I have a docker image, which I wish to run inside vagrant. The manual run command looks like this :
docker run --name container1 --network=host -p 1111:9990 -e "USER=dummy" -e "PASS=P$SSW0RD" image_name paramToEntrypoint
How can I translate it to the vagrant docker provisioner?
To be more specific, I am not sure:
How to specify the host
How to pass env variables to docker
How to pass parameter to dockers entrypoint
Related
I am running a metasploitable2 docker container on a server. Here is the docker command to create this docker container:
docker run --name victumb-it tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash" --security-opt apparmor=unconfined -privileged true --network host
I then ran an exploit on Kali linux container on a different server targeting the docker image, however it failed.
use exploit/unix/ftp/vsftpd_234_backdoor
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > set RHOST 134.122.105.88
RHOST => 134.122.105.88
msf5 exploit(unix/ftp/vsftpd_234_backdoor) > run
[-] 134.122.105.88:21 - Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out (134.122.105.88:21).
I am confused as to why this exploit failed. Due to the --network host i thought that the traffic would be mirrored into the container. Is their anyway to fix this networking error, so that the hack is successful?
Here is the tutorial I was loosely following: https://medium.com/cyberdefendersprogram/kali-linux-metasploit-getting-started-with-pen-testing-89d28944097b
Because the option --network host should be placed before the image
Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
This should work:
docker run --name victumb-it --network host --security-opt apparmor=unconfined --privileged tleemcjr/metasploitable2:latest sh -c "/bin/services.sh && bash"
Here sh is the command, and everything after that is arguments passed to sh command.
The docker run options like --network, --security-opt and --privileged are placed before the image.
If you run docker inspect container_id you'll see at the Args key the arguments passed to the command. It means they are not arguments to docker run.
I want to run docker inside another docker container. My main container is running in a virtualbox of OS Ubuntu 18.04 which is there on my Windows 10. On trying to run it, it is showing me as:
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
How can I resolve this issue?
Yes, you can do this. Check for dind (docker in docker) on docker webpage how to achieve it: https://hub.docker.com/_/docker
Your error indicates that either dockerd in the top level container is not running or you didn't mount docker.sock on the dependent container to communicate with dockerd running on your top-level container.
I am running electric-flow in a docker container in my Ubuntu virtual-box using this docker command: docker run --name efserver --hostname=efserver -d -p 8080:8080 -p 9990:9990 -p 7800:7800 -p 7070:80 -p 443:443 -p 8443:8443 -p 8200:8200 -i -t ecdocker/eflow-ce. Inside this docker container, I want to install and run docker so that my CI/CD pipeline in electric-flow can access and use docker commands.
From your above description, ecdocker/eflow-ce is your CI/CD solution container, and you just want to use docker command in this container, then you did not need dind solution. You can just access to a container's host docker server.
Something like follows:
docker run --privileged --name efserver --hostname=efserver -d -p 8080:8080 -p 9990:9990 -p 7800:7800 -p 7070:80 -p 443:443 -p 8443:8443 -p 8200:8200 -v $(which docker):/usr/bin/docker -v /var/run/docker.sock:/var/run/docker.sock -i -t ecdocker/eflow-ce
Compared to your old command:
Add --privileged
Add -v $(which docker):/usr/bin/docker, then you can use docker client in container.
Add -v /var/run/docker.sock:/var/run/docker.sock, then you can access host's docker daemon using client in container.
I would like to run this command:
docker run docker-mup deploy --config .deploy/mup.js
where docker-mup is the name the image, and deploy, --config, .deploy/mup.js are arguments
My question: how to mount a volume such that .deploy/mup.js is understood as the relative path on the host from where the docker run command is run?
I tried different things with VOLUME but it seems that VOLUME does the contrary: it exposes a container directory to the host.
I can't use -v because this container will be used as a build step in a CI/CD pipeline and as I understand it, it is just run as is.
I can't use -v because this container will be used as a build step in a CI/CD pipeline and as I understand it, it is just run as is.
Using -v to expose your current directory is the only way to make that .deploy/mup.js file inside your container, unless you are baking it into the image itself using a COPY directive in your Dockerfile.
Using the -v option to map a host directory might look something like this:
docker run \
-v $PWD/.deploy:/data/.deploy \
-w /data \
docker-mup deploy --config .deploy/mup.js
This would map (using -v ...) the $PWD/.deploy directory onto /data/.deploy in your container, set the current working directory to /data (using -w ...), and then run deploy --config .deploy/mup.js.
Windows - Powershell
If you're inside the directory you want to bind mount, use ${pwd}:
docker run -it --rm -d -p 8080:80 --name web -v ${pwd}:/usr/share/nginx/html nginx
or $pwd/. (forward slash dot):
docker run -it --rm -d -p 8080:80 --name web -v $pwd/.:/usr/share/nginx/html nginx
Just $pwd will cause an error:
docker run -it --rm -d -p 8080:80 --name web -v $pwd:/usr/share/nginx/html nginx
Variable reference is not valid. ':' was not followed by a valid variable name character. Consider using ${} to
delimit the name
Mounting a subdirectory underneath your current location, e.g. "site-content", $pwd/ + subdir is fine:
docker run -it --rm -d -p 8080:80 --name web -v $pwd/site-content:/usr/share/nginx/html nginx
In my case there was no need for $pwd, and using the standard current folder notation . was enough. For reference, I used docker-compose.yml and ran docker-compose up.
Here is a relevant part of docker-compose.yml.
volumes:
- '.\logs\:/data'
For example, if inside docker container I create a variable as -
/# token="dsfgkd-sdasdas-fas3ad-ssssad"
exit
root#testvm:~# echo $token
//how to get the result..?
root#testvm:~#
Containers are isolated from the host, but the host can connect inside the container
If you create your variable and export it, it will be available for your container and the connections coming from a
docker exec -it container_name_or_id bash
or
docker exec -it container_name_or_id echo $token
you can see the environment variables in your container with
docker exec -it container_name_or_id env
if you just create it in your process, it will be available for your process only
The ENV directive in a Dockerfile is designed for creating ernvironment variables at build time
see the doc
https://docs.docker.com/engine/reference/builder/#env
At run time, you have
docker run -e
extract from
https://docs.docker.com/v1.11/engine/reference/run/
docker run -e "deep=purple" --rm ubuntu /bin/bash -c export
and
docker run --env-file
see from
https://docs.docker.com/engine/reference/commandline/run/
--env-file Read in a file of environment variables
Can anyone clarify the syntax in this command:
$ docker run -d -P --name web -v /src/webapp:/webapp training/webapp python app.py
I can see that:
Host directory: /src/webapp
Container: /webapp
but what is training/webapp? Is that the image? If so, why is there a /?
And is everything after that (i.e. python app.py) the command that you want to run in the container?
=====
And to clarify with this command:
$ docker run -d -P --name web -v /webapp training/webapp python app.py
How does it work if you ONLY specify -v /webapp - is that equivalent to /webapp:/webapp?
You can find the documentation for docker run here
The basic structure looks like this:
$ docker run [OPTIONS] IMAGE[:TAG|#DIGEST] [COMMAND] [ARG...]
-d let's you run your docker container in detached mode, so you won't see the console output
-P publish all exposed ports to the host interfaces
--name the name of your container
-v the volume you mount host/path:container/path, where in your case /src/webapp is on your local machine and /webapp is inside your container
training/webapp is the username and image name for the docker image. I have linked the image's location on DockerHub for you
python app.pyare the command (python) and the argument run when the container starts (app.py)
Yes, training/webapp is image name. Dockerhub accept name this way only.
training is username and webapp is image name.
if you don't use dockerhub(this is image repository from docker pull image by default) and build image locally then you can give any name.
python app.py : command that will execute when docker up
--name web : this will be name of container
-v /src/webapp:/webapp : this will create volume webapp and mount on /src/webapp
--publish-all, -P : Publish all exposed ports to random ports
For more help see docker run Documentation.