a story

wsl에서 root 패스워드를 분실 했을 때, 아래 명령을 실행하면 root로 바로 진입할 수 있다.

> ubuntu config --default-user root

wsl로 들어가보면 root 로 바로 들어간 것을 알 수 있다.

root 사용자에서 passwd 로 변경하면 된다.

root@com:/# passwd
New password:
Retype new password:
passwd: password updated successfully

Hyper-V 환경에서 VM에서 다시 가상 머신을 만드려고 할때 에러가 발생합니다.

이때 가상 머신에서 nested virtualization 을 지원하기 위한 옵션 변경 방법 입니다.

아래의 명령을 Hyper-V 호스트에서 실행합니다.

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

사용 예시

PS C:\Users\administrator> Set-VMProcessor -VMName win10 -ExposeVirtualizationExtensions $true
PS C:\Users\administrator>  (get-VMProcessor -VMName win10).ExposeVirtualizationExtensions
True

참고

https://docs.microsoft.com/ko-kr/virtualization/hyper-v-on-windows/user-guide/nested-virtualization

curl 로 파일을 가져오는데 301 (301 Moved Permanently) 결과만 기록된다.

root@k8s-m:~/guestbook# curl -O https://k8s.io/examples/application/guestbook/redis-leader-service.yaml
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   178  100   178    0     0    340      0 --:--:-- --:--:-- --:--:--   340
root@k8s-m:~/guestbook# cat redis-leader-service.yaml
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

-L 옵션을 사용하면 리다이렉션된 페이지의 결과를 가져올 수 있다.

root@k8s-m:~/guestbook# curl -L -O https://k8s.io/examples/application/guestbook/redis-lead
er-service.yaml
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   178  100   178    0     0    206      0 --:--:-- --:--:-- --:--:--   206
100   310  100   310    0     0    169      0  0:00:01  0:00:01 --:--:--   536

root@k8s-m:~/guestbook# cat redis-leader-service.yaml
# SOURCE: https://cloud.google.com/kubernetes-engine/docs/tutorials/guestbook
apiVersion: v1
kind: Service
metadata:
  name: redis-leader
  labels:
    app: redis
    role: leader
    tier: backend
spec:
  ports:
  - port: 6379
    targetPort: 6379
  selector:
    app: redis
    role: leader
    tier: backendroot@k8s-m:~/guestbook#

ALB 의 Target Group 에 속한 Target 이 사용하는 Security Group 을 확인해본다.

Instance 가 사용하는 Security Group 에서 Soruce 가 다른 Security Group 으로 지정되어 에러가 발생하였다.

ALB 의 Security Group 으로 Source를 변경하였다.

혹은 ALB 가 엉뚱한 Security Group 으로 지정된 경우로 발생할 수 있다.

Docker는 기본적으로 컨테이너의 네트워크 네임스페이스를 호스트의 runtime data에 추가하지 않는다 (/run의 tmpfs로 마운트 되는 /var/run을 의미함)

실행된 컨테이너의 pid로 심볼릭 링크를 만들어주면 컨테이너의 네트워크 네임스페이스를 확인 할 수 있다.

# 호스트 네트워크
root@docker1:~# ip -br -c a
lo               UNKNOWN        127.0.0.1/8 ::1/128
enp0s3           UP             10.0.2.15/24 fe80::31:14ff:fe45:3203/64
enp0s8           UP             192.168.50.10/24 fe80::a00:27ff:fe7c:22c3/64
docker0          UP             172.17.0.1/16 fe80::42:23ff:fef8:ad75/64
vethca6cbca@if7  UP             fe80::e07c:f6ff:fe2c:6d25/64

root@docker1:~# docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED         STATUS         PORTS     NAMES
71118483fd2e   ubuntu    "bash"    9 minutes ago   Up 9 minutes             sharp_panini
root@docker1:~# ip netns list  # 컨테이너가 실행 중인데 네트워크 네임스페이스가 조회되지 않는다.
root@docker1:~# pid="$(docker inspect -f '{{.State.Pid}}' "711184" )"
root@docker1:~# echo $pid
8719
root@docker1:~# ls -l /var/run/netns
total 0
root@docker1:~# ln -s /proc/$pid/ns/net /var/run/netns/ubuntu
root@docker1:~# ip netns list
ubuntu (id: 0)
root@docker1:~# ip netns exec ubuntu ip -br -c a
lo               UNKNOWN        127.0.0.1/8
eth0@if8         UP             172.17.0.2/16
root@docker1:~#

참고

https://platform9.com/blog/container-namespaces-deep-dive-container-networking/

ubuntu 컨테이너 이미지에 ip 명령이 없을 때, apt source를 추가해주고 iproute2를 설치하면 된다.

iproute2 외 nettools 패키지도 네트워크 관련 좋은 도구가 많다.

root@71118483fd2e:/# ip -br -c a
bash: ip: command not found
root@71118483fd2e:/# apt install iproute2
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package iproute2
root@71118483fd2e:/# sed -i 's/archive.ubuntu.com/ftp.daum.net/g' /etc/apt/sources.list
root@71118483fd2e:/# apt update && apt -y install iproute2
Get:1 http://mirror.kakao.com/ubuntu focal InRelease [265 kB]
Get:2 http://mirror.kakao.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://mirror.kakao.com/ubuntu focal-backports InRelease [108 kB]
Get:4 http://mirror.kakao.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:5 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:6 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [837 kB]
Get:7 http://mirror.kakao.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:8 http://mirror.kakao.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:9 http://mirror.kakao.com/ubuntu focal/restricted amd64 Packages [33.4 kB]
Get:10 http://mirror.kakao.com/ubuntu focal-updates/universe amd64 Packages [1118 kB]
Get:11 http://mirror.kakao.com/ubuntu focal-updates/main amd64 Packages [1844 kB]
Get:12 http://mirror.kakao.com/ubuntu focal-updates/multiverse amd64 Packages [33.7 kB]
Get:13 http://mirror.kakao.com/ubuntu focal-updates/restricted amd64 Packages [899 kB]
Get:14 http://mirror.kakao.com/ubuntu focal-backports/universe amd64 Packages [22.4 kB]
Get:15 http://mirror.kakao.com/ubuntu focal-backports/main amd64 Packages [50.8 kB]
Get:16 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [1417 kB]
Get:17 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [30.1 kB]
Get:18 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [833 kB]
Fetched 20.5 MB in 10s (2000 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Debconf/FrontEnd/Dialog.pm line 76.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.30.0 /usr/local/share/perl/5.30.0 /usr/lib/x86_64-linux-gnu/perl5/5.30 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.30 /usr/share/perl/5.30 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Setting up iproute2 (5.5.0-1ubuntu1) ...
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.)
debconf: falling back to frontend: Readline
debconf: unable to initialize frontend: Readline
debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.30.0 /usr/local/share/perl/5.30.0 /usr/lib/x86_64-linux-gnu/perl5/5.30 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.30 /usr/share/perl/5.30 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
debconf: falling back to frontend: Teletype
Processing triggers for libc-bin (2.31-0ubuntu9.2) ...
root@71118483fd2e:/# ip -br -c a
lo               UNKNOWN        127.0.0.1/8
eth0@if8         UP             172.17.0.2/16