-
Notifications
You must be signed in to change notification settings - Fork 425
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl and dns #16
Comments
reducing the scope: the minimal ping.sspec shows the same issue (CentOS-6 x86_64)
|
So, I'm able to build a curl sapp and run it without issue: `[gmk@centos7-x64 demo]$ cat example.sspec 301 MovedThe document has moved Ping is an interesting example, because technically to send an ICMP you need to special system privileges. This is what I'm getting on Centos 7 x64:
So, I'm guessing something is different on my system because it is resolving properly. DNS resolution usually happens by libc dlopen'ing name resolution libraries. Do this please: $ singularity specgen curl google.com and then paste the resulting curl.sspec (if both of you can do that, it would be great). Singularity always needs to included these libraries into a container. Thanks! |
so it works with the "specgen"erated file :) |
attaching the generated file on CentOS-6 |
I betcha it is the libnss3 and libnssutil3. I don't think I'm adding those automatically... That should catch it for Centos6. ;) Thanks Tru! |
If you retest from trunk, it should now grab those two libraries when building a SAPP. Hopefully that will fix it for both cases! Karl, can you retest current master? Thanks! |
:(
but
|
Hi Tru, Can you run another test for me? Please capture all of the out from this command in /tmp/debug, and send me that file please: $ singularity strace curl google.com >/tmp/debug 2>&1 Thanks! |
my curl.sspec: I tried the ping sapp: same problem:
the curl strace: |
Hi Karl, I'm no at computer yet (so I'm not sure what the attachments are) but can you also do the strace against curl? Ping is an odditity because it always requires additional permission to run. Up until just recently ping was setuid root. Now it generally uses Linux capabilities to achieve similar results which is why I'm not counting on ping to ever work properly in a singularity container. Probably the smarter thing would be for singularity to check on files with non standard permissions and error if one is found. Thanks again! |
|
Oh, Tru's response? I wasn't making the assumption that you are running on the same host OS. If you are that will indeed work fine and will use what he provided. Will investigate more soon as I'm at a real keyboard. Thanks! |
Heya Karl, Sorry for the confusion about not seeing your attachments. Looking at them now, and I'm noticing that libnss_myhostname.so.* was not installed into your container. I am debugging why that might have happened as that file should always be installed (as of several days ago!). Thanks! |
ok, I think Karl's issue is now fixed now in master. The problem was that I made an assumption that the libraries I am statically including (e.g. libnss_myhostname.so.) exist right off of the /lib directories. But on Debian like systems they are actually 2 levels deep. Please test. :) Tru, can you also test against the git master? Thanks! |
Still does not work for me. |
Can you try that for curl too, and then if it works send me an strace of it? Can you remind me, when you used specgen to create the spec for curl, did it work? If so can you show me that spec? Thanks! |
nope same spec as above |
What distribution are you using? Can you send me your curl SAPP? (Either attach to the ticket or email direct to me please). Thanks! |
ubuntu 14.04
|
I have it running on another Debian/Ubuntu based distribution (Lubuntu) without a problem. At the moment, I am using the host's /etc/resolv.conf and /etc/hosts, but I am creating a generic /etc/nsswitch.conf. I wonder if that is the problem... Might be worth copying your hosts's /etc/nsswitch.conf into ~/.singulairty-cache/containers/[container UUID]/c/etc/nsswitch.conf for testing. |
I tried copying both the nsswitch.conf then the resolv.conf without success. But remember, if I add /lib/x86_64-linux-gnu/ in %files it works. |
On Fri, Apr 1, 2016 at 4:50 PM, Gregory M. Kurtzer <notifications@github.com
|
Yes, we are missing some library that is getting dlopen'ed probably by libc itself would be my guess. But why we aren't able to detect it is worrysome. I went over your specgen output and your strace output of library open(), and there were no differences. I didn't get the SAPP file though, did you send it? Can you also send me the SAPP file where it worked when you included all of /lib/x86_64-linux-gnu/? It will be bigger, so maybe a dropbox or other URL link if it doesn't fit in the ticket? Thanks |
Oh, this is easy enough to do, but.... It does inherently break portability and possibly expose hosts (targets) to people who are distributing the SAPP file. Let me think about that. |
Here they are:
My point is that if you explicitly add them to %files, then you (should) know what you're doing. |
I'm not sure if this is related or not, but both are picking up a library in a non-standard location: /home/karl/bin/libnss_dns.so.2 Can you confirm that /bin/ldd is finding that, and that it is necessary? Thanks! |
there is no /home/karl/bin/libnss_dns.so.2 but there is a /home/karl/bin/libstderred.so which is loaded via On Mon, Apr 4, 2016 at 4:46 PM, Gregory M. Kurtzer <notifications@github.com
|
No, I don't think that is related. Is your LD_LIBRARY_PATH set? I found another thing very interesting: The container that works has multiple copies of libnss_files and libnss_dns and they aren't the same. $ md5sum lib64/libnss_files.so.2 lib/x86_64-linux-gnu/libnss_files.so.2 To that end I just changed some of the code in master, hoping to fix that. Can you try again? Thanks! |
It works !!! On Mon, Apr 4, 2016 at 4:57 PM, Gregory M. Kurtzer <notifications@github.com
|
Fantastic! Thank you so much for your patience while I wrap my head around it. I also wrote a note in the TODO to think about how to handle the issue with sensitive files in %files and how to include or overwrite them. BTW, It was very cool getting your SAPPs and being able to replicate your exact problem. lol |
thanks for the fix. |
Null-terminator for buf in src/lib/image/ext3/init.c
Remove old-style ISSUE_TEMPLATE.md
Trying to investigate dns related issues, I made a curl sapp.
I can not pinpoint what's needed to make it work, but here's my findings:
does not work:
./curl.sapp google.fr
curl: (6) Could not resolve host: google.fr
this works !
But from here, I used singularity strace to get the exact list of used libs, I pasted them in the %files section, but never managed to get it to work:
singularity strace 2>curl.err curl google.fr
parsing it gives me the following list of files:
What could be the problem ?
Thanks.
The text was updated successfully, but these errors were encountered: