5:27 p.m.
Hello,
I have a rootless container running postgrey on a Rocky Linux 8 server.
Besides the fact I had problems getting the container running rootless,
which I overcame, the new issue is that connections to the exposed port
are established and then immediately dropped. I can't figure out why
this is happening.
Here's postgrey listening inside the container:
[containers@bigsecret ~]$ podman exec -ti postgrey ss -tln
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:10023 0.0.0.0:*
I can connect to the port inside of the container and the connection
stays up until I cancel it:
[containers@bigsecret ~]$podman exec -ti postgrey telnet localhost 10023
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
If I try to telnet to the port from the container host using the host's
routable IP or from different server, I get a "Connection closed by
foreign host." message immediately after the connection is established.
I have systemd enabled in the container. I can control the postgrey
daemon with systemd and systemd doesn't report any errors when I check
the daemon's status.
I don't see any selinux denials. I tried turning off enforcement anyway
and saw no change. I did see language errors being logged by postgrey,
so I installed the missing RPMs in the running container (I'm just
testing things out with this container), which got rid of those errors.
But, that didn't change the connection weirdness.
Any ideas what the problem could be? The pod and container definitions
are below.
pod
{
"Id":
"a9292128fc778c6287e80ff71d5e2ee1320b3395dc48a7e31af1db77cc7f695a",
"Name": "smtp",
"Created": "2021-11-25T12:58:55.447833371-05:00",
"CreateCommand": [
"podman",
"pod",
"create",
"--name",
"smtp",
"--publish",
"1.2.3.4:10023:10023",
"--publish",
"1.2.3.4:1587:587",
"--publish",
"1.2.3.4:1783:783",
"--publish",
"1.2.3.4:1025:25"
],
"State": "Running",
"Hostname": "smtp",
"CreateCgroup": true,
"CgroupParent": "user.slice",
"CgroupPath":
"user.slice/user-libpod_pod_a9292128fc778c6287e80ff71d5e2ee1320b3395dc48a7e31af1db77cc7f695a.slice",
"CreateInfra": true,
"InfraContainerID":
"a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4",
"InfraConfig": {
"PortBindings": {
"10023/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "10023"
}
],
"25/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "1025"
}
],
"587/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "1587"
}
],
"783/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "1783"
}
]
},
"HostNetwork": false,
"StaticIP": "",
"StaticMAC": "",
"NoManageResolvConf": false,
"DNSServer": null,
"DNSSearch": null,
"DNSOption": null,
"NoManageHosts": false,
"HostAdd": null,
"Networks": null,
"NetworkOptions": null
},
"SharedNamespaces": [
"ipc",
"net",
"uts"
],
"NumContainers": 2,
"Containers": [
{
"Id":
"a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4",
"Name": "a9292128fc77-infra",
"State": "running"
},
{
"Id":
"f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57",
"Name": "postgrey",
"State": "running"
}
]
}
container
[
{
"Id":
"f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57",
"Created": "2021-12-05T00:18:28.942285862-05:00",
"Path": "/usr/sbin/init",
"Args": [
"/usr/sbin/init"
],
"State": {
"OciVersion": "1.0.2-dev",
"Status": "running",
"Running": true,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 6047,
"ConmonPid": 6031,
"ExitCode": 0,
"Error": "",
"StartedAt": "2021-12-22T14:32:26.339653403-05:00",
"FinishedAt": "2021-12-22T14:27:28.403171029-05:00",
"Healthcheck": {
"Status": "",
"FailingStreak": 0,
"Log": null
}
},
"Image":
"9aefd5346e1f34b16a096b52575cc249b14a9a56664c6e1f2113ad3ef449c025",
"ImageName": "localhost/postgrey-v0.0.3:latest",
"Rootfs": "",
"Pod":
"a9292128fc778c6287e80ff71d5e2ee1320b3395dc48a7e31af1db77cc7f695a",
"ResolvConfPath":
"/tmp/podman-run-1000/containers/overlay-containers/a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4/userdata/resolv.conf",
"HostnamePath":
"/tmp/podman-run-1000/containers/overlay-containers/f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57/userdata/hostname",
"HostsPath":
"/tmp/podman-run-1000/containers/overlay-containers/a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4/userdata/hosts",
"StaticDir":
"/srv/containers/storage/1000/overlay-containers/f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57/userdata",
"OCIConfigPath":
"/srv/containers/storage/1000/overlay-containers/f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57/userdata/config.json",
"OCIRuntime": "runc",
"ConmonPidFile":
"/tmp/podman-run-1000/containers/overlay-containers/f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57/userdata/conmon.pid",
"PidFile":
"/tmp/podman-run-1000/containers/overlay-containers/f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57/userdata/pidfile",
"Name": "postgrey",
"RestartCount": 0,
"Driver": "overlay",
"MountLabel":
"system_u:object_r:container_file_t:s0:c654,c974",
"ProcessLabel":
"system_u:system_r:container_init_t:s0:c654,c974",
"AppArmorProfile": "",
"EffectiveCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"BoundingCaps": [
"CAP_CHOWN",
"CAP_DAC_OVERRIDE",
"CAP_FOWNER",
"CAP_FSETID",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_NET_RAW",
"CAP_SETFCAP",
"CAP_SETGID",
"CAP_SETPCAP",
"CAP_SETUID",
"CAP_SYS_CHROOT"
],
"ExecIDs": [],
"GraphDriver": {
"Name": "overlay",
"Data": {
"LowerDir":
"/srv/containers/storage/1000/overlay/2a356f237c2fe380f476133e0939553512ac8167ff7cbb2338d9405090528f7e/diff:/srv/containers/storage/1000/overlay/04f97fe38f3ca40a0d4a7ee7f6da4276ab30746e05c360975bd2e3569afde128/diff:/srv/containers/storage/1000/overlay/4d50441def2b07f8fcd48aad187815089621ddccf2384180db0c28c5272889f8/diff:/srv/containers/storage/1000/overlay/7933807b1a3f6ecbc852d38f269984065dfb57d49ddf40fdea70dfe66a6c6b14/diff:/srv/containers/storage/1000/overlay/1855256707116c0c229fec2d3a60bce4a11fdfc8b0bffa9663c84e69ec326160/diff",
"MergedDir":
"/srv/containers/storage/1000/overlay/113bb9169c33b29659143e14363c6a8fc07a7cd6a8ffc72697337a83200db18e/merged",
"UpperDir":
"/srv/containers/storage/1000/overlay/113bb9169c33b29659143e14363c6a8fc07a7cd6a8ffc72697337a83200db18e/diff",
"WorkDir":
"/srv/containers/storage/1000/overlay/113bb9169c33b29659143e14363c6a8fc07a7cd6a8ffc72697337a83200db18e/work"
}
},
"Mounts": [
{
"Type": "volume",
"Name": "postgrey",
"Source":
"/srv/containers/storage/1000/volumes/postgrey/_data",
"Destination": "/var/spool/postfix/postgrey",
"Driver": "local",
"Mode": "Z",
"Options": [
"nosuid",
"nodev",
"rbind"
],
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "volume",
"Name":
"5e82bc179344af8710114ca61f84dbfe7a8866c8aac5fab6bcef70e6cba6df76",
"Source":
"/srv/containers/storage/1000/volumes/5e82bc179344af8710114ca61f84dbfe7a8866c8aac5fab6bcef70e6cba6df76/_data",
"Destination": "/sys/fs/cgroup",
"Driver": "local",
"Mode": "",
"Options": [
"nodev",
"exec",
"nosuid",
"rbind"
],
"RW": true,
"Propagation": "rprivate"
}
],
"Dependencies": [
"a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4"
],
"NetworkSettings": {
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"Bridge": "",
"SandboxID": "",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"10023/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "10023"
}
],
"25/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "1025"
}
],
"587/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "1587"
}
],
"783/tcp": [
{
"HostIp": "1.2.3.4",
"HostPort": "1783"
}
]
},
"SandboxKey":
"/run/user/1000/netns/cni-a2c22e7a-f19f-8320-fe77-9d44a822154d"
},
"ExitCommand": [
"/usr/bin/podman",
"--root",
"/srv/containers/storage/1000",
"--runroot",
"/tmp/podman-run-1000/containers",
"--log-level",
"warning",
"--cgroup-manager",
"systemd",
"--tmpdir",
"/tmp/run-1000/libpod/tmp",
"--runtime",
"runc",
"--storage-driver",
"overlay",
"--storage-opt",
"overlay.mount_program=/usr/bin/fuse-overlayfs",
"--events-backend",
"file",
"container",
"cleanup",
"f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57"
],
"Namespace": "",
"IsInfra": false,
"Config": {
"Hostname": "smtp",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm",
"container=docker",
"HOME=/root",
"HOSTNAME=smtp"
],
"Cmd": [
"/usr/sbin/init"
],
"Image": "localhost/postgrey-v0.0.3:latest",
"Volumes": null,
"WorkingDir": "/",
"Entrypoint": "",
"OnBuild": null,
"Labels": {
"io.buildah.version": "1.21.3",
"org.label-schema.build-date": "20210620",
"org.label-schema.license": "BSD-3-Clause",
"org.label-schema.name": "Rocky Linux Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "Rocky Enterprise Software
Foundation",
"org.opencontainers.image.created": "2021-06-20
00:00:00+01:00",
"org.opencontainers.image.licenses": "BSD-3-Clause",
"org.opencontainers.image.title": "Rocky Linux Base
Image",
"org.opencontainers.image.vendor": "Rocky Enterprise
Software Foundation"
},
"Annotations": {
"io.container.manager": "libpod",
"io.kubernetes.cri-o.ContainerType": "container",
"io.kubernetes.cri-o.Created":
"2021-12-05T00:18:28.942285862-05:00",
"io.kubernetes.cri-o.SandboxID": "smtp",
"io.kubernetes.cri-o.TTY": "true",
"io.podman.annotations.autoremove": "FALSE",
"io.podman.annotations.init": "FALSE",
"io.podman.annotations.privileged": "FALSE",
"io.podman.annotations.publish-all": "FALSE",
"org.opencontainers.image.stopSignal": "37"
},
"StopSignal": 37,
"CreateCommand": [
"podman",
"run",
"-d",
"-t",
"--name",
"postgrey",
"--pod",
"smtp",
"--volume",
"postgrey:/var/spool/postfix/postgrey:Z",
"postgrey-v0.0.3"
],
"SystemdMode": true,
"Umask": "0022",
"Timeout": 0,
"StopTimeout": 10
},
"HostConfig": {
"Binds": [
"postgrey:/var/spool/postfix/postgrey:Z,rw,rprivate,nosuid,nodev,rbind",
"5e82bc179344af8710114ca61f84dbfe7a8866c8aac5fab6bcef70e6cba6df76:/sys/fs/cgroup:rprivate,rw,nodev,exec,nosuid,rbind"
],
"CgroupManager": "systemd",
"CgroupMode": "private",
"ContainerIDFile": "",
"LogConfig": {
"Type": "k8s-file",
"Config": null,
"Path":
"/srv/containers/storage/1000/overlay-containers/f32c676da8eb38f3e45bb8670e0d8330707fa3dfc216238e4f73bbe638d85a57/userdata/ctr.log",
"Tag": "",
"Size": "0B"
},
"NetworkMode":
"container:a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4",
"PortBindings": {},
"RestartPolicy": {
"Name": "",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"CapAdd": [],
"CapDrop": [
"CAP_AUDIT_WRITE",
"CAP_MKNOD"
],
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [],
"GroupAdd": [],
"IpcMode":
"container:a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4",
"Cgroup": "",
"Cgroups": "default",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "private",
"Privileged": false,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [],
"Tmpfs": {},
"UTSMode":
"container:a75ed34c8117daaff8be1e9060c07478b6894d4d06a93c963142d8b3de95b0a4",
"UsernsMode": "",
"ShmSize": 65536000,
"Runtime": "oci",
"ConsoleSize": [
0,
0
],
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent":
"user.slice/user-libpod_pod_a9292128fc778c6287e80ff71d5e2ee1320b3395dc48a7e31af1db77cc7f695a.slice",
"BlkioWeight": 0,
"BlkioWeightDevice": null,
"BlkioDeviceReadBps": null,
"BlkioDeviceWriteBps": null,
"BlkioDeviceReadIOps": null,
"BlkioDeviceWriteIOps": null,
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DiskQuota": 0,
"KernelMemory": 0,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": 0,
"OomKillDisable": false,
"PidsLimit": 0,
"Ulimits": [],
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"CgroupConf": null
}
}
]
--
Ranbir
11:29 a.m.
On Wed, 2021-12-22 at 17:27 -0500, Ranbir wrote:
Hello,
I have a rootless container running postgrey on a Rocky Linux 8
server.
Besides the fact I had problems getting the container running
rootless,
which I overcame, the new issue is that connections to the exposed
port
are established and then immediately dropped. I can't figure out why
this is happening.
I still don't know why the telnet connection won't stay up. I assumed
it was the rootless container causing some problem that I didn't
understand, so instead I ran it as a rootfull container. This time my
connection tests work as expected. When I telnet to the port, the
session stays up and isn't dropped immediately.
I guess I'm going to have to run the postgrey container as rootfull. It
would be nice to know why the rootless container didn't work.
Ranbir
--
Ranbir
2:53 p.m.
New subject: Can't maintain connection to container's listening port
On 1/11/22 11:29, Ranbir wrote:
On Wed, 2021-12-22 at 17:27 -0500, Ranbir wrote:
> Hello,
>
> I have a rootless container running postgrey on a Rocky Linux 8
> server.
> Besides the fact I had problems getting the container running
> rootless,
> which I overcame, the new issue is that connections to the exposed
> port
> are established and then immediately dropped. I can't figure out why
> this is happening.
I still don't know why the telnet connection won't stay up. I assumed
it was the rootless container causing some problem that I didn't
understand, so instead I ran it as a rootfull container. This time my
connection tests work as expected. When I telnet to the port, the
session stays up and isn't dropped immediately.
I guess I'm going to have to run the postgrey container as rootfull. It
would be nice to know why the rootless container didn't work.
Ranbir
Did you log out of your system? Systemd will kill all process when you
logout.
You can use loginctl enable-linger to leave it running.
3:04 p.m.
New subject: Can't maintain connection to container's listening port
On Tue, 2022-01-11 at 14:53 -0500, Daniel Walsh wrote:
Did you log out of your system? Systemd will kill all process when
you
logout.
You can use loginctl enable-linger to leave it running.
I never got it that far since I've just been testing out the image I
built. However, I already enabled lingering for the user running the
containers.
I built the image, ran the container in rootless mode, did a telnet
connection test and bam, the connection is immediately dropped. When I
switched the container to rootfull, the telnet connection stays up.
SELinux enabled or not doesn't make a difference either.
--
Ranbir
3:25 p.m.
New subject: Can't maintain connection to container's listening port
On 1/12/22 15:04, Ranbir wrote:
On Tue, 2022-01-11 at 14:53 -0500, Daniel Walsh wrote:
> Did you log out of your system? Systemd will kill all process when
> you
> logout.
>
>
> You can use loginctl enable-linger to leave it running.
I never got it that far since I've just been testing out the image I
built. However, I already enabled lingering for the user running the
containers.
I built the image, ran the container in rootless mode, did a telnet
connection test and bam, the connection is immediately dropped. When I
switched the container to rootfull, the telnet connection stays up.
SELinux enabled or not doesn't make a difference either.
Try the container in --privileged mode, to see if this is causing the issue.
If it still crashes, then I figure it is something with the user namespace.
Do you have an image I could try?
4:59 p.m.
New subject: Can't maintain connection to container's listening port
On Wed, 2022-01-12 at 15:25 -0500, Daniel Walsh wrote:
Try the container in --privileged mode, to see if this is causing
the
issue.
That didn't help. :(
If it still crashes, then I figure it is something with the user
namespace.
The container doesn't crash. It actually runs and I can see postgrey
running in the container. The problem is when I do a telnet test from
the host or from another server to the postgrey port I exposed, the
telnet connection doesn't stay up and instead drops immediately. If the
container is running rootfull, the telnet test is established and
doesn't disconnect.
Do you have an image I could try?
It's not uploaded anywhere. I'm turning some of my KVMs into containers
because I wanted to learn podman and get familiar with it. I've only
been doing container stuff in general since August of last year.
Hmmm...can I dump the Containerfile for each image here? They're not
big. The Rocky Linux 8 Dockerfile is copied directly from their docker
image page on dockerhub.
There's some wrapping.
Here's the latest run command I used:
"CreateCommand": [
"podman",
"run",
"-d",
"--name",
"postgrey",
"--publish",
"1.2.3.4:10023:10023",
"--volume",
"postgrey:/var/spool/postfix/postgrey:Z",
"--privileged",
"postgrey-v0.0.3"
],
The volume doesn't matter. I'm just preserving data from my KVM.
Below are the Containerfile, config file and Dockerfile.
--------
postgrey
--------
FROM local/rocky8-systemd
RUN dnf -y update && \
dnf -y install epel-release && \
dnf -y --nodocs install postgrey telnet && \
dnf clean all && \
systemctl enable postgrey
COPY postgrey /etc/sysconfig/
CMD ["/usr/sbin/init"]
--------------------
postgrey sysconfig file
--------------------
# Postgrey offers 2 listening types, --inet and --unix. As default, Fedora
# postgrey works under UNIX socket, but, changing to TCP socket on user's own
# is also available, for instance, let it work at 10023 port of localhost:
# --inet=10023
# To be more detailed, there is another way if you still run it at localhost:
# --inet=127.0.0.1:10023
#POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket"
POSTGREY_TYPE="--inet=127.0.0.1:10023"
# If postgrey works under UNIX socket way, PID file can be specified to
# custom location, note that no need to set this if postgrey is working
# under TCP socket way.
POSTGREY_PID="--pidfile=/var/run/postgrey.pid"
# Name of group which postgrey belongs, default is postgrey
POSTGREY_GROUP="--group=postgrey"
# Name of user which postgrey belongs, default is postgrey
POSTGREY_USER="--user=postgrey"
# DELAY
POSTGREY_DELAY="--delay=60"
# For more options can be used, please read manpage or execute `postgrey -h`.
# Custom options.
POSTGREY_OPTS=""
-------------
rocky linux 8
-------------
FROM rockylinux/rockylinux:latest
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i
== \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
--
Ranbir
9:50 a.m.
New subject: Can't maintain connection to container's listening port
On 1/12/22 16:59, Ranbir wrote:
On Wed, 2022-01-12 at 15:25 -0500, Daniel Walsh wrote:
> Try the container in --privileged mode, to see if this is causing the
> issue.
That didn't help. :(
> If it still crashes, then I figure it is something with the user
> namespace.
The container doesn't crash. It actually runs and I can see postgrey
running in the container. The problem is when I do a telnet test from
the host or from another server to the postgrey port I exposed, the
telnet connection doesn't stay up and instead drops immediately. If the
container is running rootfull, the telnet test is established and
doesn't disconnect.
> Do you have an image I could try?
It's not uploaded anywhere. I'm turning some of my KVMs into containers
because I wanted to learn podman and get familiar with it. I've only
been doing container stuff in general since August of last year.
Hmmm...can I dump the Containerfile for each image here? They're not
big. The Rocky Linux 8 Dockerfile is copied directly from their docker
image page on dockerhub.
There's some wrapping.
Here's the latest run command I used:
"CreateCommand": [
"podman",
"run",
"-d",
"--name",
"postgrey",
"--publish",
"1.2.3.4:10023:10023",
"--volume",
"postgrey:/var/spool/postfix/postgrey:Z",
"--privileged",
"postgrey-v0.0.3"
],
The volume doesn't matter. I'm just preserving data from my KVM.
Below are the Containerfile, config file and Dockerfile.
--------
postgrey
--------
FROM local/rocky8-systemd
RUN dnf -y update && \
dnf -y install epel-release && \
dnf -y --nodocs install postgrey telnet && \
dnf clean all && \
systemctl enable postgrey
COPY postgrey /etc/sysconfig/
CMD ["/usr/sbin/init"]
--------------------
postgrey sysconfig file
--------------------
# Postgrey offers 2 listening types, --inet and --unix. As default, Fedora
# postgrey works under UNIX socket, but, changing to TCP socket on user's own
# is also available, for instance, let it work at 10023 port of localhost:
# --inet=10023
# To be more detailed, there is another way if you still run it at localhost:
# --inet=127.0.0.1:10023
#POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket"
POSTGREY_TYPE="--inet=127.0.0.1:10023"
# If postgrey works under UNIX socket way, PID file can be specified to
# custom location, note that no need to set this if postgrey is working
# under TCP socket way.
POSTGREY_PID="--pidfile=/var/run/postgrey.pid"
# Name of group which postgrey belongs, default is postgrey
POSTGREY_GROUP="--group=postgrey"
# Name of user which postgrey belongs, default is postgrey
POSTGREY_USER="--user=postgrey"
# DELAY
POSTGREY_DELAY="--delay=60"
# For more options can be used, please read manpage or execute `postgrey -h`.
# Custom options.
POSTGREY_OPTS=""
-------------
rocky linux 8
-------------
FROM rockylinux/rockylinux:latest
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i
== \
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
Giuseppe, Paul, Matt Do you think this is slirp4netns related?
Ranbir could you try with --net=hosts
10:02 a.m.
If you set up postgrey to listen on 127.0.0.1 I cannot be reached from the
outside, make sure to listen on 0.0.0.0:10023 in the container.
"--publish", "1.2.3.4:10023:10023"
Also I assume you changed the ip here and that you use your actual local ip
there and not 1.2.3.4.
On Thu, Jan 13, 2022 at 3:50 PM Daniel Walsh <dwalsh(a)redhat.com> wrote:
On 1/12/22 16:59, Ranbir wrote:
> On Wed, 2022-01-12 at 15:25 -0500, Daniel Walsh wrote:
>> Try the container in --privileged mode, to see if this is causing the
>> issue.
> That didn't help. :(
>
>> If it still crashes, then I figure it is something with the user
>> namespace.
> The container doesn't crash. It actually runs and I can see postgrey
> running in the container. The problem is when I do a telnet test from
> the host or from another server to the postgrey port I exposed, the
> telnet connection doesn't stay up and instead drops immediately. If the
> container is running rootfull, the telnet test is established and
> doesn't disconnect.
>
>> Do you have an image I could try?
> It's not uploaded anywhere. I'm turning some of my KVMs into containers
> because I wanted to learn podman and get familiar with it. I've only
> been doing container stuff in general since August of last year.
>
> Hmmm...can I dump the Containerfile for each image here? They're not
> big. The Rocky Linux 8 Dockerfile is copied directly from their docker
> image page on dockerhub.
>
> There's some wrapping.
>
>
> Here's the latest run command I used:
>
> "CreateCommand": [
> "podman",
> "run",
> "-d",
> "--name",
> "postgrey",
> "--publish",
> "1.2.3.4:10023:10023",
> "--volume",
> "postgrey:/var/spool/postfix/postgrey:Z",
> "--privileged",
> "postgrey-v0.0.3"
> ],
>
>
> The volume doesn't matter. I'm just preserving data from my KVM.
>
> Below are the Containerfile, config file and Dockerfile.
>
> --------
> postgrey
> --------
>
> FROM local/rocky8-systemd
>
> RUN dnf -y update && \
> dnf -y install epel-release && \
> dnf -y --nodocs install postgrey telnet && \
> dnf clean all && \
> systemctl enable postgrey
>
> COPY postgrey /etc/sysconfig/
>
> CMD ["/usr/sbin/init"]
>
> --------------------
> postgrey sysconfig file
> --------------------
>
> # Postgrey offers 2 listening types, --inet and --unix. As default,
Fedora
> # postgrey works under UNIX socket, but, changing to TCP socket on
user's own
> # is also available, for instance, let it work at 10023 port of
localhost:
> # --inet=10023
> # To be more detailed, there is another way if you still run it at
localhost:
> # --inet=127.0.0.1:10023
> #POSTGREY_TYPE="--unix=/var/spool/postfix/postgrey/socket"
> POSTGREY_TYPE="--inet=127.0.0.1:10023"
>
> # If postgrey works under UNIX socket way, PID file can be specified to
> # custom location, note that no need to set this if postgrey is working
> # under TCP socket way.
> POSTGREY_PID="--pidfile=/var/run/postgrey.pid"
>
> # Name of group which postgrey belongs, default is postgrey
> POSTGREY_GROUP="--group=postgrey"
>
> # Name of user which postgrey belongs, default is postgrey
> POSTGREY_USER="--user=postgrey"
>
> # DELAY
> POSTGREY_DELAY="--delay=60"
>
> # For more options can be used, please read manpage or execute `postgrey
-h`.
> # Custom options.
> POSTGREY_OPTS=""
>
>
> -------------
> rocky linux 8
> -------------
>
> FROM rockylinux/rockylinux:latest
>
> ENV container docker
>
> RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i
> == \
> systemd-tmpfiles-setup.service ] || rm -f $i; done); \
> rm -f /lib/systemd/system/multi-user.target.wants/*;\
> rm -f /etc/systemd/system/*.wants/*;\
> rm -f /lib/systemd/system/local-fs.target.wants/*; \
> rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
> rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
> rm -f /lib/systemd/system/basic.target.wants/*;\
> rm -f /lib/systemd/system/anaconda.target.wants/*;
>
> VOLUME [ "/sys/fs/cgroup" ]
>
> CMD ["/usr/sbin/init"]
>
>
Giuseppe, Paul, Matt Do you think this is slirp4netns related?
Ranbir could you try with --net=hosts
12:10 p.m.
New subject: Can't maintain connection to container's listening port
On Thu, 2022-01-13 at 16:02 +0100, Paul Holzinger wrote:
If you set up postgrey to listen on 127.0.0.1 I cannot be reached
from the outside, make sure to listen on 0.0.0.0:10023 in the
container.
> "--publish", "1.2.3.4:10023:10023"
Oh, sorry! I had it in a pod before and when I couldn't get it to work
in there, I broke it out to a standalone container. I didn't update the
config file after I did that.
I kind of recall trying the container out with postgrey listening on
everything and it still not working. But, I've been updating other
images I have running so maybe it wasn't this one.
I'll make the change and try again.
Also I assume you changed the ip here and that you use your actual
local ip there and not 1.2.3.4.
Yes.
--
Ranbir
10:34 a.m.
New subject: Can't maintain connection to container's listening port
On Thu, 2022-01-13 at 12:10 -0500, Ranbir wrote:
On Thu, 2022-01-13 at 16:02 +0100, Paul Holzinger wrote:
I'll make the change and try again.
I rebuilt the image and ran it several times rootfull and rootless with
postgrey configured to listen on everything. Now my telnet tests
connect and stay established.
I don't know what I did before that made me think it was only working
with it running rootfull when I had it listening to localhost.
I added the container back to the pod and also changed it back to
listening on localhost since I only need postfix (that's also inside
the pod) to connect to it.
I have an odd postfix problem to figure out. I'll probably be starting
a new thread for it.
Thank you both for the help.
--
Ranbir
1036
days inactive
1066
days old
9 comments
3 participants
participants (3)
-
Daniel Walsh -
Paul Holzinger -
Ranbir