Rootless cgexec with cgroups v2 on Ubuntu 22.04 - cgroups

On operating systems which use cgroups v2, such as Ubuntu 22.04, I am unable to 'cgexec' any process without being root. This type of code used to work fine. I tried it on a recent redhat release and had similar problems.
For example:
$ sudo cgcreate -t caj:caj -a caj:caj -g memory:qqq
[sudo] password for caj:
$ cgexec -g memory:qqq ls
cgroup change of group failed
$ sudo cgexec -g memory:qqq ls
<files ...>

Related

unable to execute 'gcc': No such file or directory when running docker build

I was trying to create a docker image for my python script and upload it to AWS ECR and then use it in Lambda. Our python runtime is 3.8 shown on the AWS console so I just followed this manual:
https://docs.aws.amazon.com/lambda/latest/dg/images-create.html#images-create-from-base
But I got the error when I run docker build -t image-name .
#6 14.02 gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -I/var/lang/include/python3.8 -c bitarray/_bitarray.c -o build/temp.linux-x86_64-3.8/bitarray/_bitarray.o
#6 14.02 unable to execute 'gcc': No such file or directory
#6 14.02 error: command 'gcc' failed with exit status 1
I double checked and I have gcc installed on my macOS:
Warning: gcc 11.2.0 is already installed and up-to-date.
To reinstall 11.2.0, run:
brew reinstall gcc
Would appreciate some help on resolving this. thanks!
EDIT:
This issue originates from me unable to import a CPython library cytoolz when running my script on Lambda, so I consulted these issues to simulate the runtime using docker.
https://github.com/Miserlou/Zappa/issues/1717#issuecomment-445821158
https://github.com/ethereum/web3.py/issues/1456#issuecomment-866862759
If there is a better way to import cytoolz without using docker I would also def appreciate some hints!
Thx!!
Add the below commands to get requried things installed.
RUN yum update -y
RUN yum groupinstall 'Development Tools' -y
Sample Dockerfile:
FROM public.ecr.aws/lambda/python:3.9
RUN yum update -y
RUN yum groupinstall 'Development Tools' -y
RUN pip --version

X DevAPI mysqlx::Session() over linux socket fails with “CDK Error: unexpected message”

I’ve (3) freshly installed mysql, (4) freshly installed Connector/C++ 8.0 X DevAPI, (5) did minimal configuration in my.cnf, (1) wrote a minimal C++ program, (2) build it, and after executing it gave the following output:
$ sudo bin/sql
[sudo] password for xxxxxx:
CDK Error: unexpected message
But when I use mysql it connects properly:
$ sudo mysql --socket /var/run/mysqld/mysqld.sock -u root
<…>
Server version: 8.0.22 MySQL Community Server – GPL
<…>
mysql>
In my imagination, my minimal C++ program is doing the same the mysql client application is doing, but apparently not. What am I doing wrong here?
Below are some details which have been referred to in my opening sentence.
(1) The minimal C++ program:
#include <iostream>
#include <stdexcept>
#include <mysqlx/xdevapi.h>
int main()
{
try
{
mysqlx::Session sess("mysqlx://root#%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock");
}
catch(std::exception& e)
{
std::cerr << e.what() << std::endl;
}
}
(2) Build with:
g++ -std=gnu++17 -I/usr/include/mysql-cppconn-8 sql.cpp -lstdc++fs -lmysqlcppconn8 -o bin/sql
chmod u+x bin/sql
(3) I’ve installed mysql:
<download from https://dev.mysql.com/downloads/repo/apt/>
$ sudo dpkg -i ~/Downloads/mysql-apt-config_0.8.16-1_all.deb
$ sudo apt-get update
$ sudo apt-get install mysql-server
<leave pwd blank>
$ systemctl status mysql
<active (running)>
$ mysql -V
mysql Ver 8.0.22 for Linux on x86_64 (MySQL Community Server - GPL)
(4) Installed Connector/C++ 8.0 X DevAPI (when I recall correctly)
<download from https://dev.mysql.com/downloads/connector/cpp/>
<chose Ubuntu Linux>
<Chose Ubuntu Linux 20.04 (x86, 64-bit)
<downloaded libmysqlcppconn8-2_8.0.22-1ubuntu20.04_amd64.deb>
$ sudo dpkg -i ~/Downloads/libmysqlcppconn8-2_8.0.22-1ubuntu20.04_amd64.deb
$ sudo apt-get update
$ sudo apt-get install libmysqlcppconn8-2
<downloaded libmysqlcppconn8-2-dbgsym_8.0.22-1ubuntu20.04_amd64.deb>
$ sudo dpkg -i ~/Downloads/libmysqlcppconn8-2-dbgsym_8.0.22-1ubuntu20.04_amd64.deb
$ sudo apt-get update
$ sudo apt-get install libmysqlcppconn8-2-dbgsym
<downloaded libmysqlcppconn-dev_8.0.22-1ubuntu20.04_amd64.deb>
$ sudo dpkg -i ~/Downloads/libmysqlcppconn-dev_8.0.22-1ubuntu20.04_amd64.deb
$ sudo apt-get update
$ sudo apt-get install libmysqlcppconn-dev
<downloaded libmysqlcppconn7_8.0.22-1ubuntu20.04_amd64.deb>
$ sudo dpkg -i ~/Downloads/libmysqlcppconn7_8.0.22-1ubuntu20.04_amd64.deb
$ sudo apt-get update
$ sudo apt-get install libmysqlcppconn7
<downloaded libmysqlcppconn7-dbgsym_8.0.22-1ubuntu20.04_amd64.deb>
$ sudo dpkg -i ~/Downloads/libmysqlcppconn7-dbgsym_8.0.22-1ubuntu20.04_amd64.deb
$ sudo apt-get update
$ sudo apt-get install libmysqlcppconn7-dbgsym
(5) Configured my.cnf and added [client] and socket
$ sudo vi /etc/mysql/my.cnf
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
<…>
#
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
[client]
socket = /var/run/mysqld/mysqld.sock
<save>
$ systemctl stop mysql
$ systemctl start mysql
$ systemctl status mysql
<active (running)>
Let me answer my own question in the form of a recipe how to get the minimal program working from scratch. The numbers refer to the numbers in the question.
(3) Install mysql:
<download from https://dev.mysql.com/downloads/repo/apt/>
$ sudo dpkg -i ~/Downloads/mysql-apt-config_0.8.16-1_all.deb
$ sudo apt-get update
$ sudo apt-get install mysql-server
<leave pwd blank>
$ systemctl status mysql
<active (running)>
$ mysql -V
mysql Ver 8.0.22 for Linux on x86_64 (MySQL Community Server - GPL)
(4) Install Connector/C++ 8.0 X DevAPI (in my case Ubuntu Linux 20.04)
<download from https://dev.mysql.com/downloads/connector/cpp/>
<chose Ubuntu Linux>
<Chose Ubuntu Linux 20.04 (x86, 64-bit)
<downloaded libmysqlcppconn8-2_8.0.22-1ubuntu20.04_amd64.deb>
<downloaded libmysqlcppconn8-2-dbgsym_8.0.22-1ubuntu20.04_amd64.deb>
<downloaded libmysqlcppconn-dev_8.0.22-1ubuntu20.04_amd64.deb>
<downloaded libmysqlcppconn7_8.0.22-1ubuntu20.04_amd64.deb>
<downloaded libmysqlcppconn7-dbgsym_8.0.22-1ubuntu20.04_amd64.deb>
$ sudo dpkg -i ~/Downloads/libmysqlcppconn8-2_8.0.22-1ubuntu20.04_amd64.deb
$ sudo dpkg -i ~/Downloads/libmysqlcppconn8-2-dbgsym_8.0.22-1ubuntu20.04_amd64.deb
$ sudo dpkg -i ~/Downloads/libmysqlcppconn-dev_8.0.22-1ubuntu20.04_amd64.deb
$ sudo dpkg -i ~/Downloads/libmysqlcppconn7_8.0.22-1ubuntu20.04_amd64.deb
$ sudo dpkg -i ~/Downloads/libmysqlcppconn7-dbgsym_8.0.22-1ubuntu20.04_amd64.deb
$ sudo apt-get update
$ sudo apt-get install libmysqlcppconn8-2
$ sudo apt-get install libmysqlcppconn8-2-dbgsym
$ sudo apt-get install libmysqlcppconn-dev
$ sudo apt-get install libmysqlcppconn7
$ sudo apt-get install libmysqlcppconn7-dbgsym
(5) Configured my.cnf and added [client] and socket
(5) Do not change my.cnf, it is not needed
(+) Create a user with all privileges and check the socket path
$ sudo mysql -u root
mysql> CREATE USER 'user'#'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'user'#'localhost';
mysql> FLUSH PRIVILEGES;
mysql> show variables like 'mysqlx_socket';
+---------------+-----------------------------+
| Variable_name | Value |
+---------------+-----------------------------+
| mysqlx_socket | /var/run/mysqld/mysqlx.sock |
+---------------+-----------------------------+
1 row in set (0.00 sec)
mysql> exit
<check:>
$ sudo mysql -u user -p
<first password is sudo password>
<second pass is sql password for user>
mysql> exit
(1) Write minimal C++ program (sql.cpp). Replace in above mysqlx_socket all '/' by '%2F':
#include <iostream>
#include <stdexcept>
#include <mysqlx/xdevapi.h>
int main()
{
try
{
// wrong: mysqlx::Session sess("mysqlx://root#%2Fvar%2Frun%2Fmysqld%2Fmysqld.sock"); replace d by x
mysqlx::Session sess("mysqlx://user:password#%2Fvar%2Frun%2Fmysqld%2Fmysqlx.sock");
}
catch(std::exception& e)
{
std::cerr << e.what() << std::endl;
}
}
(2) Build with:
g++ -std=gnu++17 -I/usr/include/mysql-cppconn-8 sql.cpp -lstdc++fs -lmysqlcppconn8 -o sql
chmod u+x sql
(+) Executing it should lead to no exceptions:
$ ./sql
$

Coturn Installation failed in Centos7

I followed this link https://www.webrtc-experiment.com/docs/TURN-server-installation-guide.html#centos to install turn server in centos 7. The Configuration step I gave user name and password , also gave the same port as per the guidelines.
And finally I run the comment:
"turnserver -v -r 127.1.1:2222 -a -b turnuserdb.conf -c turnserver.conf -u turn-username -r 127.1.1:2222 -p turn-password"
it showed Wrong user name in the execution.
Any idea for Coturn installation in Centos7 because i am new in webrtc...
Please follow this instruction: https://centos.pkgs.org/7/epel-x86_64/coturn-4.5.1.2-1.el7.x86_64.rpm.html
wget https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-12.noarch.rpm
rpm -Uvh epel-release-7-12.noarch.rpm
yum install coturn

How to run AWS ecs-cli on Raspbian OS - Raspberry Pi 3 B+

I'm running Raspbian OS on Raspberry Pi 3 B+ and I'm trying to use it together with AWS ecs-cli to control my ECS containers by scaling them down and up. I'm planing to use Lambda in future, but as of now I'm trying to keep low metrics on CloudWatch to stay on free tier and do not get charged(separate topic).
I tried to install ecs-cli as per AWS guidance for Linux here
$ sudo curl -o /usr/local/bin/ecs-cli https://s3.amazonaws.com/amazon-ecs-cli/ecs-cli-linux-amd64-latest
$ sudo chmod +x /usr/local/bin/ecs-cli
$ ecs-cli
Obviously because the binary is for x86-64 OS I've got an error:
-bash: /usr/local/bin/ecs-cli: cannot execute binary file: Exec format error
Further check of the file suggests that ecs-cli is not compiled in architecture for raspbian:
$ file ecs-cli
ecs-cli: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
$ dpkg --print-architecture
armhf
I tried google around to find armhf compilation of ecs-cli, unfortunately without luck. Any idea?
I found source code of ecs-cli on GitHub, so I tried to clone it and compile.
$ pwd
/home/pi
$ git clone https://github.com/aws/amazon-ecs-cli.git
Cloning into 'amazon-ecs-cli'...
..., done.
$ cd amazon-ecs-cli
$ make
./scripts/build_binary.sh ./bin/local
./scripts/build_binary.sh: line 28: go: command not found
./scripts/build_binary.sh: line 32: go: command not found
Makefile:30: recipe for target 'bin/local/ecs-cli' failed
make: *** [bin/local/ecs-cli] Error 127
Error suggests I'm missing Golang installation on my Raspbian OS.
Install Golang 1.9 (or higher from here) and Godep on Raspbian OS:
$ cd ~
$ wget https://storage.googleapis.com/golang/go1.9.linux-armv6l.tar.gz
$ sudo tar -C /usr/local -xzf go1.9.linux-armv6l.tar.gz
$ export PATH=$PATH:/usr/local/go/bin
$ go version
go version go1.9 linux/arm
$ go get -u github.com/tools/godep
$ export GOPATH=~/go
$ export PATH=$GOPATH/bin:$PATH
$ godep version
godep v80 (linux/arm/go1.9)
#Add paths into profile file;
$ echo "export GOPATH=~/go" >> $HOME/.profile
$ echo "export PATH=/usr/local/go/bin:\$GOPATH/bin:\$PATH" >> $HOME/.profile
Compile ecs-cli
$ cd ~/amazon-ecs-cli
$ make
./scripts/build_binary.sh ./bin/local
ecs-cli/main.go:29:2: cannot find package "github.com/cihub/seelog" in any of:
/usr/local/go/src/github.com/cihub/seelog (from $GOROOT)
/home/pi/go/src/github.com/cihub/seelog (from $GOPATH)
...
Looks like GO expects everything to be cloned into /usr/local/go/src/github.com
(Please note that make command might be CPU intensive, I recommend to stop any other CPU intensive processes to avoid freeze of Raspberry Pi)
$ mkdir -p /usr/local/go/src/github.com/aws/
$ cd /usr/local/go/src/github.com/aws/
$ git clone https://github.com/aws/amazon-ecs-cli.git
..., done
$ cd /usr/local/go/src/github.com/aws/amazon-ecs-cli
$ make
./scripts/build_binary.sh ./bin/local
Built ecs-cli
Copy to target location and run it!
$ sudo cp /usr/local/go/src/github.com/aws/amazon-ecs-cli/bin/local/ecs-cli /usr/local/bin/
$ sudo chmod +x /usr/local/bin/ecs-cli
$ ecs-cli --version
ecs-cli version 1.5.0 (*UNKNOWN)
I can now run ecs-cli on Raspbian OS. Hopefully this will help to anyone who will be searching for similar errors. But is there easier way?

Ember failed to find watchman

When I run ember test I got this
Could not start watchman
I can confirm that I have installed watchman, when I run which -a watchman, I got
/usr/local/bin/watchman
Am I missing something?
Fyi
ember -v return
ember-cli: 2.15.1
node: 8.6.0
os: linux x64
Try to reinstall watchman
$ git clone https://github.com/facebook/watchman.git
$ cd watchman
$ git checkout v4.9.0 # the latest stable release
$ ./autogen.sh
$ ./configure
$ make
$ sudo make install
More info here
Now, above process fails with error bser.cpp:345:17: error: offset of on non-standard-layout type 'json_object_t' in step make on macos, just upgraded to 10.15.6 catalina due to xcode upgrade issue, cmdline tools Apple clang version 12.0.0 (clang-1200.0.32.2)
Patching with these changes made it work to install watchman successfully tagedg v4.9.0