Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

TrueCommand Docker Container

aervin

iXsystems
iXsystems
Joined
Jun 13, 2018
Messages
29
@jon.z -- Unfortunately, we're only able to support Linux kernel 4+ at this time. We've updated the container's requirements on DockerHub to avoid future confusion. Apologies for the inconvenience.
 

jon.z

Neophyte
Joined
Apr 20, 2020
Messages
7
@aervin Thank you for looking into this further :)

/var/log/ix_middleware.log
Code:
root@f80a465cac9a:~# cat /var/log/ix_middleware.log
[STARTING] "Thu Apr 23 00:10:54 2020"
Opening Database...
Creating the TrueCommand Database: ixdb
Database error: "could not connect to server: Connection refused\n\tIs the server running on host \"localhost\" (127.0.0.1) and accepting\n\tTCP/IP connections on port 5432?\ncould not connect to server: Cannot assign requested address\n\tIs the server running on host \"localhost\" (::1) and accepting\n\tTCP/IP connections on port 5432?\nQPSQL: Unable to connect"
Could not open database!!
Server could not be started: 2020-04-23T00:10:54
 - Tried ports: 5182 5183
QThread: Destroyed while thread is still running
[STARTING] "Thu Apr 23 00:10:55 2020"
Opening Database...
Database error: "FATAL:  the database system is starting up\nFATAL:  the database system is starting up\nQPSQL: Unable to connect"
Could not open database!!
Server could not be started: 2020-04-23T00:10:55
 - Tried ports: 5182 5183
QThread: Destroyed while thread is still running
[STARTING] "Thu Apr 23 00:10:57 2020"
Opening Database...
Database Connected
DB ERROR: "ERROR:  null value in column \"tvinstanceuid\" violates not-null constraint\nDETAIL:  Failing row contains (null, null, 5443a61b).\n(23502) QPSQL: Unable to create query"
 - query: "INSERT INTO tv.license (anonid) VALUES ('5443a61b');"
Using SSL Library:
 - Version: "OpenSSL 1.1.1d  10 Sep 2019"
   WS server started on port number 5182
 HTTP server started on port number 5183

Nothing of note in the nginx, pgsql or supervisord log files.

I tested a SSL connection to a FreeNAS system, from inside the container. As you can see, this works. However systems are reported as offline in the TrueComamnd GUI (see attached screenshots).
Code:
root@f80a465cac9a:~# echo "GET / HTTP/1.1" | openssl s_client -connect freenas_host:443
CONNECTED(00000003)
...removed certificate details...
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2758 bytes and written 451 bytes
Verification error: self signed certificate in certificate chain
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 61344AC0CC41361E9D4CA6806C0D8EA12689ABF9FC86ADE7F4DC97CDF19C08DE
    Session-ID-ctx:
    Master-Key: AB2CEBC2C2580C4B229C49404747DFE93EBF8F96B52B3E16A4A2070A2AFC60D45C89083D2DED6FC13A8541EC8EA787B2
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 9b ca b8 cd 53 c6 f9 90-b6 d5 a4 33 44 a8 2f d5   ....S......3D./.
    0010 - ed e4 59 cd b3 2a 80 f5-e9 32 3a 99 aa df a1 35   ..Y..*...2:....5
    0020 - b6 1a 58 07 94 f1 14 41-a8 57 ca f8 86 31 ff c0   ..X....A.W...1..
    0030 - 0a c0 ac 14 c9 96 91 94-cb 30 2e 50 de 12 1a 55   .........0.P...U
    0040 - 9a 0f a9 01 d3 d6 4a fd-21 5f d2 3c bd 85 eb 64   ......J.!_.<...d
    0050 - a6 2d 97 50 99 34 f0 7f-be 63 40 34 ec 83 47 54   .-.P.4...c@4..GT
    0060 - 9d a3 51 29 2c 05 db 23-b9 a4 73 c8 b8 21 6e d7   ..Q),..#..s..!n.
    0070 - 2b 7b b0 ac a3 21 45 db-da da 61 37 44 71 40 33   +{...!E...a7Dq@3
    0080 - 88 44 7c 7f fd 92 65 d9-57 b4 25 17 9e 3a 1c 7f   .D|...e.W.%..:..
    0090 - 4a 81 84 9c e4 95 f9 41-5f 45 02 30 40 c1 af f1   J......A_E.0@...
    00a0 - 1d 85 1a 89 57 d5 fc 67-46 ed 22 ea c4 7b 09 80   ....W..gF."..{..
    00b0 - f6 f8 86 25 f9 0d 79 7c-3d 29 d3 32 3f ae 5c 78   ...%..y|=).2?.\x
    00c0 - bc ba c8 fd 03 ad 24 bb-68 01 b5 2b b3 6c 9a be   ......$.h..+.l..

    Start Time: 1587603743
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
    Extended master secret: no
---
DONE
 

Attachments

jon.z

Neophyte
Joined
Apr 20, 2020
Messages
7
Further, I also ran a basic tcpdump on VM's Docker Swarm gateway interface, while testing the SSL connection per above (i.e. within a shell on the container). As you can see, this verifies there is no network connectivity issue from the container to the FreeNAS system (and from the system to the container). I will note however, tcpdump does not capture ANY traffic from the TrueCommand container when it's started, restarted, or when removing all systems and adding them again. I would expect to see network traffic while preforming those actions. As such, this suggests to me an application level issue.
Code:
# tcpdump -i docker_gwbridge -n host freenas_host
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on docker_gwbridge, link-type EN10MB (Ethernet), capture size 262144 bytes
01:30:42.334539 IP 172.18.0.4.35606 > freenas_host.https: Flags , seq 2774496244, win 29200, options [mss 1460,sackOK,TS val 170260056 ecr 0,nop,wscale 7], length 0
01:30:42.428686 IP freenas_host.https > 172.18.0.4.35606: Flags [S.], seq 2378697687, ack 2774496245, win 65535, options [mss 1288,nop,wscale 6,sackOK,TS val 3520597567 ecr 170260056], length 0
01:30:42.428731 IP 172.18.0.4.35606 > freenas_host.https: Flags [.], ack 1, win 229, options [nop,nop,TS val 170260150 ecr 3520597567], length 0
01:30:42.429063 IP 172.18.0.4.35606 > freenas_host.https: Flags [P.], seq 1:326, ack 1, win 229, options [nop,nop,TS val 170260150 ecr 3520597567], length 325
01:30:42.524187 IP freenas_host.https > 172.18.0.4.35606: Flags [.], seq 1:1277, ack 326, win 1026, options [nop,nop,TS val 3520597662 ecr 170260150], length 1276
01:30:42.524223 IP freenas_host.https > 172.18.0.4.35606: Flags [P.], seq 1277:2485, ack 326, win 1026, options [nop,nop,TS val 3520597662 ecr 170260150], length 1208
01:30:42.524261 IP 172.18.0.4.35606 > freenas_host.https: Flags [.], ack 1277, win 251, options [nop,nop,TS val 170260246 ecr 3520597662], length 0
01:30:42.524272 IP 172.18.0.4.35606 > freenas_host.https: Flags [.], ack 2485, win 274, options [nop,nop,TS val 170260246 ecr 3520597662], length 0
01:30:42.525321 IP 172.18.0.4.35606 > freenas_host.https: Flags [P.], seq 326:452, ack 2485, win 274, options [nop,nop,TS val 170260247 ecr 3520597662], length 126
01:30:42.620140 IP freenas_host.https > 172.18.0.4.35606: Flags [P.], seq 2485:2759, ack 452, win 1026, options [nop,nop,TS val 3520597758 ecr 170260247], length 274
01:30:42.620683 IP 172.18.0.4.35606 > freenas_host.https: Flags [P.], seq 452:496, ack 2759, win 294, options [nop,nop,TS val 170260342 ecr 3520597758], length 44
01:30:42.620721 IP 172.18.0.4.35606 > freenas_host.https: Flags [FP.], seq 496:527, ack 2759, win 294, options [nop,nop,TS val 170260342 ecr 3520597758], length 31
01:30:42.714793 IP freenas_host.https > 172.18.0.4.35606: Flags [.], ack 528, win 1025, options [nop,nop,TS val 3520597853 ecr 170260342], length 0
01:30:42.714833 IP freenas_host.https > 172.18.0.4.35606: Flags [F.], seq 2759, ack 528, win 1026, options [nop,nop,TS val 3520597853 ecr 170260342], length 0
01:30:42.714852 IP 172.18.0.4.35606 > freenas_host.https: Flags [.], ack 2760, win 294, options [nop,nop,TS val 170260436 ecr 3520597853], length 0


Please let me know if you require any further data.
 

Tony-1971

Member
Joined
Oct 1, 2016
Messages
53
Hi,

From docker container I can't reach FreeNAS server:
Code:
[tony@docker-server ~]$ docker container exec -it loving_bell /bin/bash
root@9892b3253015:~# nc 192.168.50.3 80
Ncat: No route to host.
root@9892b3253015:~# nc 192.168.50.3 443
Ncat: No route to host.
root@9892b3253015:~# nc 192.168.50.3 22
Ncat: No route to host.

But from another container on the same network I can reach the server:
Code:
[tony@docker-server ~]$ docker container attach alpine1
/ # ping 192.168.50.3
PING 192.168.50.3 (192.168.50.3): 56 data bytes
64 bytes from 192.168.50.3: seq=0 ttl=63 time=1.041 ms
64 bytes from 192.168.50.3: seq=1 ttl=63 time=0.678 ms
64 bytes from 192.168.50.3: seq=2 ttl=63 time=0.481 ms
64 bytes from 192.168.50.3: seq=3 ttl=63 time=0.563 ms
64 bytes from 192.168.50.3: seq=4 ttl=63 time=0.644 ms
^C
--- 192.168.50.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.481/0.681/1.041 ms
/ # nc 192.168.50.3 80
/ # nc 192.168.50.3 443
/ # read escape sequence

And this is the network configuration:
Code:
[tony@docker-server ~]$ docker network inspect my-net
[
    {
        "Name": "my-net",
        "Id": "666f9979e66eb747b26d8597e28d7f1b17dd9690d748146746a97c6a23dfdad6",
        "Created": "2020-04-24T11:25:16.448601611+02:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "9892b3253015488c3b00ae460ea1098d9a8ae74b8f16f0f10a20d842d03c5d21": {
                "Name": "loving_bell",
                "EndpointID": "15b02a80daf6aa88ff26293ef780eb5b6e22eb245864158af584d0363260c067",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "9dfa7116923c33f470ac2fc830eb6239fd2a7de6c8b38a1d174515fa4d2d8947": {
                "Name": "alpine1",
                "EndpointID": "ec17b666fbf1db91a8f1f331abe22e4172f1534c49fe625ad525168f2a288dd0",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

Also the log file is container is the same of @jon.z above.

P.S.: Resolved installing Docker Container in Fedora Server 31

Best Regards,
Antonio
 
Last edited:
Top