IBM/secure-gateway-client docker run with the –F (acl file) option

I have been reading the documentation and still cannot work out how to get the IBM/Secure-Gateway-client to run with an ACL file option within docker.

I have pulled the client docker image, and have been using the following syntax:

  • My boot2docker installation seems to not be working. What am I doing wrong?
  • Difference between sh and bash
  • Unable to run shell script using dockerfile
  • when mounting a host directory -v option. Are the mounts available by the time the ENTRYPOINT starts?
  • File is not created in Docker
  • Configure uwsgi and nginx using Docker
  • bash -c 'nohup docker run ibmcom/secure-gateway-client --F aclfile.txt xxx_stage_ng  > tmp/run_sgc.log 2>&1 &'
    

    All I get in the log is the following:

    [2015-09-30 11:30:41.764] [ERROR] An exception occurred reading or processing the ACL file, error is Error: ENOENT, no such file or directory 'aclfile.txt'
    [2015-09-30 11:30:41.764] [WARN] The ACL has been set to DENY ALL until this is fixed.
    [2015-09-30 11:30:43.779] [INFO] The Secure Gateway tunnel is connected
    

    I have given the full path to the file, no path (as above) and any interim option I can think of. The container runs, but not with the options I want to specify in the ACL file.

  • Error “python: not found” in Dockerized PHP application hosted on Elastic Beanstalk
  • Adding docker container to running OpenShift pod
  • docker with pycharm 5
  • flocker-docker-plugin not working on centos7.2
  • assign port docker issue
  • Process window not proceeding after reader.ReadLine()
  • 2 Solutions collect form web for “IBM/secure-gateway-client docker run with the –F (acl file) option”

    This is what I did:

    1) Created a Dockerfile to include the aclfile.txt

    FROM ibmcom/secure-gateway-client
    ADD aclfile.txt /tmp/aclfile.txt
    

    2) Built a new docker image

    docker build -t ads-secure-gateway-client .
    

    3) Run new docker image (need to specify -t and -i options, otherwise would get error file not found):

    docker run -t -i ads-secure-gateway-client  --F /tmp/aclfile.txt
    

    4) Got the following output:

    [2015-09-30 16:50:32.084] [INFO] The current access control list is being reset and replaced by the user provided batch file: /tmp/aclfile.txt
    [2015-09-30 16:50:32.086] [INFO] The ACL batch file process accepts acl allow :8000
    [2015-09-30 16:50:32.087] [INFO] The ACL batch file process accepts acl deny localhost:22
    

    I hope that helps.

    To use the interactive ‘cp’ support in docker from your host to the docker instance you must be at docker 1.8.0. You can check this using:

    docker --version
    

    Once you have done this, your version should display as follows. It is recommended that you allow docker to run as non-root user, so run the command that is suggested after you have upgraded you engine to 1.8.0 or 1.8.2.

    Client:
     Version:      1.8.2
     API version:  1.20
     Go version:   go1.4.2
     Git commit:   0a8c2e3
     Built:        Thu Sep 10 19:21:21 UTC 2015
     OS/Arch:      linux/amd64
    
    Server:
     Version:      1.8.2
     API version:  1.20
     Go version:   go1.4.2
     Git commit:   0a8c2e3
     Built:        Thu Sep 10 19:21:21 UTC 2015
     OS/Arch:      linux/amd64
    

    Then to push out your acl file list to the docker image follow these steps:

    1. Run ‘docker ps’ command to find your container ID

      CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
      764aadce386b ibmcom/secure-gateway-client “node lib/secgwclient” 27 seconds ago Up 26 seconds condescending_nobel

    2. Copy your acl.list using the ‘docker cp’ command using either the container ID or name:

      docker cp 01_client.list 764aadce386b:/root/01_client.list

    3. Next, in the secure gateway client running in docker:

      cli> F /root/01_client.list

       [2015-10-01 08:12:30.091] [INFO] The current access control list is being reset and replaced by the user provided batch file: /root/01_client.list
       [2015-10-01 08:12:30.093] [INFO] The ACL batch file process accepts acl allow 127.0.0.1:27017
       [2015-10-01 08:12:30.094] [INFO] The ACL batch file process accepts acl allow 127.0.0.1:22
      
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.