Skip to Content.
Sympa Menu

rare-users - Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017.

Subject: RARE user and assistance email list

List archive

Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017.


Chronological Thread 
  • From: Frédéric LOUI <>
  • To: David Schmitz <>
  • Cc:
  • Subject: Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017.
  • Date: Mon, 24 Apr 2023 15:39:49 +0200
  • Dkim-filter: OpenDKIM Filter v2.10.3 zmtaauth03.partage.renater.fr 3F79A800F0

Hi,

For the race condition please look at this:
https://github.com/rare-freertr/freeRtr-containerlab/blob/main/hwdet-init.sh#L18

When launching the lab with containerlab there is a CLAB_INTFS env var
indicating the number of expected interface.

It will help create yours with FoD.
You can create a generic container by testing CLAB_INTFS env VAR but in my
case I just decided to create a specific one.

Frederic

> Le 24 avr. 2023 à 15:32, David Schmitz <> a écrit :
>
> Hi Frédéric,
>
> obviously the IP address setup of eth1 in cl1 container does not work
> reliably yet, because of a race condition.
>
> It seems the veth end point is just injected/moved into (like "ip link dev
> eth1 set netns ...")
> the container when it is already running.
>
> I have to work on a workaround.
>
> Best Regards
> David
>
> On Mon, 24 Apr 2023, David Schmitz wrote:
>
>> Date: Mon, 24 Apr 2023 15:04:45 +0200 (CEST)
>> From: David Schmitz <>
>> To: Frédéric LOUI <>
>> Subject: Re: ERROR: Permission to rare-freertr/freeRtr-containerlab.git
>> denied
>> to dschmitz2017.
>> Hi Frédéric,
>>
>> On Mon, 24 Apr 2023, Frédéric LOUI wrote:
>>
>>> Date: Mon, 24 Apr 2023 14:37:52 +0200
>>> From: Frédéric LOUI <>
>>> To: David Schmitz <>
>>> Subject: Re: ERROR: Permission to rare-freertr/freeRtr-containerlab.git
>>> denied
>>> to dschmitz2017.
>>> Hi David !
>>> If you are OK we can take it at rare-users list.
>>> In that case I’ll you cc the list next time !
>> Ok.
>>
>>> 1- Congrats ! Excellent work !
>>> 2- Not sure what you meant by « excluding eth1 » but I trust your
>>> judgement :-)
>>> (Or you might be thinking of containerlab eth0 management address ?)
>> eth0 container management IP address is initialized by docker/OS in
>> container (dhcp?),
>> and will be changing depending on the other docker containers running on
>> the host
>> and can even change when destroying/deploying the clab.
>>
>> Of course, that is why we agreed on the extra veth link defined
>> in freeRtr-containerlab/lab/005-rare-hello-fod/rtr005.clab.yml
>> fod1:eth1 <-> rtr1:eth3 ,
>> whose endpoint inside the cl1 container is namend eth1.
>> That one is not initialized by the OS (ubuntu in container) nor docker,
>> and so the agreed IP address 10.3.10.3 has to be set by some other means.
>> In fact, now FoD installer/runtime start script has some simple support
>> for it:
>>
>> Check
>> inst/testing/fodexabgp-containerlab1/Dockerfile for
>> ...
>> ... /opt/install-debian.sh ... --ip-addr-set eth1 10.3.10.3 ...
>>
>> When the container is started,
>> and so /opt/FOD/runfod.sh (CMD) is started inside, that script will also
>> init the eth1 IP address.
>> (Of course something like CMD [ "sh" "-c" "ifconfig eth1 10.3.10.3; exec
>> /opt/FOD/runfod.sh" ]
>> also would be an option, but that looks more dirty to me,
>> especially as the 10.3.10.3 has to match the BGP peer adddress 10.3.10.10,
>> which is also specified in the /opt/install-debian.sh ... command line in
>> inst/testing/fodexabgp-containerlab1/Dockerfile)
>>
>>>> and build the cl1:latest locally:
>>> You should be able to build
>>> https://github.com/GEANT/FOD/blob/python3/inst/testing/fodexabgp-containerlab1/Dockerfile
>>> Daily for example using GitHub Actions. Seem dig into this during my
>>> spare (vacation) time
>>> 3- IIRC there is using docker CMD or other primitives in order to achieve
>>> that.
>> I thought so as well,
>> but unfortunately seem not to be the case.
>> "EXPOSE ..." is only a kind of documentation between provider of a
>> dockerfile
>> and someone using that dockerfile:
>> https://stackoverflow.com/questions/61234941/docker-expose-and-p .
>> Actually, the "-p 8000:8000 " as part of the "docker run ..." is necessary,
>> either manually or by containerlab.
>>
>>> But I would suggest you ask to ContainerLab Discord server in #general
>>> channel.
>>> I met the lead developer physically in Paris during MPLS World Congress
>>> and he is super friendly and reactive.
>>> (He is from the Netherlands so European shift)
>>
>> Regarding container lab, it supports the following:
>> https://containerlab.dev/manual/published-ports/ ,
>> but that is too much, it will connect the port to some VPN tunnel system
>> to make it available for the public,
>> not to make it available on the host.
>>
>> Anyway, socat as a workaround for now is ok as well.
>>
>>> Keep up the good work !
>>> Let’s tackle demo with Eugene/NEMO crew after that :-)
>> Ok.
>>
>> Best Regards
>> David
>>
>>
>> Best Regards
>> David
>>
>>> Frederic
>>>> Le 24 avr. 2023 à 12:58, David Schmitz <> a écrit :
>>>> Hi Frédéric,
>>>> On Mon, 24 Apr 2023, Frédéric LOUI wrote:
>>>>> Date: Mon, 24 Apr 2023 11:52:39 +0200
>>>>> From: Frédéric LOUI <>
>>>>> To: David Schmitz <>
>>>>> Subject: Re: ERROR: Permission to rare-freertr/freeRtr-containerlab.git
>>>>> denied
>>>>> to dschmitz2017.
>>>>> Corrected.
>>>>> You should be able to push now :-)
>>>> Thanks. It works.
>>>> 1.
>>>> Now I have pushed an update with some rtr-sw-conf for rtr1 for FlowSpec
>>>> injection
>>>> locally + via BGP from exabgp.
>>>> 2.
>>>> The container
>>>> https://github.com/GEANT/FOD/blob/python3/inst/testing/fodexabgp-containerlab1/Dockerfile
>>>> is slightly updated as well,
>>>> in order to include setting of the eth1 interface address when started.
>>>> So, the exabgp BGP session should just work.
>>>> The next rebuild of
>>>> https://github.com/GEANT/FOD/blob/python3/.github/workflows/docker-publish.yml
>>>> referencing the Dockerfile above
>>>> should include this.
>>>> Anyway, currently
>>>> https://github.com/rare-freertr/freeRtr-containerlab/blob/main/lab/005-rare-hello-fod/rtr005.clab.yml
>>>> still references cl1:latest as FoD container.
>>>> So, it is still needed to checkout FoD (either main branch "python3" or
>>>> "feature/exabgp_support2")
>>>> and build the cl1:latest locally:
>>>> (actually only the Dockerfile
>>>> inst/testing/fodexabgp-containerlab1/Dockerfile
>>>> and used ./install-debian.sh should be needed, not the whole FoD git
>>>> checkout)
>>>> # run from FoD main dir:
>>>> docker build -f inst/testing/fodexabgp-containerlab1/Dockerfile -t
>>>> cl1:latest .
>>>> 3.
>>>> There seems to be no way of making containerlab to map the port 8000
>>>> inside cl1:latest to the outside port on the host
>>>> ("docker run .... -p 8000:8000 ....").
>>>> Anyway, a workaround for now can be, e.g.
>>>> socat TCP-LISTEN:8000,fork TCP-CONNECT:172.20.20.3:8000
>>>> (assuming that 172.20.20.3 is the IP address of the management interface
>>>> eth0
>>>> of the running cl1:latest container)
>>>> Best Regards
>>>> David
>>>>>> Le 24 avr. 2023 à 08:37, David Schmitz <> a écrit :
>>>>>> HI Frédéric,
>>>>>> It seems my last changes on Friday morning fixed the Docker
>>>>>> build/pulish action:
>>>>>> https://github.com/GEANT/FOD/actions/runs/4777103267
>>>>>> yesterday it run successfully.
>>>>>> Best Regards
>>>>>> David
>>>>>> On Mon, 24 Apr 2023, David Schmitz wrote:
>>>>>>> Date: Mon, 24 Apr 2023 08:18:37 +0200 (CEST)
>>>>>>> From: David Schmitz <>
>>>>>>> To: Fréderic LOUI <>
>>>>>>> Subject: ERROR: Permission to rare-freertr/freeRtr-containerlab.git
>>>>>>> denied to
>>>>>>> dschmitz2017.
>>>>>>> Hi Frédéric,
>>>>>>> I tried to push my rtr config for rtr1 in containerlab
>>>>>>> (basically, file
>>>>>>> ./lab/005-rare-hello-fod/clab-rtr005/rtr1/run/conf/rtr-sw.txt).
>>>>>>> But it failed:
>>>>>>> ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to
>>>>>>> dschmitz2017.
>>>>>>> fatal: Could not read from remote repository.
>>>>>>> Could you grant user dschmitz2017 write/push access?
>>>>>>> Best Regards
>>>>>>> David
>>>>>> --
>>>>>> David Schmitz
>>>>>> Boltzmannstrasse 1, 85748 Garching
>>>>>> Telefon: +49 89 35831-8765
>>>>>> Leibniz-Rechenzentrum, Germany
>>>>>> Mail:
>>>> --
>>>> David Schmitz
>>>> Boltzmannstrasse 1, 85748 Garching
>>>> Telefon: +49 89 35831-8765
>>>> Leibniz-Rechenzentrum, Germany
>>>> Mail:
>>
>>
>
> --
>
> David Schmitz
>
> Boltzmannstrasse 1, 85748 Garching
> Telefon: +49 89 35831-8765
> Leibniz-Rechenzentrum, Germany
> Mail:
>
>




Archive powered by MHonArc 2.6.24.

Top of Page