How can I disable internet access for docker containers - networking

I'm trying to run untrusted code inside a docker container and prohibit internet access for it.
I've already tried iptables -I DOCKER -i docker0 -j DROP
iptables: No chain/target/match by that name.
Result of lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 15.04
Release: 15.04
Codename: vivid
Result of docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
virtual_machine latest 5f2b8cea6752 3 months ago 2.795 GB
chug/ubuntu14.04x64 latest 81b68b976893 2.087208 years ago 224.7 MB
Find the project for reference here

Related

how to install OpenStack on Ubuntu in 2022

On youtube there are many guides that show how to install openstack on ubuntu I have tried them and they seem not to work
For example with Devstack I fail every time the installation with .Stack.sh, with MicroStack I fail the initialization
I can't install OpenStack in any way!
could somebody help me?
I have installed openstack from various different ways but for me installing through Devstack is the easiest and the most convenient way to do it.
Let me share the installation steps that I use:
Firstly few prerequisites:
A fresh Ubuntu 20.04 installation (Ubuntu 18.04 Works)
8 GB RAM (4 GB RAM works)
4 vCPUs (2 vCPUs works)
Hard disk capacity of 20 GB (min 10 GB)
Step 1 : apt update -y && apt upgrade -y
Step 2: Create Stack user:
sudo adduser -s /bin/bash -d /opt/stack -m stack
echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
su - stack
Step 3:
git clone https://git.openstack.org/openstack-dev/devstack
cd devstack
Step 4: Create devstack configuration file
vim local.conf
Paste this:
[[local|localrc]]
# Password for KeyStone, Database, RabbitMQ and Service
ADMIN_PASSWORD=admin
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
# Host IP - get your Server/VM IP address from ip addr command
HOST_IP=0.0.0.0
Step 5: ./stack.sh
The setup will take about 10-15 minutes depending upon your system. Once installation is complete you can access the dashboard using https://your-ip/dashboard
Note: Incase the stack.sh fails make sure to use ./unstack and ./clean.sh before you use stack.sh again.

Docker version 1.13.1, Docker Swarm, jwilder/nginx-proxy will not start as a docker service

I'm trying to setup an Elasticsearch cluster on Docker following this guide: https://sematext.com/blog/2016/12/12/docker-elasticsearch-swarm/
But I'm consistently getting an error about /tmp/docker.sock after creating the jwilder/nginx-proxy service. The below console snip is from a freshly installed and updated CentOS7. I installed docker via yum following the instructions here: https://docs.docker.com/engine/installation/linux/centos/
[root#centos7]# docker -v
Docker version 1.13.1, build 092cba3
[root#centos7]#
[root#centos7]# docker service create --mode global \
> --name proxy -p 80:80 \
> --network elasticsearch-frontend \
> --network elasticsearch-backend \
> --mount type=bind,bind-propagation=rshared,src=/var/run/docker.sock,target=/tmp/docker.sock:ro \
> jwilder/nginx-proxy
xbhj4rzjyuu0k8maf1ha5fmgs
[root#centos7]# docker service ls
ID NAME MODE REPLICAS IMAGE
xbhj4rzjyuu0 proxy global 0/1 jwilder/nginx-proxy:latest
[root#centos7]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7ba303e0f8b6 jwilder/nginx-proxy#sha256:9a2d63aad9068f817c705965f41f2f32fa0bbef6b217ae5c9b2340ef23e3dcba "/app/docker-entry..." 2 seconds ago Created proxy.kifcc5gbdcxz5ixsbx7sl1cv8.zuizhtt7q94nluuudlgjgy1yi
2fe655a93aa4 jwilder/nginx-proxy#sha256:9a2d63aad9068f817c705965f41f2f32fa0bbef6b217ae5c9b2340ef23e3dcba "/app/docker-entry..." 10 seconds ago Exited (1) 3 seconds ago proxy.kifcc5gbdcxz5ixsbx7sl1cv8.baqn1204spbw5v6qxx6qjx327
7894fd0e1dee jwilder/nginx-proxy#sha256:9a2d63aad9068f817c705965f41f2f32fa0bbef6b217ae5c9b2340ef23e3dcba "/app/docker-entry..." 18 seconds ago Exited (1) 11 seconds ago proxy.kifcc5gbdcxz5ixsbx7sl1cv8.6s9u0q0y1kjelebszheius2es
51840cca0d32 jwilder/nginx-proxy#sha256:9a2d63aad9068f817c705965f41f2f32fa0bbef6b217ae5c9b2340ef23e3dcba "/app/docker-entry..." 26 seconds ago Exited (1) 19 seconds ago proxy.kifcc5gbdcxz5ixsbx7sl1cv8.wlwy723ts9kw00sgyu3s5f985
d52fd18567a9 jwilder/nginx-proxy#sha256:9a2d63aad9068f817c705965f41f2f32fa0bbef6b217ae5c9b2340ef23e3dcba "/app/docker-entry..." 34 seconds ago Exited (1) 27 seconds ago proxy.kifcc5gbdcxz5ixsbx7sl1cv8.wa5jk9xnly1tdxpbvonnjmoty
[root#centos7]# docker logs 2fe655a93aa4
ERROR: you need to share your Docker host socket with a volume at /tmp/docker.sock
Typically you should run your jwilder/nginx-proxy with: `-v /var/run/docker.sock:/tmp/docker.sock:ro`
See the documentation at http://git.io/vZaGJ
[root#centos7]#
The jwilder/nginx-proxy container works when launched as a single container using the -v option to mount docker.sock.
I've scoured google (the Docker docs, the jwilder/nginx-proxy git) looking for what would cause this and I've come up with nothing. Does anyone see something wrong? I'm new to docker, so maybe I'm missing something easy.
Thanks in advance! :-)
Instead of making a read-only mount of /var/run/docker.sock to /tmp/docker.sock, you are making a mount of /var/run/docker.sock to /tmp/docker.sock:ro , hence the application cries.
To rectify this, make a slight modification. Replace...
--mount type=bind,bind-propagation=rshared,src=/var/run/docker.sock,target=/tmp/docker.sock:ro
...with:
--mount type=bind,bind-propagation=rshared,src=/var/run/docker.sock,target=/tmp/docker.sock,ro=1
From the documentation:
readonly or ro: The Engine mounts binds and volumes read-write unless
readonly option is given when mounting the bind or volume. When true
or 1 or no value the bind or volume is mounted read-only. When false
or 0 the bind or volume is mounted read-write.

My docker container isn't starting on localhost (0.0.0.0) on Docker for Windows (Native using Hyper-V)

I'm following Digital Ocean's tutorial on how to start a nginx docker container (Currently on Step 4). Currently this is their output:
$ docker run --name docker-nginx -p 80:80 -d nginx
d3ccb73a91985651ec61231bca9f9c716f0dec807e354a29eeef2144f883a01c
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b91f3ce26553 nginx "nginx -g 'daemon off" About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 443/tcp docker-nginx
But when I run it, this is my output (noticed the different IP of the container):
C:\>docker run --name docker-nginx -p 80:80 -d nginx
d3ccb73a91985651ec61231bca9f9c716f0dec807e354a29eeef2144f883a01c
C:\>docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d3ccb73a9198 nginx "nginx -g 'daemon off" 14 hours ago Up 2 seconds 10.0.75.2:80->80/tcp, 443/tcp docker-nginx
Why does this happen? And how can I get the same results as Digital Ocean's? (Getting the server to start on localhost)
Edit: I'm using Docker for windows (recently released) which apparently runs native using Hyper-V. My output for docker-machine ls is this:
C:\>docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
C:\>
But when I run it, this is my output (noticed the different IP of the
container)
Since this a Windows machine, I assume that you're using Docker Toolbox Docker for Windows. 10.0.75.2 is the IP of the boot2docker virtual machine.
If you are using Windows or Mac OS, you will need some form of virtualization in
order to run Docker. The IP you just saw is the IP of that lightweight virtual machine.
And how can I get the same results as Digital Ocean's? (Getting the
server to start on localhost)
Use a Linux distribution! Also you can enable Expose container ports on localhost in Docker For Windows Settings:
Despite you created the containers in your local machine. These are actually running on a different machine (a virtual machine)
First, check what is the IP of your docker machine (the virtual machine)
$docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM
default * virtualbox Running tcp://192.168.99.100
Then run curl command (or open a browser) to view the default web site on your nginx web server inside the container
curl http://192.168.99.100:80
if you are using a virtual machine on windows:
docker-machine ip default
https://docs.docker.com/machine/concepts/
When I ran this command for the first time: docker run -d -p 80:80 --name docker-tutorial docker101tutorial
I got this error:
docker: Error response from daemon: Conflict. The container name
"/docker-tutorial" is already in use by container "LONG_CONTAINER_ID".
You have to remove (or rename) that container to be able to reuse that
name.
so, I tried to remove this container using: docker rm -f LONG_CONTAINER_ID
then I did: docker run -d -p 3080:80 --name docker-tutorial docker101tutorial
note 3080:80 instead of 80:80... Had I run this from the docker desktop, I would see this default option below:

Docker "/bin/bash" could not be invoked when mounting an NFS file with -v on openstack

I'm running an Ubuntu 14.04 instance that has docker installed on openstack. I'm trying to mount a volume into a docker container. I'm doing this with
docker run -t -i -v /mnt/data/dir:/mnt/test ubuntu
Where /mnt/data/dir is an NFS shared directory. Doing this gets me:
docker:
Error response from daemon: Container command '/bin/bash' could not be invoked..
However, using a local directory instead of a mounted directory works exactly as expected.
I understand that docker doesn't natively support an NFS mounted file system, however the errors I googled are usually not of the form that I've mentioned above.
Any clue on how to proceed
Edit: I forgot to mention that its not just limited to /bin/bash could not be invoked. I tried running a tomcat server and that gave me the exact same error.

Multiple postgreSQL Installations on the same system

I have installed two version of postgreSQL on my Windows 7 dev box. Ver. 9.1 (32-bit) and 9.2 (64-bit). During installation I assigned ver. 9.1 port 5432 and ver 9.2 port 5433. However, whenever I run basic commands like createdb.exe from the 9.2\bin directory, the command runs against the wrong port. Regardless of what commands I run, they always default to the port of the first install (5432). The install directories and data directories are in different locations.
If you don't specify a port, the Postgres tools (e.g. psql) default to 5432. Use the -p switch to change the port that the tool should use, e.g.
psql -p 5433 mydb myuser
Or for the createdb command:
createdb -p 5433 the_new_db
Please read the respective chapters in the manual for details.
If you don't want to specify the port number each time, you can set an environment variable that is picked up by the Postgres tools. This is also explained in the manual: http://www.postgresql.org/docs/current/static/libpq-envars.html

Resources