DevOps Hunter Security Automation

  Docker container command Tips & Tricks Here my idea is to use the Unix/Linux 'alias' command for most those common docker container,   network, volume sub- commands to form as shorten to give you more productivity while working on developing the docker images and playing around the newly constructing containers. This trick work on bash, zsh shells. Improve Productivity with smart work alias for Docker commands   First examine the docker container listing with the powerful option '--format' docker container ps -s \ --format "table {{.Names}}\t{{.Image}}\t{{.Status}}\t{{.Size}}" docker ps command To get the logs of any applications that runs in containers we can use the following: alias dkrlogs='docker logs' alias dkrlogsf='docker logs -f ' docker logs with alias trick List of the images alias dkri='docker image ls' docker image list alias trick The container list alias dkrcs='docker container ls' d...

 Switch Storage Driver for Docker on Ubuntu This blog post is aimed to experiment based on "How to switch to a different storage driver on an existing docker installation in Ubuntu". Prerequisites Ubuntu Linux VM instance on any Cloud or Local VM Knowledge about filesystem how it works Step1: What filesystem provided by your OS cat /proc/filesystem or grep btrfs /etc/filesystem Is your docker version supports the filesystem available on your VM instance. grep brtfs /proc/filesystem Step 2: Take a backup of docker folder cp -au /var/lib/docker /var/lib/docker.bk Create loop devices attach them using images created by dd command dd if=/dev/zero of=test1 bs=1 count=1 seek=4294967295 dd if=/dev/zero of=test2 bs=1 count=1 seek=4294969343 Here the /dev/zero provides an endless stream of zero bytes when read (if). This function is provided by the kernel and does not require allocating memory. and all writes (of) to given file location. As a result, when ...

Hello DevOps/DevSecOps team, welcome back for another intresting post on Docker. In this post we will be discussing and experiment on "docker restart policies".   What is Docker restart policies? Docker provides restart policies to control whether your containers start automatically when they exit, or when Docker daemon restarts.   A Docker container’s status can be controlled by providing the restart policy while the container is instantiated with docker run sub command.   Docker container restart policies Docker restart policies are there to keep containers active(Up status) in all possible downfalls, we can leverage it in multiple ways as an example if we have a Tomcat/Nginx web server running on a container and have to keep it Up and running even on bad request we can use restart policy with a flag, it will keep the server "Up" and running till we stopped it manually. Syntax : docker run --restart [policy-type] IMAGE [COMMAND] [ARG...]    Below are t...

 Hello Guys in this post I wish to explore more intresting instructions HEALTHCHECK which can be used in Dockerfile.  The most common requirement for any real-time projects monitoring using a side-car container which could run in parallel and try to check the process or application URL check or container reachability using ping command etc.  Dockerfie instruction HEALTHCHECK In Dockerfile we can have HEALTHCHECK instruction that allows us to know the condition of an application test runs as expected or not, when a container runs this will be returns a status as healthy, unhealthy based on the HEALTHCHECK command exit code. If the exit code 0 then returns healthy otherwise unhealthy. HEALTHCHECK [options] CMD [health check command] Example: HEALTHCHECK --interval=3s CMD ping c1 172.17.0.2 here are the Healthcheck options   --interval=time in sec (duration 30s is default)  --timeout=time in sec (duration 30s is default)  --start-period=time in ...

What is HAProxy do? HAProxy is a free and open-source load balancer that enables DevOps/SRE professionals to distribute TCP-based traffic across many backend servers. And also it works for Layer 7 load balancer for HTTP loads. HAProxy runs on Docker The goal of this post is to learn more about HAProxy, how to configure with a set of web servers as backend. It will accept requests from HTTP protocol. Generally, it will use the default port 80 to serve the real-time application requirement. HAProxy supports multiple balancing methods. While doing this experiment Nginx web app load balance with Swarm Ingress to HA proxy In this post, we have two phases first prepare the web applications running on high availability that is using multiple Docker machines to form a Swarm Cluster and then a web application deployment done using the 'docker service' command. Step 1: Create swarm Cluster on 3 machines using the following commands docker swarm init --advertise-addr=192.168.0.10 join...

To work with Docker service stack deployment we should have an orchestrator either Swarm or Kubernetes. Here, in this post, I will be experimenting with the Docker swarm cluster. Prerequisites Docker installed machine Docker swarm initialized and active Create the manifestation file that describes the task, which will be available in the service definition. We can use the declarative definitions for each service in a YAML file.  Docker Swarm Service Stack Deployment I read the book: Learn Docker - Fundamentals of Docker 19.x , where I found the nice explanation given in the    Let's run the docker swarm visualizer container, which will show the Swarm cluster node status, container service status it will be very clear to understand how the orchestrator capabilities work for Docker containers. docker run -it –d \ -p 8080:8080 \ -v /var/run/docker.sock:/var/run/docker.sock \ dockersamples/visualizer Alternatively, you can use the docker-compose file a...

How do you create docker image? There are multiple ways to create new docker images docker commit: creates a new layer (and a new image) from a running container. docker build: performs a repeatable build sequence using dockerfile. docker import: loads a tarball into Docker engine, as a standalone base layer. We don't prefer to use docker import, because the import option can be used for various hacks, but its main purpose is to bootstrap the creation of base images. Working on Docker Custom Image Docker images can be pulled from Docker registries. Docker owns Docker Hub and Docker cloud public repositories where you could find the free images. Docker store is a place where Docker images could be on sale. You can create an image and sell it who need it. Docker client is CLI which allows us to deal with the Docker objects. Docker objects are Docker images, Containers, Network, volumes and services. An image is a read-only template that allows us to create instances in ru...

Hey! In this DevOps learning post, I've done my experiment on Docker Registry-Server connecting with the docker registry UI as a frontend. To support this Frontend service, we have an Apache HTTP server container used as a docker-registry-frontend image. Docker Registry Server connect with Frontend UI Step 1: Go to the docker hub search for 'docker-registry-frontend' given version Pull the image to your local system. docker pull registry docker pull konkardkleine/docker-registry-frontend:v2 docker images docker network create registry docker network ls Step 2: Create the registry server using a docker container run command which expose the port as 5000 and the network that we have created in the step1. This separate network creation will be easy to isolate with other containers running on the same host. docker run --rm -d -p 5000:5000 --name registry-server \ --network registry To verify the access of registry-server docker logs registry-server -f Step 3:  You ca...

 Namaste !! Dear DevOps enthusiastic, In this article I would like to share the experimenting of data that is persistence which we learned in an earlier blog post .  In real world these data volumes need to be backed up regularly and if in case of any disaster we can restore the data from these backups from such volumes   Docker Volumes Backup and Restore This story can happen in any real-time project, The data from the on-premises data center to migrate to a cloud platform. One more option is when Database servers backup and restore to different Private networks on a cloud platform. Here I've tested this use-case on two Vagrant VirtualBox's. One used for backup and other for restore MySQL container. Setting up the Docker MySQL container with Volume Step 1 : Let's create a volume with a name as first_vol: docker volume create first_vol #create docker volume ls #Confirm Step 2: create a container with volume for backup of My SQL Database image docke...

 Namaste, In this exciting Docker storage volume story, this experiment is going to use two Vagrant VirtualBox. You can also use any two Cloud instances (may be GCP, AWS, Azure etc.,). Where DockerHost is going to run the docker containers and DockerClient box is going to run the SSH daemon.  Docker Volume with External Storage using SSHFS Docker allows us to use external storage with constraints. These constraints will be imposed on cloud platforms as well. The external or Remote volume sharing is possible using NFS.  How to install SSHFS volume? Step-by-step procedure for using external storage as given below : Install docker plugin for SSHFS with all permission is recommended: docker plugin install \ --grant-all-permissions vieux/sshfs Create a Docker Volume docker volume create -d vieux/sshfs \ -o sshcmd=vagrant@192.168.33.251:/tmp \ -o password=vagrant -o allow_other sshvolume3 Mount the shared folder on the remote host: mkdir /opt/remote-volume # In rea...

 In this, we will discuss an experiment on Docker Container Network port exposed or published. A Netcat command utility will be used to make an echo server. which will be read the message on one socket and the other end sends the message to the terminal. Understanding Port forwarding in Docker Containers Background on Docker Port Docker container ports by default mapping to host ports. The -P option will bind the container exposed ports (EXPOSE command in Dockerfile) to random available ports of the host. We can bind any port of the container even though it is not pre-defined with EXPOSE ones. For this, you can use -p (lower case) with host port followed by a colon (:) container port  Note: This experiment can be successful on ubuntu:14.04 image only. Because other than that ubuntu images don't support nc and host.docker.internal to look into the docker network. Here we have four use cases: Two ports open to run the echo server  Container access host network Dynamically...