keep Coding

Pm2 startup issue with CENTOS 8 / SELinux

Please, do you know how resolve this issue ?
I searched everywhere without finding.
06:45 SELinux is preventing systemd from open access on the file /root/.pm2/pm2.pid. For complete SELinux messages run: sealert -l d84a5a0b-cfcf-4cb9-918a-c0952bf70600 setroubleshoot
06:45 pm2-root.service: Can't convert PID files /root/.pm2/pm2.pid O_PATH file descriptor to proper file descriptor: Permission denied systemd 2
06:45 Failed to start PM2 process manager.
I have executed this command : sealert -l d84a5a0b-cfcf-4cb9-918a-c0952bf70600 setroubleshoot
Messages d'audit bruts
type=AVC msg=audit(1591498085.184:7731): avc: denied { open } for pid=1 comm="systemd" path="/root/.pm2/pm2.pid" dev="dm-0" ino=51695937 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file permissive=0
PM2 Version : 4.4.0
NODE version : 12.18.0
CentOS Version : 8
my systemd service :
[Unit]
Description=PM2 process manager
Documentation=https://pm2.keymetrics.io/
After=network.target
[Service]
Type=forking
User=root
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
Environment=PATH=/sbin:/bin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
Environment=PM2_HOME=/root/.pm2
PIDFile=/root/.pm2/pm2.pid
Restart=on-failure
ExecStart=/usr/lib/node_modules/pm2/bin/pm2 resurrect
ExecReload=/usr/lib/node_modules/pm2/bin/pm2 reload all
ExecStop=/usr/lib/node_modules/pm2/bin/pm2 kill
[Install]
WantedBy=multi-user.target
Thank you

As said in the comments, I had the exact same issue.
To solve this, just run the following commands as root after trying to start the PM2 service (in your case, this start attempt would be systemctl start pm2-root)
ausearch -c 'systemd' --raw | audit2allow -M my-systemd
semodule -i my-systemd.pp
This looks pretty generic, but it works. These lines were suggested by SELinux itself. To get them, I had to run the command journalctl -xe after trying to start the service

Two options:
Edit the systemd file that starts pm2 and specify an alternative location for the pm2 PIDFile). You'll have to make two changes, one to tell pm2 where to place the PIDFile, and one to tell systemd where to look for it. Replace the existing PIDFile line with the following two lines
Environment=PM2_PID_FILE_PATH=/run/pm2.pid
PIDFile=/run/pm2.pid
Create an SELinux rule that allows this particular behavior. You can do that exactly as Backslash36 suggest in their answer. If you want to create the policy file yourself rather than through audit2allow,the following should work, although then you have to compile it to a usable .pp file yourself.
module pm2 1.0;
require {
type user_home_t;
type init_t;
class file read;
}
#============= init_t ==============
allow init_t user_home_t:file read;

Error: timed out waiting for the condition

On Ubuntu 18.04 with Docker 18 and OpenShift OKD oc v3.11.0 a local cluster will not start successfully and produce a time out error message.
Is it possible to start a local cluster on Ubuntu 18.04 using oc cluster up? Is it supported? How should a cluster be started on Ubuntu 18.04.
myuser:~] $ oc cluster up --public-hostname='ocp.127.0.0.1.nip.io' --routing-suffix='apps.ocp.127.0.0.1.nip.io'
Getting a Docker client ...
Checking if image openshift/origin-control-plane:v3.11 is available ...
Pulling image openshift/origin-control-plane:v3.11
Pulled 1/5 layers, 23% complete
Pulled 2/5 layers, 43% complete
Pulled 3/5 layers, 80% complete
Pulled 4/5 layers, 96% complete
Pulled 5/5 layers, 100% complete
Extracting
Image pull complete
Pulling image openshift/origin-cli:v3.11
Image pull complete
Pulling image openshift/origin-node:v3.11
Pulled 5/6 layers, 88% complete
Pulled 6/6 layers, 100% complete
Extracting
Image pull complete
Creating shared mount directory on the remote host ...
Determining server IP ...
Checking if OpenShift is already running ...
Checking for supported Docker version (=>1.22) ...
Checking if insecured registry is configured properly in Docker ...
Checking if required ports are available ...
Checking if OpenShift client is configured properly ...
Checking if image openshift/origin-control-plane:v3.11 is available ...
Starting OpenShift using openshift/origin-control-plane:v3.11 ...
I0416 08:32:35.747717 22853 config.go:40] Running "create-master-config"
I0416 08:32:37.456151 22853 config.go:46] Running "create-node-config"
I0416 08:32:38.721454 22853 flags.go:30] Running "create-kubelet-flags"
I0416 08:32:39.763094 22853 run_kubelet.go:49] Running "start-kubelet"
I0416 08:32:39.972403 22853 run_self_hosted.go:181] Waiting for the kube-apiserver to be ready ...
I0416 08:33:13.978672 22853 interface.go:26] Installing "kube-proxy" ...
I0416 08:33:13.978684 22853 interface.go:26] Installing "kube-dns" ...
I0416 08:33:13.978689 22853 interface.go:26] Installing "openshift-service-cert-signer-operator" ...
I0416 08:33:13.978694 22853 interface.go:26] Installing "openshift-apiserver" ...
I0416 08:33:13.978704 22853 apply_template.go:81] Installing "openshift-apiserver"
I0416 08:33:13.978752 22853 apply_template.go:81] Installing "kube-dns"
I0416 08:33:13.978758 22853 apply_template.go:81] Installing "kube-proxy"
I0416 08:33:13.978788 22853 apply_template.go:81] Installing "openshift-service-cert-signer-operator"
I0416 08:33:15.418545 22853 interface.go:41] Finished installing "kube-proxy" "kube-dns" "openshift-service-cert-signer-operator" "openshift-apiserver"
Error: timed out waiting for the condition
[myuser:~] 1 $ docker version
Client:
Version: 18.09.1
API version: 1.39
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:35:31 2019
OS/Arch: linux/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 18.09.1
API version: 1.39 (minimum version 1.12)
Go version: go1.10.6
Git commit: 4c52b90
Built: Wed Jan 9 19:02:44 2019
OS/Arch: linux/amd64
Experimental: false
[myuser:~] $ oc version
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO
[myuser:~] $ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"
[myuser:~] $
I think this has to do with Ubuntu 18.04 using dnsmasq by default now. I had some success using script similar to below.
#!/bin/bash
sudo /bin/sh -c 'echo "nameserver 8.8.8.8" > /etc/resolv.conf'
oc cluster up --public-hostname='ocp.127.0.0.1.nip.io' --routing-suffix='apps.ocp.127.0.0.1.nip.io'
oc cluster down
sudo /bin/sh -c 'echo "nameserver 8.8.8.8" > /etc/resolv.conf'
sudo /bin/sh -c 'echo "nameserver 8.8.8.8" > ~/openshift.local.clusterup/kubedns/resolv.conf'
oc cluster up --public-hostname='ocp.127.0.0.1.nip.io' --routing-suffix='apps.ocp.127.0.0.1.nip.io'
So the problem seems to be that /etc/resolv.conf is different under Ubuntu 18.04 and not suitable for oc cluster up.
After you try above workaround you can test if DNS is working correctly using a script similar to below
#!/bin/bash
oc login -u system:admin -n default
podname=$(oc get pods | grep registry | awk '{print $1;}')
oc exec $podname host github.com

You can solve this issue by stopping all running containers on your machine or stop containers run by openshift if you have other important running containers on your machine and after run again the oc cluster up command:
docker container stop $(docker ps -q)
oc cluster up --skip-registry-check=true

After trying to fix all possible issues like timeouts, EOF, errors, panic and other random problems (I had all of them around 300 fails during oc up) I revert my vm to state before installing of below things and I've done it in correct way I guess because now it works like it should (+ I can do oc cluster up/down without stress)
PS. It can be also limit 100 pulls of Docker image from Openshift (try docker run hello-world).
`sudo apt update && sudo apt upgrade`
`sudo apt install curl`
`curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -`
`sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"`
`sudo apt update && sudo apt -y install docker-ce`
`sudo usermod -aG docker XXXX`
`groups XXXX`
`wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz`
`cat << EOF | sudo tee /etc/docker/daemon.json
{
"insecure-registries" : [ "172.30.0.0/16" ]
}
EOF`
`sudo systemctl daemon-reload`
`sudo systemctl restart docker`
`sudo systemctl is-enabled docker`
`sudo systemctl is-active docker`
Regards,
Artur

Zabbix Server crash. No connection to mysql, no log files and no system process

our Zabbix Server is running (service zabbix-server start: Job is already running: zabbix-server) and our MySQL Database is running, too.
But the dashboard of the Zabbix Server gives the following information:
"Zabbix Server is not running".
Furthermore there is no Zabbix-server process when I check the processes in the server machine with "ps aux | grep zabbix".
Moreover there a no log files.
Last day I edited the zabbix-server.conf and changed the "MaxHousekeeperDelete" from "500" to "200".
Note: This command isn´t working when in the init.d folder: "./zabbix-server -c /etc/zabbix/zabbix_server.conf"
Can someone help?
King regards :-)
Zabbix Version: 3.2
SYSTEM: Ubuntu 14.04.5 LTS (GNU/Linux 3.19.0-69-generic x86_64)

Check if there is a .pid file for zabbix on the system and delete it.
Then try to start the server again.
This should be a comment but don't have enough rep to do so.
EDIT:
Can you ensure the nscd is running with ps aux| grep nscd? If not install it with sudo apt-get install nscd
EDIT2:
Also can you please ensure that you have set START=yes in /ets/default/zabbix-server

Windows container failed to start with error, "failed to create endpoint on network nat: HNS failed with error : Failed to create endpoint."

I have been trying Windows Containers on windows server 2016 TP5. Suddenly I started getting error while running a container with port maping option -p 80:80
c:\>docker run -it -p 80:80 microsoft/iis cmd
docker: Error response from daemon: failed to create endpoint sharp_brahmagupta on network nat: HNS failed with error : Failed to create endpoint.
I made sure that no other container is running and port 80 on host machine is not being used by any other service.
Did anyone face same issue?

After searching around I stunbled upon this issue on github. This seemed to be a known issue with Windows containers on Windows server TP5.
Then thanks to this forum, I found the solution
You can check active static port mapping with below command
C:\>powershell
PS C:\>Get-NetNatStaticMapping
StaticMappingID : 3
NatName : Hda6caca4-06ec-4251-8a98-1fe0b4c5af88
Protocol : TCP
RemoteExternalIPAddressPrefix : 0.0.0.0/0
ExternalIPAddress : 0.0.0.0
ExternalPort : 80
InternalIPAddress : 172.31.181.4
InternalPort : 80
InternalRoutingDomainId : {00000000-0000-0000-0000-000000000000}
Active : True
From above output it seemed that even though container was removed the static port mapping was not removed and was still active.
But I removed it with below command.
PS C:\> Get-NetNatStaticMapping | ? ExternalPort -eq 80 | Remove-NetNatStaticMapping
Then simply rebooted the system and the error was gone.

For me these steps solved the problem:
Stop-Service docker
Get-ContainerNetwork | Remove-ContainerNetwork
Get-NetNat | Remove-NetNat
Get-VMSwitch | Remove-VMSwitch
Start-Service docker
(suggested by JMesser81 at:https://github.com/Microsoft/Virtualization-Documentation/issues/273)

I had similar error.
$ docker --version
Docker version 1.13.0-rc3, build 4d92237
$ docker-compose -f .\docker-compose.windows.yml up
Starting musicstore_db_1
ERROR: for db Cannot start service db: {"message":"failed to create endpoint musicstore_db_1 on network nat: HNS failed with error : Unspecified error"}
ERROR: Encountered errors while bringing up the project.
Static mapping removal did not work, only network removal helped:
Get-ContainerNetwork -Name nat | Remove-ContainerNetwork
Execute the command in PowerShell as administrator, then restart Docker.
Update:
Use CleanupContainerHostNetworking.ps1 script to resolve Docker 17 networking issues.
.\CleanupContainerHostNetworking.ps1 -Cleanup -ForceDeleteAllSwitches

I had a docker and docker-compose which were already working on Centos.
I did the following changes to make it work on windows server 2016:
Stop the docker service, remove nat, start the docker service.
ps>stop-service docker
ps>Get-ContainerNetwork | Remove-ContainerNetwork -Force -ea SilentlyContinue
ps>start-service docker
Configure network in your docker-compose.yml
version: '3.7'
networks:
default:
external:
name: nat
That's It!

Unable to set endpoint using the Azure CLI

I used docker-machine with Azure as the driver to spin up a VM. I then deployed a simple nginx test container on to the host. My issue is that when I try to set and endpoint I am getting the following error:
azure vm endpoint create huldra 80 32769
info: Executing command vm endpoint create
+ Getting virtual machines
+ Reading network configuration
+ Updating network configuration
error: Parameter 'ConsoleScreenshotBlobUri' should not be set.
info: Error information has been recorded to /Users/ryan/.azure/azure.err
error: vm endpoint create command failed
When I look at the error log it pretty much repeats what the console said Parameter 'ConsoleScreenshotBlobUri' should not be set.
Here are my docker and azure environment details:
❯ docker info
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 3
Server Version: 1.10.2
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 21
Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins:
Volume: local
Network: bridge null host
Kernel Version: 4.2.0-18-generic
Operating System: Ubuntu 15.10
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.636 GiB
Name: huldra
ID: PHUY:JRE3:DOJO:NNWO:JBBH:42H2:56ZO:HVSB:MZDE:QLOI:GO6F:SCC5
WARNING: No swap limit support
Labels:
provider=azure
~/Projects/dockerswarm master*
❯ docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ce51127b2bb8 nginx "nginx -g 'daemon off" 11 minutes ago Up 11 minutes 0.0.0.0:32769->80/tcp, 0.0.0.0:32768->443/tcp machinenginx
❯ azure --version
0.9.17 (node: 5.8.0)
❯ azure vm list
info: Executing command vm list
+ Getting virtual machines
data: Name Status Location DNS Name IP Address
data: ------ --------- -------- ------------------- -------------
data: huldra ReadyRole West US huldra.cloudapp.net x.x.x.x
info: vm list command OK