there is the docker registry, which needs to be held clean.Docker was meant to be "read-only" and to serve content to customers. Why not docker? Docker is great, I use it too.
Docker create ssh tunnel update#
update the golden image and spread it to all machines again.stop a or all vm with an ansible command.revoke user rights or permissions on every or a single vm.add further content onto the running vm's easily.To automate processes you can use tools like ansible or saltstack. Kvm works great on cli but also has some small gui tools, where you can easily get hold of the root console in no time and also see the ressources used of every virtual machine on one screen. every VM can be shutdown/stopped/restarted over GUI or ssh.every machine has it's own (bridged) unique ip address.you snapshot a golden image and copy it to every machine at the first day.you can control every VM through a single GUI tool.You can even overcommit like you could with docker, that's so cool. No need to worry about troubleshooting memory hogs, permission problems, CPU. The KVM hypervisor is as clever as dokcer and makes sure that every vm doesn't get all the ressources even if one VM tries to go nuts. I'd rather use KVM and ansible/saltstack/puppet and have a master snapshot VM. So you can suggest another way to acquire this requirement, of course. While it's possible that it's XY problem, the reason why I want this because I don't want the server ruined by a single user. I have read various Docker and SSH documents but not been able to find an appropriate solution. The final goal is that all students can write and build their programs on the Linux environment through Bash shell, and do pretty much everything else within the SSH session. It clearly means the server will have to redirect SSH requests to each own Docker depending only on usernames.
The problem is very simple, "how to access to the designated docker using SSH with the same domain/port for each user".
Without it you may get an error similar to ERROR 2002 (HY000): Can't connect to MySQL server on 'mysql' (115) in the app container.
i ~/.ssh/secretkey.pem means we're using the secretkey.pem private key file for authentication, and because of the volume mount defined in docker-compose.yml it refers to a file of the same location on the host machine. Let's break down the options used in the SSH command.
Docker create ssh tunnel download#
I'm using Alpine Linux as the base image for the tunnel because of its small download size (and likeliness you have it cached), but you could choose another base such as Debian. With the command: docker-compose up -build
Docker create ssh tunnel apk#
We can open the tunnel in a second container in the same network as our application container automatically with Docker Compose.ĭocker-compose.yml config file: version: '3' services: mysql: image: alpine:latest command: sh -c "apk update & apk add openssh-client & while true do ssh -i ~/.ssh/secretkey.pem -nNT -L *:3306.:3306 done" volumes: - ~/.ssh:/root/.ssh:ro expose: - 3306 app: image: alpine:latest command: sh -c "apk update & apk add mysql-client & MYSQL_PWD=poorpassword -host=mysql -port=3306 -user=dev -execute 'SELECT 1'" depends_on: - mysql
First Option: Tunnel from the Hostīecause containers are intended to be ephemeral, an obvious solution is to open a long-running tunnel on the host machine: ssh -nNT -L 3306.:3306 connect to it from within the container: MYSQL_PWD=poorpassword mysql -host= -port=3306 -user=dev -execute "SELECT 1"īut I'm a big fan of running fewer commands to achieve the same result. Rather than open the tunnel on the host machine and have the container connect through I thought I'd configure it all in one place with Docker Compose. The AWS RDS instance is inside the same VPC as a bastion host that runs the SSH server. I recently had the need to tunnel a database connection from a local Docker container to a remote MySQL server.
0 kommentar(er)
