Docker Container for Expedition

cancel
Showing results for 
Search instead for 
Did you mean: 

Docker Container for Expedition

L1 Bithead

I created a Docker container for the Palo Alto Expedition tool as of version 1.1.38 and published it to Docker Hub. I rebuilt it on Alpine Linux and stripped the binaries, reducing the image size to a mere 1.43 GB. Optionally, you can make the database persistent by binding a directory on your host machine to /var/lib/mysql. Likewise you can bind a directory to /data for data persistence. I made a tweak to the MySQL config to store the innodb temp file to /tmp within the container, which allows the container to support database persistence on Mac OS (and presumably Windows) in addition to Linux. This was necessary due to an issue with the Alpine host on Mac OS/Windows using a ZFS backend and MariaDB being incompatible https://jira.mariadb.org/browse/MDEV-16015

 

Docker Hub Repo:

https://hub.docker.com/r/jlegarreta/expedition

 

GitHub Repo (Docker source):
https://github.com/jlegarreta/expedition

 

Among other things, these are some of the dashboard errors I fixed:

- Remediated the "log_bin flag in MariaDB is set to off" issue by turning it on in the MySQL config

- Remediated the DBSQL_LOG_BIN value issue by setting it to 0 in /home/userSpace/userDefinitions.php

 

Assuming you have sufficient disk space, your dashboard should be all green out of the box

 

Enjoy!

17 REPLIES 17

@John_Merry try pulling the latest docker image. I just pushed an update for version 1.1.96. This time I made it Ubuntu-based, so the commands you described will work in the future.

Hi @jlegarreta ,

 

Thank you I have pulled the new service and seems to be working and the bash update inside to run expedition updates

 

However I can't run if using the following code (it crashes)

docker run --detach --volume ${HOME}/expedition/data:/data --volume ${HOME}/expedition/db:/var/lib/mysql --publish 443:443 --publish 4050:4050 jlegarreta/expedition:latest

 

I guess the mapping of the --volumes is different for ubuntu?

 

If I remove the mapping it works

 

Finally will you be updating if new version of ubuntu is release or v2.0 of expedition?

 

Many thanks again for your support

 

John

L2 Linker

Hi all,

 

I installed the last version of expedtion docker image on Ubuntu (running on AWS).

The installation was running fine but once I created the fist project (and importing a PA config file) the docker image refuse to start...

 

Starting all services for expedition...
* Starting rsyslogd...
* Starting enhanced syslogd rsyslogd
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.2102.0 try https://www.rsyslog.com/e/2145 ]
...done.
* Starting sshd...
* Starting OpenBSD Secure Shell server sshd
...done.
* Starting rabbitmq...
* Starting RabbitMQ Messaging Server rabbitmq-server
...done.
* Starting mysql...
* Starting MariaDB database server mysqld
...fail!

 

root@ip-100-64-6-5:/efs/expedition# cat docker-compose.yml
version: '3'

services:
expedition:
image: jlegarreta/expedition:latest
restart: always
volumes:
- ./data:/data
- ./db:/var/lib/mysql
ports:
- 8006:80
- 8106:443
- 8107:4050

 

What could be the problem ??

 

Regards,

 

HA

L1 Bithead

@slp-security try adding this flag to the docker run command

--cap-add syslog

 

L2 Linker

Hi,

What will be the syntax in the docker-compose file (very newbie with docker...) ?

Many thanks for your help.

 

Regards,

 

HA

L2 Linker

Current file...

version: '3'

services:
expedition:
image: jlegarreta/expedition:latest
restart: always
volumes:
- ./data:/data
- ./db:/var/lib/mysql
ports:
- 8006:80
- 8106:443
- 8107:4050

 

L1 Bithead

L2 Linker

Hi,

 

We applied the recommended command. After that the container starts correctly, but...

If we stop it, the container cannot start once again...

 

# cat docker-compose.yml
version: '3'

services:
expedition:
image: jlegarreta/expedition:latest
restart: always
volumes:
- ./data:/data
- ./db:/var/lib/mysql
ports:
- 8006:80
- 8106:443
- 8107:4050
cap_add:
- SYSLOG

 

Starting all services for expedition...
* Starting rsyslogd...
* Starting enhanced syslogd rsyslogd
...done.
* Starting sshd...
* Starting OpenBSD Secure Shell server sshd
...done.
* Starting rabbitmq...
* Starting RabbitMQ Messaging Server rabbitmq-server
...done.
* Starting mysql...
* Starting MariaDB database server mysqld
...fail!

 

We are a little bit lost...

 

Regards,

 

HA

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!