#GartnerSEC
Monday, August 19, 2019
Thursday, August 15, 2019
Saturday, April 13, 2019
Ubuntu 18.04 + Docker Setup
I am setting up a new Docker Engine running on Ubuntu 18.04
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
Tuesday, March 12, 2019
Docker Copy Files
When building a Docker image using the Dockerfile, if you need to copy some files from the Docker Engine machine to the Docker Image, you need to use the "correct" source path where the files are located.
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Wednesday, February 13, 2019
Tuesday, January 01, 2019
Windows Server Core 2019 - Remote PowerShell
Just installed a couple of Windows Server Core 2019. To manage them through PowerShell remotely, you need to enable PowerShell Remoting
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!
Friday, December 07, 2018
Westpac Super.Tech Q4 Individual Award Winner
And to close the year 2018, I have been nominated and won the Q4 Individual Award!
It has been a long and challenging year for me :)
