During work building Docker executables, I ran in an interesting corner case. Fortunately the Docker IRC channel helped me to investigate with special credits to Ravensoul.

When you build a container as an executable you can use the ENTRYPOINT for your binary to execute and CMD as a default overwritable argument. In most cases the CMD is the --help argument to provide a useful default behavior in case you just run the container without anything specified.

In my case I've built a Ruby based executable and for the reason I need the environment variables, I've used as ENTRYPOINT the bash -c <command> command and used the CMD default argument --help like this:

ENTRYPOINT ["/bin/bash", "-c", "/path/to/myRuby"]

CMD ["--help"]

I've noticed the --help argument was not used when you just run the container. To verify the problem and isolate the environment, I've created a small example for investigation:

FROM alpine

ENTRYPOINT ["/bin/bash", "-c", "ps"]

CMD ["--help"]

When I ran this container I've noticed the ps command is executed but not the argument --help. It turned out the problem is /bin/bash -c usage as ENTRYPOINT. When you execute /bin/bash -c 'echo ${0}' myFirstArgument you will notice the myFirstArgument becomes ${0} which is the name of the script itself.

man /bin/bash:

If there are arguments after the string, they are assigned to the positional parameters, starting with $0

To get around this problem, I've wrapped my command in an docker-entrypoint.sh and used ${@} to pass all arguments which fixed my problem.

Happy dockering.

I’m using Mac OS X with iterm2, oh-my-zsh and spend 75% of my time in those terminals. It is totally annoying to me if I connect to a DHCP network and it screws up my hostname. Especially when I'm used to looking at the prompt which tells me the host I'm connected to.

term2

It is possible to fix your computer name for several things using the scutil command which requires administration permissions. I've found a link to the Mac OS X Server Worksheet which explains a few things in more detail. Here is what I did to prevent my computer changing the host name.

User Friendly Name, showed in Sharing Preference Panel

sudo scutil --set ComputerName blinky

SSH and Remote login

sudo scutil --set HostName blinky

Name for Bonjour, e.g. Airdrop

sudo scutil --set LocalHostName blinky

In hope this helps and hope I'll find the page again when I forgot how to do it :)

gl & hf

I ran in some trouble with my Vodafone Easybox 904 xDSL. Even with 2Ghz and 5Ghz WLAN I had regularly drops. Had to turn on / off the WLAN on the device or had to reboot it to reconnect. Otherwise the VDSL line reguarly got disconnected, also replacing the Easybox from Vodafone didn't helped, so I bought a Zyxel VMG1312-B30A.

Zyxel with Vodafon VDSL 50

Search through the interwebs and took me a while to figure out what settings are required. In case you want doing the same, I want to share my settings to safe you some time:

Broadband Settings

  • Type: ADSL/VDSL over PTM
  • Mode: Routing
  • Encapsulation: PPPoE
  • IPv6/IPv4 Mode: IPv4 only sigh
  • PPP-User: vodafone-vdsl.komplett/vb<number>
  • PPP-Pass: your-pass-here
  • PPPoE-Service-Name: VODAFONE
  • VLAN: active
  • 802.1p: 1
  • 802.1q: 7 (7: Telekom line, 132 for Vodafone line)
  • MTU: 1492

Extended xDSL Settings

  • ADSL over PTM: deactivated
  • Annex J: activated
  • PhyR US:deactivated
  • PhyR DS: activated

Connection went online and speed test gives me 50 MBit downstream and 10 Mbit upstream. I run a tinc VPN to have a flat management network for all my servers and runs without any trouble so fare. Just to mention, I don't use the Vodafone voice functionality.

So far gl & hf

I was listening to an interesting talk from Laura Frank from Codeship. In case you build or maintain a Continuous {Integration, Delivery} environment this definitely worth watching and they describe how they used LXC and now Docker to build their CI/CD infrastructure.

TL;DR

Interesting to me, the description in the YAML file reminded me quickly on a course I needed to pass during my study in parallel computing. The exam had one section where you had to describe parallel and sequential processes with some high level constructs. You had to describe a given time sequence graph for processes on n processors with the primitives BEGIN/END for sequential parts and COBEGIN/COEND for parallel processes.

We are all happy when we are able to get IPv6 connectivity for our new servers. In case the network is provided by someone else and some kernel settings you can get in some tricky situations.

With IPv6 there are so many addresses your Laptop and Mobile can have a unique public IPv6 address forever - pretty cool huh? The downside is, it would be pretty easy to trace every connection you ever do back to your device - this really not what you want! When you provide a service this behavior is not so useful. Otherwise there are several ways to autoconfigure your IPv6 configuration, beside DHCPv6 the interesting one is stateless address configuration.

Stateless address configuration means, your server is allowed to construct himself an IPv6 address without the need of DHCPv6 server. Simple explained, a router with IPv6 runs the Router Advertisement daemon. He sends via link local router advertisement (RA) packets and inform others "Hey! I'm the default router for the 2001::/64 network". This advertisements are sent out at a certain interval and this way your server gets the information what the LAN IPv6 network is.

The RA packets can have some flags:

  • A: Autonomous Address Autoconfiguration tells your server it should perform a stateless address assignment
  • M: Managed Address Configuration tells your server it should use stateful DHCPv6 to acquire its address and other DHCPv6 options

With the flag set to A your server will create an IPv6 address in the given network space. To make your server "untracable" the Privacy Extensions kicks in and basically randomizes and changes your IPv6 address over time.

You can verify the configuration with

sysctl -a | grep use_temp

net.ipv6.conf.VPN.use_tempaddr = 2
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.em1.use_tempaddr = 2
net.ipv6.conf.em2.use_tempaddr = 2
net.ipv6.conf.lo.use_tempaddr = 2

In Ubuntu you can set the kernel settings so they survive a restart set the configuration in

cat /etc/sysctl.d/10-ipv6-privacy.conf

net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2

If you want to set the parameter as default for every new network device set

sysctl -w net.ipv6.conf.all.use_tempaddr=0
sysctl -w net.ipv6.conf.default.use_tempaddr = 0

This setting can also be configured for a specific interfaces, here the command for eth0

sysctl -w net.ipv6.conf.eth0.use_tempaddr=0

If you have the kernel settings set to 2 means prefer privacy addresses and use them over the normal address. Set the kernel parameter to 0 to disable privacy extensions.

OpenNMS uses SNMP and during the provisioning and discovers IPv6 addresses. For the provisioning there are not a lot of possibilities to figure out if an interface is down or doesn't exist anymore. If you have Privacy Extentions enabled your server looks somehow like the screenshot below.

OpenNMS with IPv6 temporary addresses

In this situation you can exclude the IP interfaces with an IP match policy or you disable Privacy Extensions on your server.

Links around this topic: