mercredi, avril 29 2020, 09:31

Fixing docker-engine, docker-ce on Fedora 32

I've been using Fedora for some years now (probably 5). I have participated in a bunch of beta when new releases were approaching. At my new job I'm building our next infrastructure, which will be based on docker. So When I joined 2 months ago I installed the official docker packages following these instructions. Things worked well.

I've been willing to beta test Fedora32, because I can, I like using unstable software (I've been using firebox unstable since probably 2000 when it was called mozilla suite) and filling bug reports. In the past I've been bitten by selinux once - and nits of issues with gnupg - but nothing that prevented me from going back quickly to work. So I've been wanting to use 32 for a while but was reluctant because of :

root@saraan firewalld# dnf update
Docker CE Stable - x86_64                                                                                                   725  B/s | 577  B     00:00    
Errors during downloading metadata for repository 'docker-ce-stable':
 - Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/stable/repodata/repomd.xml (IP: 2600:9000:2047:de00:3:db06:4200:93a1)
Error: Failed to download metadata for repo 'docker-ce-stable': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Docker CE Test - x86_64                                                                                                     654  B/s | 575  B     00:00    
Errors during downloading metadata for repository 'docker-ce-test':
 - Status code: 404 for https://download.docker.com/linux/fedora/32/x86_64/test/repodata/repomd.xml (IP: 2600:9000:2047:d800:3:db06:4200:93a1)
Error: Failed to download metadata for repo 'docker-ce-test': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
Ignoring repositories: docker-ce-stable, docker-ce-test

And I wanted to make sure that I could still work. I've asked on Mastodon/Twitter when the docker repos would have 32 equivalent without any answers. I when to the docker forums and posted there.I didn't get a single reply.

Finally, last Sunday I updated to 32 without a single issue. Until yesterday when I did a docker-compose up and that docker project dind't work at all (issue connecting to the http interface of the service / issue between the app and it's postgresql backend). I tried cleaning up everything I could, it didn't help, nor did qwanting, googling or binging. journalctl -e -u docker.servicel was of course almost empty :

No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: nameserver 8.8.8.8 nameserver 8.8.4...

Which I'm very unhappy about. So I ended doing a quick search on twitter and found a twitt in japanese which gave me a hint. I confirmed the hint :

root@saraan firewalld# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2020-04-28 17:56:10 CEST; 15h ago
       Docs: man:firewalld(1)
   Main PID: 1079 (firewalld)
      Tasks: 2 (limit: 18853)
     Memory: 46.2M
     CGroup: /system.slice/firewalld.service
             └─1079 /usr/bin/python3 /usr/sbin/firewalld nofork nopid

Apr 28 17:56:17 saraan firewalld1079: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER' failed: iptables: No chain/target/match by t>
Apr 28 17:56:17 saraan firewalld1079: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -F DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain> 
Apr 28 17:56:17 saraan firewalld1079: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -t filter -X DOCKER-ISOLATION-STAGE-1' failed: iptables: No chain>

Switching the backend for firewalld from nftable to iptable did fix my issue. Thanks twitter.

mardi, mars 17 2020, 13:55

New Job

I started working for a new Gig, at the beginning of this month. It's a nice little company focused on mapping solutions. They work on open source software, QGIS and Postgis, and have developed a nice webapp called lizmap. I am a sysadmin there managing their SAS offering.

vendredi, janvier 11 2019, 08:37

Formation à docker

Je suis en train de suivre une formation sur docker, donnée par jpetazzo de la société enix. J’en suis ravi, charmé. Ma connaissance de docker se limitait au fait que j’ai des copains qui bossent (aient) chez docker inc. Que nagios avait eu des soucis sur des process docker dans notre infra et que j’avais vainement tenté de faire tourner des images Windows sur mon Raspberry pie.

Le présentateur maitrise très bien son sujet, c’est donc très fluide malgré les nombreuses questions que nous lui posons. La présentation qui accompagne son discours est bien organisé, c’est dans le bon ordre, elle est sans doute un peu longue avec 600+ transparent. La mise en pratique ce fait sur des vm mis à notre disposition, donc pas de prise de tête pour la mise en place, ça fonctionne nickel et on pourra sans doute utiliser les VM pour s’amuser un peu après.

Un deuxième formateur est présent dans la salle pour nous aider lors des exercices pratiques ou répondre à nos questions sur un canal Glitter.

Les trucs que j'ai découvert :

  • jq pour parser du json en ligne de commande
  • figlet, un remplaçant de banner :p
  • drill (présent dans ldns-utils sur fedora) la prochaine version de dig, qui gère par exemple le dnssec.