IBM / secure-gateway-client docker与--F（acl文件）选项一起运行

Question

I have been reading the documentation and still cannot work out how to get the IBM/Secure-Gateway-client to run with an ACL file option within docker.

I have pulled the client docker image, and have been using the following syntax:

bash -c 'nohup docker run ibmcom/secure-gateway-client --F aclfile.txt xxx_stage_ng  > tmp/run_sgc.log 2>&1 &'

All I get in the log is the following:

[2015-09-30 11:30:41.764] [ERROR] An exception occurred reading or processing the ACL file, error is Error: ENOENT, no such file or directory 'aclfile.txt'
[2015-09-30 11:30:41.764] [WARN] The ACL has been set to DENY ALL until this is fixed.
[2015-09-30 11:30:43.779] [INFO] The Secure Gateway tunnel is connected

I have given the full path to the file, no path (as above) and any interim option I can think of. The container runs, but not with the options I want to specify in the ACL file.

Answer 1

This is what I did:

1) Created a Dockerfile to include the aclfile.txt

FROM ibmcom/secure-gateway-client
ADD aclfile.txt /tmp/aclfile.txt

2) Built a new docker image

docker build -t ads-secure-gateway-client .

3) Run new docker image (need to specify -t and -i options, otherwise would get error file not found):

docker run -t -i ads-secure-gateway-client  --F /tmp/aclfile.txt

4) Got the following output:

[2015-09-30 16:50:32.084] [INFO] The current access control list is being reset and replaced by the user provided batch file: /tmp/aclfile.txt
[2015-09-30 16:50:32.086] [INFO] The ACL batch file process accepts acl allow :8000
[2015-09-30 16:50:32.087] [INFO] The ACL batch file process accepts acl deny localhost:22

I hope that helps.

Answer 2

To use the interactive 'cp' support in docker from your host to the docker instance you must be at docker 1.8.0. You can check this using:

docker --version

Once you have done this, your version should display as follows. It is recommended that you allow docker to run as non-root user, so run the command that is suggested after you have upgraded you engine to 1.8.0 or 1.8.2.

Client:
 Version:      1.8.2
 API version:  1.20
 Go version:   go1.4.2
 Git commit:   0a8c2e3
 Built:        Thu Sep 10 19:21:21 UTC 2015
 OS/Arch:      linux/amd64

Server:
 Version:      1.8.2
 API version:  1.20
 Go version:   go1.4.2
 Git commit:   0a8c2e3
 Built:        Thu Sep 10 19:21:21 UTC 2015
 OS/Arch:      linux/amd64

Then to push out your acl file list to the docker image follow these steps:

1. Run 'docker ps' command to find your container ID

   CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 764aadce386b ibmcom/secure-gateway-client "node lib/secgwclient" 27 seconds ago Up 26 seconds condescending_nobel

2. Copy your acl.list using the 'docker cp' command using either the container ID or name:

   docker cp 01_client.list 764aadce386b:/root/01_client.list

3. Next, in the secure gateway client running in docker:

   cli> F /root/01_client.list

     [2015-10-01 08:12:30.091] [INFO] The current access control list is being reset and replaced by the user provided batch file: /root/01_client.list [2015-10-01 08:12:30.093] [INFO] The ACL batch file process accepts acl allow 127.0.0.1:27017 [2015-10-01 08:12:30.094] [INFO] The ACL batch file process accepts acl allow 127.0.0.1:22