Profile Image

Michael Simmons

SOC Analyst

Open Maintenance – Docker & CentOS 7

It seems docker and containers are becoming the new default standard for simple, rapid and consistent deployment. I was asked to deploy out open maintenance recently at work and decided to look into the simplest options to deploy it out. I reviewed the open maintenance website and didn’t see any ready made ova images or a simple up to date guide on getting it up and running quickly which lead me to google. I first tried openmaint vm as a search term which lead me to only one result which seemed creditable bitnami which has yet to create an ova or deployment package for it. I then decided to see if someone put together a docker container for it which they did link here. I then decided to see if VMWare can run containers directly, it can but we run 5.5 internally which doesn’t support that feature. I then decided to setup a CentOS box to run the Docker container in our ESXI environment that way. 

To get Docker installed on CentOS7 is extremely easy run the following commands:
yum -y update
yum -y install docker docker-registry
systemctl enable docker.service
systemctl start docker.service

To verify docker is installed and running do the following command:
systemctl status docker.service
 

Upon investigation of the openmaint docker github I determined I also needed docker-compose which is extremely easy to install as well. I recommand using the guide found here. However, you can do the following commands below as they are what I used.

First we download the latest docker compose which as this time is 1.20.1
sudo curl -L https://github.com/docker/compose/releases/download/1.20.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

Then we apply the permissions to the file
sudo chmod +x /usr/local/bin/docker-compose
To test that everything is working run the following command:
docker-compose --version

Now we need to download the docker-compose.yml file into our current working directory to do this we first need to install wget. I like to use nano to edit files so I will also install nano.
yum -y install wget nano
Now we need to download the docker-compose.yml file
wget https://raw.githubusercontent.com/rsilva4/docker-openmaint/master/docker-compose.yml
to download and start the contains we run one of the two commands below depending on if you want to watch the process or not. Keep in mind the github has docker-compose up –file I found the docker-compose I installed didn’t not support the –file path instead it will use the docker-compose.yml file of the current working directory.
This command will start the process and allow you to watch the process, keep in mind when it’s done it still keeps the terminal locked up as it’s not running as a daemon.
docker-compose up
to run it and not see the output since it will run as a daemon
docker-compose up -d

Once everything is downloading and running you can navigate to http://ip:8888/openmaint to view the website.

I decided I wanted end users to be able to access via http (port 80) and not need to add /openmaint at the end. So I installed nginx. To install nginx run the following commands.
sudo yum install epel-release
yum install -y nginx
sudo systemctl start nginx
sudo systemctl enable nginx
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --reload

Before we configure nginx we need to adjust an SELinux security parameter. Run the following command:
sudo setsebool httpd_can_network_connect 1 -P
I decided to edit the global nginx conf file: /etc/nginx/nginx.conf. I replaced location / { } default configuration and added in the location /openmaint/ configuration with the following:

location / {
return 301 http://DomainOrIp.com/openmaint/;
}
location /openmaint/ {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://0.0.0.0:8888/openmaint/;
proxy_redirect off;
#proxy_redirect http://0.0.0.0:8888/ http://DomainOrIp.com/openmaint/;
#proxy_redirect http://www.0.0.0.0:8888/ http://DomainOrIp.com/openmaint/;
}

With all of the above sets complete you should now be able to go to DomainOrIp.com and land at the openmaint login page by default.  The last thing you may want is to have the docker containers start up on reboot automatically to do this run the following:

crontab -e
@reboot (sleep 30s ; cd directory_has_dockercompose.yml_file ; /usr/local/bin/docker-compose up -d )&

 References:

Install Docker on CentOS7

OpenMaint Docker GitHub

SELinux Configuration

Install Docker Compose

Start Docker-Compose containers on reboot

CentOS7 – Install nginx

Leave a Reply

Your email address will not be published. Required fields are marked *