I'm trying to deploy a TPM service inside a docker container following the instructions detailed in https://github.com/vchatterji/tpm2-luks (this process perfectly worked for me on a virtual machine with Ubuntu 18.04 installed).
Everything works well until TPM-ABRMD service is required to be enabled, thus needing to execute udevadm and systemctl commands in order to restart udev rules and enable+activate the service.
Neither of these commands are available from inside my docker container by default, and although I figured out a workaround for being able to use udevadm and manually set the symlinks associated with systemctl enable, it wasn't enough to start ABRMD service.
Is there something I'm missing? I've tried many other possibilities and none has worked.
I'm using docker-compose, and the container in which I'd like to install this service has this docker-compose.yml file associated:
version: '3'
services:
api:
build:
context: dockerfiles
image: api
container_name: api
restart: unless-stopped
ports:
- ${API_EXTERNAL_PORT}:8080
depends_on:
- sql
environment:
HOST_DB: sql
PORT_DB: 3306
NAME_DB: ${MYSQL_DATABASE}
PASSWORD_DB: ${MYSQL_PASSWORD}
USER_DB: ${MYSQL_USER}
And the following Dockerfile (inside /dockerfiles):
FROM ubuntu:18.04
WORKDIR /app
RUN apt-get update && apt-get install -y openjdk-8-jdk
ENV JAVA_OPTS ""
ENTRYPOINT ["sh", "-c"]
CMD ["java $JAVA_OPTS -Djava.secutiry.egd=file:/dev/./urandom -jar /app/app.war"]
Thanks in advance.
Related
I have an app running on docker. I am gonna deploy it to ubuntu server.
So I want that when i call domain or ip from browser (ex: mydomain.com) it displays my app in browser.
What configuration should I do in docker or apache conf. file?
Thank you!
The answer depends on many details you did not provide about your application.
In general you should write a docker compose file like this:
version: "3.5"
services:
nginx:
container_name: my-app
image: ubuntu:latest
hostname: myapp.com
ports:
- 80:8080
entrypoint: sh -c /myapp-init-command.sh
volumes:
- /www/host/folder:/var/www/html
As you can see you should decide on which web server rely on.
For example, if you need of apache you should change image to a one which provides ready to use apache, or write a docker file which installs it into a stock ubuntu server like the one provided in my example.
Here an example of this...
docker file
FROM ubuntu:latest
ARG DEBIAN_FRONTEND=noninteractive
RUN apt update
RUN apt install apache2 -y
ENV APACHE_RUN_USER www-data
ENV APACHE_RUN_GROUP www-data
ENV APACHE_LOG_DIR /var/log/apache2
EXPOSE 8080
CMD ["apachectl", "-D", "FOREGROUND"]
docker compose file
version: "3.5"
services:
nginx:
container_name: my-app
build:
context: .
dockerfile: myapp.dockerfile
hostname: myapp.com
ports:
- 80:8080
volumes:
- /www/host/folder:/var/www/html
I have a very basic node/express app with a dockerfile and a docker-compose file. When I run the docker container using
docker run -p 3000:3000 service:0.0.1 npm run dev
I can go to localhost:3000 and see my service. However, when I do:
docker-compose run server npm run dev
I can't see anything on localhost:3000, below are my files:
Dockerfile
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
EXPOSE 3000
docker-compose.yml
version: "3.7"
services:
server:
build: .
ports:
- "3000:3000"
image: service:0.0.1
environment:
- LOGLEVEL=debug
depends_on:
- db
db:
container_name: "website_service__db"
image: postgres
environment:
- POSTGRES_USER=user
- POSTGRES_PASSWORD=pass
- POSTGRES_DB=website_service
also, everything is working fine from the terminal/docker side - no errors and services are running fine, i just cant access the node endpoints
tl;dr
docker-compose run --service-ports server npm run dev
// the part that changed is the new '--service-ports' argument
the issue was a missing docker-compose run argument --service-ports:
from these docs:
The second difference is that the docker-compose run command does not create any of the ports specified in the service configuration. This prevents port collisions with already-open ports. If you do want the service’s ports to be created and mapped to the host, specify the --service-ports flag:
I'm taking over a website https://www.funfun.io. Unfortunately, I cannot reach the previous developer anymore.
This is a AngularJS+Node+Express+MongoDB application. He decided to use bitnami+docker+nginx in the server. Here is docker-compose.yml:
version: "3"
services:
funfun-node:
image: funfun
restart: always
build: .
environment:
- MONGODB_URI=mongodb://mongodb:27017/news
env_file:
- ./.env
depends_on:
- mongodb
funfun-nginx:
image: funfun-nginx
restart: always
build:
context: .
dockerfile: Dockerfile.nginx
ports:
- "3000:8443"
depends_on:
- funfun-node
mongodb:
image: mongo:3.4
restart: always
volumes:
- "10studio-mongo:/data/db"
ports:
- "27018:27017"
networks:
default:
external:
name: 10studio
volumes:
10studio-mongo:
driver: local
Dockerfile.nginx:
FROM bitnami/nginx:1.16
COPY ./funfun.io /opt/bitnami/nginx/conf/server_blocks/default.conf
COPY ./ssl/MyCompanyLocalhost.cer /opt/MyCompanyLocalhost.cer
COPY ./ssl/MyCompanyLocalhost.pvk /opt/MyCompanyLocalhost.pvk
Dockerfile:
FROM node:12
RUN npm install -g yarn nrm --registry=https://registry.npm.taobao.org && nrm use cnpm
COPY ./package.json /opt/funfun/package.json
WORKDIR /opt/funfun
RUN yarn
COPY ./ /opt/funfun/
CMD yarn start
In my local machine, I could use npm start to test the website in a web browser.
I have access to the Ubuntu server. But I'm new to bitnami+docker+nginx, I have the following questions:
In the command line of Ubuntu server, how could I check if the service is running (besides launching the website in a browser)?
How could I shut down and restart the service?
Previously, without docker, we could start mongodb by sudo systemctl enable mongod. Now, with docker, how could we start mongodb?
First of all, to deploy the services mentioned in the compose file locally, you should run the below command
docker-compose up
docker-compose up -d # in the background
After running the above command docker containers will be created and available on your machine.
To list the running containers
docker ps
docker-compose ps
To stop containers
docker stop ${container name}
docker-compose stop
mongodb is part of the docker-compose file and it will be running once you start other services. It will also be restarted automatically in case it crashes or you restarted your machine.
One final note, since you are using external networks you may need to create the network before starting the services.
1.
docker-compose ps will give you the state of your containers
2.
docker-compose stop will stop your containers, keeping their state then you may start them as their are using docker-compose up
docker-compose kill will delete your containers
docker-compose restart will restart your containers
3.
By declaring your mongodb using an official mongo image your container start when you do docker-compose up without any other intervention.
Or you can add command: mongod --auth directly into your docker-compose.yml
the official documentation of docker is very detailed and help a lot for all of this, keep looking on it https://docs.docker.com/compose/
I'm a beginner with docker and I created a docker-compose file that can provide our production environment and I want to use it for our client servers for production environment also I want to use it locally and without internet.
Now, I have binaries of docker and docker compose and saved images that I want to load to a server without internet. this is my init bash script on Linux :
#!/bin/sh -e
#docker
tar xzvf docker-18.09.0.tgz
sudo cp docker/* /usr/bin/
sudo dockerd &
#docker-compose
cp docker-compose-Linux-x86_64 /ussr/local/bin/docker-compose
chmod +x /ussr/local/bin/docker-compose
#load images
docker load --input images.tar
my structure :
code/*
nginx/
site.conf
logs/
phpfpm/
postgres/
data/
custom.ini
.env
docker-compose.yml
docker-compose file:
version: '3'
services:
web:
image: nginx:1.15.6
ports:
- "8080:80"
volumes:
- ./code:/code
- ./nginx/site.conf:/etc/nginx/conf.d/default.conf
- ./nginx/logs:/var/log/nginx
restart: always
depends_on:
- php
php:
build: ./phpfpm
restart: always
volumes:
- ./phpfpm/custom.ini:/opt/bitnami/php/etc/conf.d/custom.ini
- ./code:/code
db:
image: postgres:10.1
volumes:
- ./postgres/data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PASSWORD}
ports:
- 5400:5432
There are some questions :
Why docker doesn't exist in Linux services? but when I install docker by apt-get it goes to Linux services list. How can I set docker as a service and enable it for loading on startup?
How can I set docker-compose in Linux services to run when system startup?
Install docker with package sudo dpkg -i /path/to/package.deb that you can download from https://download.docker.com/linux/ubuntu/dists/.
Then do post install, sudo systemctl enable docker. This will start docker at system boots, combined with restart: always your previous compose will be restarted automatically.
I think that dockerd is creating a daemon, but you have to enable it.
$ sudo systemctl enable docker
Add restart: always to your db container.
How the docker restart policies work
I have this folder structure:
/home/me/composetest
/home/me/composetest/mywildflyimage
Inside composites I have this docker-compose.yml:
web:
image: test/mywildfly
container_name: wildfly
ports:
- "8080:8080"
- "9990:9990"
Inside mywildflyimage I have this docker image:
FROM jboss/wildfly
EXPOSE 8080 9990
ADD standalone.xml /opt/jboss/wildfly/standalone/configuration/
RUN /opt/jboss/wildfly/bin/add-user.sh admin admin --silent
CMD ["/opt/jboss/wildfly/bin/standalone.sh", "-b", "0.0.0.0", "-bmanagement", "0.0.0.0"]
If i run
docker built -t test/mywildfly .
docker-compose up
Everything works great, and the management part is minded to 0.0.0.0 (-bmanagement 0.0.0.0 part of the CMD command).
If I change my docker-compose.yml:
web:
build: mywildflyimage
container_name: wildfly
ports:
- "8080:8080"
- "9990:9990"
and run
docker-compose up
It still boots, but the admin part is not bound to 0.0.0.0 anymore (this is the default behaviour for the image I inherited from).
Why does it stop working when I use the build command in the docker-compose.ml?
EDIT: It seems that it is ignoring all my docker file commands.
run docker-compose build after changing docker-comopse.yml and then docker-compose up
Before you type docker-compose up, you should build images with docker-compose build [options] [SERVICE...].
Options:
--force-rm Always remove intermediate containers.
--no-cache Do not use cache when building the image.
--pull Always attempt to pull a newer version of the image.
In your case, ex: docker-compose build --no-cache web