I am trying to make a docker image for one of my simulators. But is the docker image on the server shared by all users?
I just tried the docker images command, and the results showed that there are several images:
ubuntu latest 9873176a8ff5 2 months ago 72.7MB
hello-world latest d1165f221234 6 months ago 13.3kB
mpx_evaluation latest ae93b04419ab 13 months ago 686MB
ubuntu 16.04 77be327e4b63 18 months ago 124MB
e9patch/e9patchdemo latest e73fd4d392d8 19 months ago 696MB
neo4j latest 7e40ffda399a 2 years ago 362MB
Are these images used by others? I don’t want everyone to be able to see the image I made. Is there any way? Why is the images public to everyone? What if someone deletes my image by mistake?
The model of the server I am using is: Linux server81 4.15.0-142-generic #146~16.04.1-Ubuntu SMP Tue Apr 13 09:27:15 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Many people use this server.
Whoever has access to the docker socket, which is an interface to control the docker daemon (which is for example responsible for building a docker image), will see your images on the host machine. In general, users with root access have access to the docker socket and hence can see your images.
If you were the only root user on the machine, other users would not have access to the images in case that they were not in the docker group (https://docs.docker.com/engine/install/linux-postinstall/).
But other than that I don't see a possibility on how to make your images "private" from other users controlling the docker socket.
Related
I had this working, but it no longer does, and I somewhat-suspect a docker volume problem as well as somewhat-suspect a permissions issue, and also somewhat suspect an OS upgrade. But I really don’t know what the problem is.
Inside the splunk container, I see:
[root#splunk splunk]# cat /opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf
[http]
disabled = 0
[http://splunk_hec_token]
disabled = 0
token = really-big-token-thingie
Which is really not what I want.
And outside the splunk container (on the MacOS side), I see:
$ cat splunk-files/opt-splunk-etc-apps-splunk_httpinput-local/inputs.conf
cmd output started 2022 Mon May 02 04:19:43 PM PDT
[http]
disabled = 0
[http://splunk_hec_token]
disabled = 0
token = really-big-token-thingie
index = dev_game-publishing
That is what I want.
In my docker-compose, I have (among other things) :
volumes:
- ./splunk-files/opt-splunk-etc-apps-splunk_httpinput-local/ /opt/splunk/etc/apps/splunk_httpinput/local/
(That long volume line is all-one-line. It may or may not be wrapping when you view it, though it is wrapping in this editor)
I tried both setting up a volume for the entire directory, as well as just that one file. I’m hearing that doing an entire directory tends to be more reliable, but both failed the same way.
The directory containing the file is owned by splunk and has restrictive permissions:
[ansible#splunk splunk]$ cat /opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf
cat: /opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf: Permission denied
[ansible#splunk splunk]$ ls -l /opt/splunk/etc/apps/splunk_httpinput/
total 12
drwxr-xr-x 2 splunk splunk 4096 Jan 15 03:31 default
drwx------ 2 splunk splunk 4096 May 2 22:14 local
drwx------ 2 splunk splunk 4096 May 2 22:14 metadata
[ansible#splunk splunk]$
Which explains why the ansible user can’t cat it. But is ansible painting itself into a corner and preventing itself from making all the changes I need?
I also upgraded from MacOS 11.x to 12.3 in between when this was working, and when it stopped. I don’t know if that’s related or not.
How can I get the desired content inside the container, automatically?
Thanks for any and all suggestions!
Your volume spec looks broken. Usually you join the host path with a colon to the container path.
volumes:
- ./splunk-files/opt-splunk-etc-apps-splunk_httpinput-local:/opt/splunk/etc/apps/splunk_httpinput/local
I guess that's why inside the image you see the default content of this directory, as your local directory is never properly mounted.
I have two VM running gitblit under jetty version 9.2.11. Both are using java 8 (lastest update "1.8.0_77") in a ubuntu server 14.04.
The only difference that I've noticed is the kernel version
One of them is
2.6.32-042stab111.12 #1 SMP Thu Sep 17 11:38:20 MSK 2015 x86_64 x86_64 x86_64 GNU/Linux (lets call it server 1)
and the other one is
2.6.32-042stab113.21 #1 SMP Wed Mar 23 11:05:25 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux (lets call it server 2)
On server 1, everything works fine.
But on Server 2, the context of gitblit is not up and runinng.
The last record in log is:
2016-04-12 22:22:53 [INFO ] Federation passphrase is blank! This server can not be PULLED from.
2016-04-12 22:22:53 [INFO ] Fanout PubSub service is disabled.
2016-04-12 22:22:53 [INFO ] Git Daemon is listening on 0.0.0.0:9419
After that, jetty's service is failing, and context isn't available. The application stays with status STARTING forever.
I've tried to reinstall ssh server and client with no success.
Can someone help me with that?
Regards
A few days after I post my question I've found the correct answer.
I followed the steps bellow to detect the root cause of problem:
I've downloaded the source code of gitblit's version I'm using. In this case, version 1.7.1 available here.
With source code I added some quick logs (using sysout) only to check when the application freezing. I noticed that problem was in code of Apache MINA sshd.
I've also downloaded the source code of Apache MINA sshd to debug. In this case I wasn't able to add sysout, then I chose to do a remote debugging in my jetty running on server as described here.
Of course that it was a little bit slowly, but I noticed that when the sshd's code called SecureRandom.generateSeed(8) in class SecurityUtils.BouncyCastleRandom
public BouncyCastleRandom() {
ValidateUtils.checkTrue(isBouncyCastleRegistered(), "BouncyCastle not registered");
this.random = new VMPCRandomGenerator();
byte[] seed = new SecureRandom().generateSeed(8);
this.random.addSeedMaterial(seed);
}
The system used to freeze completely.
After a long time searching on the internet I've found this link/blog https://blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/ and when I typed the command cat /proc/sys/kernel/random/entropy_avail I was always getting 0 (zero) as result.
I was aware that my Linux is a VPS running under openvz hosted in host1plus. Based on that, I asked to VPS provider check the reason that in my VPS I was always getting zero as result.
The answer from Technical support was:
We have enabled the random device for your VPS. Please check if it works works for you and if the issue is solved.
After that update my gitblit was backing to up and running state.
When I attempt to start the docker image tobert/cassandra from https://github.com/tobert/cassandra-docker I get the following error. Can anyone explain what this error means?
os.MkdirAll('/data/conf') failed: %!s(MISSING)
The command I am running is:
sudo docker run -v /data/cassandra:/data tobert/cassandra
I have created the directory /data/cassandra in my host os of RH Linux. I have even opened up the permissions all the way to see if it was a permission issue.
drwxrwxrwx. 2 root root 6 Apr 10 12:10 cassandra
Is SELinux enabled? You're doing everything right so something else must be blocking mkdir. Please check your syslog (RHEL <= 6.x) or journalctl (RHEL 7).
I have a fresh, text-only installation of openSuSe 13.1 (physical server, old Samsung netbook), and I'm trying to get OTRS up and running. I've installed OTRS using the below commands. I don't think they're all necessary, but someone in the OtterHub forums had a successful installation with the software versions I'm targeting using this sequence, so I was trying to piggyback on that success.
zypper in otrs-3.3.4-01.noarch.rpm gcc make mysql-community-server perl-Crypt-SSLeay perl-JSON-XS perl-YAML-LibYAML
zypper in perl-Text-CSV_XS perl-PDF-API2 perl-GDGraph perl-Encode-HanExtra postfix perl-DBD-mysql
cd ~otrs && bin/otrs.SetPermissions.pl --otrs-user=otrs --web-user=wwwrun --otrs-group=www --web-group=www /opt/otrs
rcmysql start
systemctl start apache2.service
mysqladmin --user=root password password
All of that works fine. I'm able to get to the OTRS web installer, but that's where I get hung up. I get to the part of the web installer that creates the database, and it times out. The script successfully creates the database and updates Config.pm with the new password. I can't tell from installer.pl what it tries to do next.
Here's the error from /var/log/apache2/error_log:
[Tue Jan 28 20:53:23.136306 2014] [cgi:warn] [pid 6856] [client 192.168.1.10:52732] AH01220: Timeout waiting for output from CGI script /opt/otrs/bin/cgi-bin/installer.pl, referer: http://svr-clptest/otrs/installer.pl
[Tue Jan 28 20:53:23.136470 2014] [cgi:error] [pid 6856] [client 192.168.1.10:52732] Script timed out before returning headers: installer.pl, referer: http://svr-clptest/otrs/installer.pl
The browser displays the following:
The gateway did not receive a timely response from the upstream server or application.
This is on a local network at home. I'm accessing the Linux server using PuTTY from a Windows 8 machine. I'm using a wireless connection from the Windows 8 machine, but the server has a hard line connection to the router, if that makes any difference. I don't have any trouble executing anything from PuTTY or accessing the index page through the browser (Firefox 26). I've tried connecting from a computer on my network, and one off of my network. In both cases, I'm able to get to my domain and the web installer. But I can't make a PuTTY connection to the server from outside my network.
I've spent a couple of hours researching the error, and I can't figure out what the next step should be.
Right now, a text-only version of openSUSE and OTRS are the only things running on the machine. I haven't done anything else with it. I'm open to starting the installation from scratch again--OS and all. I'm thinking that the timeout error has something to do with my firewall settings, but I'm not a network guy. Really have no idea how to diagnose this.
UPDATE
I tried reinstalling everything fresh tonight, but then added KDE so I could walk through the web installer on the host. I get exactly the same errors. It's not a problem between server and client. Something's wrong with OTRS... Or maybe with apache?
I eventually just had to follow the steps for manual installation instead of using the web installer. Not sure where the problem was exactly, but no matter what I tried, I couldn't get the database setup to work through the web installer. If you're having a similar problem, once you get to the part of the instructions that tell you to move to the web installer, you can switch over to the instructions to install from source and pick it up from manual installation of the database.
I have installed docker.io on CentOS 6.4 64 bit following the steps mentioned here: http://nareshv.blogspot.in/2013/08/installing-dockerio-on-centos-64-64-bit.html
Now I am able to start the docker daemon. When I am searching for a container as follows it's giving me result
[root#test ~]# docker search tutorial
Found 8 results matching your query ("tutorial")
NAME DESCRIPTION
mhubig/echo Simple echo loop from the tutorial.
learn/tutorial
jbarbier/tutorial1
mzdaniel/buildbot-tutorial
kyma/ping Ping image from the tutorial.
ivarvong/redis From the redis tutorial. Just redis-server and telnet on the base image.
amattn/postgresql-9.3.0 precise base, PostgreSQL 9.3.0 installed w/ default configuration. http://amattn.com/2013/09/19/tutorial_postgresql_us...
danlucraft/postgresql Postgresql 9.3, on port 5432, un:docker, pw:docker. From following the Postgresql example tutorial.
But When I am trying to pull a container it's giving me below error
[root#test ~]# docker pull learn/tutorial
Pulling repository learn/tutorial
8dbd9e392a96: Error pulling image (latest) from learn/tutorial, Authentication is required.
2013/10/08 02:50:01 Internal server error: 404 trying to fetch remote history for learn/tutorial
How to set the authentication and where? Please help
I had the same problem and this answer was the solution for me.
It was a time-zone issue. I ran docker on a VM, and my host and guest clock had different ctimezone, the authentication failure was due to clock divergence. Once I setup ntp correctly (with HW clock set to UTC) on my host, this problem went away.