Is it possible to install openssl in openshift? - docker

I have a script that encrypts the files that are created by my application. The script is a bat file, I am changing it to shell script because in openshift we use wildfly server in centOS and the script uses OpenSSL.
My question is
Is it possible to install OpenSSL in the container or image. If so, is there any issue?
Or do we need to create custom openshift container which has openssl installed.
I am new to openshift and all. So not aware of this.

The short answer is "Yes" - practically, you can add to a container image any tool that you need. It is usually regarded as a good practice to add only what you need to keep the image size small.
It is quite possible that there's an image already "out there" that has openssl installed on centos. You may have to build the image for reasons like security, company policies, etc.
First, create a new image from a base image. A sample Dockerfile:
FROM centos:centos7
# Switch to root to be able to install stuff
USER 0
# -y for unattended install
RUN yum install -y curl \
# clean up the yum cache
&& yum clean all
Build the image, then push it to a Docker registry. Next, reference the image in the deployment configuration as the image for a container.
With OpenShift you actually have the option of building images on OpenShift, including using Docker builds, and saving them automatically in OpenShift's integrated Docker registry.

Related

Docker - Extending a container with another image?

At my company, we have hardened containers created by the security team, and I would like to extend the hardened container with another docker image. For example, if we have a hardened Debian container, and I want to add Apache, how do I do this?
I understand I can use FROM to use a base, but the examples I've seen, don't add another level of published images to an existing base, but specific commands. Do I just go to the official Dockerhub Apache (HTTP) image and just copy and paste the commands from the github repo? I'm assuming there's a cleaner way (but not sure if there is).
For example, do I
FROM mycompanyprivaterepo/Debian:latest
//some command?
FROM httpd
docker build -t mynewimagewithapache
UPDATE:
After attempting via apt-get apache2 per some comments, it kept hanging on interactive questions, Solved with the help of comments using:
My Dockerfile:
FROM myprivaterepo/hardened-ubuntu
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get -qq install apache2
and building via:
$ docker build -t hardened-ubuntu-apache
Well, as far as I understood, you cannot use multi-stage builds and just
COPY --from=base-image /path/to/file/you-are-interested-in /path/inside/new-stage-image
in order to copy the required data to your preferred image. If this is the case, then you have to create your own Dockerfile with base image as your company mycompanyprivaterepo/Debian:latest, and then just create some layers on top of it in order to install required software, using RUN.

How can I use a custom build image in AWS Amplify?

Background: I was trying to run react-snap, which uses Puppeteer and headless chromium to generate HTML from javascript (React in this case). I actually was able to get it working in the default Amazon Linux build image eventually, but it left me super curious as to how to use a custom image.
When I try to use a custom image by pointing to a Docker Hub repo, the AWS Amplify build process fails with no log output. I am able to use this image locally without problems, so I suspect that I just don't understand what I need to provide for Amplify to run it.
According to the documentation, pulling from Docker Hub is supported, and it needs to have curl, git, openssh, and node for node projects. However, it doesn't have an example Dockerfile, or go into detail about what is actually run in the container.
This is the Dockerfile I used to test (with a bind mount) to confirm that this image contains everything I need to compile locally:
FROM alpine
RUN apk add --no-cache \
npm \
chromium \
curl \
openssh \
git
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
WORKDIR /app
I pushed it to Dockerhub # ertw/react-snap-builder so that I could reference it from AWS Amplify.
It seems Alpine is not supported yet:
https://github.com/aws-amplify/amplify-console/issues/100#issuecomment-528598420
This is the minimal image that worked for me: http://github.com/butaca/amplify-hugo (be aware that I'm new to Docker).
Note that at the time of writing Node is mandatory even for non Node apps.

Is it possible to create a docker image whitout OS?

To install my microservice binaries I need a centos. And since I have 20 microservice I'm trying to find a way to optimize the images size so I'm wondering if there's a way to create a docker image without os and at the moment of deployment Docker takes the OS Layer from cache to put it in all the images.. I'm a beginner so I don't know if I'm clear in my statements ?
Yes, look at the scratch keyword (docs):
You can use Docker’s reserved, minimal image, scratch, as a starting
point for building containers.
Also you may find useful using multi-stage builds.
An example:
FROM scratch
ADD hello /
FROM fedora
RUN yum -y update && yum clean all
RUN yum -y install nginx

I found an image on docker hub that I like but doesn't meet my needs. How do I update it and make it my own?

I found an image on docker (https://hub.docker.com/r/realbazso/horizon) that I like. I am trying to update this to where it runs the most current version of this software.
I tested running the image with the arguments provided and it works great, but the version of the VMWare Horizon client that the image has does not have an updated SSL library and cannot connect to the servers I need it to without throwing an SSL error.
I'm super new to docker, but I was wondering if anyone could help me with this. I'm wanting to install it on the ubuntu:14.04 image, but I'm just not able to wrap my head around it.
I am going to add some more information to #user2915097's answer.
The first thing to do when you want to edit/update an already existing image is to see if you can find its Dockerfile. Fortunately, this repo has a Dockerfile attached to it so it makes it easier. I commented the file so that you can understand better what is going on:
# Pulls the ubuntu image. This will serve as the base image for the container. You could change this and use ubuntu:16.04 to get the latest LTS.
FROM ubuntu:14.04
# RUN will execute the commands for you when you build the image from this Dockerfile. This is probably where you will want to change the source
RUN echo "deb http://archive.canonical.com/ubuntu/ trusty partner" >> /etc/apt/sources.list && \
dpkg --add-architecture i386 && \
apt-get update && \
apt-get install -y vmware-view-client
# CMD will execute the command (there can only be one!) when you start/run the container
CMD /usr/bin/vmware-view
A good resource to understand those commands is https://docs.docker.com/engine/reference/builder/. Make sure to visit that page to learn more about Dockerfile!
Once you have a Dockerfile ready to build, navigate to the folder where your Dockerfile is and run:
# Make sure to change the argument of -t
docker build -t yourDockerHubUsername/containerName .
You might need to modify your Dockerfile a few times before it works correctly. If you are having issues with Docker using cached data
as you have the recipe, if you look at
https://hub.docker.com/r/realbazso/horizon/~/dockerfile/
you should create a directory, put this Dockerfile in, modify it, build another image
docker build -t tucker/myhorizon .
launch it, test it, modify again the Dockerfile maybe.
Check the doc R0MANARMY listed

my own customizations of boot2docker are not reflected into the iso image

Following the section at Making your own customised boot2docker ISO, i wrote the Dockerfile below to install the vim package:
FROM boot2docker/boot2docker
RUN apt-get update && apt-get install -y vim
RUN /make_iso.sh
CMD ["cat", "boot2docker.iso"]
Then executed these commands successfully:
docker build -t my-boot2docker-img . && docker run --rm my-boot2docker-img > boot2docker.iso
I created a virtual machine using this iso image and logged into it. I've expected the vim is now available on my shell but it was not. From the build process console logs, i saw the vim installed successfully. However it is apparently not included in the iso.
Can someone please tell me, what i've missed here?
You only installed vim in the build container that produces the final boot2docker iso. To get the desired result you need to install any packages/data at $ROOTFS in the build container. For some hints on how to accomplish this with apt-get see this answer.
But first you should ask yourself why you need vim in a VM that is only meant as a transparent proxy for mac/windows users.
Edit:
As you got valid reasons to build your own boot2docker iso, have a look at the boot2docker repo.
The dockerfile broken down:
install build dependencies in the build container
download and compile a linux kernel with aufs support, copy to $ROOTFS
download and extract TinyCore distribution at $ROOTFS
download and extract TinyCore packages defined in $TCZ_DEPS to $ROOTFS
build and install VMware tools and other helpers at $ROOTFS
export $ROOTFS as new iso
I'd probably look into extending on step 4 first, i.e. simply download packages from the TinyCore repo.

Resources