Running OTNSX in a Docker container
In march of this year we released a whitepaper on automating security using a helpdesk system. For the whitepaper we where using VMware NSX and OTRS. The middleware we created to service it all was given the name OTNSX. More recently I have started playing around with Docker and I needed something as a goal. So why not try to get OTNSX up and running in a container? :-)
Setting up the Docker host
For my setup I choose to go with CentOS (version 7, 64-bit). You can run Docker on almost any OS (commands might differ from this article), but I was recommended to use CentOS thus decided to use that.
Before you can install Docker you need to install some additional packages:
yum install -y yum-utils device-mapper-persistent-data lvm2
- Yum-utils adds some utility to yum config manager
- Device-mapper-persistent-data & lvm2 are required by the
Also run this command to add a repository that we can use during the creation of images containing the Centos OS:
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
Next install Docker and start the service:
yum install docker-ce systemctl start docker
After the installation you can test your Docker installation by running the following command:
docker run hello-world
Since this is the first time running the specific image, it will first download the image from the Docker repository and then run that image in a container.
Creating OTNSX image
To build an image you first need to create a Docker file. This file contains commands that the Docker engine will execute while building your image. From what I could find the easiest thing to do is create a new directory and in that directory create a file called “Dockerfile” (including the capitol D). This seems to be the default file name used with the build command.
Now edit the Dockerfile with your preferred editor and enter the following lines:
FROM centos RUN yum -y install epel-release RUN yum -y install python-pip RUN yum -y install git RUN git clone https://github.com/vmguru/OTNSX.git RUN pip install -qr OTNSX/requirements.txt EXPOSE 5000 CMD ["python","OTNSX/otnsx.py"]
|FROM centos||Downloads the centos image that is available at the Docker repository|
|RUN yum -y install epel-release||This will add the “Extra Packages for Enterprise Linux” repository needed to install python-pip|
|RUN yum -y install python-pip||Installs python-pip which we will use to get the requirements needed for OTNSX|
|RUN yum -y install git||Installs Git so we can download OTNSX from Github|
|RUN git clone https://github.com/vmguru/OTNSX.git||Downloads OTNSX from Github|
|RUN pip install -qr OTNSX/requirements.txt||Gets the requirements needed to run OTNSX|
|EXPOSE 5000||Opens port 5000 once the container is running, allowing access to the OTNSX service|
|CMD [“python”,”OTNSX/otnsx.py”]||Once the container is started this command will be executed. In this case resulting in OTNSX being started|
Once the Dockerfile is done you can start the image building process by running the following command:
docker build . -t otnsx
After the build is ready you can pull up a list of images with:
Starting a container
Only thing left now is starting a container based on the image we just created:
docker run -t -i -p 80:5000 otnsx
With “-t” indicates that we want to run the container in terminal mode. By adding “-i” we also me the container interactive. Normally I don’t think you will be using these switches, but can come in handy when you are running your container for the first time.
The “-p” flag allows us to link port 80 of the container host to port 5000 on the container. Meaning that we can browse to http://<container-host>:80 and we will be redirected to port 5000 on that container.
As mentioned in the beginning of this article, these are my first steps into the (Docker) container world. So what I described might be far from optimal. But I at least hope this article can be used as a stepping stone into this fast growing industry.
- How to run Containers as a Service – Secure Docker… by Erik Scholten
- How to run Containers as a Service – Part 2 by Dimitri De Swart
- VMware NSX & OTRS – Automating Security… by Martijn Smit
- How to run Containers as a Service – Part 1 by Dimitri De Swart
- Containers Containers Containers even in 2017? by Alex Muetstege