IBM/secure-gateway-client docker run with the –F (acl file) option
I have been reading the documentation and still cannot work out how to get the IBM/Secure-Gateway-client to run with an ACL file option within docker.
I have pulled the client docker image, and have been using the following syntax:
bash -c 'nohup docker run ibmcom/secure-gateway-client --F aclfile.txt xxx_stage_ng > tmp/run_sgc.log 2>&1 &'
All I get in the log is the following:
[2015-09-30 11:30:41.764] [ERROR] An exception occurred reading or processing the ACL file, error is Error: ENOENT, no such file or directory 'aclfile.txt' [2015-09-30 11:30:41.764] [WARN] The ACL has been set to DENY ALL until this is fixed. [2015-09-30 11:30:43.779] [INFO] The Secure Gateway tunnel is connected
I have given the full path to the file, no path (as above) and any interim option I can think of. The container runs, but not with the options I want to specify in the ACL file.
2 Solutions collect form web for “IBM/secure-gateway-client docker run with the –F (acl file) option”
This is what I did:
1) Created a Dockerfile to include the aclfile.txt
FROM ibmcom/secure-gateway-client ADD aclfile.txt /tmp/aclfile.txt
2) Built a new docker image
docker build -t ads-secure-gateway-client .
3) Run new docker image (need to specify -t and -i options, otherwise would get error file not found):
docker run -t -i ads-secure-gateway-client --F /tmp/aclfile.txt
4) Got the following output:
[2015-09-30 16:50:32.084] [INFO] The current access control list is being reset and replaced by the user provided batch file: /tmp/aclfile.txt [2015-09-30 16:50:32.086] [INFO] The ACL batch file process accepts acl allow :8000 [2015-09-30 16:50:32.087] [INFO] The ACL batch file process accepts acl deny localhost:22
I hope that helps.
To use the interactive ‘cp’ support in docker from your host to the docker instance you must be at docker 1.8.0. You can check this using:
Once you have done this, your version should display as follows. It is recommended that you allow docker to run as non-root user, so run the command that is suggested after you have upgraded you engine to 1.8.0 or 1.8.2.
Client: Version: 1.8.2 API version: 1.20 Go version: go1.4.2 Git commit: 0a8c2e3 Built: Thu Sep 10 19:21:21 UTC 2015 OS/Arch: linux/amd64 Server: Version: 1.8.2 API version: 1.20 Go version: go1.4.2 Git commit: 0a8c2e3 Built: Thu Sep 10 19:21:21 UTC 2015 OS/Arch: linux/amd64
Then to push out your acl file list to the docker image follow these steps:
Run ‘docker ps’ command to find your container ID
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
764aadce386b ibmcom/secure-gateway-client “node lib/secgwclient” 27 seconds ago Up 26 seconds condescending_nobel
Copy your acl.list using the ‘docker cp’ command using either the container ID or name:
docker cp 01_client.list 764aadce386b:/root/01_client.list
Next, in the secure gateway client running in docker:
cli> F /root/01_client.list
[2015-10-01 08:12:30.091] [INFO] The current access control list is being reset and replaced by the user provided batch file: /root/01_client.list [2015-10-01 08:12:30.093] [INFO] The ACL batch file process accepts acl allow 127.0.0.1:27017 [2015-10-01 08:12:30.094] [INFO] The ACL batch file process accepts acl allow 127.0.0.1:22