Docker behaving odd with bash environment vars - bash

I know technically host networking isn't supported MacOS (see https://docs.docker.com/network/host/)
The host networking driver only works on Linux hosts, and is not
supported on Docker Desktop for Mac, Docker Desktop for Windows, or
Docker EE for Windows Server.
However it does actually seem to work. E.g. this works just fine:
docker run \
--name local-mysql \
-e MYSQL_ROOT_PASSWORD=foo \
-e MYSQL_DATABASE=baz \
--network="host" \
-d mysql:latest
However when I try to conditionally specify the host networking with a bash variable, it doesn't work, and I can't make sense of it. Consider the following test.sh:
#!/bin/bash
echo "Test 1"
docker rm -f local-mysql
docker run \
--name local-mysql \
-e MYSQL_ROOT_PASSWORD=foo \
-e MYSQL_USER=master \
-e MYSQL_PASSWORD=bar \
-e MYSQL_DATABASE=baz \
--network="host" \
-d mysql:latest
docker ps
sleep 5
echo "Test 2"
export NETWORKING='--network="host"'
docker rm -f local-mysql
docker run \
--name local-mysql \
-e MYSQL_ROOT_PASSWORD=foo \
-e MYSQL_USER=master \
-e MYSQL_PASSWORD=bar \
-e MYSQL_DATABASE=baz \
${NETWORKING} \
-d mysql:latest
docker ps
This yields:
% ./test.sh
Test 1
local-mysql
6bbd68f0564943b8fb66ed37f1e639b54719bdb3b88b4e13aeef0a11cae4090b
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6bbd68f05649 mysql:latest "docker-entrypoint.s…" Less than a second ago Up Less than a second local-mysql
Test 2
local-mysql
e286028ef9a1a27f4226beb60e766cc163c289239ba506f63a71a35adbc73ef3
docker: Error response from daemon: network "host" not found.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
I.e. when I hard code --network=host into the docker command, the container starts fine. But the exact same parameter in an environment variable fails to start with network "host" not found.
I'm honestly not sure if this is a failure of bash or docker, but I can't actually figure out what's going wrong.
-- EDIT --
Changing
export NETWORKING='--network="host"'
to
export NETWORKING='--network=host'
works. And for my purposes right now that's enough. But just to be thorough... Why? The working example has quotes in the value (--network="host"), so why does the shell expansion break the non-working example? What if I wanted something like --network="my host"?

Related

Bcrypt docker passwd using --admin-passwd

What is wrong with the following command? It is intended to create a portainer container with admin passwd 'portainer':
docker run --rm -d --name "portainer" -p "127.0.0.1:9001:9000" -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer --admin-password='$2a$10$0PW6gPY0TSeYzry2RSakl.7VUVmzdmD6mQPcemiG6i2vfJGGGePYu'
It leads to a Portainer container that will deny access for 'admin', saying that passwd 'portainer' is invalid. Details:
I put it into a .bat file. The thing runs on docker CE in Windows 10.
The longish crypt string within single quotes is a bcrypt equivalent of 'portainer', the designated admin password. I created and checked it here: https://www.javainuse.com/onlineBcrypt
Prior to running the command I stopped and removed an old portainer container, and even said docker volume rm portainer_data.
Doubling the "$" to "$$" did not solve the issue.
The command is deeply inspired by the official portainer docs: https://documentation.portainer.io/v2.0/deploy/initial/
For now I have a simple workaround: Simply drop that --admin-passwd parameter. Given that I grant a volume to portainer, I can just define a passwd at first start. However, I'd still prefer the script-only solution. Any ideas?
Here it is the solution you need:
docker run --detach \
--name=portainer-ce \
-p 8000:8000 \
-p 9000:9000 \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /volume1/docker/portainer-ce:/data \
portainer/portainer-ce \
--admin-password="$(htpasswd -nb -B admin adminpwPC | cut -d ':' -f 2)"

Traefik on Docker stripprefix / to current directory

I am trying to setup a simple stripprefix middleware using Docker Desktop with unix containers and i get a very wiered behavior.
The static traefik-config comes from environment-variables:
docker run -p 8080:8080 -p 80:80 -p 443:443 --rm \
-a STDOUT \
--name traefik \
--network elastic \
-e TRAEFIK_ACCESSLOG=false \
-e TRAEFIK_API_INSECURE=true \
-e TRAEFIK_PROVIDERS_DOCKER_ENDPOINT="tcp://docker.for.win.localhost:2375" \
-e TRAEFIK_PROVIDERS_DOCKER_NETWORK="elastic" \
-e TRAEFIK_PROVIDERS_DOCKER_SWARMMODE=false \
-e TRAEFIK_LOG_LEVEL=DEBUG \
-v c:/dev/repos/docker/dockerfiles/traefik/ssl/localhost.crt:/ssl/traefik-server.crt \
-v c:/dev/repos/docker/dockerfiles/traefik/ssl/localhost.key:/ssl/traefik-server.key \
${custom_image}
I start a service using a middleware defined with labels like this:
-l traefik.http.routers.test.middlewares=test \
-l traefik.http.middlewares.test.stripprefix.prefixes=/test/my-service \
-l traefik.http.middlewares.test.stripprefix.forceslash=false
As a result i would expect a stripprefix-middleware with "/test/my-service" appear in traefik dashboard.
Instead
A stripprefix-middleware with "C:/dev/tools/git/" appears in the treafik dashboard. Appearently traefik somehow resolves the first "/" into the directory-path.
I start the whole thing using Git-Bash.
If anyone encountered something like this, i would really appreciate some pointers...
P.S.: i also tried all kinds of escaping and quoting i could think of
Maybe to prevent others wasting as much time....
... Turns out that git-bash for windows does some crazy stuff before handing the commands to docker.
Executing the exact same config using IntelliJ (docker-integration) or powershell does not replace the leading "/" with a windows path.

Run a Docker Container from a Desktop File Without Terminal GUI?

I have a couple of Docker images I've built for this and that;one for scanner program, another for a browser etc. Once I had them working, I created .desktop files that execute a bash run scripts I've created to run a container with them.
My question is: is there a way to run the .desktop file without the terminal GUI showing up? I've tried a couple of approaches with no success.
For instance, I've tried:
[Desktop Entry]
Name=gscan2pdf
Icon=gscan2pdf.png
Exec=gnome-terminal -e
"/home/hildy/Documents/repos/docker/gscan2pdf/run_gscan.sh"
Type=Application
Terminal=false
As well as:
[Desktop Entry]
Name=gscan2pdf
Icon=gscan2pdf.png
Exec="/home/hildy/Documents/repos/docker/gscan2pdf/run_gscan.sh"
Type=Application
Terminal=true
Both of these execute the scripts just fine of course, I'd just like it better if the application launched without a terminal GUI launching first.
Host System:
CentOS 7 - Gnome 3 Desktop
One example of a run script:
#!/bin/bash
HOST_UID=$(id -u)
HOST_GID=$(id -g)
XSOCK=/tmp/.X11-unix &&
XAUTH=/tmp/.docker.xauth &&
touch $XAUTH &&
xauth nlist :0 | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge - &&
#These are only run the first time a container is run from the image
#docker run -e NEW_USER="${USER}" -e NEW_UID="${HOST_UID}" -e
#NEW_GID="${HOST_GID}" hildy/gscan2pdf:v1
#LAST_CONTAINER=$(docker ps -lq) &&
#docker commit "${LAST_CONTAINER}" hildy/gscan2pdf:v1
docker run \
-ti \
--user $USER \
--privileged \
-v /dev/bus/usb:/dev/bus/usb \
-v $XAUTH:$XAUTH -v $XSOCK:$XSOCK -v /home/$USER:/home/$USER \
-e XAUTHORITY=$XAUTH -e DISPLAY \
--entrypoint "" hildy/gscan2pdf:v1 gscan2pdf &>/dev/null
I have found an answer to my question. The issue was that the command to run the container contained the -i option for an interactive terminal. #sneep was correct in the comments to the question when he said "It should work with Terminal=false." His technique to add a line to the script to create a log file is also a great technique, which I will certainly use in the future and it helped me to diagnose the issue.
I can also confirm that replacing -it with -d for detached mode, as suggested by #Oleg Skylar, works.
Amended Docker command for the run script:
docker run \
-t \
--user $USER \
--privileged \
-v /dev/bus/usb:/dev/bus/usb \
-v $XAUTH:$XAUTH -v $XSOCK:$XSOCK -v /home/$USER:/home/$USER \
-e XAUTHORITY=$XAUTH -e DISPLAY \
--entrypoint "" hildy/gscan2pdf:v1 gscan2pdf &>/dev/null
Amended .desktop file:
[Desktop Entry]
Name=gscan2pdf
Icon=gscan2pdf.png
Exec=/home/hildy/Documents/repos/docker/gscan2pdf/run_gscan.sh
Type=Application
Terminal=false
StartupNotify=true

Why does my bash script move beyond "docker run" even tho docker is still running?

I am trying with a bash script to run a docker container then print a message. However the finished message is executed whilst the container is still running - I can exec into it and see PID 1 and multiple other processes.
How can I force the docker run command to complete first?
docker run --name registr \
-v ~/v1:/v1 \
-v ~/logging.yaml:/root/logging.yaml \
-v ~/.aws:/root/.aws \
-v ~/luigi.cfg:/root/luigi.cfg \
-v ~/params:/root/params \
-p 8082:8082 \
simonm3/registr
echo "docker finished"
The docker image has CMD ["python", "/root/worker/start.py"]

How to check whether a docker service is already running on UCP using shell script

I want to check whether a docker service is running or not.
if it's running I want to remove that service and create the new one
I am doing this task with shell script
I am providing the code snippet of my shell script where I am facing
Error response from daemon: service data-mapper-service not found
if [[ "$(docker service inspect ${DOCKER_SERVICE_NAME} 2> /dev/null)" != "" ]]; then
docker service rm ${DOCKER_SERVICE_NAME}
else echo "service doesn't exist or may have been removed manually"
fi
docker service create \
--name ${DOCKER_SERVICE_NAME} \
--network ${OVERLAY_NETWORK} \
--reserve-memory ${10} \
--constraint node.labels.run_images==yes \
--mode global \
--with-registry-auth \
--restart-condition any \
-p ${EXTERNAL_PORT}:${INTERNAL_PORT} \
-e "SPRING_PROFILES_ACTIVE="${SPRING_PROFILE} \
-e "JAVA_OPTS: -Xms256m -Xmx512m" \
${DTR_HOST_NAME}/${DTR_ORG_NAME}/${DTR_REP_NAME}:${BUILD_NUMBER}
I am getting the error on if statement line.
If the service is running and I trigger this shell script everything runs fine, But if the service is not running and I trigger this shell script I am facing above mention error.

Resources