I've got this configuration
{
"volttron-central-address": "https://MYURL:8443",
"volttron-central-serverkey": "MY KEY",
"volttron-central-reconnect-interval": 5,
"instance-name": "MYNAME",
"stats-publish-interval": 30,
}
Then ran
python3 scripts/install-agent.py -s services/core/VolttronCentralPlatform -c config/vcp.config --tag vcp
vctl start --tag vcp
And I get the errors:
I suspect my tcp in .voltrron/config is not correct
[volttron]
message-bus = zmq
instance-name = Volttron-Tests
Your config should include a vip-address in it.
[volttron]
vip-address = tcp://externalip:22916
Related
I have postfix 3.3.0 and Active Directory on Server 2019. I want the connection to be secure and to validate the server certificate.
When trying to send an email, I am unable to and see this in syslog.
postfix/submission/smtpd[7432]: warning: dict_ldap_set_tls_options: Unable to allocate new TLS context -1: Can't contact LDAP server
Here's the contents of /etc/postfix/ldap-users.cf
bind = yes
bind_dn = {valid bind account}
bind_pw = {valid bind password}
version = 3
timeout = 20
size_limit = 1
expansion_limit = 0
start_tls = yes
tls_require_cert = yes
tls_ca_cert_file = /var/spool/postfix/mydomain.tld.crt
server_host = ldap://dc.mydomain.tld/
search_base = dc=mydomain,dc=tld
scope = sub
query_filter = (&(objectClass=person)(mail=%s))
result_attribute = mail
result_format = %s
With this configuration, postmap -q test#mydomain.tld ldap:/etc/postfix/ldap-users.cf works. openssl s_client -starttls ldap -connect dc.mydomain.tld:389 also works (no validation errors). Even with tls_require_cert = no, it still fails. When start_tls = no, everything works fine.
Before I specified tls_ca_cert_file, I imported my .crt into ca-certificates. The error I received was postfix/postmap[4994]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error. It seems Postfix doesn't read from the computer cert store. After testing with tls_ca_cert_file from my home, it changed to the error I'm getting now, -1. I first tried from /etc/postfix, then now chroot home (based on an Internet suggestion Postfix couldn't access it).
I realized I made the classic mistake of installing from the stock repositories, and ended up with an old version. I ended up compiling Postfix from source.
sudo groupadd postfix
sudo groupadd postdrop
sudo useradd -c "Postfix Daemon User" -d /var/spool/postfix -g postfix -s /bin/false -u 32 postfix
wget http://cdn.postfix.johnriley.me/mirrors/postfix-release/official/postfix-3.6.2.tar.gz
tar xzf postfix-3.6.2.tar.gz
sudo apt-get install libdb-dev gcc m4 make libsasl2-dev openssl libssl-dev libldb-dev libldap2-dev
cd postfix-3.6.2/
make makefiles CCARGS="-I/usr/include/openssl -I/usr/include/sasl/ -DUSE_TLS -DHAS_LDAP -DUSE_SASL_AUTH -DUSE_CYRUS_SASL" AUXLIBS="-lssl -lcrypto -lldap -llber -lsasl2"
make
sudo make install
I have downloaded asimbench files which provided in the gem5.org website and I have modified the config/common/FSConfig.py with following changes:
def makeArmSystem(..)
..................
self.cf0 = CowIdeDisk(driveID='master')
self.cf2 = CowIdeDisk(driveID='master')
self.cf0.childImage(mdesc.disk())
self.cf2.childImage(disk("sdcard-1g-mxplayer.img"))
#Old platforms have a built-in IDE or CF controller. Default to
#the IDE controller if both exist. New platforms expect the
#storage controller to be added from the config script.
if hasattr(self.realview, "ide"):
#self.realview.ide.disks = [self.cf0]
self.realview.ide.disks = [self.cf0, self.cf2]
elif hasattr(self.realview, "cf_ctrl"):
#self.realview.cf_ctrl.disks = [self.cf0]
self.realview.cf_ctrl.disks = [self.cf0, self.cf2]
else:
self.pci_ide = IdeController(disks=[self.cf0])
pci_devices.append(self.pci_ide
I used this command:
./build/ARM/gem5.opt configs/example/fs.py --mem-size=8192MB
--disk-image=/home/yaz/gem5/full_system_images/disks/ARMv7a-ICS-Android.SMP.Asimbench-v3.img
--kernel=/home/yaz/gem5/full_system_images/binaries/vmlinux.smp.ics.arm.asimbench.2.6.35
--os-type=android-ics --cpu-type=MinorCPU --machine-type=VExpress_GEM5 --script=/home/yaz/gem5/full_system_images/boot/adobe.rcS
warn: CheckedInt already exists in allParams. This may be caused by
the Python 2.7 compatibility layer. warn: Enum already exists in
allParams. This may be caused by the Python 2.7 compatibility layer.
warn: ScopedEnum already exists in allParams. This may be caused by
the Python 2.7 compatibility layer. gem5 Simulator System.
http://gem5.org gem5 is copyrighted software; use the --copyright
option for details. gem5 version 20.0.0.3 gem5 compiled Jul 7 2020
16:17:12 gem5 started Jul 16 2020 04:41:50 gem5 executing on
yazeed-OptiPlex-9010, pid 3367 command line: ./build/ARM/gem5.opt
configs/example/fs.py --mem-size=8192MB
--disk-image=/home/yaz/gem5/full_system_images/disks/ARMv7a-ICS-Android.SMP.Asimbench-v3.img
--kernel=/home/yaz/gem5/full_system_images/binaries/vmlinux.smp.ics.arm.asimbench.2.6.35
--os-type=android-ics --cpu-type=MinorCPU --machine-type=VExpress_GEM5 --script=/home/yaz/gem5/full_system_images/boot/adobe.rcS
Global frequency set at 1000000000000 ticks per second
warn: No dot file generated. Please install pydot to generate the dot file and pdf.
info: kernel located at: /home/yaz/gem5/full_system_images/binaries/vmlinux.smp.ics.arm.asimbench.2.6.35
system.vncserver: Listening for connections on port 5900
system.terminal: Listening for connections on port 3456
system.realview.uart1.device: Listening for connections on port 3457
system.realview.uart2.device: Listening for connections on port 3458
system.realview.uart3.device: Listening for connections on port 3459
0: system.remote_gdb: listening for remote gdb on port 7000 info:
Using bootloader at address 0x80000000
info: Using kernel entry physical address at 0x140008000 warn: DTB file specified, but no
device tree support in kernel
**** REAL SIMULATION ****
warn:Existing EnergyCtrl, but no enabled DVFSHandler found. info: Entering
event queue # 0. Starting simulation...
fatal: Unable to find destination for [0x40008000:0x40008040] on system.iobus
Memory Usage: 8786764 KBytes
Thanks for helping
I'm developing a tool that modifies LUKS partitions and disks.
Everything is working very well. Until now...
To handle disks properly as a non-root user, I added some polkit rules to change password, open partition, change crypttab and many others.
But, I'm seeing problems when I change crypttab and I need to run dracut to apply some dracut modules (dracut --force). Specially, the last one.
My user is part of admin group and I added a rule into sudoers file to not ask sudo password when my application is executed.
So, I decided to use this code:
gchar *dracut[] = {"/usr/bin/sudo", "/usr/bin/dracut", "--force", NULL};
if ((child = fork()) > 0) {
waitpid(child, NULL, 0);
} else if (!child) {
execvp("/usr/bin/sudo", dracut);
}
It is not working because SELinux is preventing to run this command:
SELinux is preventing /usr/bin/sudo from getattr access on the chr_file /dev/hpet.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that sudo should be allowed getattr access on the hpet chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'sudo' --raw | audit2allow -M my-sudo
# semodule -X 300 -i my-sudo.pp
Additional Information:
Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context system_u:object_r:clock_device_t:s0
Target Objects /dev/hpet [ chr_file ]
Source sudo
Source Path /usr/bin/sudo
Port <Unknown>
Host <Unknown>
Source RPM Packages sudo-1.8.25p1-4.el8.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.14.1-61.el8.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name jcfaracco#hostname
Platform Linux jcfaracco#hostname 4.18.0-80.el8.x86_64 #1
SMP Wed Mar 13 12:02:46 UTC 2019 x86_64 x86_64
Alert Count 9
First Seen 2019-06-14 19:32:42 -03
Last Seen 2019-06-14 19:42:46 -03
Local ID 772b2c41-2302-4ee0-8886-52789eb63e22
Raw Audit Messages
type=AVC msg=audit(1560552166.658:199): avc: denied { getattr } for pid=2291 comm="sudo" path="/dev/hpet" dev="devtmpfs" ino=10776 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:clock_device_t:s0 tclass=chr_file permissive=0
type=SYSCALL msg=audit(1560552166.658:199): arch=x86_64 syscall=stat success=no exit=EACCES a0=7ffd4a6dffb0 a1=7ffd4a6def20 a2=7ffd4a6def20 a3=7fe845a73181 items=0 ppid=1756 pid=2291 auid=4294967295 uid=982 gid=980 euid=0 suid=0 fsuid=0 egid=980 sgid=980 fsgid=980 tty=tty1 ses=4294967295 comm=sudo exe=/usr/bin/sudo subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=stat AUID=unset UID=gnome-initial-setup GID=gnome-initial-setup EUID=root SUID=root FSUID=root EGID=gnome-initial-setup SGID=gnome-initial-setup FSGID=gnome-initial-setup
Hash: sudo,xdm_t,clock_device_t,chr_file,getattr
Do you know how to fix this issue? Any other idea to call dracut inside a C code is welcome too. In case of any other smart way to perform this issue.
I'm trying to run my tests using Selenium docker,
I have a local grunt server running on port 9000, I' launched the following selenium docker:
docker run -d -p 4444:4444 -p 5900:5900 selenium/standalone-chrome-debug
Then I've launched my tests (using Capybara) and opened VNC to watch the tests, but all I get is chrome messgae "This site can’t be reached".
cabybara.rb:
isWindows = (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM) != nil
require 'capybara/rspec'
require 'capybara'
require 'capybara/dsl'
require_relative 'sinatra_proxy'
require 'selenium/webdriver'
require 'selenium/webdriver/remote/http/curb' if !isWindows
Capybara.register_driver :selenium_chrome do |app|
http_client = isWindows ? nil : Selenium::WebDriver::Remote::Http::Curb.new
options = {
http_client: http_client,
browser: :chrome,
# service_log_path: 'chromedriver.out', # Enable Selenium logs
switches: ["--disable-web-security", '--user-agent="Chrome under Selenium for Capybara"']
}
options[:url] = "http://172.17.0.2:4444/wd/hub"
Capybara::Selenium::Driver.new app, options
end
Capybara.default_driver = :selenium_chrome
Capybara.app = SinatraProxy.new
Capybara.app_host = "http://127.0.0.1:9000"
Capybara.server_host = '0.0.0.0'
ip addr show docker0
ip addr show docker0
6: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:22:ec:65:9e:f1 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe40::42:ecdd:fe73:9ef4/64 scope link
valid_lft forever preferred_lft forever
Needed to be the IP of docker host, used:
ip route show | grep docker0 | awk '{print $9}'
for Capybara.app_host (DOCKER_HOST_IP:PORT) and Capybara.server_host (DOCKER_HOST_IP)
Use:
Capybara.app_host = "http://yourhostip:9000"
not localhost. For docker container localhost is itself.
Also I recommend not calling docker by its internal ip just use:
options[:url] = "http://localhost:4444/wd/hub"
But first solve the former problem
Regards
I have 5 VMs on 192.168.56.*:
.19 - Zookeeper
.20 - Solr1
.21 - Solr2
.22 - Solr3
.23 - Solr4
This is my Vagrantfile:
Vagrant.configure(2) do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
# Every Vagrant development environment requires a box. You can search for
# boxes at https://atlas.hashicorp.com/search.
# config.vm.box = "base"
(1..4).each do |x|
ip = 20
config.vm.define "solr#{x}" do |solr|
solr.vm.box = 'ubuntu/wily64'
solr.vm.network "private_network", ip: "192.168.56.#{ip}", bridge: "Intel(R) Centrino(R) Advanced-N 6205"
ip = ip + 1
solr.vm.provider "virtualbox" do |v|
v.memory = 2048
#v.cpus = 1
end
end
end
end
I have Apache HTTP on port 80 and Solr on port 8983. I can do wget 192.168.56.20:8983 from the ZooKeeper VM and it downloads the main page. When I try to hit 192.168.56.20:8983 from the host OS, it just hangs. Firewall rules are in place that open up those ports, so no idea why .19 can access Solr, but the host cannot.
Any ideas?