Tuesday, April 11, 2023

DOCKER RUN COMMAND

 



Docker run command is used to run a command in a new container. it creates a new space where you can put things and play with them without affecting your room. Each time operators executes docker run, the container processes that runs is isolated in that, its has its own file system, its own networking which is separate from the host.

Docker run command you must specify an IMAGE to derive a container. Within the default image, we can relate to these features:
  • network settings
  • container identification
  • runtime on the CPU and memory
  • detached running
There are few docker run commands that we would like to learn. In this case we will run a docker redis and jenkins command to run a container running a Redis/ Jenkins service. 

STEP 1:

Lunch Ec2- t2micro- ssh, port 80
SSH

sudo yum update
sudo su -
yum install docker -y
systemctl start docker
systemctl enable docker
systemctl status docker

STEP 2: 
docker run redis. In this case, the latest Redis version=7.0.10

docker run redis
Unable to find image 'redis:latest' locally
latest: Pulling from library/redis
f1f26f570256: Pull complete
8a1809b0503d: Pull complete
d792b14d05f9: Pull complete
ad29eaf93bf6: Pull complete
7cda84ccdb33: Pull complete
95f837a5984d: Pull complete
Digest: sha256:7b83a0167532d4320a87246a815a134e19e31504d85e8e55f0bb5bb9edf70448
Status: Downloaded newer image for redis:latest
1:C 06 Apr 2023 19:48:06.966 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
1:C 06 Apr 2023 19:48:06.966 # Redis version=7.0.10, bits=64, commit=00000000, modified=0, pid=1, just started
1:C 06 Apr 2023 19:48:06.966 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
1:M 06 Apr 2023 19:48:06.967 * monotonic clock: POSIX clock_gettime
1:M 06 Apr 2023 19:48:06.968 * Running mode=standalone, port=6379.
1:M 06 Apr 2023 19:48:06.969 # Server initialized
1:M 06 Apr 2023 19:48:06.969 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
1:M 06 Apr 2023 19:48:06.969 # WARNING Your system is configured to use the 'xen' clocksource which might lead to degraded performance. Check the result of the [slow-clocksource] system check: run 'redis-server --check-system' to check if the system's clocksource isn't degrading performance.
1:M 06 Apr 2023 19:48:06.970 * Ready to accept connections



What if we need to run an older version of redis, you specify with (:) 


## The (:4.0) is the tag.
docker run redis:4.0
Also if do not specify a tag docker will automatically assume the default it to be "latest". Latest is the tag associates to the software latest version. As a user, to find the information about this version, you visit docker hub.

STEP 3:
For example: Lets deploy an image from docker hub for Jenkins. Jenkins is a build application, it is a continuous and delivery server. Instead of running so many dependencies on your host machine. All you do, is run Jenkins as a container . Keep in mind that Jenkins is a web server. 

[root@ip-172-**-00-00 ec2-user]# docker run jenkins/jenkins
Using default tag: latest
Error response from daemon: manifest for jenkins:latest not found: manifest unknown: manifest unknown
[root@ip-172-*1-00-00 ec2-user]# docker pull jenkins:2.60.3
2.60.3: Pulling from library/jenkins
55cbf04beb70: Pull complete
1607093a898c: Pull complete
9a8ea045c926: Pull complete
d4eee24d4dac: Pull complete
c58988e753d7: Pull complete
794a04897db9: Pull complete
70fcfa476f73: Pull complete
0539c80a02be: Pull complete
54fefc6dcf80: Pull complete
911bc90e47a8: Pull complete
*************************************************************
*************************************************************
*************************************************************

Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:

# This output generated a password as an admin user to unlock JENKINS
1ea25d6b860e4bc186fc2ece7a7aad02

This may also be found at: /var/jenkins_home/secrets/initialAdminPassword

*************************************************************
*************************************************************
*************************************************************

2023-04-08 17:36:44.465+0000 [id=29] INFO jenkins.InitReactorRunner$1#onAttained: Completed initialization
2023-04-08 17:36:44.504+0000 [id=22] INFO hudson.lifecycle.Lifecycle#onReady: Jenkins is fully up and running
2023-04-08 17:36:44.597+0000 [id=42] INFO h.m.DownloadService$Downloadable#load: Obtained the updated data file for hudson.tasks.Maven.MavenInstaller
2023-04-08 17:36:44.599+0000 [id=42] INFO hudson.util.Retrier#start: Performed the action check updates server successfully at the attempt #1

Open another shell to access the docker host. You can see Jenkins is running on port "8080". We are currently within the internal IP of the docker host. 

Package docker-20.10.17-1.amzn2023.0.6.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@ip-172-31-81-127 ec2-user]# systemctl start docker
[root@ip-172-31-81-127 ec2-user]# systemctl enable docker
[root@ip-172-31-81-127 ec2-user]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: d>
Active: active (running) since Sat 2023-04-08 17:34:11 UTC; 20min ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Main PID: 26694 (dockerd)
Tasks: 10 (limit: 1112)
Memory: 76.7M
CPU: 14.200s
CGroup: /system.slice/docker.service
└─26694 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/con>

Apr 08 17:34:10 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:34:10 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:34:11 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:34:11 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:34:11 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:34:11 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:34:11 ip-172-31-81-127.ec2.internal systemd[1]: Started docker.servic>
Apr 08 17:34:11 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:35:00 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
Apr 08 17:40:43 ip-172-31-81-127.ec2.internal dockerd[26694]: time="2023-04-08T>
lines 1-22
^C
[root@ip-172-31-81-127 ec2-user]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
45199e9a57b6 jenkins/jenkins "/usr/bin/tini -- /u…" 11 minutes ago Up 11 minutes 8080/tcp, 50000/tcp practical_feistel


DOCKER INSPECT
To find out the IP of the container /details of a specific container run "docker inspect container id" It returns the details of the container in a json format like:
  • Configuration 
  • network settings ( Within Bridge network)
  • mounts
  • state
  • container id. etc.
## To find out your internal IP, docker inspect and container ID
docker inspect 45199

"NetworkSettings": {
"Bridge": "",
"SandboxID": "00000000000002270000000000",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {
"50000/tcp": null,
"8080/tcp": null
},
"SandboxKey": "/var/run/docker/netns/47929a2f8743",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "000000000002cae00000000000",
"Gateway": "00.100.0.00",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"MacAddress": "00:00:hf:00:00:00",
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "**********000000000000",
"EndpointID": "0000000000000000000527f8a000000000000",
"Gateway": "00.100.0.00",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "00000000",
"DriverOpts": null
}
}
}
}
]

The IP "172.17.0.2:8080" to access the browser




              PORT MAPPING ON CONTAINER :
In order to achieve port mapping, first, you have to stop the docker container. This is an instance where you run a web application in a docker container on your docker host. And we ensure the server is running. The question is, how does a user access the application?

For example: Lets' say our application is running on port "3200". It means you can access the application on port "3200". You can use the IP of the docker container which is a default "172.17.0.2" (internal ip) and can only be assessable within the docker host. In order to access the browser within the docker host https://"172.17.0.2":8080. Since, this is an internal IP address users outside world cannot access the IP. 

However, we can use the IP of the docker host "192.168.1.5"and for this to work, we will have to map the port inside the docker container to A FREE PORT ON THE DOCKER HOST. 

For example: If you want the users(world) to access your application through "port 80" on my docker host, you can map port 80 of the local host to port "3200" on the docker container using the docker "-p"(publish) parameter within the the run command below. Now, the user can have access to the application by going to the URL HTTP
"192.168.1.5:80. Which means all traffic on port 80 docker host will gets routed to 3200 inside the docker container. You have options to map multiple container to hosts. 


HOW DATA IS CAPTURED IN REAL TIME 
The aspect of data, we will make use of mysql database. 


Docker run mysql

Each time a database are created the files are stored in /var/lib/mysql
inside the docker container. By default the docker container has its own file system and any changes should be done within the container. 
In order to persist data, you will map a directory OUTSIDE the container on the docker host to a directory INSIDE the container. In this case we use the "-V" parameter and create an external directory "/uche/datadir"and map it to  /var/lib/mysql. When docker container runs  it will implicitly mount the external directory to the FOLDER inside the docker container. 
 All your data will be stored in the external volume, you do not have to worry about loosing it. 




Docker run STDIN: The stdin is used to attach standard input to the container and this is done by attaching the "-i". The "-i" parameter is for interactive mode. Another command you can attach to the parameter is "t".The "-it" helps you to interact with the sudo terminal.
      
 DOCKER LOGS
You can view log of your container run "docker log container id"



Next slide we will talk about the networking . Happy Learning !!! ðŸ˜Š 
Kindly like and comment. 

Referencing: https://hub.docker.com
                     https://hub.docker.com/r/jenkins/jenkins/









at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

CONFIGURING A PHISHING CAMPAIGN IN MICROSOFT DEFENDER.

Configuring a phishing campaign in Microsoft Defender (specifically Microsoft Defender for Office 365) involves creating a simulated attack ...