nre-learning / antidote-selfmedicate Goto Github PK

Trying to perform more tests, I've tried and launch vagrant up on my Debian stable box, which fails:

==> Antidote 0.4.0: Pruning invalid NFS exports. Administrator privileges will be required...
Traceback (most recent call last):
	126: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/batch_action.rb:82:in `block (2 levels) in run'
	125: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/machine.rb:194:in `action'
	124: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/machine.rb:194:in `call'
	123: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/environment.rb:614:in `lock'
	122: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/machine.rb:208:in `block in action'
	121: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/machine.rb:239:in `action_raw'
	120: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `run'
	119: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/util/busy.rb:19:in `busy'
	118: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `block in run'
	117: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builder.rb:116:in `call'
	116: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	115: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/check_virtualbox.rb:26:in `call'
	114: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	113: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/call.rb:53:in `call'
	112: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `run'
	111: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/util/busy.rb:19:in `busy'
	110: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `block in run'
	109: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builder.rb:116:in `call'
	108: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	107: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	106: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	105: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/handle_box.rb:56:in `call'
	104: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	103: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	102: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	101: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/config_validate.rb:25:in `call'
	100: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 99: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/call.rb:53:in `call'
	 98: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `run'
	 97: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/util/busy.rb:19:in `busy'
	 96: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `block in run'
	 95: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builder.rb:116:in `call'
	 94: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 93: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	 92: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 91: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/check_accessible.rb:18:in `call'
	 90: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 89: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/customize.rb:40:in `call'
	 88: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 87: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/prepare_clone.rb:15:in `call'
	 86: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 85: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/prepare_clone_snapshot.rb:17:in `call'
	 84: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 83: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/import.rb:13:in `call'
	 82: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/import.rb:74:in `import'
	 81: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 80: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/discard_state.rb:15:in `call'
	 79: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 78: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/match_mac_address.rb:22:in `call'
	 77: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 76: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	 75: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 74: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/check_virtualbox.rb:26:in `call'
	 73: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 72: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/config_validate.rb:25:in `call'
	 71: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 70: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/box_check_outdated.rb:84:in `call'
	 69: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 68: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/call.rb:53:in `call'
	 67: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `run'
	 66: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/util/busy.rb:19:in `busy'
	 65: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `block in run'
	 64: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builder.rb:116:in `call'
	 63: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 62: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	 61: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 60: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/call.rb:53:in `call'
	 59: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `run'
	 58: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/util/busy.rb:19:in `busy'
	 57: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `block in run'
	 56: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builder.rb:116:in `call'
	 55: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 54: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	 53: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 52: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/call.rb:53:in `call'
	 51: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `run'
	 50: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/util/busy.rb:19:in `busy'
	 49: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `block in run'
	 48: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builder.rb:116:in `call'
	 47: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 46: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	 45: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 44: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/check_accessible.rb:18:in `call'
	 43: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 42: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/clean_machine_folder.rb:17:in `call'
	 41: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 40: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/set_name.rb:50:in `call'
	 39: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 38: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/providers/virtualbox/action/clear_forwarded_ports.rb:15:in `call'
	 37: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 36: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/provision.rb:103:in `call'
	 35: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/provision.rb:103:in `each'
	 34: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/provision.rb:126:in `block in call'
	 33: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/provision.rb:126:in `call'
	 32: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/environment.rb:526:in `hook'
	 31: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `run'
	 30: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/util/busy.rb:19:in `busy'
	 29: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/runner.rb:66:in `block in run'
	 28: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builder.rb:116:in `call'
	 27: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:34:in `call'
	 26: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `block in finalize_action'
	 25: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/warden.rb:95:in `call'
	 24: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/lib/vagrant/action/builtin/provision.rb:138:in `run_provisioner'
	 23: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/provisioners/file/provisioner.rb:5:in `provision'
	 22: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/provisioners/file/provisioner.rb:5:in `tap'
	 21: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/provisioners/file/provisioner.rb:44:in `block in provision'
	 20: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/communicators/ssh/communicator.rb:293:in `upload'
	 19: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/communicators/ssh/communicator.rb:707:in `scp_connect'
	 18: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/communicators/ssh/communicator.rb:349:in `connect'
	 17: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/communicators/ssh/communicator.rb:709:in `block in scp_connect'
	 16: from /usr/share/rubygems-integration/all/gems/vagrant-2.2.3/plugins/communicators/ssh/communicator.rb:296:in `block in upload'
	 15: from /usr/lib/ruby/vendor_ruby/net/scp.rb:284:in `upload!'
	 14: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/channel.rb:272:in `wait'
	 13: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:181:in `loop'
	 12: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:181:in `loop'
	 11: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:181:in `block in loop'
	 10: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:228:in `process'
	  9: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/event_loop.rb:29:in `process'
	  8: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/event_loop.rb:101:in `ev_preprocess'
	  7: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/event_loop.rb:101:in `each'
	  6: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:249:in `ev_preprocess'
	  5: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:549:in `dispatch_incoming_packets'
	  4: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:682:in `channel_close'
	  3: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/session.rb:573:in `channel_closed'
	  2: from /usr/lib/ruby/vendor_ruby/net/ssh/connection/channel.rb:610:in `do_close'
	  1: from /usr/lib/ruby/vendor_ruby/net/scp.rb:365:in `block (3 levels) in start_command'
/usr/lib/ruby/vendor_ruby/net/scp.rb:398:in `await_response_state': scp: error: unexpected filename: . (Net::SCP::Error)

This looks very much like hashicorp/vagrant#10662 which should hopefully be worked around easily... will report.

Locally running NRE labs via minikube and virtualbox on OSX crashes when Netskope intercepts SSL web calls to storage.googleapis.com and k8s.gcr.io. To get around these issues corporate laptops need to reach out to IT, create a case, and receive the following certs:

• netskopeint.pem (intermediate cert)
• netskoperoot.pem (root cert)

After this the user must make a directory structure under ~/.minikube and copy in certificates:

$ mkdir -p ~/.minikube/files/etc/ssl/certs
$ cp netskopeint.pem ~/.minikube/etc/files/ssl/certs
$ cp netskoperoot.pem ~/.minikube/etc/files/ssl/certs

    NOTE: verify permissions are at least 644 at least on these cert files.

$ minikube start or ./anti-up.sh should now function

I installed antidote-selfmedicate alongside the nrelabs-curriculum current master branch. After a few tweaks and troubleshooting with the vagrant script, kubectl/docker versions, and some changes in the Docker file of the images in the networkInterfaces: - ' ' , I managed to get it up and running accessing through http://antidote-local:30001 with no problems. Lessons with basic Linux utility images are working with no issues as well.

However, I have not been able to boot lessons with vqfx-snapx images. Lessons are validated and pods/containers are created with no apparent issues, but lessons are stuck on loading and then timeout. After some troubleshooting and looking through some logs from Docker, I found that the provisioning script of the images launch.sh fails to execute the first command mount -o rw,remount /sys presenting the error mount: cannot remount sysfs read-write, is write-protected. And from there on, the rest of the script fail because I guess is not finding the expected mounted directory. I even logged in directly to the container to try to execute it and tried other options but is not working.

Looking forward for any recommendations into this issue.

Here is the output of ./selfmedicate.sh debug and screenshot with the pods details for reference as well: https://gist.github.com/crosscacus/2dd26d6bd5f2c74cd09a0337f76e123b

After cloning the latest version of antidote-selfmedicate and running the script, I see the web interface is unavailable. When I go to the URL http://antidote-local:30001, I see "503 Service Temporarily Unavailable".

I'm using KVM to run the Minikube VM, but I also tried the same with Virtualbox and got the same issue.

$ kubectl get pods
NAME READY STATUS RESTARTS AGE
antidote-web-57f98b78d4-5wr8l 1/2 Running 0 73m
nginx-ingress-controller-6f575d4f84-m2d5n 1/1 Running 0 73m
syringe-6ffd7b7ccc-6bsxv 1/1 Running 0 73m

$ kubectl get events
LAST SEEN TYPE REASON KIND MESSAGE
59m Normal Pulled Pod Successfully pulled image "antidotelabs/antidote-web:latest"
59m Normal Created Pod Created container
59m Normal Started Pod Started container
4m15s Warning Unhealthy Pod Readiness probe failed: HTTP probe failed with statuscode: 404

$ kubectl logs antidote-web-57f98b78d4-5wr8l antidote-web
14-May-2019 18:37:56.054 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.5.34
14-May-2019 18:37:56.100 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Sep 4 2018 22:28:22 UTC
14-May-2019 18:37:56.100 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.5.34.0
14-May-2019 18:37:56.101 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Linux
14-May-2019 18:37:56.101 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 4.15.0
14-May-2019 18:37:56.101 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64
14-May-2019 18:37:56.102 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: /usr/lib/jvm/java-8-openjdk-amd64/jre
14-May-2019 18:37:56.102 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_181-8u181-b13-2~deb9u1-b13
14-May-2019 18:37:56.102 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation
14-May-2019 18:37:56.102 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: /usr/local/tomcat
14-May-2019 18:37:56.103 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: /usr/local/tomcat
14-May-2019 18:37:56.120 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
14-May-2019 18:37:56.120 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
14-May-2019 18:37:56.120 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
14-May-2019 18:37:56.206 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
14-May-2019 18:37:56.207 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
14-May-2019 18:37:56.208 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
14-May-2019 18:37:56.215 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
14-May-2019 18:37:56.216 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
14-May-2019 18:37:56.217 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
14-May-2019 18:37:56.217 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.17] using APR version [1.5.2].
14-May-2019 18:37:56.217 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
14-May-2019 18:37:56.217 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
14-May-2019 18:37:56.281 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.0f 25 May 2017]
14-May-2019 18:37:57.479 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
14-May-2019 18:37:57.667 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
14-May-2019 18:37:57.802 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-nio-8009"]
14-May-2019 18:37:57.813 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
14-May-2019 18:37:57.845 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 6669 ms
14-May-2019 18:37:58.248 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
14-May-2019 18:37:58.253 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.5.34
14-May-2019 18:37:58.711 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/guacamole.war]
14-May-2019 18:38:19.262 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
18:38:24.829 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/root/.guacamole".
18:38:26.816 [localhost-startStop-1] INFO o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity.
18:38:30.292 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/root/.guacamole".
18:38:54.185 [localhost-startStop-1] INFO o.a.g.extension.ExtensionModule - Extension "PostgreSQL Authentication" loaded.
18:38:54.237 [localhost-startStop-1] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/root/.guacamole".
18:38:56.122 [localhost-startStop-1] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
14-May-2019 18:39:01.892 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.register Registering org.apache.guacamole.rest.RESTExceptionMapper as a provider class
14-May-2019 18:39:01.906 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.register Registering org.apache.guacamole.rest.extension.ExtensionRESTService as a root resource class
14-May-2019 18:39:01.906 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.register Registering org.apache.guacamole.rest.language.LanguageRESTService as a root resource class
14-May-2019 18:39:01.906 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.register Registering org.apache.guacamole.rest.patch.PatchRESTService as a root resource class
14-May-2019 18:39:01.907 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.register Registering org.apache.guacamole.rest.auth.TokenRESTService as a root resource class
14-May-2019 18:39:01.907 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.register Registering org.apache.guacamole.rest.session.SessionRESTService as a root resource class
14-May-2019 18:39:01.910 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.register Registering org.codehaus.jackson.jaxrs.JacksonJsonProvider as a provider class
14-May-2019 18:39:01.948 INFO [localhost-startStop-1] com.sun.jersey.server.impl.application.WebApplicationImpl._initiate Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM'
14-May-2019 18:39:03.252 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.getComponentProvider Binding org.apache.guacamole.rest.RESTExceptionMapper to GuiceManagedComponentProvider with the scope "Singleton"
14-May-2019 18:39:03.299 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.getComponentProvider Binding org.codehaus.jackson.jaxrs.JacksonJsonProvider to GuiceManagedComponentProvider with the scope "Singleton"
14-May-2019 18:39:12.237 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.getComponentProvider Binding org.apache.guacamole.rest.extension.ExtensionRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
14-May-2019 18:39:12.281 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.getComponentProvider Binding org.apache.guacamole.rest.language.LanguageRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
14-May-2019 18:39:12.286 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.getComponentProvider Binding org.apache.guacamole.rest.patch.PatchRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
14-May-2019 18:39:12.323 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.getComponentProvider Binding org.apache.guacamole.rest.auth.TokenRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
14-May-2019 18:39:12.361 INFO [localhost-startStop-1] com.sun.jersey.guice.spi.container.GuiceComponentProviderFactory.getComponentProvider Binding org.apache.guacamole.rest.session.SessionRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
14-May-2019 18:39:12.602 INFO [localhost-startStop-1] org.webjars.servlet.WebjarsServlet.init WebjarsServlet initialization completed
14-May-2019 18:39:12.851 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/guacamole.war] has finished in [74,140] ms
14-May-2019 18:39:12.855 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/local/tomcat/webapps/ROOT.war]
14-May-2019 18:39:15.401 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
14-May-2019 18:39:15.423 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/local/tomcat/webapps/ROOT.war] has finished in [2,568] ms
14-May-2019 18:39:15.661 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
14-May-2019 18:39:16.055 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"]
14-May-2019 18:39:16.093 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 78247 ms

$ kubectl logs antidote-web-57f98b78d4-5wr8l guacd
guacd[8]: INFO: Guacamole proxy daemon (guacd) version 1.0.0 started
guacd[8]: INFO: Listening on host 0.0.0.0, port 4822

$ kubectl logs nginx-ingress-controller-6f575d4f84-m2d5n
I0514 18:28:26.825605 1 launch.go:101] &{NGINX 0.9.0-beta.5 git-83cb03b5 [email protected]:ixdy/kubernetes-ingress.git}
I0514 18:28:26.825920 1 launch.go:104] Watching for ingress class: nginx
I0514 18:28:26.826893 1 launch.go:257] Creating API server client for https://10.96.0.1:443
I0514 18:28:27.032937 1 launch.go:120] validated default/antidote-web as the default backend
I0514 18:28:27.522364 1 controller.go:1183] starting Ingress controller
I0514 18:28:27.551295 1 leaderelection.go:203] attempting to acquire leader lease...
I0514 18:28:27.719863 1 event.go:217] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"syringe-ingress", UID:"35af1048-7675-11e9-892a-0800271a3b81", APIVersion:"extensions", ResourceVersion:"518", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress default/syringe-ingress
I0514 18:28:27.747215 1 event.go:217] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"antidote-web-ingress", UID:"3ab6d2c9-7675-11e9-892a-0800271a3b81", APIVersion:"extensions", ResourceVersion:"543", FieldPath:""}): type: 'Normal' reason: 'CREATE' Ingress default/antidote-web-ingress
I0514 18:28:28.102244 1 leaderelection.go:213] successfully acquired lease default/ingress-controller-leader-nginx
W0514 18:28:28.567548 1 backend_ssl.go:42] deferring sync till endpoints controller has synced
W0514 18:28:28.718266 1 queue.go:88] requeuing default/antidote-web-ingress, err deferring sync till endpoints controller has synced
W0514 18:28:29.048185 1 controller.go:556] service default/antidote-web does not have any active endpoints
W0514 18:28:29.057273 1 controller.go:842] service default/syringe does not have any active endpoints
W0514 18:28:29.057608 1 controller.go:842] service default/antidote-web does not have any active endpoints
W0514 18:28:36.744125 1 controller.go:556] service default/antidote-web does not have any active endpoints
W0514 18:28:36.744158 1 controller.go:556] service default/antidote-web does not have any active endpoints
W0514 18:28:36.744190 1 controller.go:556] service default/antidote-web does not have any active endpoints
I0514 18:28:36.753373 1 metrics.go:34] changing prometheus collector from to default
I0514 18:28:38.027330 1 controller.go:420] ingress backend successfully reloaded...
W0514 18:28:38.029339 1 controller.go:556] service default/antidote-web does not have any active endpoints
...removed many similar logs...
W0514 18:28:40.414313 1 queue.go:88] requeuing default/nginx-ingress, err invalid nginx configuration (empty)
W0514 18:28:41.050397 1 controller.go:556] service default/antidote-web does not have any active endpoints
W0514 18:28:41.061131 1 controller.go:842] service default/syringe does not have any active endpoints
W0514 18:28:41.062655 1 controller.go:842] service default/antidote-web does not have any active endpoints
...removed many similar logs...
I0514 18:28:58.361746 1 status.go:302] updating Ingress default/syringe-ingress status to [{ }]
I0514 18:28:58.369534 1 status.go:302] updating Ingress default/antidote-web-ingress status to [{ }]
I0514 18:28:58.450100 1 event.go:217] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"syringe-ingress", UID:"35af1048-7675-11e9-892a-0800271a3b81", APIVersion:"extensions", ResourceVersion:"1108", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/syringe-ingress
W0514 18:28:58.611089 1 backend_ssl.go:54] error obtaining PEM from secret default/: secret named default/ does not exist
I0514 18:28:58.634880 1 event.go:217] Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"antidote-web-ingress", UID:"3ab6d2c9-7675-11e9-892a-0800271a3b81", APIVersion:"extensions", ResourceVersion:"1109", FieldPath:""}): type: 'Normal' reason: 'UPDATE' Ingress default/antidote-web-ingress
W0514 18:28:59.063929 1 controller.go:556] service default/antidote-web does not have any active endpoints
W0514 18:28:59.066254 1 controller.go:842] service default/syringe does not have any active endpoints
W0514 18:28:59.069286 1 controller.go:842] service default/antidote-web does not have any active endpoints
...removed many similar logs...
W0514 18:29:08.621429 1 backend_ssl.go:54] error obtaining PEM from secret default/: secret named default/ does not exist
W0514 18:29:18.623037 1 backend_ssl.go:54] error obtaining PEM from secret default/: secret named default/ does not exist
W0514 18:29:28.632009 1 backend_ssl.go:54] error obtaining PEM from secret default/: secret named default/ does not exist
W0514 18:29:38.644427 1 backend_ssl.go:54] error obtaining PEM from secret default/: secret named default/ does not exist
...removed many similar logs...
W0514 18:32:41.946688 1 controller.go:556] service default/antidote-web does not have any active endpoints
W0514 18:32:43.231291 1 queue.go:88] requeuing default/syringe, err

Error: waitid: no child processes
nginx: the configuration file /tmp/nginx-cfg370968901 syntax is ok
nginx: configuration file /tmp/nginx-cfg370968901 test is successful

W0514 18:32:43.286987 1 controller.go:556] service default/antidote-web does not have any active endpoints
W0514 18:32:43.315860 1 controller.go:842] service default/antidote-web does not have any active endpoints
...removed many similar logs...
W0514 19:45:35.020347 1 backend_ssl.go:54] error obtaining PEM from secret default/: secret named default/ does not exist
W0514 19:45:45.025063 1 backend_ssl.go:54] error obtaining PEM from secret default/: secret named default/ does not exist

Software installed:

• VirtualBox 6.0 from https://www.virtualbox.org/wiki/Downloads
• kubectl v1.14.0 via brew install kubernetes-cli
• minikube v0.34.1 via curl -Lo minikube https://storage.googleapis.com/minikube/releases/v0.34.1/minikube-darwin-amd64 && chmod +x minikube && sudo cp minikube /usr/local/bin/ && rm minikube

Cloned the antidote and antidote-selfmedicate repos into the same root directory.

Error received:

lab:antidote-selfmedicate collisio$ ./selfmedicate.sh start
Backing up existing kubeconfig to ~/.kube/preminikube_bkp...
cp: ~/.kube/config: No such file or directory

The script is correct, there is no ~/.kube/ directory.

Any ideas?

Maybe it's my particular setup, but I've hit the following problem :

=> Antidote 0.4.0: Mounting NFS shared folders...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

mount -o vers=3,udp 192.168.34.1:/home/olivier/git/github.com/nre-learning/nrelabs-curriculum /antidote

Stdout from the command:



Stderr from the command:

mount.nfs: requested NFS version or transport protocol is not supported

where /home/olivier/git/github.com/nre-learning/nrelabs-curriculum exists...

I guess this might be related to some shared folder driver issue... I kind of remember there may be problems on some non-standard kernel modules in the virtualbox extensions and such...

I'm running Debian testing, and VirtualBox reports of a mismatch of versions, rebuilds the modules in the guest and reboots it...

Hope I'm not alone ;)

Running the initial set-up on a Mac (MacOS Mojave), I get the following error:sed: 1: "/etc/hosts": extra characters at the end of h command

As its already reported, trying to access manually http://192.168.99.X:30001/ , getting 503 Service Temporarily Unavailable (nginx/1.11.12) .

pradga-mbp:~ pradga$ kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.3", GitCommit:"721bfa751924da8d1680787490c54b9179b1fed0", GitTreeState:"clean", BuildDate:"2019-02-01T20:00:57Z", GoVersion:"go1.11.5", Compiler:"gc", Platform:"linux/amd64"}

pradga-mbp:~ pradga$ minikube version
minikube version: v0.34.1

Every time, antidote-web is not getting ready (1/2) because of Readiness probe failed: HTTP probe failed with statuscode: 404

pradga-mbp:~ pradga$ kubectl get pods
NAME READY STATUS RESTARTS AGE
antidote-web-57f98b78d4-l4rnv 1/2 Running 0 113m
nginx-ingress-controller-6f575d4f84-t5c97 1/1 Running 0 113m
syringe-6ffd7b7ccc-t2qhj 1/1 Running 0 113m

pradga-mbp:~ pradga$ kubectl get deployments
NAME READY UP-TO-DATE AVAILABLE AGE
antidote-web 0/1 1 0 114m
nginx-ingress-controller 1/1 1 1 114m
syringe 1/1 1 1 114m

pradga-mbp:~ pradga$ kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
antidote-web ClusterIP 10.103.193.35 8080/TCP 114m
kubernetes ClusterIP 10.96.0.1 443/TCP 115m
nginx-ingress NodePort 10.97.117.34 80:30001/TCP 114m
syringe ClusterIP 10.108.235.71 50099/TCP,8086/TCP 114m

pradga-mbp:~ pradga$ kubectl get events
LAST SEEN TYPE REASON KIND MESSAGE
3m56s Warning Unhealthy Pod Readiness probe failed: HTTP probe failed with statuscode: 404

TL/DL: Would like to work on docs for installation of self-medicate piece on OSX. Going through process and will submit a PR with more detail. Finding spots that i think a non-dev/Linux skilled networking engineer might get stuck or confused.

[Question]
Any guidance on where the
git clone https://github.com/nre-learning/antidote-selfmedicate

Should be cloned to? Should assume that network engineers don’t know where to put things. What guidance do we want to give them? Given that iCloud sync can automatically remove local cache of files on desktop/documents I’d like to recommend creating a folder in a non-icloud-sync’d location.

Thoughts?

Preamble: kata container is not necessarily an option, depending on K8S implementation.

Currently, flavor type (trusted, untrusted, legacy) is described in images.
And association between flavor and ContainerRuntime is hardcoded.

It could be more flexible if the antidote configuration allows to associate flavor and ContainerRuntime class.
For example, for the current settings, I will configure as:

flavorLegacy: none
flavorTrusted: none
flavorUntrusted: "kata"

But for a simple deployment (k3d) I will configure as:

flavorLegacy: none
flavorTrusted: none
flavorUntrusted: none

As these settings are related to Kubernetes backend, perhaps should it be placed in a dedicated tree. For example:

backends:
  kubernetes:
    flavorLegacy: none
    flavorTrusted: none
    flavorUntrusted: "kata"

At the moment, the starting of k8s and of the application is made in the same script.

This is fine for Vagrant provisionning where everything is run as a single script since the VM is rather empty (well, it has docker).

However, testing other ways of running k8s isn't facilitated. For instance I've tested running k8s with KinD (Kubernetes in Docker), with handles the starting of the cluster.

I'd then prefer if the kubernetes start and the launch of syringe + antidote + ingress are separated in different script.

Having 2 provisioning script shouldn't be blocking for Vagrant, whereas one could only run the last one separately when using minikube, kind or other ways to start Antidote over an existing k8s cluster.

Hope this makes sense.

One should not run vagrant up if the hostsupdater plugin isn't there... however this may not be a blocker.

In such case, maybe a warning message could be useful, for instance at the end of the provisionning down in the Vagrantfile, with something like:

  if not defined?(VagrantPlugins::HostsUpdater)
    config.vm.provision "shell", privileged: false, inline: <<-EOF
      echo "You should install the Vagrant::Hostsupdater plugin to support configuration of the 'antidote-local' hostname."
    EOF
  end

On a band new Ubuntu 16.04 install, when starting selfmedicate (./selfmedicate.sh start ../antidote) minikube crashes. Here is the full error message:

: Waiting for pods: apiserver proxy etcd scheduler controller addon-manager dns! Error starting cluster: wait: waiting for k8s-app=kube-dns: timed out waiting for the condition

• Sorry that minikube crashed. If this was unexpected, we would love to hear from you:

The discussion in tuesday october the 22nd popped something in my mind, when @Mierdin mentioned asterisk wildcard...

Maybe this can be of use: http://xip.io/ can be used as a widlcard DNS service. I've seen it used in many cloud-related demos/tutorials.

Not exactly sure whether this would apply to the current situation, but maybe that helps working around the need to edit the hosts file.

If only minikube is installed locally, the cluster gets started, but the script later fails on missing kubectl.

instructions should then require installation of kubectl too.

At the moment, we use k8s 1.14.0, whereas 1.14.z exist (minor patch releases).

I guess it would be safest to use latest patch release, in order to detect potential problems re- deployed version (security), and benefit from potential performance improvements.

Hth,

Running the initial set-up on a Mac, I get the following error:

sed: 1: "/etc/hosts": extra characters at the end of h command

as the attempt is made under sudo to change /etc/hosts.

Ref:

Arghhh....

And here:

There is a related patch in another repo here: passff/passff@f5cd7a3

When I employ that change, when I do run:

sudo sed -i '' '/antidote-local.*/d' /etc/hosts > /dev/null

it runs without error but when I cat the /etc/hosts file, nothing has changed...

However, I don't see anything on: http://IP.ADDR:30001. The box looks to be running in VirtualBox.

kubectl get pods
# No resources found.

Updating kubectl, resetting paths to latest version, destroying minikube instance and creating a new one seems to have helped....

It is highly recommended that you start by reading the docs.

here https://github.com/nre-learning/antidote-selfmedicate/blob/master/README.md

goes no where

        \          SORRY            /
         \                         /
          \    This page does     /
           ]   not exist yet.    [    ,'|
           ]                     [   /  |
           ]___               ___[ ,'   |
           ]  ]\             /[  [ |:   |
           ]  ] \           / [  [ |:   |
           ]  ]  ]         [  [  [ |:   |
           ]  ]  ]__     __[  [  [ |:   |
           ]  ]  ] ]\ _ /[ [  [  [ |:   |
           ]  ]  ] ] (#) [ [  [  [ :===='
           ]  ]  ]_].nHn.[_[  [  [
           ]  ]  ]  HHHHH. [  [  [
           ]  ] /   `HH("N  \ [  [
           ]__]/     HHH  "  \[__[
           ]         NNN         [
           ]         N/"         [
           ]         N H         [
          /          N            \
         /           q,            \
        /                           \

Minilube's output looks a lot like garbage. Probably the emoji/colour output.

Will try to remedy that in a PR.

I've had issues with downloading libc-dev package during virtualbox modules rebuild due to version mismatch, which is done automatically by Vagrant AFAIU... and having a look at the provisioning script I noticed there doesn't seem to be any apt-get update before the first apt-get install for docker-ce installation.

Maybe not a huge issue, but maybe worth updating first.

Hth

In my tests with (relatively slow) network (ADSL), the fetching of images is the main bottleneck to UX.

I guess it should be feasable to not rely on a generic Vagrant box, but instead create a dedicated box including the pre-fetched Docker images.

Hth,

Still a lot of problems with selfmedicate. Adding this to v0.3.1 to give this some badly needed TLC

I've noticed the following message:

/usr/local/bin/kubectl is version 1.16.2, and is incompatible with Kubernetes 1.14.0. You will need to update /usr/local/bin/kubectl or use 'minikube kubectl' to connect with this cluster

Ideally, I guess vagrant-provision.sh should then download the corresponding version... which should require transmission of that version number from env vars, etc.

On the other hand, it may well happen that that message is a bit wrong, and it just works ;)

When only cloning https://github.com/nre-learning/antidote-selfmedicate as instructed in https://antidoteproject.readthedocs.io/en/latest/building/local.html, ./selfmedicate.sh start
will fail as it won't be able to start the lessons:

./selfmedicate.sh start
Error - ../nrelabs-curriculum doesn't look like a proper curriculum directory.
Either this directory wasn't found, or the subdirectory 'lessons' within that directory wasn't found.

In either case, this script cannot continue. Please either place the appropriate directory in place, or
edit the LESSON_DIRECTORY variable at the top of this script.

I guess instructions should ask to clone https://github.com/nre-learning/nrelabs-curriculum alongside antidote-selfmedicate.

Hope this helps,

I've tried to test running from a Git clone made on Windows, with the default settings selected at GitForWindows installation, which converts line endings to windows.

Hence, when the provisionning runs selfmedicate.sh this will lead to:

==> Antidote 0.4.0: Running provisioner: custom (shell)...
    Antidote 0.4.0: Running: inline script
    Antidote 0.4.0: /home/vagrant/selfmedicate.sh: line 2: $'\r': command not found
    Antidote 0.4.0: /home/vagrant/selfmedicate.sh: line 5: $'\r': command not found
    Antidote 0.4.0: /home/vagrant/selfmedicate.sh: line 11: $'\r': command not found
    Antidote 0.4.0: /home/vagrant/selfmedicate.sh: line 37: syntax error near unexpected token `$'{\r''
'   Antidote 0.4.0: /home/vagrant/selfmedicate.sh: line 37: `sub_help(){
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

I guess maybe the line endings of the shell script could be forced if using this in .gitattributes:

*.sh text eol=lf

Haven't been able to test though.

Hope this helps.

I've tested latest version of selfmedicate.sh.
The message at the end will instruct to connect on http://antidote-local:30001/:
Finished! Antidote should now be available at http://antidote-local:30001/

However that machine name doesn't resolve.
Still it works on the public IP of the VirtualBox VM

./minikube status
host: Running
kubelet: Running
apiserver: Running
kubectl: Correctly Configured: pointing to minikube-vm at 192.168.99.133

./kubectl get service/nginx-ingress
NAME            TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
nginx-ingress   NodePort   10.111.217.28   <none>        80:30001/TCP   8m50s

So connecting to http://192.168.99.133:30001/ works.

Hope this helps.

P.S. haven't had time to investigate the script yet.
Hence

If provide the branch name, git-clone.sh will throw error:

Cloning into '/antidote'...
fatal: ambiguous argument 'lesson-24': unknown revision or path not in the working tree.
Use '--' to separate paths from revisions, like this:

Seems git reset supports existing refs only
Suggest modify to git checkout --force $REF so that we can provide either commit id or branch name in the initContainers args.

After the modification, the syringe pod starts successfully and clones the non-default branch of my git repo.

Similar modification should apply to file syringe/scheduler/scheduler.go also

In my recent forum post I mentioned that I used a heavily modified form of the selfmedicate script that uses the kvm2 driver to play around with kata containers. It worked beautifully. This caused me to start thinking about how the role of selfmedicate has changed in the last year.

In particular, there are a few things that are very different now than they were when this project started:

• We're no longer running guacamole, which appeared to have serious problems when running within the VM that was auto-provisioned. This was one of the bigger drivers in moving to a Vagrant setup, wherein we execute minikube with the none driver.
• Selfmedicate is no longer in the critical path. Anyone that uses it should know what they're doing. With the preview service now the "official" method of contributing to the curriculum, selfmedicate no longer needs to be all things to all people. I believe the right course of action is to greatly simplify what selfmedicate does, and that means being opinionated about the environment. Given this new purpose, I think this more than acceptable.
• Time. Minikube is more mature now, and a year is a long time to get bug fixes and stability improvements.
• Images are getting lighter. Moving away from vQFX and in general getting leaner with image builds (because we don't have to add on as many security hacks).
• Kata containers means that we now care a lot about nested virtualization performance, and kvm does this really well. I know virtualbox does this now as well, but it's another knob to configure, and as we've seen, not everyone wants to run virtualbox. If we're going to pick one hypervisor (which i think we should), picking kvm2 seems to make more sense, and on top of that, minikube just takes care of it for us.

I'm opening this issue because once I'm done with my "prod" work, I plan to open a PR to hyper-simplify things. Without context, it might look like I'm going on a killing spree, so I wanted to open this first to at least get my thoughts on paper, well in advance of a PR (which I won't have time for until at least a few weeks from now). I love the work that went into adding Vagrant support a year back, but I think the times have changed. It's time to return to the roots, where it really is just little more than a thin wrapper on top of minikube.

I guess the Apache 2 licence text isn't really copyrighted by Juniper. I'd then suggest to remove that first line from the LICENSE file.

I was going to work on this a while back but decided to do something else. In the meantime, I'll open an issue describing the problem.

In short, the Kubernetes Ingress API really seems to be incompatible with nonstandard ports. Having ports in the route for an ingress is explicitly not allowed, yet as a result, routing decisions to endpoints with nonstandard ports doesn't work. This issue is described well in kubernetes/kubernetes#41881

So while the whole stack works, HTTP presentations don't work in selfmedicate. The solution may be to use host networking for the nginx pods

I created a new lesson, similar to other lessons. I placed it in the ~/nrelabs-curriculum/lessons/fundamentals directory. I named the new lesson directory lesson-100-frr.

When I run the selfmedicate.sh --reload command, the lessons do not appear in the web interface.

I looked in the minikube VM:

minikube ssh

And looked in the lesson directory

cd /antidote/lessons/fundamentals/

And I can see the lesson directory was copied over to the VM:

ls
lesson-100-frr	lesson-16-jinja  lesson-19-restapis  lesson-23-linux
lesson-14-yaml	lesson-17-git	 lesson-22-python

So, is there something I need to update elsewhere to add a lesson and test it? What am I missing?

selfmedicate.sh allows the definition of env vars, which could be stored in .antidote/config such as PRELOADED_IMAGES

It would be great to have a mean to set these from the host to have them passed by Vagrant to the script.

I installed Kubernetes latest version ( v1.16 ) and the self-medicate.sh script wouldn't run properly. It crashed due to Kubernetes API version updates.

I just had to modify all the yaml files in the antidote-selfmedicate/manifests sub-directory. I just replaced all "extensions/v1beta1" by "apps/v1".

Hope it will help

Things seem to work fine on the first start, but if we halt the VM and then run vagrant up later, none of the Antidote services are running inside of k8s.

Looks like sub_resume runs minikube start, which in theory should just re-start what was running before, but it doesn't seem like the cluster remembers previously deployed artifacts. Maybe this is a byproduct of using the none driver, since I don't remember this being a problem when we were using the minikube VM.

When I start a lesson, the shell remains blank on any node in the lesson. For example, when I start the "introduction to YAML" lesson, the network endpoint "Linux1" terminal window just show a blank, black screen.

It could be interesting to be able to use libvirt (for qemu/kvm) on Linux as an alternative to virtualbox.

Would be interesting to verify any gain on performance...

Minikube can be run with the --vm-driver kvm2 option (see https://github.com/kubernetes/minikube/blob/master/docs/drivers.md#kvm2-driver) to use a qemu/kvm VM instead of VirtualBox, when on Linux, and if the machine handles nested-virtualization.

I've juste added the option to selfmedicate.sh and the labs seem a bit faster from what I can see on my machine.

Of course YMMV, and a proper benchmark could be necessary.

I guess it could be made optional when/if people are running the script on Linux, and libvirt and other requirements are met, of course.

Other than that I'm not so sure everything else is the same, like mounting stuff to the guest VM...

Hope this helps,

Would you be able to document antibridge ?

Its repo seemed to be forked off CNI... but that ain't really documented AFAICS

Also, would it be contributable to the original project (not maintaining a forked version, etc.) ?

Thanks in advance.

I've noticed tlat coredns doesn't seem to be starting with the latest minikube in tests I've made today:

NAMESPACE                NAME                                           READY   STATUS             RESTARTS   AGE
kube-system              pod/coredns-fb8b8dccf-7cp7q                    0/1     CrashLoopBackOff   22         68m
kube-system              pod/coredns-fb8b8dccf-pltdp                    0/1     CrashLoopBackOff   22         68m
...
NAMESPACE     NAME                                       READY   UP-TO-DATE   AVAILABLE   AGE
default       deployment.apps/antidote-web               1/1     1            1           19m
default       deployment.apps/nginx-ingress-controller   1/1     1            1           19m
default       deployment.apps/syringe                    1/1     1            1           19m
kube-system   deployment.apps/coredns                    0/2     2            0           68m

I'm using vagrant + libvirt...

Maybe the issue is other, but it happens that minikube just issued a new release...

Also, maybe the k8s version should be updated, as minikube seems to be in sync with 1.16 as per its release notes ?

Maybe the coredns service isn't used in Antidote, after all ?

Hope this helps.

Hi

I followed all the instructions to install and use the nre-learning locally on my comouter.

I did not get any errors :

Creating minikube cluster. This can take a few minutes, please be patient...
There is a newer version of minikube available (v1.3.0). Download it here:
https://github.com/kubernetes/minikube/releases/tag/v1.3.0

To disable this notification, run the following:
minikube config set WantUpdateNotification false
😄 minikube v0.34.1 on linux (amd64)
🔥 Creating kvm2 VM (CPUs=4, Memory=8096MB, Disk=20000MB) ...
💿 Downloading Minikube ISO ...
184.30 MB / 184.30 MB [============================================] 100.00% 0s
📶 "minikube" IP address is 192.168.39.111
🐳 Configuring Docker as the container runtime ...
✨ Preparing Kubernetes environment ...
▪ kubelet.network-plugin=cni
💾 Downloading kubeadm v1.13.3
💾 Downloading kubelet v1.13.3
🚜 Pulling images required by Kubernetes v1.13.3 ...
🚀 Launching Kubernetes v1.13.3 using kubeadm ...
🔑 Configuring cluster permissions ...
🤔 Verifying component health .....
E0806 20:54:39.340764 6419 console.go:75] applyStyle(mount): unknown style: "mount"
Creating mount /home/ubuntu/nrelabs-curriculum:/antidote ...
💗 kubectl is now configured to use "minikube"
🏄 Done! Thank you for using minikube!

The minikube cluster is now online. Now, we need to add some additional infrastructure components.

This will take some time - this script will pre-download large images so that you don't have to later. BE PATIENT.

######################################## Done.
######################################## Done.
######################################## Done.
######################################## Done.
######################################## Done.
######################################## Done.
About to modify /etc/hosts to add record for 'antidote-local' at IP address 192.168.39.111.
You will now be prompted for your sudo password.
Finished! Antidote should now be available at http://antidote-local:30001/

and

time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 12: Cisco"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 8: Cumulus Networks"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 3: General Datatech (GDT)"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 4: HexaBuild"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 5: IGNW"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 1: Juniper Networks"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 6: Myriad360"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 10: Network To Code"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 9: Packet Pushers"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 7: Red Hat"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported collection 2: Synercomm"
time="2019-08-06T21:01:50Z" level=info msg="Imported 11 collection definitions."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-1-demo/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 1: Antidote Test Lesson with 6 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-100-frr/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 100: Introduction to Lessons with 1 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-14-yaml/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 14: Introduction to YAML with 1 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-16-jinja/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 16: Using Jinja for Configuration Templates with 1 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-17-git/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 17: Version Control with Git with 1 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-19-restapis/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 19: Working with REST APIs with 4 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-22-python/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 22: Introduction to Python with 1 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-23-linux/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 23: Linux Basics with 1 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-50-bash/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 50: Introduction to BASH with 1 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-12-jsnapy/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 12: Network Unit Testing with JSNAPY with 4 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-13-napalm/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 13: Multi-Vendor Network Automation with NAPALM with 2 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-15-stackstorm/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 15: Event-Driven Network Automation with StackStorm with 4 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-18-todd/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 18: End-to-End Network Testing with ToDD with 3 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-24-pyez/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 24: Junos Automation with PyEZ with 2 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-25-junosjet/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 25: Juniper Extension Toolkit (JET) with 2 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-26-openconfig/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 26: Vendor-Neutral Network Configuration with OpenConfig with 2 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-29-robot/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 29: Using Robot Framework for Automated Testing with 2 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-30-salt/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 30: Network Automation with Salt with 2 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-31-terraform/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 31: Terraform & Junos with 4 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-21-tshoot-ipphone/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 21: Automating the Troubleshooting Chain with 7 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 32: Automated STIG Compliance Validation with 2 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-33-quickdeviceinventory/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 33: Quick and Easy Device Inventory with 3 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-34-configbackup/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 34: Automated Device Configuration Backup with 3 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-35-devicespecifictemplate/lesson.meta.yaml"
time="2019-08-06T21:01:50Z" level=info msg="Successfully imported lesson 35: Device Specific Template Generation with 3 endpoints."
time="2019-08-06T21:01:50Z" level=info msg="Imported 24 lesson definitions."
All detected curriculum resources imported successfully.

When I check http://antidote-local:30001/ it looks good but when I click on Lesson Catalog
I do not see any lesson. I already checked the config file and everything looks good

Thanks

The base box is bento/ubuntu-16.04, and I wonder whether it could be updated to a more recent version with benefits (or drawbacks)...

Not specifically and issue per se if everything works OK k8s-wise...

In reviewing nre-learning/nrelabs-curriculum#275, I tried to run the PoC lesson contained therein using the new Vagrant selfmedicate setup, and ran into this:

Could not access KVM kernel module: No such file or directory
qemu-system-x86_64: failed to initialize KVM: No such file or directory

We should modify the setup script to ensure the right packages and kernel mods are installed and loaded, in order to support this (as we do in NRE Labs production).

This might be a little more complicated as we consider compatibilities with VirtualBox, etc - but we should still do what we can to support this.

Issue description

Syringe makes calls to git to clone the antidote-repo. When doing so in my locally running minikube setup (via antidote-selfmedicate), the Syringe pod crashes. This is due to the container git-clone receiving the following error:
fatal: unable to access 'https://github.com/nre-learning/antidote.git/': SSL certificate problem: self signed certificate in certificate chain

This also happens when pulling up lessons in the antidote-web. For example, trying to access the lesson for git (lesson-14) will try to spin up a linux utility image and that pod will also have the same problem where it's git-clone container will experience the same certificate issue and message.

$ kubectl --namespace=17-jwtzfp5fy8ktyo33-ns logs pod/linux1 git-clone
Cloning into '/antidote'...
fatal: unable to access 'https://github.com/nre-learning/antidote.git/': SSL certificate problem: self signed certificate in certificate chain

Workaround

I found a workaround to get the syringe pod up, but not a workaround for the lessons issue. This workaround is to include the following line in syringe.yml within the antidote-selfmedicate folder:

git config --global http.sslVerify false

This might also work, but I haven't tried it yet because I'm not sure which certs to use or where they are stored:

git config --system http.sslCAPath /path/to/cacerts

https://confluence.atlassian.com/fishkb/unable-to-clone-git-repository-due-to-self-signed-certificate-376838977.html

Example usage in 'syringe.yml'

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: git-clone
data:
  git-clone.sh: |
    #!/bin/sh -e
    REPO=$1
    REF=$2
    DIR=$3
    # Init Containers will re-run on Pod restart. Remove the directory's contents
    # and reprovision when this happens.
    if [ -d "$DIR" ]; then
        rm -rf $( find $DIR -mindepth 1 )
    fi
    git config --global http.sslVerify false  #FIXME!!   <<<<<<<< WORKAROUND: ADD THIS LINE
    git clone $REPO $DIR
    cd $DIR
    git checkout --force $REF

Need to make Vagrant the primary way for doing selfmedicate, with an option to run it directly if you want.

https://github.com/nre-learning/nrelabs-curriculum/blob/5b8360ca54e22ae27dd41767c68ed7b1a5801506/lessons/tools/lesson-12-jsnapy/lesson.meta.yaml#L28

As far as I know above line is no longer valid since following PR has disabled tags: nre-learning/antidote-core@3a6643e

if strings.Contains(ep.Image, ":") {
			log.Error("Tags are not allowed in endpoint image refs")
			return fail
		}foll

Tools and Workflows are not loading properly. Logs from syringed:

time="2019-07-30T18:45:18Z" level=debug msg="Searching /antidote/lessons for lesson definitions"
time="2019-07-30T18:45:18Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-1-demo/lesson.meta.yaml"
time="2019-07-30T18:45:18Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-14-yaml/lesson.meta.yaml"
time="2019-07-30T18:45:18Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-16-jinja/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-17-git/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-19-restapis/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-22-python/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-23-linux/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/fundamentals/lesson-50-bash/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-12-jsnapy/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-13-napalm/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-15-stackstorm/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-18-todd/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-24-pyez/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-25-junosjet/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-26-openconfig/lesson.meta.yaml"
time="2019-07-30T18:45:19Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-29-robot/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-30-salt/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-31-terraform/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/tools/lesson-59-jsnapy2/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/workflows/lesson-21-tshoot-ipphone/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/workflows/lesson-33-quickdeviceinventory/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/workflows/lesson-34-configbackup/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=debug msg="Found lesson definition at: /antidote/lessons/workflows/lesson-35-devicespecifictemplate/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-1-demo/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-14-yaml/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=info msg="Successfully imported lesson 14: Introduction to YAML  with 1 endpoints."
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-16-jinja/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=info msg="Successfully imported lesson 16: Using Jinja for Configuration Templates  with 1 endpoints."
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-17-git/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=info msg="Successfully imported lesson 17: Version Control with Git  with 1 endpoints."
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-19-restapis/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-22-python/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=info msg="Successfully imported lesson 22: Introduction to Python  with 1 endpoints."
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-23-linux/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=info msg="Successfully imported lesson 23: Linux Basics  with 1 endpoints."
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/fundamentals/lesson-50-bash/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=info msg="Successfully imported lesson 50: Introduction to BASH  with 1 endpoints."
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-12-jsnapy/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-13-napalm/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-15-stackstorm/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-18-todd/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-24-pyez/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-25-junosjet/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-26-openconfig/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-29-robot/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-30-salt/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-31-terraform/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/tools/lesson-59-jsnapy2/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-21-tshoot-ipphone/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-32-stigcompliance/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-33-quickdeviceinventory/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-34-configbackup/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=info msg="Importing lesson definition at: /antidote/lessons/workflows/lesson-35-devicespecifictemplate/lesson.meta.yaml"
time="2019-07-30T18:45:20Z" level=error msg="Tags are not allowed in endpoint image refs"
time="2019-07-30T18:45:20Z" level=warning msg="Imported 6 lesson definitions with errors."
time="2019-07-30T18:45:20Z" level=warning msg="Not all lesson definitions were imported"
time="2019-07-30T18:45:20Z" level=info msg="No syringe-managed namespaces found. Starting normally."
time="2019-07-30T18:45:20Z" level=info msg="Syringe API started." HTTP Port=8086 gRPC Port=50099
time="2019-07-30T18:45:20Z" level=debug msg="No syringe-managed namespaces found. No need to GC."

Lessons are not listed under their respective categories on the advisor page. Putting the URL in for a lesson directly causes the loading popup to appear, but then it just hangs without ever making any progress.

I'm testing the latest 0.6.0 version of selfmedicate (with libvirt), and cannot seem to be able to connect to the Web app.

The NGinx ingress responds with 503, and the aweb pod fails to deploy/start :

$ kubectl describe pod/aweb-7977f6bf4-wp5vz
Name:           aweb-7977f6bf4-wp5vz
Namespace:      default
Priority:       0
Node:           antidote-060/192.168.121.55
Start Time:     Mon, 13 Apr 2020 20:51:21 +0000
Labels:         antidote_role=infra
                app=aweb
                pod-template-hash=7977f6bf4
Annotations:    k8s.v1.cni.cncf.io/networks-status:
                  [{
                      "name": "",
                      "ips": [
                          "10.32.0.15"
                      ],
                      "default": true,
                      "dns": {}
                  }]
Status:         Running
IP:             10.32.0.15
IPs:            <none>
Controlled By:  ReplicaSet/aweb-7977f6bf4
Containers:
  aweb:
    Container ID:   docker://6da093a0a8d3509891a36297e12ec6ecbcfaa3756c10044c84e17cf2b1e9599d
    Image:          antidotelabs/antidote-web:latest
    Image ID:       docker-pullable://antidotelabs/antidote-web@sha256:3711bfa6e8d5af58402aa11bd732bacb76f6aac65d193c625d211a5ad04b3f54
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 13 Apr 2020 21:13:20 +0000
    Last State:     Terminated
      Reason:       Error
      Exit Code:    137
      Started:      Mon, 13 Apr 2020 20:58:48 +0000
      Finished:     Mon, 13 Apr 2020 21:11:32 +0000
    Ready:          False
    Restart Count:  1
    Readiness:      http-get http://:80/ delay=0s timeout=1s period=10s #success=1 #failure=3
    Environment:
      WEBSSH2_LOCATION:  http://antidote-local:30010
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-bb2jw (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  default-token-bb2jw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-bb2jw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason                  Age                   From                   Message
  ----     ------                  ----                  ----                   -------
  Normal   Scheduled               23m                   default-scheduler      Successfully assigned default/aweb-7977f6bf4-wp5vz to antidote-060
  Warning  FailedCreatePodSandBox  23m                   kubelet, antidote-060  Failed create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "2a471cfe95cb813f028ddcfc1595100f9fad013d9963396ea2466225161b48f8" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to set up pod "aweb-7977f6bf4-wp5vz_default" network: failed to find plugin "multus" in path [/opt/cni/bin], failed to clean up sandbox container "2a471cfe95cb813f028ddcfc1595100f9fad013d9963396ea2466225161b48f8" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to teardown pod "aweb-7977f6bf4-wp5vz_default" network: failed to find plugin "multus" in path [/opt/cni/bin]]
  Normal   SandboxChanged          22m (x8 over 23m)     kubelet, antidote-060  Pod sandbox changed, it will be killed and re-created.
  Normal   Pulling                 22m                   kubelet, antidote-060  Pulling image "antidotelabs/antidote-web:latest"
  Normal   Pulled                  16m                   kubelet, antidote-060  Successfully pulled image "antidotelabs/antidote-web:latest"
  Normal   Started                 16m                   kubelet, antidote-060  Started container aweb
  Normal   Created                 16m                   kubelet, antidote-060  Created container aweb
  Warning  Unhealthy               8m17s (x47 over 15m)  kubelet, antidote-060  Readiness probe failed: HTTP probe failed with statuscode: 403
  Warning  FailedCreatePodSandBox  2m5s                  kubelet, antidote-060  Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "43978315ea6a80da61008bcb9aa279cd4f78398b1686211111430c3b63f7ae6d" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to set up pod "aweb-7977f6bf4-wp5vz_default" network: Multus: Err in loading K8s Delegates k8s args: Multus: Err in getting k8s network from pod: getPodNetworkAnnotation: failed to query the pod aweb-7977f6bf4-wp5vz in out of cluster comm: Get https://10.96.0.1:443/api/v1/namespaces/default/pods/aweb-7977f6bf4-wp5vz: dial tcp 10.96.0.1:443: i/o timeout
  Warning  FailedCreatePodSandBox  2m3s                  kubelet, antidote-060  Failed create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "a75a59a157a11cb66441ac5c137f1ef642246763162e875c0b5d87400ba45bf0" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to set up pod "aweb-7977f6bf4-wp5vz_default" network: Multus: Err in tearing down failed plugins: Multus: error in invoke Delegate add - "weave-net": unable to allocate IP address: Post http://127.0.0.1:6784/ip/a75a59a157a11cb66441ac5c137f1ef642246763162e875c0b5d87400ba45bf0: dial tcp 127.0.0.1:6784: connect: connection refused, failed to clean up sandbox container "a75a59a157a11cb66441ac5c137f1ef642246763162e875c0b5d87400ba45bf0" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to teardown pod "aweb-7977f6bf4-wp5vz_default" network: Multus: error in invoke Delegate del - "weave-net": Delete http://127.0.0.1:6784/ip/a75a59a157a11cb66441ac5c137f1ef642246763162e875c0b5d87400ba45bf0: dial tcp 127.0.0.1:6784: connect: connection refused]
  Warning  FailedCreatePodSandBox  2m                    kubelet, antidote-060  Failed create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "70145f85a2ee037987f91a1125678d4467e5bdcc17e4fa0c175ca25419a3ea2b" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to set up pod "aweb-7977f6bf4-wp5vz_default" network: Multus: Err in tearing down failed plugins: Multus: error in invoke Delegate add - "weave-net": unable to allocate IP address: Post http://127.0.0.1:6784/ip/70145f85a2ee037987f91a1125678d4467e5bdcc17e4fa0c175ca25419a3ea2b: dial tcp 127.0.0.1:6784: connect: connection refused, failed to clean up sandbox container "70145f85a2ee037987f91a1125678d4467e5bdcc17e4fa0c175ca25419a3ea2b" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to teardown pod "aweb-7977f6bf4-wp5vz_default" network: Multus: error in invoke Delegate del - "weave-net": Delete http://127.0.0.1:6784/ip/70145f85a2ee037987f91a1125678d4467e5bdcc17e4fa0c175ca25419a3ea2b: dial tcp 127.0.0.1:6784: connect: connection refused]
  Warning  FailedCreatePodSandBox  117s                  kubelet, antidote-060  Failed create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "56a877677bf95c067f25e81c860b4e6fb247c8b067bb7a9bc9a500700442b4e3" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to set up pod "aweb-7977f6bf4-wp5vz_default" network: Multus: Err in tearing down failed plugins: Multus: error in invoke Delegate add - "weave-net": unable to allocate IP address: Post http://127.0.0.1:6784/ip/56a877677bf95c067f25e81c860b4e6fb247c8b067bb7a9bc9a500700442b4e3: dial tcp 127.0.0.1:6784: connect: connection refused, failed to clean up sandbox container "56a877677bf95c067f25e81c860b4e6fb247c8b067bb7a9bc9a500700442b4e3" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to teardown pod "aweb-7977f6bf4-wp5vz_default" network: Multus: error in invoke Delegate del - "weave-net": Delete http://127.0.0.1:6784/ip/56a877677bf95c067f25e81c860b4e6fb247c8b067bb7a9bc9a500700442b4e3: dial tcp 127.0.0.1:6784: connect: connection refused]
  Warning  FailedCreatePodSandBox  115s                  kubelet, antidote-060  Failed create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "d5f753fbb720f611fc9c94bc451c0192ff1fb990872dc5e2418b0bcaf3025c5c" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to set up pod "aweb-7977f6bf4-wp5vz_default" network: Multus: Err in tearing down failed plugins: Multus: error in invoke Delegate add - "weave-net": unable to allocate IP address: Post http://127.0.0.1:6784/ip/d5f753fbb720f611fc9c94bc451c0192ff1fb990872dc5e2418b0bcaf3025c5c: dial tcp 127.0.0.1:6784: connect: connection refused, failed to clean up sandbox container "d5f753fbb720f611fc9c94bc451c0192ff1fb990872dc5e2418b0bcaf3025c5c" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to teardown pod "aweb-7977f6bf4-wp5vz_default" network: Multus: error in invoke Delegate del - "weave-net": Delete http://127.0.0.1:6784/ip/d5f753fbb720f611fc9c94bc451c0192ff1fb990872dc5e2418b0bcaf3025c5c: dial tcp 127.0.0.1:6784: connect: connection refused]
  Normal   SandboxChanged          110s (x7 over 2m38s)  kubelet, antidote-060  Pod sandbox changed, it will be killed and re-created.
  Warning  FailedCreatePodSandBox  110s                  kubelet, antidote-060  Failed create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "438593ef97dca23d5a1d4882cec5d8992e218d8c5a4b10c6c071caa041e3db3f" network for pod "aweb-7977f6bf4-wp5vz": NetworkPlugin cni failed to set up pod "aweb-7977f6bf4-wp5vz_default" network: Multus: Err in tearing down failed plugins: Multus: error in invoke Delegate add - "weave-net": unable to allocate IP address: Post http://127.0.0.1:6784/ip/438593ef97dca23d5a1d4882cec5d8992e218d8c5a4b10c6c071caa041e3db3f: dial tcp 127.0.0.1:6784: connect: connection refused
  Warning  Failed                  108s                  kubelet, antidote-060  Failed to pull image "antidotelabs/antidote-web:latest": rpc error: code = Unknown desc = Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address
  Warning  Failed                  108s                  kubelet, antidote-060  Error: ErrImagePull
  Normal   BackOff                 106s (x2 over 107s)   kubelet, antidote-060  Back-off pulling image "antidotelabs/antidote-web:latest"
  Warning  Failed                  106s (x2 over 107s)   kubelet, antidote-060  Error: ImagePullBackOff
  Normal   Pulling                 94s (x2 over 108s)    kubelet, antidote-060  Pulling image "antidotelabs/antidote-web:latest"
  Normal   Pulled                  88s                   kubelet, antidote-060  Successfully pulled image "antidotelabs/antidote-web:latest"
  Normal   Created                 88s                   kubelet, antidote-060  Created container aweb
  Normal   Started                 88s                   kubelet, antidote-060  Started container aweb
  Warning  Unhealthy               77s                   kubelet, antidote-060  Readiness probe failed: HTTP probe failed with statuscode: 403

also, there is:

$ kubectl logs pod/aweb-7977f6bf4-wp5vz
2020/04/13 21:15:21 [error] 10#10: *12 open() "/usr/share/nginx/html/index.html" failed (13: Permission denied), client: 10.32.0.1, server: localhost, request: "GET / HTTP/1.1", host: "10.32.0.15:80"

Unless I'm mistaken, antidote-selfmedicate still triggers an antidote 0.4 version inside the VM...

It'd be interesting to have the same Web app than for the production site...