Subject: RARE user and assistance email list
List archive
Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017.
Chronological Thread
- From: David Schmitz <>
- To: Frédéric LOUI <>
- Cc:
- Subject: Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017.
- Date: Mon, 24 Apr 2023 15:48:42 +0200 (CEST)
- Authentication-results: postout.lrz.de (amavisd-new); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=lrz.de
Hi Frédéric,
On Mon, 24 Apr 2023, Frédéric LOUI wrote:
Date: Mon, 24 Apr 2023 15:39:49 +0200Thank you.
From: Frédéric LOUI <>
To: David Schmitz <>
Cc:
Subject: Re: ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied
to dschmitz2017.
Hi,
For the race condition please look at this:
https://github.com/rare-freertr/freeRtr-containerlab/blob/main/hwdet-init.sh#L18
When launching the lab with containerlab there is a CLAB_INTFS env var
indicating the number of expected interface.
It will help create yours with FoD.
You can create a generic container by testing CLAB_INTFS env VAR but in my
case I just decided to create a specific one.
I have a similar while loop solution for the single interface eth1 now
in https://github.com/GEANT/FOD/blob/python3/runfod.sh .
Now it should always work.
For freertr which might have a number of interfaces to be injected
the comparison of the number is an elegant solution.
I will remember that.
Best Reards
David
Frederic
Le 24 avr. 2023 à 15:32, David Schmitz <> a écrit :
Hi Frédéric,
obviously the IP address setup of eth1 in cl1 container does not work
reliably yet, because of a race condition.
It seems the veth end point is just injected/moved into (like "ip link dev eth1
set netns ...")
the container when it is already running.
I have to work on a workaround.
Best Regards
David
On Mon, 24 Apr 2023, David Schmitz wrote:
Date: Mon, 24 Apr 2023 15:04:45 +0200 (CEST)
From: David Schmitz <>
To: Frédéric LOUI <>
Subject: Re: ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied
to dschmitz2017.
Hi Frédéric,
On Mon, 24 Apr 2023, Frédéric LOUI wrote:
Date: Mon, 24 Apr 2023 14:37:52 +0200Ok.
From: Frédéric LOUI <>
To: David Schmitz <>
Subject: Re: ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied
to dschmitz2017.
Hi David !
If you are OK we can take it at rare-users list.
In that case I’ll you cc the list next time !
1- Congrats ! Excellent work !eth0 container management IP address is initialized by docker/OS in container
2- Not sure what you meant by « excluding eth1 » but I trust your judgement
:-)
(Or you might be thinking of containerlab eth0 management address ?)
(dhcp?),
and will be changing depending on the other docker containers running on the
host
and can even change when destroying/deploying the clab.
Of course, that is why we agreed on the extra veth link defined
in freeRtr-containerlab/lab/005-rare-hello-fod/rtr005.clab.yml
fod1:eth1 <-> rtr1:eth3 ,
whose endpoint inside the cl1 container is namend eth1.
That one is not initialized by the OS (ubuntu in container) nor docker,
and so the agreed IP address 10.3.10.3 has to be set by some other means.
In fact, now FoD installer/runtime start script has some simple support for
it:
Check
inst/testing/fodexabgp-containerlab1/Dockerfile for
...
... /opt/install-debian.sh ... --ip-addr-set eth1 10.3.10.3 ...
When the container is started,
and so /opt/FOD/runfod.sh (CMD) is started inside, that script will also init
the eth1 IP address.
(Of course something like CMD [ "sh" "-c" "ifconfig eth1 10.3.10.3; exec
/opt/FOD/runfod.sh" ]
also would be an option, but that looks more dirty to me,
especially as the 10.3.10.3 has to match the BGP peer adddress 10.3.10.10,
which is also specified in the /opt/install-debian.sh ... command line in
inst/testing/fodexabgp-containerlab1/Dockerfile)
I thought so as well,and build the cl1:latest locally:You should be able to build
https://github.com/GEANT/FOD/blob/python3/inst/testing/fodexabgp-containerlab1/Dockerfile
Daily for example using GitHub Actions. Seem dig into this during my spare
(vacation) time
3- IIRC there is using docker CMD or other primitives in order to achieve
that.
but unfortunately seem not to be the case.
"EXPOSE ..." is only a kind of documentation between provider of a dockerfile
and someone using that dockerfile:
https://stackoverflow.com/questions/61234941/docker-expose-and-p .
Actually, the "-p 8000:8000 " as part of the "docker run ..." is necessary,
either manually or by containerlab.
But I would suggest you ask to ContainerLab Discord server in #general
channel.
I met the lead developer physically in Paris during MPLS World Congress and
he is super friendly and reactive.
(He is from the Netherlands so European shift)
Regarding container lab, it supports the following:
https://containerlab.dev/manual/published-ports/ ,
but that is too much, it will connect the port to some VPN tunnel system
to make it available for the public,
not to make it available on the host.
Anyway, socat as a workaround for now is ok as well.
Keep up the good work !Ok.
Let’s tackle demo with Eugene/NEMO crew after that :-)
Best Regards
David
Best Regards
David
Frederic
Le 24 avr. 2023 à 12:58, David Schmitz <> a écrit :
Hi Frédéric,
On Mon, 24 Apr 2023, Frédéric LOUI wrote:
Date: Mon, 24 Apr 2023 11:52:39 +0200Thanks. It works.
From: Frédéric LOUI <>
To: David Schmitz <>
Subject: Re: ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied
to dschmitz2017.
Corrected.
You should be able to push now :-)
1.
Now I have pushed an update with some rtr-sw-conf for rtr1 for FlowSpec
injection
locally + via BGP from exabgp.
2.
The container
https://github.com/GEANT/FOD/blob/python3/inst/testing/fodexabgp-containerlab1/Dockerfile
is slightly updated as well,
in order to include setting of the eth1 interface address when started.
So, the exabgp BGP session should just work.
The next rebuild of
https://github.com/GEANT/FOD/blob/python3/.github/workflows/docker-publish.yml
referencing the Dockerfile above
should include this.
Anyway, currently
https://github.com/rare-freertr/freeRtr-containerlab/blob/main/lab/005-rare-hello-fod/rtr005.clab.yml
still references cl1:latest as FoD container.
So, it is still needed to checkout FoD (either main branch "python3" or
"feature/exabgp_support2")
and build the cl1:latest locally:
(actually only the Dockerfile inst/testing/fodexabgp-containerlab1/Dockerfile
and used ./install-debian.sh should be needed, not the whole FoD git checkout)
# run from FoD main dir:
docker build -f inst/testing/fodexabgp-containerlab1/Dockerfile -t cl1:latest
.
3.
There seems to be no way of making containerlab to map the port 8000 inside
cl1:latest to the outside port on the host
("docker run .... -p 8000:8000 ....").
Anyway, a workaround for now can be, e.g.
socat TCP-LISTEN:8000,fork TCP-CONNECT:172.20.20.3:8000
(assuming that 172.20.20.3 is the IP address of the management interface eth0
of the running cl1:latest container)
Best Regards
David
--Le 24 avr. 2023 à 08:37, David Schmitz <> a écrit :
HI Frédéric,
It seems my last changes on Friday morning fixed the Docker build/pulish
action:
https://github.com/GEANT/FOD/actions/runs/4777103267
yesterday it run successfully.
Best Regards
David
On Mon, 24 Apr 2023, David Schmitz wrote:
Date: Mon, 24 Apr 2023 08:18:37 +0200 (CEST)--
From: David Schmitz <>
To: Fréderic LOUI <>
Subject: ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to
dschmitz2017.
Hi Frédéric,
I tried to push my rtr config for rtr1 in containerlab
(basically, file
./lab/005-rare-hello-fod/clab-rtr005/rtr1/run/conf/rtr-sw.txt).
But it failed:
ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to
dschmitz2017.
fatal: Could not read from remote repository.
Could you grant user dschmitz2017 write/push access?
Best Regards
David
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
--
David Schmitz
Boltzmannstrasse 1, 85748 Garching
Telefon: +49 89 35831-8765
Leibniz-Rechenzentrum, Germany
Mail:
- Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017., Frédéric LOUI, 04/24/2023
- Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017., David Schmitz, 04/24/2023
- Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017., Frédéric LOUI, 04/24/2023
- Re: [RARE-users] ERROR: Permission to rare-freertr/freeRtr-containerlab.git denied to dschmitz2017., David Schmitz, 04/24/2023
Archive powered by MHonArc 2.6.24.