Shamil's Blog. Software Engineering Processes, Android, CI, Devops.

Edit: This issue is possibly a known one: see "Podman can not create containers that bind to ports < 1024"

It's impossible to reach any exposed privileged port from external net when running podman

sudo podman run -p 80:80 -it nginx

Setup: dedicated Centos 8, clean install + docker, no firewalld, iptables at "allow-all" default ruleset. With docker however it works without problem.

What I was trying to run which needed to listen to privileged ports is a certbot inside docker. Motivation is to avoid installing python dependencies or else downloading and running unknown binary.

Labels: centos, centos8, certbot, docker, letsencrypt, linux, opensource, podman

Lately I'm trying out Centos 8 and move to openshift with podman and buildah as docker replacements. So far not without interesting problems!

In a freshly installed updated centos8 it's impossible to build any alpine-based repo or even pull alpine itself:

$ podman pull alpine
...
Error committing the finished image: error adding layer with blob "sha256:aad63a9339440e7c3e1fff2b988991b9bfb81280042fa7f39a5e327023056819": Error processing
tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/shadow): lchown /etc/shadow: invalid argument

The following solution is mentioned in libpod issue 2788:

# dnf reinstall shadow-utils

I did not investigate this deep down, however seem capabilities are set wrong for shadow-utils with yum installation (yum reinstall does not fix this):

$ getcap /usr/bin/newuidmap /usr/bin/newgidmap

Here's expected output for the command above:

/usr/bin/newuidmap = cap_setuid+ep
/usr/bin/newgidmap = cap_setgid+ep

Labels: buildah, centos, centos8, dnf, opensource, podman, yum

I installed Debian 10 onto X220 laptop and discovered that it's no official support for Java 8 according to debian mailing list. Also an installation of recommended PPA containing Java 8 which requires adding gpg keys via apt-key fails. Little disappointed by the keys shit. I'm looking for some other options, as Java 8 is critical for me and I really don't wanna mess up with unofficial openjdk builds.

This resembles me a lot this almost comedian video on how hard to describe the life of sysadmin to non-it people. Palm, palm, palm.
Video link

So no Debian 10 for my X220. Thinking about arch (used it for some years, with some luck of failing video drivers - I don't have a good feeling about it being on laptop) or centos (happy with it on server, not sure about client). Also maybe a Debian 9 is a logical choice as seems like it has Java 8 supported by default.

Labels: arch, centos, debian, java, java 8, laptop, linux, openjdk, opensource, x220

This is my experience while installing .tar.gz onto centos.

1. Automated redhat init.d and user script openfire/bin/extra/redhat-postinstall.sh has bug on line 27: it states wrong openfire.sh filename (really no ".sh"). WTF?
solution: open redhat-postinstall.sh and remove .sh on line 27

2. after going through install web guide I cannot log in to admin console. (now it reminded me how much sometimes I hate opensource).
solution: username IS NOT admin@domain as you typed in. username = admin without any @domain. f%%ck you.

3. openfire cannot live behind non-root web context (in my case it's proxypass of /openfire through https apache vhost).
solution: no?

Labels: centos, installation, openfire, opensource, shit, xmpp