Tag Archives: Network protocol

[Solved] failed to set bridge addr: “cni0“ already has an IP address different from xxxx

failed to set bridge addr: “cni0“ already has an IP address different from xxxx

Recently, when debugging Kubernetes to add or delete a node, and then deploying Pod on this node, a network card address error exception occurred. The troubleshooting solution for this exception is as follows:

Error:

(combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox “745720ffb20646054a167560299b19bb9ae046fe6c677b5d26312b89a26554e1”: failed to set bridge addr: “cni0” already has an IP address different from 172.20.2.1/24

 

Solution:

  1. Delete the node without restarting the node server, restart the node server (in this case, it is usually caused by the server cache, restart the server on it)
  2. After restarting the server or not, delete the wrong NIC on the node and wait for the system to rebuild automatically, the operation process is as follows.
sudo ifconfig cni0 down    
sudo ip link delete cni0

python minio client Error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certific

Built minio service, support https, python call reported error.

urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='xx.xx.xx.xxx', port=9000): Max retries exceeded with url: /allstruct?location= (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1108)')))

Ignore the certificate error issue and try out the demo script


import os
from minio import Minio
import urllib3
from urllib.parse import urlparse
import certifi
from minio.commonconfig import REPLACE, CopySource
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


minio_endpoint = os.getenv("MINIO_ENDPOINT", "https://xxx.xxx.xxx.xxx:9000")
secure = True

minio_endpoint = urlparse(minio_endpoint)


if minio_endpoint.scheme == 'https':
    secure = True

ok_http_client=urllib3.PoolManager(
            timeout=urllib3.util.Timeout(connect=10, read=10),
            maxsize=10,
            cert_reqs='CERT_NONE',
            ca_certs= os.environ.get('SSL_CERT_FILE') or certifi.where(),
            retries=urllib3.Retry(
                total=5,
                backoff_factor=0.2,
                status_forcelist=[500, 502, 503, 504]
            )
        )


minioClient = Minio(minio_endpoint.netloc,
                    access_key='username',
                    secret_key='password',
                    http_client=ok_http_client,
                    secure=secure)

print(minioClient.list_buckets())

[Solved] error when starting dev server:Error: listen EACCES: permission denied 0.0.0.0:80 at Server.set

error when starting dev server:Error: listen EACCES: permission denied 0.0.0.0:80 at Server.set

error when starting dev server:
Error: listen EACCES: permission denied 0.0.0.0:80
at Server.setupListenHandle [as _listen2] (node:net:1313:21)
at listenInCluster (node:net:1378:12)
at Server.listen (node:net:1465:7)Using cnpm install works

mac to 8090.

mac terminal port view command
View Port thread lsof -i:4700
$ lsof -i:4700
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
node 12159 yyyyyy 23u IPv4 0x76b4f5051c4983f3 0t0 TCP *:netxms-agent (LISTEN)

The PID here is the process number that occupies port 4700
kill 4700
Solution:
View mac terminal port command netstat -AaLlnW
Method 1
// Check if port 80 is occupied
sudo lsof -i :80

Method 2
netstat -anp tcp | grep 80
The following command can directly end all processes that are occupying the port.
lsof -P | grep ‘:80’ | awk ‘{print $2}’ | xargs kill -9

Ps -ef|grep program name

 

[Solved] ffmpeg Enable https Error: “ERROR: openssl not found”

ffmpeg can use libssl.so libcrypto.so dynamic library, or libssl.a libcrypto.a static library, the next is to say that obviously the inventory is there, but the compiler still can not find openssl.

Search the ffmpeg source code, and you can find that the prompt is printed in the configure file. The source code is as follows:

enabled openssl           && { use_pkg_config openssl openssl/ssl.h OPENSSL_init_ssl ||
                               check_lib openssl/ssl.h OPENSSL_init_ssl -lssl -lcrypto ||
                               use_pkg_config openssl openssl/ssl.h SSL_library_init ||
                               check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto ||
                               check_lib openssl/ssl.h SSL_library_init -lssl32 -leay32 ||
                               check_lib openssl/ssl.h SSL_library_init -lssl -lcrypto -lws2_32 -lgdi32 ||
                               die "ERROR: openssl not found"; }

You can find that ffmpeg is trying OpenSSL one by one. My config The log shows that the last one has been checked, but OpenSSL is still not found.

The reason is that I am using a newer openssl library, the old openssl library uses ‘SSL_library_init’ to initialize, the newer openssl version uses ‘OPENSSL_init_ssl’ to initialize. The new version of openssl uses ‘OPENSSL_init_ssl’ to initialize, and because it does not pass the check, this error is reported here.

Solution:

Add a line to check ‘check_lib openssl/ssl.h OPENSSL_init_ssl -lssl -lcrypto ‘ and it will pass, above is what I have added.

 

[Solved] OpenSSL Error messages: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

In these two days, the service has been reporting when calling Baidu’s addressing and positioning interface and reverse address resolution:

file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages:
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

The query results of the interface are affected, and finally the curl call problem is solved:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSLVERSION, 4);
$reponse = curl_exec($ch);

CURLOPT_SSLVERSION Fetch value and meaning
CURL_SSLVERSION_TLSv1_2 requires php version >= 5.5.19
TLS 1.1 and TLS 1.2 are supported since OpenSSL 1.0.1

CURL_SSLVERSION_DEFAULT (0)
CURL_SSLVERSION_TLSv1 (1),
CURL_SSLVERSION_SSLv2 (2), 
CURL_SSLVERSION_SSLv3 (3),
CURL_SSLVERSION_TLSv1_0 (4),
CURL_SSLVERSION_TLSv1_1 (5),
CURL_SSLVERSION_TLSv1_2 (6).

[Solved] mosquitto log Error: SSL routines:SSL3_READ_BYTES:tlsv1 alert decrypt error

Problem description

The following errors occurred in the TLS/SSL of mosquitto during the test today, indicating that the error occurred in the TLS version:

I know that the default tls version of mosquitto_pub and mosquitto_sub is tlsv1.2, however, the version of openssl in my virtual machine is 1.1.1, and the tls_version tlsv1.1 is configured in mosquitto.conf (one-way authentication is configured here, two-way authentication is also (here the configuration is one-way authentication, two-way authentication is also applicable), so there will be tls version error.


Solution:

For C programs of mosquitto library
Use the API mosquitto_tls_set() before attaching mosquitto_tls_opts_set(), this API can set the corresponding tls version of the client, note that the tls version defaults to tlsv1.2.

The code is as follows:

int    rc = -1;

rc = mosquitto_tls_opts_set(mosq, 1, "tlsv1.1", NULL);
if( rc != MOSQ_ERR_SUCCESS )
{
    printf("mosquitto_tls_opts_set failure.\n");
    exit(1);
}

rc = mosquitto_tls_set(mosq, CAFILE, CAPATH, CERTFILE, KEYFILE, NULL);
if( rc != MOSQ_ERR_SUCCESS )
{
    printf("mosquitto_tls_set failure.\n");
    exit(1);
}

On the mosquitto command line

The following is the test of one-way authentication (in case of two-way authentication, add the certificate and key by yourself)

mosquitto_ pub -h 192.168.222.130 -p 8884 -t “hello” -m “hi sub” –tls-version tlsv1. 1 –cafile ./ ca/ca.crt

mosquitto_ sub -h 192.168.222.130 -p 8884 -t “hello” –tls-version tlsv1. 1 –cafile ./ ca/ca.crt

If the problem is solved successfully, it can be connected normally:

[vite] http proxy error: Error: self signed certificate in certificate chain vite

In order to prevent cross domain problems when requesting interfaces, vite proxy is used for configuration.

For example, the address of the request interface is https://172.1.1.0:8080 , the vite configuration information is as follows:

...

server: {
        host: '0.0.0.0',
        port: 12000,
        proxy: {
            '/local/': {
                target: 'https://172.1.1.0:8080',
                changeOrigin: true,
                rewrite: (path) => path.replace(/^\/local\//, ''),
            },
        },
},

...

Local requests are all interfaces. You only need to add a prefix -/local /. For example, the login interface is’/local/Login ‘.

So I went to request and found that the error was reported directly. The error information is as follows:

[vite] http proxy error: Error: self signed certificate

The certificate is wrong.

Solution: add a configuration – secure: false The overall configuration code is as follows:

proxy: {
            '/local/': {
                target: '',
                

                // Add
                secure: false,
                // End




                changeOrigin: true,
                rewrite: (path) => path.replace(/^\/local\//, ''),
            },
        },

Then try again. Sure enough, there’s no problem.

[Solved] Swagger Error: Whitelabel Error Page status=405

The swagger link is accessed with the following error

Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Thu Mar 17 20:14:30 CST 2022
There was an unexpected error (type=Method Not Allowed, status=405).
Request method ‘GET’ not supported

The reason is that @PostMapping does not have a configured path

   @PostMapping
    public UserInfoResponse queryUserNameById(@RequestBody UserInfoRequest request){
        log.info("Query user name request parameters",request);
        UserInfoResponse response = userService.selectUserNameById(request);
        log.info("Query user name return parameters",request);
        return response;
    }

[Solved] wsgiref make_server Error: AssertionError: write() argument must be a bytes instance

from wsgiref.simple_server import make_server


def application(env, start_response):
    response_body = ["%s: %s" % (key, value) for key, value \
    in sorted(env.items())]
    response_body = '\n'.join(response_body)
    status = "200 ok"
    response_head = [("ContextType", "text/plain"), ("ContextLength",str(len(response_body)))]

    start_response(status, response_head)
    return [response_body]

httpd = make_server(
    "localhost",
    8000,
    application
)

httpd.handle_request()

An error is reported when accessing port 8000. The coding problem is modified in the

code

return [response_body]  
=>Modfied
return [response_body.encode('utf-8')]

Normal operation

SpringBoot :Error parsing HTTP request header [How to Solve]

Most of these problems are container problems. There are two solutions:

1. Maybe the header cache in Tomcat is not enough

  tomcat:
    # URI encoding of tomcat
     uri-encoding: UTF-8
     # tomcat maximum number of threads, the default is 200
     max-threads: 800
     # Tomcat starts the number of threads to initialize, the default value is 25
    min-spare-threads: 30
    max-http-form-post-size: 2MB
    max-http-header-size: 8096

2. If it hasn’t been solved

@Configuration
public class TomcatConfigurer {

    @Bean
    public TomcatServletWebServerFactory webServerFactory() {
        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
        factory.addConnectorCustomizers((Connector connector) -> {
            connector.setProperty("relaxedPathChars", "\"<>[\\]^`{|}");
            connector.setProperty("relaxedQueryChars", "\"<>[\\]^`{|}");
        });
        return factory;
    }

}