Closed didil closed 1 year ago
Thats strange, --cap-add=NET_RAW
fixed it for me when I was testing it. Are you sure it was specified correctly?
@jimaek just tested manually by copy pasting the exact command from the probe repo Readme, same result:
$ podman run --cap-add=NET_RAW -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe
078f3e4cd8d60e52c2506b28f2ff427ad600ba95cc503c93bcd8b783fab5ef44
$ podman logs globalping-probe
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Checking for the latest version
Current version 0.20.0
Latest version 0.20.0
[2023-04-24 17:40:57] [INFO] [682] [general] Start probe version 0.20.0 in a production mode
[2023-04-24 17:40:58] [DEBUG] [682] [general] connection to API established
[2023-04-24 17:40:58] [INFO] [682] [api:connect] connected from (Council Bluffs, US, NA) (lat: 41.2619 long: -95.8608)
[2023-04-24 17:40:58] [WARN] [682] [status-manager] ping test promise rejected: Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net
ping: socket: Operation not permitted
{
shortMessage: 'Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
command: 'unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
escapedCommand: 'unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net',
exitCode: 2,
signal: undefined,
signalDescription: undefined,
stdout: 'ping: socket: Operation not permitted',
stderr: '',
failed: true,
timedOut: false,
isCanceled: false,
killed: false
}
Error: Command failed with exit code 2: unbuffer ping -4 -c 6 -i 0.2 -w 15 l.root-servers.net
ping: socket: Operation not permitted
at makeError (file:///app/node_modules/execa/lib/error.js:59:11)
at handlePromise (file:///app/node_modules/execa/index.js:119:26)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Promise.allSettled (index 0)
at async StatusManager.pingTest (file:///app/dist/lib/status-manager.js:49:25)
at async StatusManager.runTest (file:///app/dist/lib/status-manager.js:36:24)
at async StatusManager.start (file:///app/dist/lib/status-manager.js:19:9)
at async Socket.<anonymous> (file:///app/dist/helper/api-connect-handler.js:8:5)
I am confused, I just started a fresh Debian 11 VM and did apt install podman
I copy pasted your command from your comment and it works just fine.
What version of podman do you have and how did you install it?
That was podman 3. I also installed podman 4.5 and it worked as well
@jimaek Here are the exact steps to replicate:
sudo apt-get update
sudo apt-get -y install podman
podman -v
, it returns podman version 3.0.1
podman run --cap-add=NET_RAW -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe
ping: socket: Operation not permitted
I just did every single step in your command, I used Google Cloud, same OS, same commands https://dl.dropboxusercontent.com/s/umk84q1woxkh4dm/chrome_2023-04-25_12-57-25.png
Are you sure you're not enabling some kind of "hardening" feature on top of the OS?
@jimaek I see you're logged in as root ? I'm executing the commands as a regular user, not root.
oh makes sense then, obviously you can't give -cap-add=NET_RAW
because it belongs to root. We need to add a sudo prefix to all podman commands then to make this clear
Will it even work with the CLI properly if the user running it is not root? Please test
@jimaek Added sudo to the podman commands, tested in the same gcp box, it works now. Also added a message about the fact that sudo podman
is used.
Fixes #51
Adds Podman support to the install-probe command
Tested on Debian Linux 11
Detects podman installation, even when aliased to "docker"
I've added info about the need to install a service to run podman container on boot, as mentioned here https://github.com/jsdelivr/globalping-probe/blob/master/README.md#podman-alternative
I've used the podman command from the globalping-probe repo README
podman run --cap-add=NET_RAW -d --network host --restart=always --name globalping-probe ghcr.io/jsdelivr/globalping-probe
, but when inspecting the podman logs I see this error: