[winswitch] Xpra running Wireshark in Docker container

Feldhaus, Florian Florian.Feldhaus at netapp.com
Wed Oct 11 09:25:56 BST 2017 

Hi Antoine,

thank you very much for the detailed answer. I have tried several of your suggestions and have some feedback inline:

> On 10/10/17 15:33, Feldhaus, Florian via shifter-users wrote:
>> I discovered Xpra several years ago, but never really used it until I was searching for a solution to make Wireshark available via a Webinterface. Using Docker and the Xpra HTML Client, I was able to create a Docker container with Xpra and Wireshark (see https://github.com/ffeldhaus/docker-wireshark). Based on the Docker image, I created a solution to proxy and analyze arbitrary TCP traffic with HAProxy and Wireshark - HAProxy acts as endpoint for e.g. NFS, SMB, HTTP or other services and forwards the traffic to the real service and Wireshark, accessed via Webbrowser, can analyze the traffic (see https://github.com/ffeldhaus/docker-network-traffic-analyzer for details).
>> 
>> I’m impressed by the features and abilities of Xpra and would like to thank everyone who helped to develop it.
>> 
>> During testing of the solution I discovered a few things were I would like to ask for your input:
>> - Installing Xpra requires a huge number of dependencies. It would be great to get some input how to reduce the number of dependencies to create a minimal docker image (currently it’s larger than 1GB.
> 1GB is huge! The most important dependencies are listed here:
> http://xpra.org/trac/wiki/Dependencies
> And the build and packaging dependencies are also documented here:
> http://xpra.org/trac/wiki/Building
> 
> This will largely depend on the distro you are on. Some Debian it seems?
> Our Debian packaging uses strict dependencies as well as both
> "Recommends" and "Suggests" weak dependencies.
> Not installing the weak dependencies will give you a stripped down
> installation, without support for printer or audio forwarding, mdns, etc
> For your use-case, you may also want to remove "ffmpeg-xpra" as per:
> http://xpra.org/trac/changeset/17145

I managed to reduce the docker image size quite a bit (to 480MB) by using the --no-install-recommends switch for apt-get install. Unfortunately changeset 17145 was not included in the latest available xpra 2.2 beta which is from yesterday morning. Could you trigger a new xpra 2.2 beta build for centos including that changeset?

I did see a few new errors though:

The following is probably related to python-uinput not being installed. If it is required, it should be a mandatory dependency. If it is not required, xpra shouldn’t fail.
2017-10-11 07:21:44,355 cannot access python uinput module:
2017-10-11 07:21:44,355  No module named uinput

The following is new as well
Error running "xauth add :0 MIT-MAGIC-COOKIE-1 7e0f55cb5f2a433993a09f12bcea0794": [Errno 2] No such file or directory

Even though I included dbus-control=no and dbus-proxy=no I still get this error:
/bin/sh: 1: dbus-launch: not found
dbus-launch failed to start using command 'dbus-launch --close-stderr':
 exit code is 127
2017-10-11 07:21:54,388 Warning: menu forwarding is disabled:
2017-10-11 07:21:54,388  cannot load dbus helper: No module named dbus

The following is also new and I would like to understand if I should install this package as dependency. For what does xpra use the package?
2017-10-11 07:21:54,404 Warning: the python netifaces package is missing

There is one message regarding Gstream which I don’t understand
Warning: failed to import GStreamer 1.x:
 No module named gi

>> - Running current stable Xpra version results in several error messages (see below). I’d appreciate input why these occur (check https://github.com/ffeldhaus/docker-wireshark/blob/master/xpra.conf for the config options). I’d be especially interested in
>>   - Why does renaming '/run/user/1000/xpra/Xorg.S1.log' to '/run/user/1000/xpra/Xorg.:0.log' fail?
> That's a bug in the Xorg server, a fix has been submitted upstream:
> http://xpra.org/trac/ticket/1192

Let’s wait and see when this will be merged into Xorg.

>>   - Why does Xpra try to create socket directory in '/run/xpra' even though socket dir was specified as /run/user/1000/xpra and xpra was run as non root user?
> See "socket-dirs" as well as "socket-dir".
> (yes, it is a bit confusing having both, we kinda messed up that one -
> too late to go back, sorry)

Using socket-dirs instead of socket-dir fixed this.

>>   - Why does Xpra show an ERROR related to X11 property 'PULSE_SERVER' even though pulseaudio=no is specified in config file?
> The "_sound_query" subcommand is probing gstreamer to see what elements
> should be used for audio forwarding, and part of this query will try to
> figure out if pulseaudio is available. (which is separate from the
> pulseaudio=no command line option which controls if we start it or not)
> 
> For whatever reason, your "/usr/bin/xpra" ends up trying to use GTK3
> (maybe loading GTK2 failed?), this doesn't work well before xpra 2.2

This seems to be fixed in xpra 2.2. The only error left is the following, which I understand should be a warning:
2017-10-11 07:21:56,950 Error: failed to query sound subsystem:
2017-10-11 07:21:56,950  query did not return any data

>> - When I access Wireshark via Webinterface using Firefox 57 I have issues with special characters (y and z are working correct, but ! = # as well as öäü and others are not working). I’ve seen some fixed issues around this, but this seems to be a new one. With Chrome it works better, but not perfect (! = # work but öäü do not work). Should I report this as an issue?
> Yes please. Make sure you include all the required details:
> https://www.xpra.org/trac/wiki/Keyboard#ReportingBugs
> 
> Keyboard mapping issues are always "interesting".
> 
>> - Is it possible to force SSL connections when accessing the HTML client? I successfully configured SSL, but ideally all HTTP connections should be upgraded to HTTPS (maybe using HSTS).
> In xpra 2.2, you can specify different socket types for different ports.
> For example:
> xpra --bind-wss=0.0.0.0:14500
> This will only allow secure websockets / https.
> 
> For more information, see:
> https://xpra.org/trac/ticket/1504#comment:2

Using --bind-wss works to enfore SSL when using xpra 2.2.

> 
> Cheers
> Antoine
> 
> 
>> wireshark> | _XSERVTransmkdir: ERROR: euid != 0,directory /tmp/.X11-unix will not be created.
>> wireshark> | Failed to rename log file "/run/user/1000/xpra/Xorg.S1.log" to "/run/user/1000/xpra/Xorg.S1.log": No such file or directory
>> wireshark> | 
>> wireshark> | X.Org X Server 1.19.2
>> wireshark> | Release Date: 2017-03-02
>> wireshark> | X Protocol Version 11, Revision 0
>> wireshark> | Build Operating System: Linux 4.9.0-3-amd64 x86_64 Debian
>> wireshark> | Current Operating System: Linux ec148b063ca0 3.10.0-514.26.2.el7.x86_64 #1 SMP Tue Jul 4 15:04:05 UTC 2017 x86_64
>> wireshark> | Kernel command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.26.2.el7.x86_64 root=/dev/mapper/centos_florianf--centos-root ro crashkernel=auto rd.lvm.lv=centos_florianf-centos/root rd.lvm.lv=centos_florianf-centos/swap rhgb quiet LANG=en_US.UTF-8
>> wireshark> | Build Date: 07 July 2017  06:14:06AM
>> wireshark> | xorg-server 2:1.19.2-1+deb9u1 (https://www.debian.org/support) 
>> wireshark> | Current version of pixman: 0.34.0
>> wireshark> |  Before reporting problems, check http://wiki.x.org
>> wireshark> |  to make sure that you have the latest version.
>> wireshark> | Markers: (--) probed, (**) from config file, (==) default setting,
>> wireshark> |  (++) from command line, (!!) notice, (II) informational,
>> wireshark> |  (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
>> wireshark> | (++) Log file: "/run/user/1000/xpra/Xorg.S1.log", Time: Mon Oct  9 17:52:39 2017
>> wireshark> | (++) Using config file: "/etc/xpra/xorg.conf"
>> wireshark> | (==) Using system config directory "/usr/share/X11/xorg.conf.d"
>> wireshark> | failed to rename Xorg log file from '/run/user/1000/xpra/Xorg.S1.log' to '/run/user/1000/xpra/Xorg.:0.log'
>> wireshark> |  [Errno 2] No such file or directory
>> wireshark> | 2017-10-09 17:52:45,508 Warning: skipping duplicate bind path /run/user/1000/xpra/ec148b063ca0-0
>> wireshark> | 2017-10-09 17:52:45,509 Warning: failed to create socket directory '/run/xpra'
>> wireshark> | 2017-10-09 17:52:45,509  [Errno 13] Permission denied: '/run/xpra'
>> wireshark> | 2017-10-09 17:52:45,512 created unix domain socket: /run/user/1000/xpra/ec148b063ca0-0
>> wireshark> | 2017-10-09 17:52:45,513 created unix domain socket: /home/wireshark/.xpra/ec148b063ca0-0
>> wireshark> | 2017-10-09 17:52:45,513 Warning: cannot create socket '/run/xpra/ec148b063ca0-0'
>> wireshark> | 2017-10-09 17:52:45,513  [Errno 2] No such file or directory
>> wireshark> | 2017-10-09 17:52:45,513  /run/xpra does not exist
>> wireshark> | 2017-10-09 17:52:45,514  user 'wireshark' is a member of groups: xpra
>> wireshark> | 2017-10-09 17:52:45,514   failed to query path information for '/run/xpra': [Errno 2] No such file or directory: '/run/xpra'
>> wireshark> | 2017-10-09 17:52:50,970 serving html content from: /usr/share/xpra/www
>> wireshark> | Error: cannot get X11 property 'PULSE_SERVER'
>> wireshark> | Traceback (most recent call last):
>> wireshark> |   File "/usr/lib/python2.7/dist-packages/xpra/sound/pulseaudio/pulseaudio_common_util.py", line 24, in get_x11_property
>> wireshark> |>  from xpra.x11.bindings.window_bindings import X11WindowBindings
>> wireshark> |   File "xpra/x11/bindings/window_bindings.pyx", line 12, in init xpra.x11.bindings.window_bindings (xpra/x11/bindings/window_bindings.c:15092)
>> wireshark> |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/error.py", line 42, in <module>
>> wireshark> |>  gdk = import_gdk()
>> wireshark> |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 118, in import_gdk
>> wireshark> |>  return  _try_import(import_gdk3, import_gdk2)
>> wireshark> |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 38, in _try_import
>> wireshark> |>  return  import_method_gtk3()
>> wireshark> |   File "/usr/lib/python2.7/dist-packages/xpra/gtk_common/gobject_compat.py", line 113, in import_gdk3
>> wireshark> |>  gi.require_version('Gdk', '3.0')
>> wireshark> |   File "/usr/lib/python2.7/dist-packages/gi/__init__.py", line 118, in require_version
>> wireshark> |>  raise ValueError('Namespace %s not available' % namespace)
>> wireshark> | ValueError: Namespace Gdk not available
>> wireshark> |  for python sys.version_info(major=2, minor=7, micro=13, releaselevel='final', serial=0)
>> wireshark> |  xpra command=['/usr/bin/xpra', '_sound_query']
>> wireshark> | 2017-10-09 17:52:51,997 GStreamer version 1.10.4 for Python 2.7.13 64-bit
>> wireshark> | 2017-10-09 17:52:52,114 2.8GB of system memory
>> wireshark> | 2017-10-09 17:52:52,160 started command 'wireshark' with pid 53
>> wireshark> | 2017-10-09 17:52:52,161 xpra X11 version 2.1.2-r16903 64-bit
>> wireshark> | 2017-10-09 17:52:52,161  uid=1000 (wireshark), gid=1000 (wireshark)
>> wireshark> | 2017-10-09 17:52:52,161  running with pid 1 on Linux Debian 9.1 stretch
>> wireshark> | 2017-10-09 17:52:52,162  connected to X11 display :0 with 24 bit colors
>> wireshark> | 2017-10-09 17:52:52,434 xpra is ready.
>>  
>> Thanks a lot
>> Florian Feldhaus
>>  
>> Principal Consultant, Professional Services
>> NetApp Deutschland GmbH, Gladbecker Str. 5, D-40472 Düsseldorf
>> +49 151 12055 711 Mobil
>> florian.feldhaus at netapp.com
>>  
>> NetApp Deutschland GmbH, Sonnenallee 1, 85551 Kirchheim bei München Handelsregister: AG München HRB113907, VAT#: DE 182 196 996Geschäftsführer: Jörg Heßke, Claudia Berchtold, Stephen Faulkner
>> 
>> _______________________________________________
>> shifter-users mailing list
>> shifter-users at lists.devloop.org.uk
>> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>> 
> 
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>

More information about the shifter-users mailing list