Bcrypt docker passwd using --admin-passwd - bcrypt

What is wrong with the following command? It is intended to create a portainer container with admin passwd 'portainer':
docker run --rm -d --name "portainer" -p "127.0.0.1:9001:9000" -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer --admin-password='$2a$10$0PW6gPY0TSeYzry2RSakl.7VUVmzdmD6mQPcemiG6i2vfJGGGePYu'
It leads to a Portainer container that will deny access for 'admin', saying that passwd 'portainer' is invalid. Details:
I put it into a .bat file. The thing runs on docker CE in Windows 10.
The longish crypt string within single quotes is a bcrypt equivalent of 'portainer', the designated admin password. I created and checked it here: https://www.javainuse.com/onlineBcrypt
Prior to running the command I stopped and removed an old portainer container, and even said docker volume rm portainer_data.
Doubling the "$" to "$$" did not solve the issue.
The command is deeply inspired by the official portainer docs: https://documentation.portainer.io/v2.0/deploy/initial/
For now I have a simple workaround: Simply drop that --admin-passwd parameter. Given that I grant a volume to portainer, I can just define a passwd at first start. However, I'd still prefer the script-only solution. Any ideas?

Here it is the solution you need:
docker run --detach \
--name=portainer-ce \
-p 8000:8000 \
-p 9000:9000 \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /volume1/docker/portainer-ce:/data \
portainer/portainer-ce \
--admin-password="$(htpasswd -nb -B admin adminpwPC | cut -d ':' -f 2)"

Related

Setting Docker environment variables in Azure DevOps using bash task

I am having a problem setting up an environment variable as part of Releasing my container. in Azure DevOps, I have a bash task in which I am trying to set an environment variable (CUSER)
export CUSER=$(CUSER) && \
echo $(MYPASS) | sudo -S docker run \
-e CUSER \
--name $(CNAME) \
-p 80:80 $(INAME):$(Build.BuildId) &
The container runs but the environment variable is not set. But it is set when I execute the script directly on the host like export CUSER="Dev9" && docker run -e CUSER --name demo1 -p 80:80 myimage:256
I suspect there is a problem with the way my command is formatted but I am not sure where or what.
Resolved it by changing how I authenticate sudo.
sudo -S <<< $(MYPASS) echo export CUSER=$(CUSER) && \
docker run -e CUSER \
--name $(CNAME) \
-p 80:80 $(INAME):$(Build.BuildId) &

Docker behaving odd with bash environment vars

I know technically host networking isn't supported MacOS (see https://docs.docker.com/network/host/)
The host networking driver only works on Linux hosts, and is not
supported on Docker Desktop for Mac, Docker Desktop for Windows, or
Docker EE for Windows Server.
However it does actually seem to work. E.g. this works just fine:
docker run \
--name local-mysql \
-e MYSQL_ROOT_PASSWORD=foo \
-e MYSQL_DATABASE=baz \
--network="host" \
-d mysql:latest
However when I try to conditionally specify the host networking with a bash variable, it doesn't work, and I can't make sense of it. Consider the following test.sh:
#!/bin/bash
echo "Test 1"
docker rm -f local-mysql
docker run \
--name local-mysql \
-e MYSQL_ROOT_PASSWORD=foo \
-e MYSQL_USER=master \
-e MYSQL_PASSWORD=bar \
-e MYSQL_DATABASE=baz \
--network="host" \
-d mysql:latest
docker ps
sleep 5
echo "Test 2"
export NETWORKING='--network="host"'
docker rm -f local-mysql
docker run \
--name local-mysql \
-e MYSQL_ROOT_PASSWORD=foo \
-e MYSQL_USER=master \
-e MYSQL_PASSWORD=bar \
-e MYSQL_DATABASE=baz \
${NETWORKING} \
-d mysql:latest
docker ps
This yields:
% ./test.sh
Test 1
local-mysql
6bbd68f0564943b8fb66ed37f1e639b54719bdb3b88b4e13aeef0a11cae4090b
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6bbd68f05649 mysql:latest "docker-entrypoint.s…" Less than a second ago Up Less than a second local-mysql
Test 2
local-mysql
e286028ef9a1a27f4226beb60e766cc163c289239ba506f63a71a35adbc73ef3
docker: Error response from daemon: network "host" not found.
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
I.e. when I hard code --network=host into the docker command, the container starts fine. But the exact same parameter in an environment variable fails to start with network "host" not found.
I'm honestly not sure if this is a failure of bash or docker, but I can't actually figure out what's going wrong.
-- EDIT --
Changing
export NETWORKING='--network="host"'
to
export NETWORKING='--network=host'
works. And for my purposes right now that's enough. But just to be thorough... Why? The working example has quotes in the value (--network="host"), so why does the shell expansion break the non-working example? What if I wanted something like --network="my host"?

Traefik on Docker stripprefix / to current directory

I am trying to setup a simple stripprefix middleware using Docker Desktop with unix containers and i get a very wiered behavior.
The static traefik-config comes from environment-variables:
docker run -p 8080:8080 -p 80:80 -p 443:443 --rm \
-a STDOUT \
--name traefik \
--network elastic \
-e TRAEFIK_ACCESSLOG=false \
-e TRAEFIK_API_INSECURE=true \
-e TRAEFIK_PROVIDERS_DOCKER_ENDPOINT="tcp://docker.for.win.localhost:2375" \
-e TRAEFIK_PROVIDERS_DOCKER_NETWORK="elastic" \
-e TRAEFIK_PROVIDERS_DOCKER_SWARMMODE=false \
-e TRAEFIK_LOG_LEVEL=DEBUG \
-v c:/dev/repos/docker/dockerfiles/traefik/ssl/localhost.crt:/ssl/traefik-server.crt \
-v c:/dev/repos/docker/dockerfiles/traefik/ssl/localhost.key:/ssl/traefik-server.key \
${custom_image}
I start a service using a middleware defined with labels like this:
-l traefik.http.routers.test.middlewares=test \
-l traefik.http.middlewares.test.stripprefix.prefixes=/test/my-service \
-l traefik.http.middlewares.test.stripprefix.forceslash=false
As a result i would expect a stripprefix-middleware with "/test/my-service" appear in traefik dashboard.
Instead
A stripprefix-middleware with "C:/dev/tools/git/" appears in the treafik dashboard. Appearently traefik somehow resolves the first "/" into the directory-path.
I start the whole thing using Git-Bash.
If anyone encountered something like this, i would really appreciate some pointers...
P.S.: i also tried all kinds of escaping and quoting i could think of
Maybe to prevent others wasting as much time....
... Turns out that git-bash for windows does some crazy stuff before handing the commands to docker.
Executing the exact same config using IntelliJ (docker-integration) or powershell does not replace the leading "/" with a windows path.

Run Maven in Docker container via current user

I want to run Maven to build a project in a Docker container. First, I came up with:
docker run -it --rm
-v $HOME/.m2:/root/.m2:rw
-v $PWD:$PWD:rw
-w $PWD
maven:alpine
mvn "$#"
This builds fine, but the problem here is that all files are now written and owned by the root user. I want them to be owned by the current user, myself.
So I tried this:
docker run -it --rm
--user $(id -u):$(id -g)
-v $HOME/.m2:/root/.m2:rw
-v $PWD:$PWD:rw
-w $PWD
maven:alpine
mvn "$#"
This did not work as expected. I believe I know why: now with --user $(id -u):$(id -g), we are indeed executing as myself, but now the mapping of -v $HOME/.m2:/root/.m2:rw becomes incorrect, there is no /root in place anymore.
So let's try this:
docker run -it --rm
--user $(id -u):$(id -g)
-v $HOME:$HOME:rw
-v $PWD:$PWD:rw
-w $PWD
maven:alpine
mvn "$#"
Now I am getting the following warning:
Can not write to /root/.m2/copy_reference_file.log. Wrong volume permissions? Carrying on ...
Also, Maven seems to be able to build (although I am having problems with accessing the Docker daemon during integration tests, but that might be better suited for another question), but I don't see any artifacts appearing in ~/.m2/repository on the host? They are also not in /root/.m2/repository (which does not exist, as expected) on the host. Where are they? What am I doing wrong?
Here is described how to run maven as non-root-user:
Maven needs the user home to download artifacts to, and if the user does not exist in the image an extra user.home Java property needs to be set.
Something in that direction should work:
docker run -it --rm \
--user $(id -u):$(id -g) \
-v ~/.m2:/var/maven/.m2:rw \
-e MAVEN_CONFIG=/var/maven/.m2 \
-v $PWD:$PWD:rw \
-w $PWD \
maven:alpine \
mvn -Duser.home=/var/maven "$#"

How to run cucumber/selenium tests in Docker?

I am struggling to run my cucumber tests from a Docker image.
Here is my setup:
I use OSX with XQuartz to run an X11 session
I use an Ubuntu 14 Vagrant image for development where I forward my X11 session
I am trying to run a docker image with Firefox that will use my XQuartz session for display
So far, I managed to start Firefox with the following setup:
# Dockerfile
FROM ubuntu:14.04
RUN apt-get update && apt-get install -y firefox
# Replace 1000 with something appropriate ;)
RUN export uid=1000 gid=1000 && \
mkdir -p /home/developer && \
echo "developer:x:${uid}:${gid}:Developer,,,:/home/dev:/bin/bash" >> /etc/passwd && \
echo "developer:x:${uid}:" >> /etc/group && \
echo "developer ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/developer && \
chmod 0440 /etc/sudoers.d/developer && \
chown ${uid}:${gid} -R /home/developer
USER developer
ENV HOME /home/developer
CMD /usr/bin/firefox
I can start Firefox with --net=host from my Vagrant machine:
docker build -t firefox .
docker run --net=host -ti --rm -e DISPLAY=$DISPLAY -v $HOME/.Xauthority:/home/developer/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix:rw firefox:latest
But this is not ideal because I can't link other containers to my machine in the docker-compose.yml file. Ideally, I would like to run my docker machine without --net=host like this:
docker build -t firefox .
docker run -ti --rm -e DISPLAY=$DISPLAY -v $HOME/.Xauthority:/home/developer/.Xauthority -v /tmp/.X11-unix:/tmp/.X11-unix:rw firefox:latest
But I get the following error:
error: XDG_RUNTIME_DIR not set in the environment.
Error: cannot open display: localhost:10.0
Please help :)
You could simply use elgalu/docker-selenium to avoid dealing with what's already solved for you, and maintained:
docker run --rm -ti --net=host --pid=host --name=grid \
-e SELENIUM_HUB_PORT=4444 -e TZ="US/Pacific" \
-v /dev/shm:/dev/shm --privileged elgalu/selenium
If you need advanced features like a dashboard with video recording for example, or live preview, you can use Zalenium and start it with:
curl -sSL https://raw.githubusercontent.com/dosel/t/i/p | bash -s start -i

Resources