docker and elevated priv - powershell

Is it possible to run docker without elevated priv ex. (docker version).
Im trying to run a command on another machine (windows server with docker as service) with powershell invoke command but it seems as long as the docker insists on elevated priv i cannot.
So if i can get "docker verison" to work im all set.
The error i get is
docker.exe: error during connect: Post http://%2F%2F.%2Fpipe%2Fdocker_engine/v1.39/containers/create: open //./pipe/docker_engine: Access is denied. In the default daemon configuration on Windows, the docker client must be run elevated to connect. This error may also indicate that the docker daemon is not running.
See 'C:\Program Files\Docker\docker.exe run --help
it works with an elevated powershell.
Any ideas?

This is normal - by default, a local named pipe is used for the Docker CLI to communicate with the service (aka daemon).
For development use you can configure the host machine's Docker service ("daemon") for TCP access but this is the least secure option. Just put this text in file daemon.json:
{
"hosts": ["tcp://0.0.0.0:2375"]
}
Once this is done you can connect with e.g.
docker --host tcp://1.2.3.4:2375 version
If this is for production use, you probably need to look at a container orchestration system.
A middle ground would be to useAttach-PSSession to attach to an admin PowerShell session on the remote machine. This still requires a privileged user but does work remotely.

Related

Dockerfile runs on Mac but won't run on Linux behind my proxy

I have the following Dockerfile , for a container that runs just fine on my Mac, (I'm using docker-machine)
FROM perl:latest
RUN cpanm SOAP::Lite
RUN cpanm LWP::Simple
COPY . /usr/src/myapp
WORKDIR /usr/src/myapp
ENTRYPOINT [ "perl", "./doceng_purge_tools/bin/akamai_purge_pattern_generic.pl" ]
# CMD /bin/bash
# docker build -t my_perl_purger_001 .
# docker run -t my_perl_purger_001 -pattern cd/Q14299_01 -server prod
However, when I run it using docker on my corporate network. I get a low-level SSL error.
Forgive my ignorance, but I thought a feature of docker is that I can be shielded from these platform gotchas.
Is there a way I can package this up, on my Mac, and just run the container in my Linux environment, behind my firewall?
I can supply more details about the SSL errors, if that helps.
... and just run the container in my Linux environment, behind my firewall?
...Can't connect to control.akamai.com:443
... but I thought a feature of docker is that I can be shielded from these platform gotchas.
If you run docker behind a firewall which prohibits connections to outside you can not expect to get a connection. Docker does not create some magic tunnel through the firewall but relies instead on the existing network, same es it relies on the existence of the CPU, RAM and storage. Proper network is just another resource you need to provide for your docker image.

How to use the "Remote Systems" view in Eclipse to explore a Docker container file system?

The Eclipse Remote Systems view is a great tool to connect to VMs and explore their file systems, currently the following options are available:
First I find out the container IP by running this command:
docker inspect <container> | grep IPAddress | cut -d '"' -f 4
Once I have the IP, I launch the New Connection wizard from the Remote Systems view, I tried to select Linux, SSH only and FTP only and in the Hostname field I paste the container IP, click Finish and the connection seems to be successfully created, now when I try to expand the the Files node it prompts for User and Password, the problem is that I don't have that info, does the user/pass vary from container to container? how can I get this info?
You can just instantiate a container with that image but with a shell so that you can see what usernames are configured on that image.
docker run -it node /bin/bash
You can then configure users, password and do a:
docker commit <image-name> my-node:0.1
Then you can instantiate a new container:
docker run -d -p 80:9080 -p 443:9443 my-node
Is ssh also running in that container? If not you will have to install it into the container so that you can ssh to it.
A docker container only runs a single parent process at a time (on your host machine that parent process is 'init' which runs a bunch of system services). In the case of your node container, that parent process is a node server.
Eclipse connects to a remote machine by connecting to a listener on that machine using some protocol. SSH of FTP, for example. With the docker container, there is no process listening for this connection, so you cannot connect using Eclipse as it is. You have two options...
Use the command line and docker exec to connect to the machine and explore its filesystem. No pretty pictures, but you don't need a lot of knowledge.
Modify your container in some way to connect to it. you have two options here...
A. Modify your image to run an SSH daemon. A simple way to do that is to use the phusion/baseimage container as your parent, and have it spawn both the ssh daemon and the node server. You need to know a good amount about linux sysadmin to get this working (not a lot, but a good amount).
B. Launch a second copy of the container with a different command, such as ssh -d. You can then connect to the second copy. This has the downside that it won't be the same container you're interested in, and you STILL have to modify the image since I doubt the node image even has an ssh daemon installed... but it is less knowledge than wrapping your head around runit.

Install windows service with PsExec?

Is it possible to remotely install a Windows system serive using PsExec? The files are already on the remote system; I am trying to use
psexec \\remote-host-name -u myusername -p mypassword PathToExecutable
where PathToExecutable is the path to some executable which is intended to install the service; somehow the service is not installed due to unclear reasons. Is remote installation via PsExec possible at all?
In my case, the issue was fixed by using the command line parameter:
-h If the target system is Vista or higher, has the process
run with the account's elevated token, if available.
to run the command with administrator permissions.

What is veewee waiting for when it's waiting for ssh login?

When veewee is displaying the following message, Waiting for ssh login on 127.0.0.1 with user veewee to sshd on port => 7222 to work, timeout=10000 sec what exactly is it waiting on?
As far as I can tell there is a ssh server on port 7222 on the host that veewee has put up and it's waiting on that. This means that something in the guest is going to connect back to it. However, I can't figure out what that thing might be - and thus I can't debug further.
Further details
I'm trying to build a virtualbox image for vagrant with the CentOS-6.3-x86_64-minimal template. My steps:
bundle exec veewee vbox define 'ejs-centos6.3-1' 'CentOS-6.3-x86_64-minimal'
wget http://mirror.symnds.com/distributions/CentOS-vault/6.3/isos/x86_64/CentOS-6.3-x86_64-minimal.iso
bundle exec veewee vbox build 'ejs-centos6.3-1'
The CentOS install appeared to run without error but it's stuck waiting for the ssh login.
You're right, there's a Ssh server on listening on port 7222, but it's on the guest (VM), not the host.
The host (Veewee) is waiting to connect to it. This SSH service is supposed to become available when the VM install process finishes, that's one of the steps used by Veewee to assume that the setup went fine and that the VM is ready.
If Veewee blocks and never gets this SSH connection, I think there could be multiple reasons:
VM setup went wrong and something prevents it from finishing successfully. Check Veewee output and the Virtualbox VM graphical console that should have opened when launching vewee box build.
There's something preventing your host computer to connect to the VM at the network level.
The VM image doesn't have Sshd installed, and/or the veewee box configuration files (in veewee/definitions/ejs-centos6.3-1/) miss instructions to install the ssh package
You should try to login to the VM using Virtuabox console window and check if there's an ssh package installed (rpm -qa | grep openssh-server) and a process named sshd running.
I've run Veewee against Centos 7 built with GUI on and it stuck on anaconda asking for source of packages. I've checked the ks.cfg and it was pointing to dead resource (404). After pointing to valid url it went through.

Restart PostgreSQL Remotely

Can I remotely restart a PostgreSQL server throught PGAdmin ? The user I currently is the administrative privileges.
Regards,
Dino
I don't think there is such possibility. At best you can reload connected PostgreSQL server using pg_reload_conf() function:
pg_reload_conf sends a SIGHUP signal
to the server, causing configuration
files to be reloaded by all server
processes.
Command:
SELECT pg_reload_conf();
You can also install adminpack contrib module and reload server using Tools menu.
EDIT:
According to pgAdmin documentation:
If pgAdmin is running on a Windows
machine, it can control the postmaster
service if you have enough access
rights. Enter the name of the service.
In case of a remote server, it must be
prepended by the machine name (e.g.
PSE1\pgsql-8.0). pgAdmin will
automatically discover services
running on your local machine.
If pgAdmin is running on a Unix
machine, it can control processes
running on the local machine if you
have enough access rights. Enter a
full path and needed options to access
the pg_ctl program. When executing
service control functions, pgAdmin
will append status/start/stop keywords
to this. Example: sudo
/usr/local/pgsql/bin/pg_ctl -D
/data/pgsql
You can try use Start Service/Stop Service options (in Tools menu) to restart remote server.