See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/335023411

Admin-zines: Understand Infrastructure Administration concepts the easy

way

Presentation · August 2019

CITATIONS READS

3 159

1 author:

Jose Manuel Redondo

University of Oviedo
82 PUBLICATIONS   183 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Fanzines as a teaching tool View project

[Teaching Innovation Project] Creation of Templates to Facilitate the Creation of Software Engineering Final Degree Projects View project

All content following this page was uploaded by Jose Manuel Redondo on 04 November 2019.

The user has requested enhancement of the downloaded file.

Admin-zines

Understand Infrastructure
Administration concepts
the easy way 
Ninja design by: Vanessa Redondo López (@creative_vanesa)
Avatar design by: Inmaculada Martínez Lobo (@inmmastar)
V0.11 (2 zines)
Changelog

V0.11 (08/08/2019):
* Public release
* Pilot project for zines about infrastructure
administration concepts: 2 Docker-related zines
This file is just a project demo and will be growing in
content over time.

© José Manuel Redondo López

© José Manuel Redondo López
 @The_Rounded_Man presents…

Highway to the Docker zone

Docker manages application containers: processes These type of containers are intended to run an You can create and customize your own containers
that can work as lightweight “virtual machines” “entrypoint” process…but what if it is the bash shell? using code with Dockerfiles!
Dockerfile Build image locally according to file
“Traditional” Docker Containers 1 $> snap install docker Installs Docker (Ubuntu 19) 1 2
Hypervisor $> docker build –t=“test/myserver” .
Containerized app -it: runs as
Virtualization
Container (R/W “layer” 2 $> docker run –it ubuntu /bin/bash interactive
Virtualized app over its image, Mb) Local image repo List local images
(uses a shell)
Guest SO (full SO) Image (Read-only file, $> docker images
Latest: Pulling from library/ubuntu REPOSITORY TAG …
Virtual Hardware shares bins/libs, Mb) New Ubuntu 3
3… test/myserver ….
VM Software Docker daemon container! ubuntu ….
Host SO (full SO) Host SO (full SO) root@cb3492ef84cb:/# _ 4 Container
Hardware Hardware Spawn a container from local image from file
This downloads the official Ubuntu image from
Containers are spawned from images that the public Docker Hub and gives you a root shell: 6
$> docker run test/myserver #_
specify their contents (programs, users…) Now you can work as in a regular machine! 5

This Dockerfile that creates a Nginx Ubuntu 18.04
Web Server serving our own content!
# Use the official Nginx image from Docker Hub
FROM nginx
# Update repositories
RUN apt-get update
# Upgrade container software (no user input is allowed)
RUN apt-get –y full-upgrade
# Copy the web files from a host dir to the container
# Dir “webfiles” is in the same location as the Dockerfile
COPY webfiles /usr/share/nginx/html
2 Use them to acquire what you need
$> docker build –t=“test/mynginx” .
A new updated Nginx image with our web page!
Now you can spawn as many custom Nginx as you need!
Docker Hub (https://hub.docker.com/)
-d: runs detached (no shell, just runs Nginx) has a LOT of predefined images
1 Maps a local port to port 80 of each container
Multiple ready-to-use installations of
$> docker run –d –p 8080:80 test/mynginx
popular software are there (MySQL,
Oracle DBMS, Node, Apache…)!
$> docker run –d –p 8081:80 test/mynginx
Also images corresponding to major OS
$> docker run –d –p 8100:80 test/mynginx (Ubuntu, Debian, Kali Linux…)
For safety, try to use certified / official /
localhost:8080 localhost:8081 localhost:8100 verified publisher images only!!
without effort!
They need much much less resources than a VM!
 @The_Rounded_Man presents…

Little less communication, little more action

We can now run containers (with our custom name) But…we need them to “see” each other! Communication can be totally disabled if not needed
with different products that suit our needs editing the /lib/system/system/docker.service file
172.17.0.0/24 internal network
Our preconfigured database!
$> docker run –d --name=db app/mysql
1 172.17.0.1 172.17.0.2 172.17.0.3 172.17.0.4

Our preconfigured web server!

2
$> docker run –d --name=web app/nginx
Our proxy/firewall/IDS for security! Proxy Web MySQL
3
$> docker run –d --name=proxy app/customLinux Container Container Container
Docker host
Fortunately, every container can communicate
Each container may hold a different part of our with any other created container and the host With icc=false, once docker is reloaded, no
application architecture! through the 172.17.0.0 internal network communication is possible. But this is too extreme!

Even with forbidden communications, we can link Whenever you link two containers, Docker We can now properly create container infrastructures as
containers by name so they can see each other! complex as we need!
will create some environment variables
1
$> docker run –d --name=db app/mysql automatically 172.17.0.1 172.17.0.2 172.17.0.3 172.17.0.4
These contain the linked container
The web server only “see” the database! address, DNS name, exposed ports, …
2
$> docker run –d --name=web --link=db \ Any information needed to work with
> app/nginx
these variables instead of IPs Proxy Web MySQL
The proxy only “see” the web server! Internal network IPs are assigned via Container Container Container
3 DHCP, so they are variable through runs
$> docker run –d --name=proxy --link=web \
> app/customLinux This way, the infrastructure can be
The host can communicate with all containers,
recreated without taking care of the but we can restrict inter-container
assigned IPs! communication as much as we want!
 @The_Rounded_Man presents…

References

Num Reference
J. M. Redondo, "FanCines: Understand C Sharp concepts the easy way," 1 5 2019. [Online]. Available:
[1]
https://www.researchgate.net/publication/333104441_FanCines_Understand_C_Sharp_concepts_the_easy_way
J. M. Redondo, Introducción Práctica a la Administración Segura de Servidores Apache Bajo Linux, vol. 1, Oviedo, Asturias: Servicio de Publicaciones de la
[2]
Universidad de Oviedo, 2019, p. 530.
J. M. Redondo, "Are You Breathacking? Introduction to hacking with a practical example," 1 7 2019. [Online]. Available:
[3]
https://www.researchgate.net/publication/334303691_Are_You_Breath-hacking_Introduccion_en_Espanol_al_mundo_del_hacking_con_un_ejemplo_practico
[4] J. M. Redondo and D. Cuesta, "Towards Improving Productivity in NMap Security Audits," Journal of Web Engineering (JWE), vol. 18, no. 7, pp. 1-38, 09 2019.
I. Llaneza, J. M. Redondo and L. Vinuesa, "Towards Lightweight Mobile Pentesting Tools to Quickly Assess Machine Security Levels," IEEE Latin America
[5]
Transactions, p. pp, 8 2019.
View publication stats

That’s all (for

now)
Hope they’ll be useful!

Like my zines? Visit the previous ones in:

https://www.researchgate.net/publication/333104441_FanC
ines_Understand_C_concepts_the_easy_way

Ninja design by: Vanessa Redondo López (@creative_vanesa)

Avatar design by: Inmaculada Martínez Lobo (@inmmastar)