I was doing some experiment on live migration using virsh. When I input anything related to tls, such as "# virsh -c qemu+tls://source/system",or "libvirtd --listen", there would be errors like "GNUTLS support not available in this build". So, here is what I tried to fix it:
Reinstall libvirt with --with-gnutls
#yum install gnutls-devel
#sh ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib64 --with-gnutls
After it successfully installed, reload it
# systemctl daemon-reload
# systemctl restart libvirtd
then I tried again my experiment, still there are errors "GNUTLS support not available in this build".
Any hints helpful will be appreciated sincerely.
Create TLS certificate first, follow the instruction on libvirt official website. Then reinstall libvirt again, everything goes right.
Related
I just installed CentOS 8 and added nodejs (tried v12 & v14) And then I installed pm2 using npm install pm2#latest (so at the time of posting it uses v4.4.0). I did try an older version (v3.5.0), but it does the exact same thing.
and after pm2 got installed, i ran the command "pm2 startup"
after a restart, pm2 does start, but gets killed after 90 seconds and then restarts giving this message
"pm2 has been killed by signal, dumping process list before exit..."
First, I thought it was because of my app (the one that pm2 is supposed to manage), but i removed it from pm2, so it's practically empty, but it does the same thing
Running the following command as root worked for me:
pm2 update
I had the same issue and I tried several solutions online but none worked for me.
However, I completely removed pm2, restarted the server, and reinstalled pm2 and that does it for me.
1- Stop and remove pm2
pm2 kill
sudo npm remove pm2 -g
2- Restart the server
sudo reboot
3- Log in again, then reinstall pm2
sudo npm install -g pm2
I did not disable SE Linux (I think it's not safe to disable it), but the following method helped me:
Edit file: /etc/systemd/system/pm2-root.service
Add new line: Environment=PM2_PID_FILE_PATH=/run/pm2.pid
And replace: PIDFile=/root/.pm2/pm2.pid to: PIDFile=/run/pm2.pid
Versions:
CentOS 8.3.2011
Node.js 14.16.0
NPM 7.7.5
PM2 4.5.5
Original answer. Thanks Alec!
Later update. For those who are facing the same issues. It's an issue related to SE Linux. Known workarounds (the ones I discovered).
Disabling SE Linux (obviously, not recommended)
go to /etc/systemd/system/pm2-root.service - comment PIDFile=... (add a # in front of that line)
Audit and trace - use following commands:
# dnf install policycoreutils-python-utils setroubleshoot-server -y
# journalctl -f
At ths point, you should see the solution in the output (the log)
it should be something like:
# ausearch -c 'systemd' --raw | audit2allow -M my-systemd
# semodule -i my-systemd.pp
You need to do the last step (ausearch... and semodule...) twice - I did it once, restarted the machine and noticed the same issue after 90 seconds. But if you read the log carefully, you will notice that the issue seems to be outputed twice. (looks the same). Probably two things are trying to write to that file (pm2-root.service).
Still waiting for the perfect solution (done by the person that really knows how to fix this in a proper manner), but for those that have this issue, any of these options seem to work just fine.
I've had this problem (on Debian), when for some reason two "PM2 God Daemon" processes (not threads) were launched, so they conflicting with each other.
Killing one of them solved the issue.
I'm getting an error while trying to connect raspberry running ubuntu mate to my Google Cloud SQL instance.
These are the step I did to install:
git clone https://github.com/GoogleCloudPlatform/cloudsql-proxy
cd cloudsql-proxy/
sudo sh download_proxy.sh
My instance is configured this way (I deleted some characters in the image and in the code):
I didn't set the network because I'll be using proxy
Then I download into the same folder my JSON key.
wget https://drive.google.com/file/d/my_key.json
And the start the proxy
sudo ./cloud_sql_proxy -instances=be - 21:us-central1:be =tcp:3306 \
-credential_file=./my_key.json &
But I'm getting the error:
pi#pi:~/cloudsql-proxy$ ./cloud_sql_proxy: 1: ./cloud_sql_proxy:
Syntax error: ")" unexpected
I've tried removing the .json and I was getting the same error before without credential, I think that the problem is in the setup.
My dir ls is:
Any help is appreciated :)
download_proxy.sh downloads the proxy compiled for the amd64 architecture of CPU (aka x86_64). Your raspberry Pi has a ARM CPU, so this binary cannot run on your machine.
Google does not provide pre-build ARM versions of the proxy. I don't even know if it is able to build on ARM CPU. If it is possible, this is how you must do it:
Install go, e.g. with apt-get install golang
Setup a GOPATH, as per https://github.com/golang/go/wiki/GOPATH
Run go get github.com/GoogleCloudPlatform/cloudsql-proxy/cmd/cloud_sql_proxy
Run the proxy with $GOPATH/cloud_sql_proxy -instances=...
Ok.
I'm sharing what I did to make it work, as David I don't know what version was I downloading.
I tried to avoid installing Go but it was the only way to get it installed.
sudo apt-get install golang-go
export GOPATH=$HOME/go
go get github.com/GoogleCloudPlatform/cloudsql-proxy/cmd/cloud_sql_proxy
cd $GOPATH/bin
wget your_key.json
sudo ./cloud_sql_proxy -instances=the_full_name_of_the_instance=tcp:3306 -credential_file=./your_key.json &
But I was getting a error because I already have mysql running localy in the same port
So now I'm using a unix soquet
sudo ./cloud_sql_proxy -instances=the_full_name_of_the_instance -credential_file=./your_key.json &
And then it's ready for connections :)
Thanks guys
I found issues with this when compiling SQL-proxy. I did, however, find the instructions here worked great on my raspberry pi 3. Have to make sure to remove all prior installations then reinstall it
wget https://storage.googleapis.com/golang/go1.9.linux-armv6l.tar.gz
sudo tar -C /usr/local -xzf go1.9.linux-armv6l.tar.gz
export PATH=$PATH:/usr/local/go/bin # put into ~/.profile`
I'n having a problem when running some npm test. The error I'm receiving is: "NaCl helper process running without a sandbox!", which is true, as I'm running the browser with the "--no-sandbox" option. I have to run this option due to the fact that the browser runs as root, and I don't have an option to run it a different user at all(it's a docker image).
Can anyone please help me to sort it out?
P.S I'm installing the browser in the following way:
RUN apt-get update
RUN apt-get install -y nodejs npm
RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
RUN sh -c 'echo "deb https://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
RUN apt-get install -y apt-transport-https
RUN apt-get update
RUN apt-get install -y google-chrome-stable
Thanks in advance!
This error message...
NaCl helper process running without a sandbox!
...implies that you have no setuid sandbox in your system, hence the program was unable to initiate/spawn a new Browsing Context i.e. Chrome Browser session.
Solution
A quick solution will be, if you want to run Chrome and only use the namespace sandbox, you can set the flag:
--disable-setuid-sandbox
This flag will disable the setuid sandbox (Linux only). But if you do so on a host without appropriate kernel support for the namespace sandbox, Chrome will not spin up. As an alternative you can also use the flag:
--no-sandbox
This flag will disable the sandbox for all process types that are normally sandboxed.
Example:
chromeOptions: {
args: ['--disable-setuid-sandbox', '--no-sandbox']
},
You can find a detailed discussion in Security Considerations - ChromeDriver - Webdriver for Chrome
Deep dive
As per the documentation in Linux SUID Sandbox Development google-chrome needs a SUID helper binary to turn on the sandbox on Linux. In majority of the cases you can install the proper sandbox for you using the command:
build/update-linux-sandbox.sh
This program will install the proper sandbox for you in /usr/local/sbin and tell you to update your .bashrc if required.
However, there can be some exceptions as an example, if your setuid binary is out of date, you will get messages such as:
Running without the SUID sandbox!
Or
The setuid sandbox provides API version X, but you need Y
You are using a wrong version of the setuid binary!
In these cases, you need to:
Build chrome_sandbox whenever you build chrome (ninja -C xxx chrome chrome_sandbox instead of ninja -C xxx chrome)
After building, execute update-linux-sandbox.sh.
# needed if you build on NFS!
sudo cp out/Debug/chrome_sandbox /usr/local/sbin/chrome-devel-sandbox
sudo chown root:root /usr/local/sbin/chrome-devel-sandbox
sudo chmod 4755 /usr/local/sbin/chrome-devel-sandbox
Finally, you have to include the following line in your ~/.bashrc (or .zshenv):
export CHROME_DEVEL_SANDBOX=/usr/local/sbin/chrome-devel-sandbox
If you are using karma to run your tests, make sure you are using ChromeHeadless as the browser on karma.conf.js
I read this article in fedoramagzine.org and followed the process. Since then I am unable to perform updates, installation etc from both yum and dnf.
This is the error I get from DNF
Abhinav#localhost ~$ sudo dnf update
[sudo] password for Abhinav:
Error: Failed to synchronize cache for repo 'fedora' from
'https://mirrors.fedoraproject.org/metalink?repo=fedora-21&arch=x86_64':
Cannot prepare internal mirrorlist: Curl error: Timeout was reached
for
https://mirrors.fedoraproject.org/metalink?repo=fedora-21&arch=x86_64
[Connection timed out after 120002 milliseconds]
and this is the error I get when using YUM
Abhinav#localhost ~$ sudo yum update Loaded plugins: langpacks
One of the configured repositories failed (Fedora 21 - x86_64), and
yum doesn't have enough cached data to continue. At this point the
only safe thing yum can do is fail. There are a few ways to work
"fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Disable the repository, so yum won't use it by default. Yum will then
just ignore the repository until you permanently enable it again or use
--enablerepo for temporary usage:
yum-config-manager --disable fedora
4. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=fedora.skip_if_unavailable=true
Cannot retrieve metalink for repository: fedora/21/x86_64. Please
verify its path and try again
I even emptied all the repos in /etc/yum.repos.d except for the original 3 repos you get when you install distro.
UPDATE ::
#Etan Reisner Here is the output of rpm -qa nss\*
Abhinav#localhost ~$ rpm -qa nss\*
nss-softokn-freebl-3.17.3-1.fc21.x86_64
nss-util-devel-3.17.3-1.fc21.x86_64 nss-sysinit-3.17.3-2.fc21.x86_64
nss-util-3.17.3-1.fc21.x86_64 nss-tools-3.17.3-2.fc21.x86_64
nss-softokn-freebl-3.17.3-1.fc21.i686 nss-3.17.3-2.fc21.x86_64
nss-softokn-freebl-devel-3.17.3-1.fc21.x86_64
nss-mdns-0.10-15.fc21.x86_64 nss-mdns-0.10-15.fc21.i686
nss-util-3.17.3-1.fc21.i686 nss-softokn-3.17.3-1.fc21.i686
nss-devel-3.17.3-2.fc21.x86_64 nss-softokn-devel-3.17.3-1.fc21.x86_64
nss-3.17.3-2.fc21.i686 nss-softokn-3.17.3-1.fc21.x86_64
UPDATE 2
Formatted my laptop and re-installed Fedora 21. After 3 sudo dnf updates. I am stuck with this problem again. This time i didn't follow the steps on the previous article.
On further google search I found https://fedorahosted.org/fedora-infrastructure/ticket/4517 which talks about same error. It is closed but I can't find a proper solution again.
If you sit behind a proxy, you have to configure dnf accordingly. (Even if the user's proxy settings are fine, you have to set them for dnf anyway.) The dnf settings are stored in /etc/dnf/dnf.conf. The syntax is:
proxy=<protocol>://<ip or name>:<port>
If this is not your problem, try to download the metadata with the browser to ensure, that your network connection to the url is working.
The file to receive should be an xml file. If you cannot download the metadata via the browser, chances are, that either port 443 (for https) is blocked or there is something wrong with your internet connection.
Issue
Had similar errors with kubernete (k83) while starting Fedora 23 VM master with vagrant
Error: Failed to synchronize cache for repo 'updates' from
System Spec
OS
Darwin Kernel Version 15.6.0: Wed Nov 2 20:30:56 PDT 2016; root:xnu-3248.60.11.1.2~2/RELEASE_X86_64 x86_64
Vagrant
Installed Version: 1.9.2 Latest Version: 1.9.2
Fedora
Fedora23 x86_64
RCA
While logged into fedora23VM , running yum update in verbose mode
sudo yum --verbose update a curl timeout on downloading from each of the repository presented in the metalink.
e.g
error: Curl error (56): Failure when receiving data from the peer for http://ftp.polytechnic.edu.na/pub/fedora/linux/updates/23/x86_64/repodata/af3c46471b1d685f22c72a5e16d7383d333fb89db278711b2b8c794e29a91eaa-filelists.xml.gz [Recv failure: Connection reset by peer] (http://ftp.polytechnic.edu.na/pub/fedora/linux/updates/23/x86_64/repodata/af3c46471b1d685f22c72a5e16d7383d333fb89db278711b2b8c794e29a91eaa-filelists.xml.gz).
2.Tried curl download without the ssl certificate verification and it worked
i.e
curl -k -O https://www.ftp.saix.net/linux/distributions/fedora/linux/updates/23/x86_64/repodata/repomd.xml
Solution
Disable ssl certificate verification during the yum update i.e
sudo yum --verbose update --setopt "sslverify=0" -y
I've recently installed MacPorts as explained on MacPorts website. All the process went well. The .profile file in my home directory has been updated (in this file the paths "/opt/local/bin" and "/opt/local/sbin" are added to the environment variable PATH) and all the macports files are in the directory "/opt". When I type "which port" in the shell, it returns "/opt/local/bin/port".
But something weird happens when I ask to install the port "octave-devel" (I've installed MacPorts to use Octave on my Mac in the first place). So when I enter the command "sudo port install octave-devel +atlas+docs" (as explained in GNU Octave wiki) in the terminal and type my password, the shell replies "Error: Port octave-devel not found". However the port "octave-devel" seems to exist because I've found its description on this page of the macports website.
Because I had to use Octave quickly I first wanted to uninstall MacPorts and install Fink instead and I tried the method described on the MacPorts website but after I typed "sudo port -fp uninstall installed" it returned "Error: No ports matched the given expression". I couldn't even uninstall this software! I really think that it is a problem of MacPorts itself and not the octave port but I can't find what exactly.
Eventually I used Octave on a Windows computer but it annoys me not to know what is wrong with MacPorts on my computer. And mainly, I want to be capable to use GNU Octave on my Mac because I need it for school.
Thank you in advance and happy holidays.
I'm not sure which version of OSX you are running, however, I have octave (not octave-devel) version 3.6.4 installed via macports on a machine running OSX 10.9.1. This was built using:
sudo port install octave
which yields a known bug building the atlas dependency that results from a missing fortran compiler. At this point you have two options. Before attempting to install octave first try to install atlas separately, either overriding the standard clang compiler with the gcc4x flag, or install atlas using:
sudo port install atlas +nofortran
which runs fine using clang. With atlas installed, octave should build to completion although there is a possibility that you will find an error regarding the use of arpack by apple as a vector library. Using +arpack is preferred, so it may be useful to load this by hand as well before starting your octave install.
Trying to install Octave using MacPorts I ran into a similar problem.
Summary
My solution was to first clean & build atlas separately using gcc47 instead of the default mpclang34. Then to build the default octave.
Details
This is on a MacBook running an older OS (10.7.5), the standard Octave (3.8.2) package failed to build - it hung on building the atlas dependency.
Solution:
sudo port clean atlas
sudo port -v install atlas +gcc48
sudo port -v install octave +atlas+docs
I'm currently going through the process of installing Octave via MacPorts. I used the following command which I found on Shifteleven.com:
sudo port install octave-devel +gcc45
It seems to be working so far. You also need to make sure you've installed the Xcode command line tools, which is something that I forgot to do the first time I tried.
I also ran into problems installing Octave using Macports on OSX 10.10.1 and solved them, similar to #Tom_N_PDX and #isak.
Short version
I got it working using one of the options described by #isak.
More detailed version
Running sudo port install octave failed because of the missing Fortran compiler problem.
I next installed Fortran using Macports sudo port install gcc48 and then tried re-installing Octave
sudo port clean octave
sudo port install octave
This "hung" on Atlas, as others have mentioned, although I now realize it just takes a long time and I killed it before it finished. Likely it would have worked, as the output said it had found Fortran
Selected C compiler: /usr/bin/clang
Selected F77 compiler: gfortran48
I then installed atlas separately, using the +gcc48 flag, as suggested by #isak
sudo port install atlas +gcc48
but it displayed the same compiler information as above (consistent with my conjecture that the above would have worked). This process took about 4 hours. You can monitor the progress of the task in the logfile (found with the command sudo port logfile atlas), which reassures you it's doing something and not "hung". (Oddly the output does halt mid-message, but it always eventually resumed. Also there were a lot of warning messages.)
Last, running the following worked:
sudo port clean octave
sudo port install +arpack
I actually first tried without the +arpack option and it worked but I got the following message, consistent with #isak's answer
WARNING: Dependency 'arpack' is installed with the +accelerate variant, using Apple's Vector Libraries which have some known bugs that can cause Octave to crash if using certain functions in arpack. The +atlas variant does not have these issues with Octave, but does take many hours to compile even on modern hardware.
When I reinstalled Octave with the +arpack flag it took less than a minute (because I had already installed Atlas).
I had a similar problem with MacPorts. I would recommend using HomeBrew instead. Here are the commands to install Octave on HomeBrew:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew update
brew upgrade
brew install octave