Running OTNSX in a Docker container

In march of this year we released a whitepaper on automating security using a helpdesk system. For the whitepaper we where using VMware NSX and OTRS. The middleware we created to service it all was given the name OTNSX. More recently I have started playing around with Docker and I needed something as a goal. So why not try to get OTNSX up and running in a container?  :-)

Setting up the Docker host

For my setup I choose to go with CentOS (version 7, 64-bit). You can run Docker on almost any OS (commands might differ from this article), but I was recommended to use CentOS thus decided to use that.

Before you can install Docker you need to install some additional packages:

yum install -y yum-utils device-mapper-persistent-data lvm2

  • Yum-utils adds some utility to yum config manager
  • Device-mapper-persistent-data & lvm2 are required by the

Also run this command to add a repository that we can use during the creation of images containing the Centos OS:

yum-config-manager –add-repo

Next install Docker and start the service:

yum install docker-ce

systemctl start docker

After the installation you can test your Docker installation by running the following command:

docker run hello-world

Since this is the first time running the specific image, it will first download the image from the Docker repository and then run that image in a container.

Docker hello world

Creating OTNSX image

To build an image you first need to create a Docker file. This file contains commands that the Docker engine will execute while building your image. From what I could find the easiest thing to do is create a new directory and in that directory create a file called “Dockerfile” (including the capitol D). This seems to be the default file name used with the build command.

Now edit the Dockerfile with your preferred editor and enter the following lines:

FROM centos RUN yum -y install epel-release RUN yum -y install python-pip RUN yum -y install git RUN git clone RUN pip install -qr OTNSX/requirements.txt EXPOSE 5000 CMD [“python”,“OTNSX/”]

Once the Dockerfile is done you can start the image building process by running the following command:

docker build . -t otnsx

The “.” indicates that the command should look in the local directory for the Dockerfile. And the “-t” flag gives the image a tag that can be used in later commands. Docker build

After the build is ready you can pull up a list of images with:

docker images

Starting a container

Only thing left now is starting a container based on the image we just created:

docker run -t -i -p 80:5000 otnsx

With “-t” indicates that we want to run the container in terminal mode. By adding “-i” we also me the container interactive. Normally I don’t think you will be using these switches, but can come in handy when you are running your container for the first time.

The “-p” flag allows us to link port 80 of the container host to port 5000 on the container. Meaning that we can browse to http://:80 and we will be redirected to port 5000 on that container.

Docker OTNSX running

As mentioned in the beginning of this article, these are my first steps into the (Docker) container world. So what I described might be far from optimal. But I at least hope this article can be used as a stepping stone into this fast growing industry.