Skip to content

Instantly share code, notes, and snippets.

@redtripleAAA
Last active September 18, 2022 04:05
Show Gist options
  • Save redtripleAAA/9730666d783f0702bfb1754798f0e826 to your computer and use it in GitHub Desktop.
Save redtripleAAA/9730666d783f0702bfb1754798f0e826 to your computer and use it in GitHub Desktop.
Dockerfile Template for Workloader
#################################################
# The following .dockerfile can be used as a docker image for the following repo # https://github.com/brian1917/workloader
# Published Docker image can be used from Dockerhub # ansred/ubuntu-workloader-ssh # https://hub.docker.com/repository/docker/ansred/ubuntu-workloader-ssh
# This docker file will use Ubuntu AMD64 image and install all utility packages, inlcuding OpenSSH Server to access to the server # user= testuser # password=testpassword and port exposed 22
# You can build this dockerfile (Make sure to change credentials used for OpenSSH
# Make sure to edit pce.yaml as well with your Workloader information of simply used pce-add command
# Tip # You can use to test the dockerhub test image # https://labs.play-with-docker.com/
# Just run # "docker run -d -p 2022:22 --name workloader-ssh ansred/ubuntu-workloader-ssh"
# Note this flag if you wish delete the container when it stops --rm "docker run --rm -d -p 2022:22 --name workloader-ssh ansred/ubuntu-workloader-ssh"
# Example ssh -p 2022 [email protected]
# This dockerfile will automatically downloaded the latest linux repo for workloader from github and extract it for you to use at # /var/workloader/linux/linux-v8.24.6
#!/bin/bash
##################################################################################################
#image ansred/ubuntu-workloader-ssh
#!/bin/bash
FROM amd64/ubuntu
RUN apt-get update && apt-get upgrade -y
RUN apt-get install -y byobu curl git htop man zip unzip vim wget nano sudo openssh-server sshpass iputils-ping telnet traceroute
RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 testuser
RUN echo 'testuser:testpassword' | chpasswd
RUN service ssh start
EXPOSE 22
ENV TERM linux
ENV DEBIAN_FRONTEND noninteractive
#################################################
#Create directory for Workloader linux
RUN cd /var
RUN mkdir /var/workloader
RUN mkdir /var/workloader/linux
RUN cd /var/workloader/linux && curl https://api.github.com/repos/brian1917/workloader/releases/latest | grep "browser_download_url.*linux.*.zip" | cut -d ':' -f 2,3 | tr -d \" | wget -O workloader-linux.zip -qi -
RUN cd /var/workloader/linux && unzip workloader-linux.zip
#RUN export PATH=$PATH$( find /var/workloader/ -type d -printf ":%p" )
RUN cd /var/workloader/linux/linux*
RUN cd /var/workloader/linux/linux* && ./workloader version
RUN chmod -R 777 /var/workloader/linux
CMD ["/usr/sbin/sshd","-D"]
##################################################################################################
@redtripleAAA
Copy link
Author

redtripleAAA commented Aug 26, 2022

You can populate the pce.yaml by running workloader pce-add or copy the following template (Make sure to create your own PCE service account API key and PCE info)

Note: Make sure you are root in that directory

root@6bee01ea21ce:/var/workloader/linux/linux-v8.24.6# ls -l
total 16212
drwxr-xr-x 2 root root      197 Aug 11 00:24 illumio-templates
-rw-r--r-- 1 root root     1136 Aug 26 13:55 pce.yaml
-rw-r--r-- 1 root root     3877 Aug 11 00:24 workload-identifier-default.csv
-rwxr-xr-x 1 root root 16592380 Aug 11 00:24 workloader
-rw-r--r-- 1 root root        0 Aug 26 13:55 workloader.log

To populate multi-line text file from shell, use printf

printf "
debug: false
default_pce_name: pce-illumio-com
max_entries_for_stdout: 100
no_prompt: false
output_format: both
pce-illumio-com:
    disabletlschecking: false
    fqdn: pce.illumio.com
    key: 4e7ce63a4329890a9afacb9accd8821
    org: 1
    port: 443
    user: api_126220928cc25f
    userhref: /users/1
target_pce: pce-illumio-com
update_pce: false
verbose: false

" >> pce.yaml

Quick test for workloader (if you have some workloads in idle to run the following to print in console the output via stdout)
./workloader compatibility -i --out stdout

Expected output should look like this (depends on your workloads for sure)

testuser@6bee01ea21ce:/var/workloader/linux/linux-v8.24.6$ ./workloader compatibility -i --out stdout
2022/08/26 14:02:17 open workloader.log: permission denied
testuser@6bee01ea21ce:/var/workloader/linux/linux-v8.24.6$ sudo ./workloader compatibility -i --out stdout
2022-08-26 14:02:22  [INFO] - reviewed compatibility report 9 of 9 (100%).
+---------------------------------------------------+--------------------------------------------------------+--------+
|                     HOSTNAME                      |                          HREF                          | STATUS |
+---------------------------------------------------+--------------------------------------------------------+--------+
| venx2-external-vsphere.docker.illumio.consulting  | /orgs/1/workloads/1f7534a2-15a2-4c44-abca-20de1bcfa43e | yellow |
+---------------------------------------------------+--------------------------------------------------------+--------+
| ven5-ubuntu-docker.illumio.consulting             | /orgs/1/workloads/2f99dce0-e996-4a89-9cc7-af8ceba72eca | yellow |
+---------------------------------------------------+--------------------------------------------------------+--------+
| B0-B3-ubuntu-server-2004                          | /orgs/1/workloads/23151cd2-2df3-4e59-851f-66a681d4c3f3 | yellow |
+---------------------------------------------------+--------------------------------------------------------+--------+
| B0-B2-ubuntu-server-2004.hamra.services           | /orgs/1/workloads/17a30f65-5f8d-4dcb-b0fc-bde0974b4a57 | yellow |
+---------------------------------------------------+--------------------------------------------------------+--------+
| venx1-external-vsphere.regular.illumio.consulting | /orgs/1/workloads/b66d6644-3f84-406d-bd46-89dff3069337 | yellow |
+---------------------------------------------------+--------------------------------------------------------+--------+
| venx5-external-vsphere.regular.illumio.consulting | /orgs/1/workloads/7f6a3a44-6c13-47c3-a77e-5585568f3ed1 | yellow |
+---------------------------------------------------+--------------------------------------------------------+--------+
2022-08-26 14:02:22  [INFO] - 6 compatibility reports exported.
2022-08-26 14:02:22  [INFO] - compatibility completed

@redtripleAAA
Copy link
Author

redtripleAAA commented Aug 26, 2022

Example line-by-line from after deploying the container
docker run -d -p 2022:22 --name workloader-ssh ansred/ubuntu-workloader-ssh

and then ssh to it
ssh -p 2022 [email protected]

[node2] (local) [email protected] /

$ ssh -p 2022 [email protected]
The authenticity of host '[192.168.0.17]:2022 ([192.168.0.17]:2022)' can't be established.
ED25519 key fingerprint is SHA256:xwKyyoIhts9yj7uYSW52wwgjTrsvIFUlgrFjSvLsCJ8.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[192.168.0.17]:2022' (ED25519) to the list of known hosts.
[email protected]'s password: 
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 4.4.0-210-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
testuser@cbb6351f6db8:~$ sudo su -
[sudo] password for testuser: 
root@cbb6351f6db8:~# 
root@cbb6351f6db8:~# ls
root@cbb6351f6db8:~# cd /var/workloader/linux/linux-v8.24.6/
root@cbb6351f6db8:/var/workloader/linux/linux-v8.24.6# ls
illumio-templates  workload-identifier-default.csv  workloader
root@cbb6351f6db8:/var/workloader/linux/linux-v8.24.6# printf "
debug: false
default_pce_name: pce-illumio-com
max_entries_for_stdout: 100
no_prompt: false
output_format: both
pce-illumio-com:
    disabletlschecking: false
    fqdn: pce.illumio.com
    key: 4e7ce63a4329890a9afacb9accd8821
    org: 1
    port: 443
    user: api_126220928cc25f
    userhref: /users/1
target_pce: pce-illumio-com
update_pce: false
verbose: false

" >> pce.yaml

root@cbb6351f6db8:/var/workloader/linux/linux-v8.24.6# ls

illumio-templates  pce.yaml  workload-identifier-default.csv  workloader
root@cbb6351f6db8:/var/workloader/linux/linux-v8.24.6# ./workloader -h      

Workloader is a tool that helps manage resources in an Illumio PCE.

  Usage:
        workloader [command]

@redtripleAAA
Copy link
Author

redtripleAAA commented Aug 27, 2022

Docker Compose

#################################################
version: '3.3'
services:
    ubuntu-workloader-ssh:
        ports:
            - '2022:22' # To be used for SSH to the container and ssh -p 2022 [email protected] and password is "testpassword"
        container_name: workloader-ssh
        image: ansred/ubuntu-workloader-ssh
#################################################

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment