NNM-Docker v1
This was a really fun project I decided to pick up at work, that blossomed into something much larger than imagined. We run a global environment to showcase our various products, and I realized that it was lacking something...
I got to work learning how Docker organized its code structure and mapping out the various ideas I wanted to incorporate. After all, I'll be using this! Note, some of the code here will not be present on the Github, as I didn't feel it was useful for the average person using it. Feel free to copy and paste into your own scripts.
I have to credit Steve Mcgrath, who's projects have fueled Tenable success for years; and Seth Matheson, my daily sounding board for taking my insanity and making it usable.
The first thing in my idea bucket was to get the image created, so started with a Dockerfile. State what the base OS is, and an ENV variable. More on the ENV variables later and the DockerFile code as I continue the build. Docker containers are designed to be ephemeral assets by tradition, so they will usually die when their task is complete. There are more elegant ways to do this.. but for the sake of getting it off the ground, I wrote a simple script called "keepalive.sh" that just repeats itself until it's killed.
keepalive.sh
#!/bin/bash
while true; do sleep 1000; done
Easy peasy, right?
Next, I knew I wanted to automate the process as much as possible so I decided on a docker-compose.yml file to give it some attributes every time the container was spun up and later I'd work on a python script to walk users through installation and activation. The docker-compose file looks like the snip below. Everything is ( ) is excluded from the code and is intended to show what is happening.
version: "3.8"
services: (Let's define the NNM service with image name, hostname, and container name that will stay persistent)
nnm:
image: nnm-image
hostname: nnm.localhost
container_name: nnm-docker
ports:
- "8835:8835"
volumes: (Map some persistent volumes so we can store data we want to keep across container instances)
- nnmdata:/opt/nnm/
volumes:
- tenableyumcache:/var/cache/yum
tmpfs:(non persistent storage with permissions set to make it non world-readable. tmpfs is stored in host memory and dissolves when container dies)
- /tmp:mode=1770,size=21474836480
- /run
volumes:
nnmdata:
name: nnmdata
tenableyumcache:
name: tenableyumcache
networks: (Setting a custom network that interface with an existing Docker network that's already running)
default:
external: true
name: docker_lab_default