redis container how to load lua script from host - redis

I am trying to execute a lua script against a redis instance running in a container. The code is very simple 2 liner example.
local foo = redis.call("ping")
return foo
As this file is on the host machine, how do i get it to execute inside docker exec ? Or should I install redis-cli locally to test it?

I think I understood what you want. You have a Lua script on your docker host that you want to load into Redis running inside a docker container without needing redis-cli on the host.
So, start the official Redis in a container as a daemon:
docker run --name some-redis -d redis
Now, assuming your script is on the host in a file called script.lua, you want to load that into dockerised Redis:
docker exec -i some-redis redis-cli -x script load < script.lua
That will return a SHA sum - I got 93126620988a563ac9dd347d02a9cdbbbeaee3c1 - and you can then run the script with:
docker exec -i some-redis redis-cli EVALSHA 93126620988a563ac9dd347d02a9cdbbbeaee3c1 0
PONG
If you want to automate the capture of the SHA sum and its subsequent use:
sha=$(docker exec -i some-redis redis-cli -x script load < script.lua)
Then:
docker exec -i some-redis redis-cli EVALSHA $sha 0
PONG

Related

Cannot use pintos by ssh

I use a docker container to try pintos on my mac(M1). Everything behaves well when I start the container by docker start -i pintos.
However, when I use ssh to connect my docker container(i.e., ssh -p xxxx root#local), error message -bash: pintos: command not found occurs if I try pintos -- in directory /pintos/src/threads/build.

How to keep WIndows Container running?

I need to keep my Windows Container up so I can run further commands on it using docker exec.
On Linux, I'd start it to run either sleep infinity, or tail -f /dev/null. Alternatively, I could borrow pause.c from Kubernetes.
What does this look like on Windows?
Use ping -t localhost will do it
A full run command would be:
docker run -d --name YourContainer mcr.microsoft.com/windows/nanoserver:1809 ping -t localhost
Note: Make sure 1809 is equal with your own windows version from [WIN]+[R] -> winver.
You should then be able to step into the running container instance with the name YourContainer:
docker exec -it YourContainer cmd
Kubernetes on Windows used to use ping
cmd /c ping -t localhost
This would print lots of unnecessary output, so a good improvement should be
cmd /c ping -t localhost > NUL
What Kubernetes does now is to run a custom pauseloop.exe binary.
In late 2022, the current home for wincat/pauseloop is https://github.com/kubernetes/kubernetes/tree/master/build%2Fpause%2Fwindows%2Fwincat. The move was implemented in https://github.com/kubernetes-sigs/sig-windows-tools/pull/270.

How to pass securely SSH Keys to Docker Build?

I want to create a Docker image for devs that reproduces our production servers. Those servers are configured by Ansible.
My idea is to run an ansible-pull to apply all the configuration inside the container. The problem is that I need the SSH key to pull the playbook, but I don't want to share the SSH key on the Docker image.
So, there is a way to have the SSH keys on build time without having them on run time?
Nice question. The simple way to do it is by removing the SSH keys after the Ansible stuff in the build - but because Docker stores images as layers, someone could still find the old layer with the keys in it.
If you build this Dockerfile:
FROM ubuntu
COPY ansible-ssh-key.rsa /key.rsa
RUN [ansible stuff]
RUN rm /key.rsa
The final image will have all your Ansible state and the SSH key will be gone but someone could easily run docker history to look at all the image layers, and just start a container from an intermediate layer before the key was deleted, and grab the key.
The trick would be to do something like this and then use Jason Wilder's docker-squash tool to squash the final image. In the squashed image the intermediate layer is gone and there's no way to get at the deleted key.
I'd setup some local file serving facility available only in your build environment.
E.g. start lighttpd on your build host to serve your pem-files only to local clients.
And in your Dockerfile do add/pull/cleanup in a single run:
RUN curl -sO http://build-host:8888/key.pem && ansible-pull -U myrepo && rm -rf key.pem
In this case it should be done in a single layer, so there should be no trace of key.pem left after layer commit.
This is another solution by using this repo, dockito/vault,
Secret store to be used on Docker image building.
I create a service dockito/vault and Ubuntu image where I attach my private key to the volume and run it as a process using,
docker run -it -v ~/.ssh:/vault/.ssh ubuntu /bin/bash -c "echo mysupersecret > /vault/.ssh/key"
docker run -d -p 14242:3000 -v ~/.ssh:/vault/.ssh dockito/vault
And, here is my Dockerfile
FROM ubuntu:14.04
RUN apt-get update -y && \
apt-get install -y curl && \
curl -L $(ip route|awk '/default/{print $3}'):14242/ONVAULT >
/usr/local
/bin/ONVAULT && \
chmod +x /usr/local/bin/ONVAULT
ENV REV_BREAK_CACHE=1
RUN ONVAULT echo ENV: && env && echo TOKEN ENV && echo $TOKEN
RUN ONVAULT ls -lha ~/.ssh/
RUN ONVAULT cat ~/.ssh/key
You can use the alpine linux to reduce final build size, and built the image as,
docker build -f Dockerfile -t mohan08p/VaultTest .
And, you are done. You can inspect the image. Secrets has not stored inside the image as its empty.
docker run -it mohan08p/VaultTest ls /root/.ssh
This is good technique to pass the .ssh at the build time. Only disadvantage is I need to keep additional Vault service running.
You could mount the SSH Keys into the Container on runtime.
docker run -v /path/to/ssh/key:/path/to/key/in/container image command

Mounting user SSH key in container

I am building a script that will mount some local folders into the container, one of which is the user's ~/.ssh folder. That way, users can still utilize their SSH key for Git commits.
docker run -ti -v $HOME/.ssh/:$HOME/.ssh repo:tag
But that does not mount the SSH folder into the container. Am I doing it incorrectly?
The typical syntax is (from Mount a host directory as a data volume):
docker run -d -P --name web -v /src/webapp:/opt/webapp training/webapp python app.py
(you can skip the command part, here 'app.py', if your image defines an entrypoint and default command)
(-d does not apply in your case, it did in the case of that python web server )
Try:
docker run -ti -v $HOME/.ssh:$HOME/.ssh repo:tag

Loading initial data into a Redis Docker container

I'm trying to create a Redis Docker image, based on the redis:3. However, I need to load a small amount of test data into the image (it is used for testing, both on developer machines and on the CI server).
My initial attempt looks like:
FROM redis:3.0.3
MAINTAINER Howard M. Lewis Ship
RUN redis-cli sadd production-stores 5555
But this fails with the error:
Step 2 : RUN redis-cli sadd production-stores 5555
---> Running in 60fb98c133c0
Could not connect to Redis at 127.0.0.1:6379: Connection refused
The command '/bin/sh -c redis-cli sadd production-stores 5555' returned a non-zero code: 1
I'm wondering if there's a trick that allows me, in a Docker file, to connect to the server started via the CMD/ENTRYPOINT of the Dockerfile. As I'm guessing right now, the RUN occurs before the command is started.
Alternately, is there a Redis command or trick that would allow me to load some data into its database.
I suspect one approach would be to mount the Redis' data directory in a volume exposed to the Docker host; this is not ideal as
I would need an extra non-Dockerfile command to load the data
The loaded data would not be shared in the image, which is to be used by others on my team
I'm on OS X and am using docker-machine, so the volumes get trickier
The error tells Redis service is not started before you run redis-cli.
Add a new line to start it first. Let me know if this can fix your issue or not.
FROM redis:3.0.3
MAINTAINER Howard M. Lewis Ship
RUN /usr/sbin/redis-server /etc/redis.conf
RUN redis-cli sadd production-stores 5555
Updates:
Review the official redis image, it has given the way to use redis-cli
# via redis-cli
$ docker run -it --link some-redis:redis --rm redis sh -c 'exec redis-cli -h "$REDIS_PORT_6379_TCP_ADDR" -p "$REDIS_PORT_6379_TCP_PORT"'
So I test the image and make it run as below:
# start redis container
$ docker run --name some-redis -d redis
# link redis container and run redis-cli command
$ docker run -it --link some-redis:redis --rm redis redis-cli -h redis
redis:6379> PING
PONG
redis:6379> exit
# Add the specified members to the set stored at key
$ docker run -it --link some-redis:redis --rm redis redis-cli -h redis sadd production-stores 5555
(integer) 1
$