Showing posts with label centos 7. Show all posts
Showing posts with label centos 7. Show all posts

Tuesday, December 12, 2017

Allow the outside world access your server in a container

I run docker containers of Nexus and httpd on a CentOS 7 host. I added a nexus.service to start the containers using docker-compose. I could access the nexus server from any machine after I started the service. But the next day, I could not access that server from other machines, running curl -k -X GET https://<host-ip> always got time out. The containers were still running and they were still bound to all interfaces because I could run curl -k -X GET https://<host-ip> on that host. The below shows those three ports 80,443,15001 of all interfaces are listened. NOTE: Proto=tcp6 doesn’t means “not listening on ipv4”.
# netstat -l -t
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp6       0      0 [::]:http               [::]:*                  LISTEN     
tcp6       0      0 [::]:15001              [::]:*                  LISTEN     
tcp6       0      0 [::]:https              [::]:*                  LISTEN
If I restart the service docker using systemctl restart docker, and service nexus systemctl start nexus, everything works again. If I reboot the server, docker starts and the containers are running, but I cannot access the Nexus server from any machine except the host.
It turns out that the host runs chef-client in the early morning and after rebooting, and set net.ipv4.ip_forward = 0. I can run sysctl net.ipv4.ip_forward=1 to make remote access to the Nexus server, and sysctl net.ipv4.ip_forward=0 to deny any access.
If I restarts the service docker, docker set net.ipv4.ip_forward=1 automatically. Check the docker document Communcating to the outside world
IP packet forwarding is governed by the ip_forward system parameter. Packets can only pass between containers if this parameter is 1. Usually you will simply leave the Docker server at its default setting —ip-forward=true and Docker will go set ip_forward to 1 for you when the server starts up. If you set —ip-forward=false and your system’s kernel has it enabled, the —ip-forward=false option has no effect. To check the setting on your kernel or to turn it on manually:
Posted by at 1 comment:
Labels: , , ,

Tuesday, October 24, 2017

VNC server won't start on my CentOS 7

I had to ask my boss to power down and power up the desktop in my office this morning. After the desktop came back, I could not access the vncserver because it failed to start. And I got this error when I run systemctl.
$ sudo systemctl start vncserver@\:2

Job for vncserver@:2.service failed because a configured resource limit was exceeded. See "systemctl status vncserver@:2.service" and "journalctl -xe" for details.
And I also found a Xvnc process started on :1 every time when I start the service.
I did find that `/usr/lib/systemd/system/vncserver@:2.service was missing and restored it like below:
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
User=bwang

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=-/usr/bin/vncserver -kill %i
ExecStart=/usr/bin/vncserver %i -nolisten tcp -localhost -geometry 1920x1080 -de
pth 24 
PIDFile=/home/bwang/.vnc/%H%i.pid
ExecStop=-/usr/bin/vncserver -kill %i

[Install]

WantedBy=multi-user.target
And I ran systemctl daemon-reload, systemctl disable vncserver@\:2.service, systemctl enable vncserver@\:2.service multiple times, but got the same error again and again.
I also tried using vncserver\@\:2 or vncserver@:2 for service name, it won’t fix it.
Finally when I ran vncserver from the command line, it showed this message
$ vncserver :2 -nolisten tcp -localhost -geometry 1920x1080 -depth 24

Warning: bwang.corp.rhapsody.com:2 is taken because of /tmp/.X11-unix/X2
Remove this file if there is no X server bwang.corp.rhapsody.com:2
A VNC server is already running as :2

New 'bwang.corp.rhapsody.com:1 (bwang)' desktop is bwang.corp.rhapsody.com:1

Starting applications specified in /home/bwang/.vnc/xstartup
Log file is /home/bwang/.vnc/bwang.corp.rhapsody.com:1.log
Obviously, when the deskotp was powered down, /tmp/.X11-unix/X2 was left on the hard drive, and it blocked vncserver from starting on display 2 again.
Removing /tmp/.X11-unix/X2 fix the problem.
NOTE: using vncserver@:2 without escaping : is ok when running systemctl.
Posted by at 2 comments:
Labels: , , ,

Thursday, August 17, 2017

Gnome Terminal Profile Export

I usually run screen on a remote server in PROD environment. Whenever I want to access the server, I SSH to that host, and run screen -D -R to resume the session I leave before. Using screen, you don’t have to worry about your SSH session suddenly goes down due to the Internet connection issue.
I also adjust the terminal running the SSH connection with a title and special color scheme so that I can quickly tell this is a PROD environment and need to be careful.
I create a Gnome terminal profile so that I only need to click “File” -> “Open Terminal” -> “prod-env”. “prod-env” is the profile name with all customized attributes:
  • Title
  • Terminal window size
  • Automatically run a command ssh -t <host> screen -D -R
  • Specified color-scheme
How can I share the profile among the multiple environments, e.g., a laptop and a desktop running Gnome environment? Of course, I can set it manually on both of machines. It would be better if I can export the profile and import it on other machines.
It is actually pretty simple. The following command works on CentOS 7.3 and Gnome 3.
  • Export
    dconf dump /org/gnome/terminal/ > /tmp/terminal-profile.dconf
  • Import
    cat /tmp/terminal-profile.dconf | dconf load
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)