volvox's questions -server

volvox

Asked: 2021-01-15 05:05:33 +0800 CST

How to stop apt-get using /tmp for install scripts

1

I have a CIS-benchmark-compliant base image. Pulling this to differentiate an immutable image for my application, if I attempt to do

apt-get install -y docker.io

I get an error

==> amazon-ebs: Can't exec "/tmp/docker.io.config.NzitwJ": Permission denied at /usr/share/perl/5.26/IPC/Open3.pm line 178.

==> amazon-ebs: open2: exec of /tmp/docker.io.config.NzitwJ configure  failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.

This is because CIS-compliant images have noexec set on the /tmp filesystem.

Does anyone know of a command line or equivalent way to make apt-get use a different file system for install scripts, or am I going to have to schedule tasks to install from source? Note, this does not only affect docker.io, but others as well. I'm looking for an apt-get-level solution, not an app-specific package method.

volvox

Asked: 2020-10-21 13:49:50 +0800 CST

Ubuntu 18.05 mail client error 36

0

I have configured CIS benchmarking, and the setup script sends an email from the build machine as the image is baking which works fine (sSMTP is configured for the purpose via Gmail).

However, by the time I hydrate the AWS AMI, I log in and attempt to send a mail:

$ echo "$(date +%Y-%m-%d::%H:%M): Email test" | mail -s "hello" [email protected]
mail: cannot send message: Process exited with a non-zero status
$ echo $? 
36

Obviously, there is something further down in my bench marking script which is causing the problem, but I cannot seem to find anywhere what error 36 is, which would help me diagnose the problem. I double checked the firewall and outbound is working fine on port 587.

volvox

Asked: 2019-11-30 04:26:07 +0800 CST

Install centos7 on mounted disk

0

I have a centos 7 machine, and I attached an external disk. I would like to install centos 7 on this mounted disk, so that I can disconnect this disk, and then boot from it by attaching it to another machine.

How do I do this? I do not have a GUI, this is all on the command line. Can kickstart be made to work locally like this?

volvox

Asked: 2017-01-06 15:38:06 +0800 CST

How to set Linux capabilities on docker swarm mode service invocations

6

I'm looking into the notion of vault running under swarm (1.12.x).

A single container would be started with: docker run -d --cap-add IPC_LOCK -p 8200:8200 -p 8215:8125 --name vault --volume /vagrant/vault:/vagrant/vault vault server -config=/path/to/vault.hcl

but when I want to run this in swarm as a service, there appears to be no way to specify the IPC_LOCK capability, in order to lock down encrypted swapping for the vault service in this case.

How can I set --cap-add flags when starting a swarm mode service with the docker service create command?

How to stop apt-get using /tmp for install scripts

Ubuntu 18.05 mail client error 36

Install centos7 on mounted disk

How to set Linux capabilities on docker swarm mode service invocations

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?