Some issues with docker container, go.path, APP_Domain, Container-Crash & LDAP

[AJOCHAM]

Would be awesome if you could help me

I started the Thunderdome container via docker-compose on an Ubuntu machine. I like your tool very much, best I seen so far but I could not figure out how to solve these issues:

• exec: "go": executable file not found in $PATH:
• WebUI via 127.0.0.1:8080, even when I adapt this in a docker-compose.overwrite.yml, it does not change:

  
  version: '3.1'

services: thunderdome: environment:

• APP_DOMAIN=myservername.myDomain.com

• Each time I "leave a game" the container crashes (see log below)

  thunderdome_1  | 2020/11/05 13:26:23 Access the WebUI via 127.0.0.1:8080
  thunderdome_1  | 2020/11/05 13:26:29 error: websocket: close 1000 (normal)
  thunderdome_1  | panic: concurrent write to websocket connection
  thunderdome_1  |
  thunderdome_1  | goroutine 34 [running]:
  thunderdome_1  | github.com/gorilla/websocket.(*messageWriter).flushFrame(0xc0001b2e40, 0x140cd01, 0x140cda8, 0x0, 0x0, 0x0, 0x44bb18)
  thunderdome_1  |    /go/pkg/mod/github.com/gorilla/websocket@v1.4.1/conn.go:610 +0x612
  thunderdome_1  | github.com/gorilla/websocket.(*Conn).WriteMessage(0xc000020160, 0x8, 0x140cda8, 0x0, 0x0, 0x6b4426a21, 0x13efd00)
  thunderdome_1  |    /go/pkg/mod/github.com/gorilla/websocket@v1.4.1/conn.go:763 +0x23d
  thunderdome_1  | main.(*connection).write(0xc0002b2ad0, 0x8, 0x140cda8, 0x0, 0x0, 0x0, 0x0)
  thunderdome_1  |    /go/src/github.com/stevenweathers/thunderdome-planning-poker/client.go:266 +0xa9
  thunderdome_1  | main.(*subscription).writePump(0xc0003b43c0)
  thunderdome_1  |    /go/src/github.com/stevenweathers/thunderdome-planning-poker/client.go:281 +0x1f8
  thunderdome_1  | created by main.(*server).serveWs.func1
  thunderdome_1  |    /go/src/github.com/stevenweathers/thunderdome-planning-poker/client.go:350 +0x9f1
  thunderdome_1  | 2020/11/05 13:26:56 exec: "go": executable file not found in $PATH:

• LDAP connection. I can find my entries on commandline on the host machine, but Thunderdome tells me Failed binding for authentication: unable to read LDAP response packet: read tcp 192.168.16.3:59874->10.xx.xxx.yy:636: read: connection reset by peer

Thanks a lot Andy

[StevenWeathers]

exec: "go": executable file not found in $PATH: is normal, hasn't caused any issues thus far just ignore it.

WebUI via 127.0.0.1:8080, even when I adapt this in a docker-compose.overwrite.yml, it does not change: This is just a hardcoded message fyi, I can see how it sounds confusing. Remember the go app itself doesn't listen on a domain, so the local IP:PORT is still valid and has to have a webserver in front of it to use a domain.

panic: concurrent write to websocket connection I've never seen this happen, are you running only 1 instance of Thunderdome or multiple?

Failed binding for authentication: unable to read LDAP response packet: Honestly I've not worked with LDAP myself so I will have to look into this one, @eivindt any thoughts?

[StevenWeathers]

I take that back I've found the issue with panic: concurrent write to websocket connection, you're talking about when you Abandon Battle right?, not just leave. I think I see the culprit and will look into this one further.

[eivindt]

Can you share more details on how you have configured ldap and how you've tested on the command line?

(without sharing any vulnerable details of course)

[AJOCHAM]

This is the config I used for LDAP and the commandline which worked

- AUTH_METHOD=ldap
- AUTH_LDAP_USE_TLS=false
- AUTH_LDAP_URL=ldaps://ldap.myDomain.com:636
- AUTH_LDAP_BINDNAME="CN=LdapUser,OU=SystemUser,OU=User,OU=LP_MUC,DC=myDomain,DC=com"
- AUTH_LDAP_BINDPASS=SecretPassword
- AUTH_LDAP_BASEDN="OU=employees,DC=myDomain,DC=com"
- AUTH_LDAP_FILTER="(&(objectClass=user)(mail=%s))"

ldapsearch -W -H ldaps://ldap.myDomain.com:636 -D "CN=LdapUser,OU=SystemUser,OU=User,OU=MyORG,DC=myDomain,DC=com" -b "OU=employees,DC=myDomain,DC=com" -s sub "uid=myUsername"

[AJOCHAM]

My Collegue asked: could it be that we have a self signed certificate and that one is not available in the container? so must be copied somehow...

[eivindt]

Yes, this could be the case. I've also struggled with a slapd instance that will simply disconnect if the certificates are not in order, and that fits well with the "unable to read LDAP response packet" message.

[StevenWeathers]

@AJOCHAM have you tried AUTH_LDAP_USE_TLS=true ?

[StevenWeathers]

• Each time I "leave a game" the container crashes (see log below)

thunderdome_1  | 2020/11/05 13:26:23 Access the WebUI via 127.0.0.1:8080
thunderdome_1  | 2020/11/05 13:26:29 error: websocket: close 1000 (normal)
thunderdome_1  | panic: concurrent write to websocket connection
thunderdome_1  |
thunderdome_1  | goroutine 34 [running]:
thunderdome_1  | github.com/gorilla/websocket.(*messageWriter).flushFrame(0xc0001b2e40, 0x140cd01, 0x140cda8, 0x0, 0x0, 0x0, 0x44bb18)
thunderdome_1  |  /go/pkg/mod/github.com/gorilla/websocket@v1.4.1/conn.go:610 +0x612
thunderdome_1  | github.com/gorilla/websocket.(*Conn).WriteMessage(0xc000020160, 0x8, 0x140cda8, 0x0, 0x0, 0x6b4426a21, 0x13efd00)
thunderdome_1  |  /go/pkg/mod/github.com/gorilla/websocket@v1.4.1/conn.go:763 +0x23d
thunderdome_1  | main.(*connection).write(0xc0002b2ad0, 0x8, 0x140cda8, 0x0, 0x0, 0x0, 0x0)
thunderdome_1  |  /go/src/github.com/stevenweathers/thunderdome-planning-poker/client.go:266 +0xa9
thunderdome_1  | main.(*subscription).writePump(0xc0003b43c0)
thunderdome_1  |  /go/src/github.com/stevenweathers/thunderdome-planning-poker/client.go:281 +0x1f8
thunderdome_1  | created by main.(*server).serveWs.func1
thunderdome_1  |  /go/src/github.com/stevenweathers/thunderdome-planning-poker/client.go:350 +0x9f1
thunderdome_1  | 2020/11/05 13:26:56 exec: "go": executable file not found in $PATH:

Finally found the solution to this problem, learned a bit more about goroutine concurrency in the process ;)

[AJOCHAM]

I tried all combinations:

• AUTH_LDAP_USE_TLS=true
• AUTH_LDAP_URL=ldap://ldap.myDomain.com:636 2020/11/06 08:44:56 Failed securing ldap connection unable to read LDAP response packet: read tcp 192.168.64.4:46752->10.251.128.150:636: read: connection reset by peer

• AUTH_LDAP_USE_TLS=false

• AUTH_LDAP_URL=ldap://ldap.myDomain.com:636 2020/11/06 08:48:09 Failed binding for authentication: unable to read LDAP response packet: read tcp 192.168.96.4:58824->10.251.128.150:636: read: connection reset by peer

• AUTH_LDAP_USE_TLS=false

• AUTH_LDAP_URL=ldaps://ldap.myDomain.com:636 2020/11/06 08:49:24 Failed connecting to ldap server at ldaps://ldap.myDomain.com:636

• AUTH_LDAP_USE_TLS=true

• AUTH_LDAP_URL=ldaps://ldap.myDomain.com:636 2020/11/06 08:50:38 Failed connecting to ldap server at ldaps://ldap.myDomain.com:636

[AJOCHAM]

I even updated and repeated the test

[AJOCHAM]

The crash seems to be solved, although I still see error on the LOGs when I "delete a game" thunderdome_1 | 2020/11/06 10:18:26 close error: close tcp 192.168.192.4:8080->10.251.27.237:56250: use of closed network connection

[StevenWeathers]

The crash seems to be solved, although I still see error on the LOGs when I "delete a game" thunderdome_1 | 2020/11/06 10:18:26 close error: close tcp 192.168.192.4:8080->10.251.27.237:56250: use of closed network connection

Yea that's normal because of how delete is currently working, long as it's not crashing the app that can be addressed later.

[StevenWeathers]

Closing this as the original issues should be resolved.