alexus's questions

recebi uma notificação da Victoria Risk [email protected]

Novas versões do BIND estão disponíveis: 9.18.35, 9.20.7, 9.21.6

depois que baixei a imagem mais recente, o bind9 não consegue iniciar devido ao seguinte novo erro:

$ docker compose up
[+] Running 2/1
 ✔ Network bind_bind  Created                                                                                                                                                                                                                                                            0.2s
 ✔ Container bind9    Created                                                                                                                                                                                                                                                            0.0s
Attaching to bind9
bind9  | named: setgid(): Operation not permitted
bind9 exited with code 1
$ 

O bind9 funcionava bem antes de extrair a nova imagem mais recente.

meu ambiente:

$ uname -a
Linux gamma 6.1.0-26-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux
$ docker --version
Docker version 27.3.1, build ce12230
$ docker compose version
Docker Compose version v2.29.7
$

meudocker-compose

$ cat docker-compose.yml
services:
  bind:
    image: internetsystemsconsortium/bind9:9.20
    container_name: bind9
    env_file: .env
    expose:
      - 80
      - 443
      - 853
    networks:
      - default
    ports:
      - 0.0.0.0:53:53/udp
      - 0.0.0.0:53:53/tcp
      - 0.0.0.0:443:443/tcp
      - 0.0.0.0:853:853/tcp
      - 127.0.0.1:953:953/tcp
    restart: always
    volumes:
      - ./etc/bind:/etc/bind
      - ./var/cache/bind:/var/cache/bind
      - ./var/lib/bind:/var/lib/bind
      - ./var/log:/var/log

networks:
  default:
    name: bind_bind
    driver: bridge

$

named.conf:

$ cat ./etc/bind/named.conf
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
    algorithm hmac-sha256;
    secret "XYZ";
};
#
controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf

logging {
        channel stdout {
                stderr;
                severity debug;
#                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category security { stdout; };
        category dnssec   { stdout; };
        category default  { stdout; };
        category queries  { stdout; };
};

tls local-tls {
    key-file "/etc/bind/letsencrypt/X.Y.Z/privkey.pem";
    cert-file "/etc/bind/letsencrypt/X.Y.Z/fullchain.pem";
};

http local-http-server {
    endpoints { "/dns-query";  };
};

options {
    allow-query-cache { any; };
        allow-recursion {
        X.X.X.X/Y;
    };
        allow-transfer {
        X.X.X.X/Y;
    };
        allow-update { none; };
        directory "/var/cache/bind";
    http-port 80;
    https-port 443;
    listen-on port 53 { any; };
    listen-on port 80 tls none http local-http-server { any; };
    listen-on port 443 tls local-tls http local-http-server { any; };
    listen-on-v6 port 53 { any; };
    listen-on-v6 port 80 tls none http local-http-server { any; };
    listen-on-v6 port 443 tls local-tls http local-http-server { any; };

        max-cache-size 100M;
        max-cache-ttl 3600;
        max-ncache-ttl 3600;

        # https://kb.isc.org/docs/bind-best-practices-authoritative#6-prepare-for-abuse-of-any-externalfacing-servers
        rate-limit {
#                slip 2; // Every other response truncated
#                window 15; // Seconds to bucket
                responses-per-second 5;// # of good responses per prefix-length/sec
#                referrals-per-second 5; // referral responses
#                nodata-per-second 5; // nodata responses
#                nxdomains-per-second 5; // nxdomain responses
#                errors-per-second 5; // error responses
#                all-per-second 20; // When we drop all
#                log-only no; // Debugging mode
#                pps-scale 250; // x / 1000 * per-second
#                // = new drop limit
#                exempt-clients { 127.0.0.1; 192.153.154.0/24; 192.160.238.0/24 };
#                ipv4-prefix-length 24; // Define the IPv4 block size
#                ipv6-prefix-length 56; // Define the IPv6 block size
#                max-table-size 20000; // 40 bytes * this number = max memory
#                min-table-size 500; // pre-allocate to speed startup
        };

    version none;
};

$

por favor, avise.

infelizmente o usuário/equipe do internetsystemsconsortium não tem uma tag específica de versão de 3º nível, o que me impede de fazer o rollback: https://hub.docker.com/r/internetsystemsconsortium/bind9/tags

Estou executando o BIND9 dentro de um contêiner Docker e notando muitas mensagens como esta:

bind9 | 13-Nov-2024 22:39:13.792 consultas: info: cliente @0x7f81a0077000 200.55.244.14#7459 (.): consulta: . IN ANY +E(0) (172.19.0.2)

Agora estou tentando implementar “Response Rate Limiting (RRL)” seguindo as Melhores Práticas do BIND - Autoritativo e/ou Usando Response Rate Limiting (RRL) . No entanto, mesmo após adicionar a seguinte configuração, não parece estar fazendo nenhuma diferença:

options {
         …
          rate-limit {
              responses-per-second 5;
          };
      };

meu ambiente:

$ docker --version
Docker version 27.3.1, build ce12230
$ docker compose version
Docker Compose version v2.29.7
$ cat /etc/debian_version
12.7
$ uname -a
Linux X 6.1.0-26-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux
$ docker images internetsystemsconsortium/bind9
REPOSITORY                        TAG       IMAGE ID       CREATED       SIZE
internetsystemsconsortium/bind9   9.21      2fe7f58e77a3   4 weeks ago   371MB
$

Por favor, avise) Obrigado antecipadamente!

Tentei replicar o dd-es-remote-casegredo do defaultnamespace para o kube-systemnamespace. Apesar de não encontrar erros durante o processo, o segredo não foi copiado com êxito.

% kubectl --namespace default get secret dd-es-remote-ca -o yaml | sed 's/namespace: default/namespace: kube-system/'
apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNekNDQWh1Z0F3SUJBZ0lRYlJYNlJ6amFSQ0gwcWZ1VTNldFNSakFOQmdrcWhraUc5dzBCQVFzRkFEQWsKTVFzd0NRWURWUVFMRXdKa1pERVZNQk1HQTFVRUF4TU1aR1F0ZEhKaGJuTndiM0owTUI0WERUSTBNREl3TnpJdwpORGMxT0ZvWERUSTFNREl3TmpJd05UYzFPRm93SkRFTE1Ba0dBMVVFQ3hNQ1pHUXhGVEFUQmdOVkJBTVRER1JrCkxYUnlZVzV6Y0c5eWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUs4VzdNUEIKOU1YTU9KTGlqbnB3czYwR3gySm0vNzdiNmlxUGN1Y3lPZEVnZkVyZFJWcU13OWtyUlY5ZG92UFFLcHhxdXpZMgpLemFpYnpLb0ZVVWZpSEVJL0p2N1Y4c3ZWNkJSK3FudXFMbE9XcG90cWNiU205WGNUWmo4Mm5xU3o4UytSSFgrCmNMM1phTG0rczdlWHRIWDF1YzdYTEFMdDFyc1dFQkYrbWFoUmxXclR2VW1PdFdsL25wQ0FTY001MlROVW0yVTUKNUI0eklxa29OeXQrdG9IS0ZZYjZpZnVPNWlBUGtwVDBNQjRFbE1KNk45b1ZPTmllNDdGV0ZJUStqVmxyNXcrbQpEQzVnbVN4eE9oaCs0MHRoc1FBN1hLSkUvY3hCaVlxMmUyckxDM1JDdTUrWXJEUUpiaFpaT2dOb2QwT2syQVpqCis4QkNSaExIOEdlcldTVUNBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC9CQVFEQWdLRU1CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSdQp4dEVqL3Rxenl5RWFNZ0F4NFc2SkpNeWRYVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbFFIbEtPcm1TUEZFCjNZR3p1Zm1ZaWVacUlZTXBBclJ2alR6SUFtams5SnFqbVYxK2Y2QXVFdE9CYy9NeHdwSEtuTHNZZVhRNUd1QVAKT0tsVTBiWGNiTmFocnd0Smg5YjVxWThSU1lMbmlrdTZxbHloK2taZHdZSTRxNW16dlVIeEJtUmpnaWJSbk05UQpLSE82QVkvbGtyNkQ5K0dJOHNDTlNLU2N5VUxVaVg0Um9sblpkUEdabmplbGFXNFBMMTVCRXNiMkRGTTV6WmVaCjBrR1p5RXhDWXdoWVZXKzlQVEo5aTRhcThYYmkvMDF4YlpxOWRIekhzd0E5SHBFcXpBVW1zeGJLQVJJUDhoNlAKdzRPQ21xbWFmY1MyaUtvdGtjQ0JrL1BiN0kzU0lmc09mczExTnVnNUFxOUYwUmd1a1FNUTJmT3pqM1FEbG1WYgpYcjZ5bE5ENGtRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
kind: Secret
metadata:
  creationTimestamp: "2024-02-07T20:57:58Z"
  labels:
    elasticsearch.k8s.elastic.co/cluster-name: dd
  name: dd-es-remote-ca
  namespace: kube-system
  ownerReferences:
  - apiVersion: elasticsearch.k8s.elastic.co/v1
    blockOwnerDeletion: true
    controller: true
    kind: Elasticsearch
    name: dd
    uid: 21e623d1-8711-4273-8d55-82d7f85ea5eb
  resourceVersion: "84366"
  uid: ec59fa6f-910c-4934-bdca-9f5105a67512
type: Opaque
%
% kubectl get secret dd-es-remote-ca --namespace default -o yaml | sed 's/namespace: default/namespace: kube\-system/g' | kubectl apply -f -
secret/dd-es-remote-ca created
% kubectl --namespace kube-system get secrets
No resources found in kube-system namespace.
%

O que estou fazendo de errado? por favor informe) obrigado!

% kubectl --namespace default get secret dd-es-remote-ca -o yaml | yq 'del ( .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid )' | sed 's/namespace: default/namespace: kube-system/' | kubectl apply -f -
secret/dd-es-remote-ca created
% kubectl --namespace kube-system get secrets
No resources found in kube-system namespace.
% kubectl --namespace default get secret dd-es-remote-ca -o yaml | yq 'del ( .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid )' | sed 's/namespace: default/namespace: kube-system/'
apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNekNDQWh1Z0F3SUJBZ0lRYlJYNlJ6amFSQ0gwcWZ1VTNldFNSakFOQmdrcWhraUc5dzBCQVFzRkFEQWsKTVFzd0NRWURWUVFMRXdKa1pERVZNQk1HQTFVRUF4TU1aR1F0ZEhKaGJuTndiM0owTUI0WERUSTBNREl3TnpJdwpORGMxT0ZvWERUSTFNREl3TmpJd05UYzFPRm93SkRFTE1Ba0dBMVVFQ3hNQ1pHUXhGVEFUQmdOVkJBTVRER1JrCkxYUnlZVzV6Y0c5eWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUs4VzdNUEIKOU1YTU9KTGlqbnB3czYwR3gySm0vNzdiNmlxUGN1Y3lPZEVnZkVyZFJWcU13OWtyUlY5ZG92UFFLcHhxdXpZMgpLemFpYnpLb0ZVVWZpSEVJL0p2N1Y4c3ZWNkJSK3FudXFMbE9XcG90cWNiU205WGNUWmo4Mm5xU3o4UytSSFgrCmNMM1phTG0rczdlWHRIWDF1YzdYTEFMdDFyc1dFQkYrbWFoUmxXclR2VW1PdFdsL25wQ0FTY001MlROVW0yVTUKNUI0eklxa29OeXQrdG9IS0ZZYjZpZnVPNWlBUGtwVDBNQjRFbE1KNk45b1ZPTmllNDdGV0ZJUStqVmxyNXcrbQpEQzVnbVN4eE9oaCs0MHRoc1FBN1hLSkUvY3hCaVlxMmUyckxDM1JDdTUrWXJEUUpiaFpaT2dOb2QwT2syQVpqCis4QkNSaExIOEdlcldTVUNBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC9CQVFEQWdLRU1CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSdQp4dEVqL3Rxenl5RWFNZ0F4NFc2SkpNeWRYVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbFFIbEtPcm1TUEZFCjNZR3p1Zm1ZaWVacUlZTXBBclJ2alR6SUFtams5SnFqbVYxK2Y2QXVFdE9CYy9NeHdwSEtuTHNZZVhRNUd1QVAKT0tsVTBiWGNiTmFocnd0Smg5YjVxWThSU1lMbmlrdTZxbHloK2taZHdZSTRxNW16dlVIeEJtUmpnaWJSbk05UQpLSE82QVkvbGtyNkQ5K0dJOHNDTlNLU2N5VUxVaVg0Um9sblpkUEdabmplbGFXNFBMMTVCRXNiMkRGTTV6WmVaCjBrR1p5RXhDWXdoWVZXKzlQVEo5aTRhcThYYmkvMDF4YlpxOWRIekhzd0E5SHBFcXpBVW1zeGJLQVJJUDhoNlAKdzRPQ21xbWFmY1MyaUtvdGtjQ0JrL1BiN0kzU0lmc09mczExTnVnNUFxOUYwUmd1a1FNUTJmT3pqM1FEbG1WYgpYcjZ5bE5ENGtRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
kind: Secret
metadata:
  labels:
    elasticsearch.k8s.elastic.co/cluster-name: dd
  name: dd-es-remote-ca
  namespace: kube-system
  ownerReferences:
    - apiVersion: elasticsearch.k8s.elastic.co/v1
      blockOwnerDeletion: true
      controller: true
      kind: Elasticsearch
      name: dd
      uid: 21e623d1-8711-4273-8d55-82d7f85ea5eb
type: Opaque
%

Estou tentando extrair valor do JSON abaixo:

% export test='{"a-b-c":"x-y-z"}'
% echo $test
{"a-b-c":"x-y-z"}
% echo $test | jq .a-b-c
jq: error: b/0 is not defined at <top-level>, line 1:
.a-b-c
jq: error: c/0 is not defined at <top-level>, line 1:
.a-b-c
jq: 2 compile errors
% echo $test | jq '."a-b-c"'
"x-y-z"
%

enquanto a última linha "funciona", meu objetivo final é ter script de shell e substituir o parâmetro "abc" por variável, no entanto, devido ao uso de aspas simples, o valor real não está sendo passado.

% export var1=a-b-c
% echo $var1
a-b-c
% echo $test | jq '."$var1"'
null
%

Por favor, avise)

De acordo com os requisitos , instalei todos os pacotes necessários, porém amazon.aws.s3_objecté uma dessas coisas:

• couldn't be resolved/found
• was not found in configured module paths

etapa (s), eu usei para reproduzir meu problema:

% docker run -it debian:stable-slim bash
root@6140e6e2c06c:/# apt-get -qq update && apt-get -yqq install ansible python3-boto3 python3-botocore
root@6140e6e2c06c:/# uname -a
Linux 6140e6e2c06c 5.15.49-linuxkit #1 SMP PREEMPT Tue Sep 13 07:51:32 UTC 2022 aarch64 GNU/Linux
root@6140e6e2c06c:/# cat /etc/debian_version
11.7
root@6140e6e2c06c:/# ansible --version
ansible 2.10.8
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
root@6140e6e2c06c:/# python3 --version
Python 3.9.2
root@6140e6e2c06c:/#
root@6140e6e2c06c:/# ansible localhost -m amazon.aws.s3_object
[WARNING]: No inventory was parsed, only implicit localhost is available
localhost | FAILED! => {
    "msg": "The module amazon.aws.s3_object was not found in configured module paths"
}
root@6140e6e2c06c:/#...

Agradeço antecipadamente!

Meu ambiente:

# cat /etc/debian_version
11.7
# ansible-playbook --version
ansible-playbook [core 2.13.1]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
  jinja version = 3.1.2
  libyaml = True
#

A seguinte tarefa faz parte da minha função Ansible:

- name: _file - state:absent
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ find.files | flatten }}"
  register: file
  when: find.matched is defined and find.matched != 0

ainda assim, notei uma mensagem de aviso:

[WARNING]: TASK: XYZ : _file - state:absent: A variável de loop 'item' já está em uso. Você deve definir o loop_varvalor na loop_controlopção da tarefa para outra coisa para evitar colisões de variáveis ​​e comportamento inesperado.

depois de ler alguns:

• Definindo nomes de variáveis ​​internas e externas com loop_var
• Adicionando controles a loops

Eu modifiquei minha tarefa para algo assim:

- name: _file - state:absent
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ find.files | flatten }}"
  loop_control:
    label: "{{ item.path }}"
    loop_var: find
  register: file
  when: find.matched is defined and find.matched != 0

esta tarefa está sendo chamada duas vezes dentro da minha função, enquanto na primeira vez funciona bem, na segunda vez falha

TASK [XYZ : _file - state:absent] ******************************************************************************************************************************************************************************
[WARNING]: TASK: XYZ : _file - state:absent: The loop variable 'find' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable
collisions and unexpected behavior.
failed: [127.0.0.1] (item=None) => {"ansible_loop_var": "find", "changed": false, "find": {"atime": 1683511713.8529496, "checksum": "ecd34202c34bf761e4c2c9800a39e18dffad5d9e", "ctime": 1683511714.972948, "dev": 2049, "gid": 0, "gr_name": "root", "inode": 150677, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1683511714.972948, "nlink": 1, "path": "tmp/FILE.CSV", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 642, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, "msg": "Failed to template loop_control.label: 'item' is undefined", "skip_reason": "Conditional result was False"}

Por favor, avise.

Estou acompanhando Levando Solr para Produção | Apache Solr Reference Guide 8.5 , porém incapaz de superar o aviso ao reiniciar solro serviço:

# service solr restart
*** [WARN] *** Your open file limit is currently 1024.
 It should be set to 65000 to avoid operational disruption.
 If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to false in your profile or solr.in.sh
*** [WARN] ***  Your Max Processes Limit is currently 1024.
 It should be set to 65000 to avoid operational disruption.
 If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to false in your profile or solr.in.sh
Sending stop command to Solr running on port 8983 ... waiting up to 180 seconds to allow Jetty process 16065 to stop gracefully.
Waiting up to 180 seconds to see Solr running on port 8983 [\]
Started Solr server on port 8983 (pid=16320). Happy searching!

# 

Meu sistema:

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.10 (Santiago)
# uname -a
Linux X.X.X 2.6.32-754.30.2.el6.x86_64 #1 SMP Fri May 29 04:45:43 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux
# 

depois de fazer man 5 limits.conf:

# cat /etc/security/limits.d/498-solr.conf
solr    hard    nofile  65000
solr    hard    nproc   65000
#

no entanto, ainda estou recebendo essa mensagem de aviso ao reiniciar o serviço solr.

Por favor informar)

Desde já, obrigado!

@MirceaVutcovici:

# grep 'Max processes' /proc/$(pgrep solr)/limits
grep: /proc//limits: No such file or directory
# pgrep solr
# echo $?
1
# ps ax | grep solr
 1926 ?        Sl     2:37 java -server -Xms512m -Xmx512m -XX:+UseG1GC -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250 -XX:+UseLargePages -XX:+AlwaysPreTouch -verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=9 -XX:GCLogFileSize=20M -Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes= -Dsolr.log.dir=/var/solr/logs -Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Dhost=rlos.uftwf.local -Duser.timezone=UTC -Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data -Dsolr.data.home= -Dsolr.install.dir=/opt/solr -Dsolr.default.confdir=/opt/solr/server/solr/configsets/_default/conf -Dlog4j.configurationFile=/var/solr/log4j2.xml -Xss256k -Dsolr.jetty.https.port=8983 -Dsolr.log.muteconsole -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar start.jar --module=http
 9029 pts/0    S+     0:00 grep solr
# grep 'Max processes' /proc/1926/limits
Max processes             1024                 65000                processes
#

Estou tentando seguir Configure com variáveis ​​de ambiente / root_url

# grep GF_ROOT_URL docker-compose.override.yml 
                        - GF_ROOT_URL=https://g.x.com/
# 

no entanto, quando convido usuários para o Grafana, eles estão sendo convidados localhost(em vez de root_url) em seu convite ...

Por favor informar)

Estou tentando seguir parâmetros / exemplos , mas estou encontrando a seguinte mensagem de AVISO ao executar o Ansible'playbook:

TASK [apt (pre)] ********************************************************************************************
[WARNING]: The value True (type bool) in a string field was converted to u'True' (type string). If this does
not look like what you expect, quote the entire value to ensure it does not change.

parte relevante do manual:

- name: apt (pre)
  apt:
    update_cache: yes
    upgrade: yes

Por favor informar.

Estou tentando Deploy the Elasticsearch cluster , mas estou com o seguinte erro (timeout):

$ cat <<EOF | kubectl apply -f -
> apiVersion: elasticsearch.k8s.elastic.co/v1alpha1
> kind: Elasticsearch
> metadata:
>   name: quickstart
> spec:
>   version: 7.2.0
>   nodes:
>   - nodeCount: 1
>     config:
>       node.master: true
>       node.data: true
>       node.ingest: true
> EOF
Error from server (Timeout): error when creating "STDIN": Timeout: request did not complete within requested timeout 30s
$ echo $?
1
$ time kubectl version
Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.3", GitCommit:"2d3c76f9091b6bec110a5e63777c332469e0cba2", GitTreeState:"clean", BuildDate:"2019-08-19T11:13:54Z", GoVersion:"go1.12.9", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.7-gke.19", GitCommit:"bebe882824db5431820e3d59851c8fb52cb41675", GitTreeState:"clean", BuildDate:"2019-07-26T00:09:47Z", GoVersion:"go1.11.5b4", Compiler:"gc", Platform:"linux/amd64"}

real    0m2.085s
user    0m0.061s
sys 0m0.019s
$ 

Por favor informar.

via arquivo em vez de stdin:

$ kubectl apply -f ./elasticsearch.yaml
Error from server (Timeout): error when creating "./elasticsearch.yaml": Timeout: request did not complete within requested timeout 30s
$

kubectl get pods --all-namespaces=true:

$ kubectl get pods --all-namespaces=true
NAMESPACE             NAME                                                     READY   STATUS    RESTARTS   AGE
elastic-system        elastic-operator-0                                       1/1     Running   1          2m20s
gitlab-managed-apps   certmanager-cert-manager-6df979599b-njkwf                1/1     Running   0          4m33s
gitlab-managed-apps   ingress-nginx-ingress-controller-7cf6944677-n4bkj        1/1     Running   0          5m58s
gitlab-managed-apps   ingress-nginx-ingress-default-backend-7f7bf55777-rv699   1/1     Running   0          5m58s
gitlab-managed-apps   prometheus-kube-state-metrics-5d5958bc-qzm2n             1/1     Running   0          4m9s
gitlab-managed-apps   prometheus-prometheus-server-5c476cc89-2j4vw             2/2     Running   0          4m9s
gitlab-managed-apps   runner-gitlab-runner-7f886d8cbb-5lpfh                    1/1     Running   0          3m25s
gitlab-managed-apps   tiller-deploy-5c85978967-2hdcb                           1/1     Running   0          6m29s
kube-system           calico-node-j6gq9                                        2/2     Running   0          21m
kube-system           calico-node-vertical-autoscaler-579467d76c-7vgcn         1/1     Running   4          23m
kube-system           calico-typha-65bfd5544b-dp8bk                            1/1     Running   0          21m
kube-system           calico-typha-horizontal-autoscaler-847fc7bc8d-vwz6b      1/1     Running   0          23m
kube-system           calico-typha-vertical-autoscaler-dc95cc498-qzfm2         1/1     Running   4          23m
kube-system           event-exporter-v0.2.4-5f88c66fb7-8c52j                   2/2     Running   0          23m
kube-system           fluentd-gcp-scaler-59b7b75cd7-82jzd                      1/1     Running   0          23m
kube-system           fluentd-gcp-v3.2.0-cq2sr                                 2/2     Running   0          22m
kube-system           heapster-v1.6.1-7447959494-pdvl5                         3/3     Running   0          22m
kube-system           ip-masq-agent-wwff4                                      1/1     Running   0          23m
kube-system           kube-dns-6987857fdb-67fjq                                4/4     Running   0          23m
kube-system           kube-dns-autoscaler-bb58c6784-kk8nv                      1/1     Running   0          23m
kube-system           kube-proxy-gke-test-default-pool-56270fe6-k846           1/1     Running   0          23m
kube-system           l7-default-backend-fd59995cd-9bt9g                       1/1     Running   0          23m
kube-system           metrics-server-v0.3.1-57c75779f-vxn2g                    2/2     Running   0          22m
kube-system           prometheus-to-sd-zwcr5                                   1/1     Running   0          23m
$ 

kubectl -n elastic-system logs statefulset.apps/elastic-operator:

$ kubectl -n elastic-system logs statefulset.apps/elastic-operator
{"level":"info","ts":1566587049.3942742,"logger":"manager","msg":"Setting up client for manager"}
{"level":"info","ts":1566587049.3945758,"logger":"manager","msg":"Setting up manager"}
{"level":"info","ts":1566587049.3946166,"logger":"manager","msg":"Exposing Prometheus metrics on /metrics","port":8080}
{"level":"info","ts":1566587049.527746,"logger":"manager","msg":"Setting up scheme"}
{"level":"info","ts":1566587049.5363684,"logger":"manager","msg":"Setting up controllers","roles":["all"]}
{"level":"info","ts":1566587049.5364962,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"license-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.536699,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"license-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5368743,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"trial-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5369632,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"apmserver-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5370846,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"apmserver-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.53719,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"apmserver-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5372877,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"apmserver-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5373478,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"apmserver-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5374265,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"apm-es-association-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.537455,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"apm-es-association-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.53751,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-association-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5376432,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-association-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5377114,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-association-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5377367,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-association-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5378115,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"elasticsearch-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.537839,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"elasticsearch-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5379903,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"elasticsearch-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5380125,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"elasticsearch-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5380402,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"elasticsearch-controller","source":"channel source: 0xc0005bc190"}
{"level":"info","ts":1566587049.538163,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5381901,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5382109,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5382414,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5382638,"logger":"kubebuilder.controller","msg":"Starting EventSource","controller":"kibana-controller","source":"kind source: /, Kind="}
{"level":"info","ts":1566587049.5382783,"logger":"manager","msg":"Setting up webhooks"}
{"level":"info","ts":1566587049.5690362,"logger":"manager","msg":"Starting the manager","uuid":"c80dcec9-c5d8-11e9-944f-8a11f67f61c1","namespace":"elastic-system","version":"0.9.0","build_hash":"8280d41","build_date":"2019-07-29T14:26:01Z","build_snapshot":"false"}
{"level":"info","ts":1566587049.669517,"logger":"kubebuilder.webhook","msg":"installing webhook configuration in cluster"}
{"level":"info","ts":1566587049.669637,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"trial-controller"}
{"level":"info","ts":1566587049.6697185,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"apmserver-controller"}
{"level":"info","ts":1566587049.6696646,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"elasticsearch-controller"}
{"level":"info","ts":1566587049.66953,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"apm-es-association-controller"}
{"level":"info","ts":1566587049.669866,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"kibana-controller"}
{"level":"info","ts":1566587049.6695576,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"license-controller"}
{"level":"info","ts":1566587049.669851,"logger":"kubebuilder.controller","msg":"Starting Controller","controller":"kibana-association-controller"}
{"level":"info","ts":1566587049.7698772,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"apmserver-controller","worker count":1}
{"level":"info","ts":1566587049.7700884,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"trial-controller","worker count":1}
{"level":"info","ts":1566587049.770116,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"kibana-controller","worker count":1}
{"level":"info","ts":1566587049.7701266,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"kibana-association-controller","worker count":1}
{"level":"info","ts":1566587049.7701535,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"license-controller","worker count":1}
{"level":"info","ts":1566587049.7701898,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"apm-es-association-controller","worker count":1}
{"level":"info","ts":1566587049.7704868,"logger":"kubebuilder.controller","msg":"Starting workers","controller":"elasticsearch-controller","worker count":1}
{"level":"info","ts":1566587049.8052213,"logger":"kubebuilder.webhook","msg":"starting the webhook server."}
$ 

Como se descobre qual serviço está usando a porta?

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.6 (Maipo)
# netstat -natpv | grep 9090
tcp6       0      0 :::9090                 :::*                    LISTEN      1/systemd           
# 

Por favor informar.

# systemctl status cockpit.service 
● cockpit.service - Cockpit Web Service
   Loaded: loaded (/usr/lib/systemd/system/cockpit.service; static; vendor preset: disabled)
   Active: inactive (dead) since Mon 2019-06-10 12:43:51 EDT; 4 days ago
     Docs: man:cockpit-ws(8)
 Main PID: 15922 (code=exited, status=0/SUCCESS)

Jun 10 12:41:48 X.X.X systemd[1]: Starting Cockpit Web Service...
Jun 10 12:41:48 X.X.X systemd[1]: Started Cockpit Web Service.
Jun 10 12:41:48 X.X.X cockpit-ws[15922]: Using certificate: /etc/cockpit/ws-certs.d/0-self-signed.cert
Jun 10 12:42:05 X.X.X cockpit-session[16311]: pam_ssh_add: Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
Jun 10 12:42:07 X.X.X cockpit-ws[15922]: logged in user session
Jun 10 12:42:07 X.X.X cockpit-ws[15922]: New connection to session from 10.52.208.221
Jun 10 12:42:21 X.X.X cockpit-ws[15922]: WebSocket from 10.52.208.221 for session closed
Jun 10 12:42:36 X.X.X cockpit-ws[15922]: session timed out
# lsof -i :9090
COMMAND PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
systemd   1 root   75u  IPv6 7761202      0t0  TCP *:websm (LISTEN)
# 

Estou tentando seguir Instalar e configurar kubectl - Kubernetes , mas continuo recebendo um erro:

# yum --quiet install kubectl
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
Trying other mirror.
It was impossible to connect to the CentOS servers.
This could mean a connectivity issue in your environment, such as the requirement to configure a proxy,
or a transparent proxy that tampers with TLS security, or an incorrect system clock.
You can try to solve this issue by using the instructions on https://wiki.centos.org/yum-errors
If above article doesn't help to resolve this issue please use https://bugs.centos.org/.



 One of the configured repositories failed (Kubernetes),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Run the command with the repository temporarily disabled
            yum --disablerepo=kubernetes ...

     4. Disable the repository permanently, so yum won't use it by default. Yum
        will then just ignore the repository until you permanently enable it
        again or use --enablerepo for temporary usage:

            yum-config-manager --disable kubernetes
        or
            subscription-manager repos --disable=kubernetes

     5. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most commands,
        so will have to try and fail each time (and thus. yum will be be much
        slower). If it is a very temporary problem though, this is often a nice
        compromise:

            yum-config-manager --save --setopt=kubernetes.skip_if_unavailable=true

failure: repodata/repomd.xml from kubernetes: [Errno 256] No more mirrors to try.
https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
# 

Eu também tentei usar curlpara acessar o mesmo URL e obtive o seguinte:

# curl https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64/repodata/repomd.xml
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
# 

Existe uma maneira de usar -k/--insecureo arquivo repo do yum de alguma forma?

Por favor informar.

Eu segui Usando Regras de Firewall | VPC | Documentação da VPC do Google Cloud Platform , no entanto, sempre que tento conectar, recebo o seguinte:

A operação expirou

lado do cliente - modo detalhado:

$ sftp -v -P 2222 [email protected]
OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /home/alexus/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to x.x.x [x.x.x.x] port 2222.
debug1: connect to address x.x.x.x port 2222: Operation timed out
ssh: connect to host x.x.x port 2222: Operation timed out
Connection closed
$

lado do servidor:

devido aos meus pacotes não chegarem ao destino por isso nada nos logs (ou estou procurando no lugar errado).

recapitulação rápida:

• VPC:
  • criar uma regra de firewall
  • nome/descrição (sftp2222/sftp)
  • tags de destino especificadas (tag)
  • intervalos de ip de origem especificados (xxxx/32)
  • protocolo e portas especificados (tcp:2222)
• ECG
  • instância específica da tag de rede

Por favor informar.

Estou usando o seguinte ambiente: Debian 9 com Docker CE:

# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
# docker --version
Docker version 17.09.0-ce, build afdb6d4
# 

docker node ls:

# docker node ls | grep elk12
2keku0oj8zhsy6uyvyl4gd4d7     elk12               Down                Active              Reachable
tbwbpkl5qys4wwxbisga3y2oe *   elk12               Ready               Active              Reachable
# docker node inspect elk12
[]
Status: Error response from daemon: node elk12 is ambiguous (2 matches found), Code: 1
#

Não posso usar docker node rm elk12, pois, de acordo com a saída acima, tenho 2.

Como se procede para remover o nó "inativo" da lista, de preferência sem afetar o cluster de trabalho). Eu nem acredito que tenho mais esse nó (provavelmente algumas sobras de muito tempo atrás) ...

Por favor informar.

ATUALIZAR:

# docker node rm 2keku0oj8zhsy6uyvyl4gd4d7
Error response from daemon: rpc error: code = FailedPrecondition desc = node 2keku0oj8zhsy6uyvyl4gd4d7 is a cluster manager and is a member of the raft cluster. It must be demoted to worker before removal
# docker node demote 2keku0oj8zhsy6uyvyl4gd4d7
Manager 2keku0oj8zhsy6uyvyl4gd4d7 demoted in the swarm.
# docker node rm 2keku0oj8zhsy6uyvyl4gd4d7
2keku0oj8zhsy6uyvyl4gd4d7
# docker node ls | grep elk12
tbwbpkl5qys4wwxbisga3y2oe     elk12               Ready               Active              Reachable
# 

Estou usando o certificado Let's Encrypt e mesmo quando estou acessando o servidor com um navegador, a página de relatórios do navegador está sendo "segura", porém estou seguindo quando uso curl.

# curl https://X.X.X
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
# 

Meu sistema:

# cat /etc/debian_version 
8.7
# cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
# 

Estou com um problema ao iniciar httpd:

# service httpd status
httpd is stopped
# service httpd start
Starting httpd: [Tue Nov 01 12:02:53 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
                                                           [FAILED]
# tail /var/log/httpd/error_log
[Tue Nov 01 12:59:57 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Nov 01 13:00:11 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Tue Nov 01 13:00:11 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 13:00:49 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Nov 01 13:05:15 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Tue Nov 01 13:05:15 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 14:38:56 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Nov 01 14:40:38 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Nov 01 14:59:55 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Nov 01 15:00:40 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
# cat /var/log/httpd/error_log | grep -v 'SELinux policy enabled'
[Tue Nov 01 12:30:07 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:30:52 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:31:17 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:31:35 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:31:43 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:32:10 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:38:22 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 13:00:11 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 13:05:15 2016] [info] Init: Initialized OpenSSL library
# getenforce 
Permissive
# httpd -t
Syntax OK
# httpd -e debug -k start
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module authz_host_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module log_config_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module setenvif_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module mime_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module autoindex_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module negotiation_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module dir_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module alias_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module rewrite_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module proxy_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module proxy_http_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module ssl_module
# echo $?
1
# run_init service httpd start
Authenticating root.
Password: 
Starting httpd:                                            [FAILED]
# 

Meu ambiente:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.8 (Santiago)
# uname -a
Linux X 2.6.32-642.6.1.el6.x86_64 #1 SMP Thu Aug 25 12:42:19 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
# rpm -q httpd
httpd-2.2.15-54.el6_8.x86_64
#

Conselho por favor.

Estou usando o elk-docker e tentando seguir o Snapshot And Restore | Referência do Elasticsearch [2.4] | Elástico e recebendo o seguinte erro:

# curl --request PUT --data '{ "type": "fs", "settings": {"compress": true, "location": "/run/elasticsearch/backups" } }' localhost:9200/_snapshot/my_backup?pretty
{
  "error" : {
    "root_cause" : [ {
      "type" : "repository_exception",
      "reason" : "[my_backup] failed to create repository"
    } ],
    "type" : "repository_exception",
    "reason" : "[my_backup] failed to create repository",
    "caused_by" : {
      "type" : "creation_exception",
      "reason" : "Guice creation errors:\n\n1) Error injecting constructor, RepositoryException[[my_backup] location [/run/elasticsearch/backups] doesn't match any of the locations specified by path.repo because this setting is empty]\n  at org.elasticsearch.repositories.fs.FsRepository.<init>(Unknown Source)\n  while locating org.elasticsearch.repositories.fs.FsRepository\n  while locating org.elasticsearch.repositories.Repository\n\n1 error",
      "caused_by" : {
        "type" : "repository_exception",
        "reason" : "[my_backup] location [/run/elasticsearch/backups] doesn't match any of the locations specified by path.repo because this setting is empty"
      }
    }
  },
  "status" : 500
}
# 

Conselho por favor.

Estou tentando acessar o recurso SMB/CIFS no NetApp, usando o seguinte e obtendo o erro:

$ cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
$ rpm -qa | grep ^samba-
samba-client-4.2.10-6.el7_2.x86_64
samba-libs-4.2.10-6.el7_2.x86_64
samba-common-libs-4.2.10-6.el7_2.x86_64
samba-common-4.2.10-6.el7_2.noarch
samba-client-libs-4.2.10-6.el7_2.x86_64
samba-common-tools-4.2.10-6.el7_2.x86_64
$ smbclient //X/Y$ -U DOMAIN/user -L
Enter DOMAIN/user's password: 
ntlmssp_handle_neg_flags: Got challenge flags[0x60898205] - possible downgrade detected! missing_flags[0x00000010] - NT code 0x80090302
  NTLMSSP_NEGOTIATE_SIGN
SPNEGO(ntlmssp) login failed: NT code 0x80090302
session setup failed: NT code 0x80090302
$ 

Estou tentando usar o seguinte com o meu smbclient:

--opção==

Set the smb.conf(5) option "<name>" to value "<value>" from the command line. This overrides compiled-in defaults and options read from the configuration file.

no entanto, ainda não consigo acessar o recurso no servidor porque estou fazendo errado:

$ smbclient //X/Y$ -U DOMAIN/user -L --option='client ntlmv2 auth'=no
Enter DOMAIN/user's password: 
Connection to --option=client ntlmv2 auth=no failed (Error NT_STATUS_UNSUCCESSFUL)
$ 

Qual é a maneira certa de definir client ntlmv2 auth=novia --optionin smbclient?

Estou usando o seguinte sistema:

[alexus@wcmisdlin02 Desktop]$ rpm -q docker
docker-1.9.1-25.el7.centos.x86_64
[alexus@wcmisdlin02 Desktop]$ cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
[alexus@wcmisdlin02 Desktop]$ uname -a
Linux wcmisdlin02.uftmasterad.org 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[alexus@wcmisdlin02 Desktop]$ 

Estou me referindo ao Compose File Reference para a sintaxe de docker-compose.yml:

[alexus@wcmisdlin02 Desktop]$ cat docker-compose.yml 
nginx:
  container_name: nginx
  image: nginx
  ports:
    - "80:80"
[alexus@wcmisdlin02 Desktop]$ docker-compose up
Creating nginx

ERROR: for nginx  Cannot start container fcaba40fb21cc64f514d71eb8117ba0f2102482be6e74615e96261667403a236: failed to create endpoint nginx on network bridge: COMMAND_FAILED: '/sbin/iptables -w2 -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0' failed: iptables: No chain/target/match by that name.
Attaching to 
[alexus@wcmisdlin02 Desktop]$

Se eu remover portsparte de docker-compose.yml, o contêiner será iniciado, mas obviamente a rede não está configurada da maneira que eu preciso.

Preciso que nginxo container comece a escutar na porta 80 no host.

O que estou fazendo errado?

Eu continuo recebendo as seguintes mensagens dentro de /var/log/messages:

4/7/2016, 11:03:49 AM   fprintd[3277]   Launching FprintObject
4/7/2016, 11:03:49 AM   fprintd[3277]   ** Message: D-Bus service launched with name: net.reactivated.Fprint
4/7/2016, 11:03:49 AM   fprintd[3277]   ** Message: entering main loop
4/7/2016, 11:04:20 AM   fprintd[3277]   ** Message: No devices in use, exit

no seguinte sistema:

$ cat /etc/redhat-release 
CentOS Linux release 7.2.1511 (Core) 
$ uname -a
Linux X 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ 

mesmo que o serviço esteja desabilitado:

$ systemctl status fprintd
● fprintd.service - Fingerprint Authentication Daemon
   Loaded: loaded (/usr/lib/systemd/system/fprintd.service; static; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:fprintd(1)

Apr 07 11:05:27 X fprintd[4871]: Launching FprintObject
Apr 07 11:05:27 X fprintd[4871]: ** Message: D-Bus service launched with name: net.reactivated.Fprint
Apr 07 11:05:27 X fprintd[4871]: ** Message: entering main loop
Apr 07 11:05:58 X fprintd[4871]: ** Message: No devices in use, exit
Apr 07 11:18:22 X systemd[1]: Starting Fingerprint Authentication Daemon...
Apr 07 11:18:22 X systemd[1]: Started Fingerprint Authentication Daemon.
Apr 07 11:18:22 X fprintd[7010]: Launching FprintObject
Apr 07 11:18:22 X fprintd[7010]: ** Message: D-Bus service launched with name: net.reactivated.Fprint
Apr 07 11:18:22 X fprintd[7010]: ** Message: entering main loop
Apr 07 11:18:52 X fprintd[7010]: ** Message: No devices in use, exit
$ 

como eu REALMENTE desabilito, então isso não vai aparecer nos meus logs?

$ systemctl status dbus
● dbus.service - D-Bus System Message Bus
   Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset: disabled)
   Active: active (running) since Thu 2016-04-07 11:03:16 EDT; 57min ago
 Main PID: 904 (dbus-daemon)
   CGroup: /system.slice/dbus.service
           └─904 /bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

Apr 07 11:14:35 X dbus[904]: [system] Successfully activated service 'org.freedesktop.hostname1'
Apr 07 11:14:35 X dbus-daemon[904]: dbus[904]: [system] Successfully activated service 'org.freedesktop.hostname1'
Apr 07 11:16:25 X dbus-daemon[904]: dbus[904]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Apr 07 11:16:25 X dbus[904]: [system] Activating service name='org.freedesktop.problems' (using servicehelper)
Apr 07 11:16:25 X dbus[904]: [system] Successfully activated service 'org.freedesktop.problems'
Apr 07 11:16:25 X dbus-daemon[904]: dbus[904]: [system] Successfully activated service 'org.freedesktop.problems'
Apr 07 11:18:22 X dbus-daemon[904]: dbus[904]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Apr 07 11:18:22 X dbus[904]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service'
Apr 07 11:18:22 X dbus[904]: [system] Successfully activated service 'net.reactivated.Fprint'
Apr 07 11:18:22 X dbus-daemon[904]: dbus[904]: [system] Successfully activated service 'net.reactivated.Fprint'
$ 

Fiz a mesma pergunta na placa do CentOS ( fprintd: ** Message: No devices in use, exit - CentOS ), porém não obtive uma resposta, ainda assim ..