profile
viewpoint
Brandon Mitchell sudo-bmitch Fairfax, VA

lukaszlach/commando 177

:whale: Container registry which provides you all the commands you need in a lightweight Alpine image. DevOps and SysOps best friend. https://command-not-found.com

sudo-bmitch/jenkins-docker 94

Jenkins container with Docker included

sudo-bmitch/docker-stack-wait 59

Wait for a docker stack deploy to complete

sudo-bmitch/presentations 50

Presentations from Brandon Mitchell

sudo-bmitch/docker-config-update 19

Utility to handle updates to docker configs and secrets

sudo-bmitch/run-as-user 4

Run a docker container as the user on the docker host

sudo-bmitch/golang-demo 1

Example Go code for a vulnerable app demo

sudo-bmitch/Training 1

Container, Cloud & DevOps Tutorials and Labs

issue openednotaryproject/requirements

Scenario for unreliable network connectivity

This is likely a 5.1 scenario. In v2 I'm looking for support when network connectivity may be intermittent. For images, that would likely involve some kind of pull through caching registry. For notary signatures I'm looking for a way to make them valid even if stale for some users, which I realize breaks the TUF timestamp keys in v1.

The use case I'm looking at is a utility provider that wants to run signed images on their field equipment, and this equipment needs to continue to operate during a natural disaster that may sever connectivity to the central image registry for a month, possibly longer. Connectivity to this field equipment is provided over cellular networks that may become saturated or unavailable during a disaster. All images would be signed by the company, so they control all of the keys and can manage distribution of the certificates.

created time in 7 days

create barnchsudo-bmitch/sudo-bmitch.github.io

branch : master

created branch time in 20 days

create barnchsudo-bmitch/sudo-bmitch.github.io

branch : gh-pages

created branch time in 20 days

delete branch sudo-bmitch/vm-qemu

delete branch : master

delete time in 24 days

create barnchsudo-bmitch/vm-qemu

branch : main

created branch time in 24 days

PR closed sudo-bmitch/jenkins-docker

Create docker group if not already created in container

This isn't needed, necessarily because you have the groupadd in your Dockerfile, however I wanted to just pickup the entrypoint.sh and use my existing Dockerfile without adding the additional groupadd step. You also have the if ! groups jenkins | grep -q docker; then for doing the usermod, so figured this is just natural to update.

Up to you though!

Regards,

Eric

+7 -1

0 comment

1 changed file

er1c

pr closed time in 24 days

delete branch sudo-bmitch/jenkins-docker

delete branch : master

delete time in 24 days

create barnchsudo-bmitch/jenkins-docker

branch : main

created branch time in 24 days

delete branch sudo-bmitch/sudo-bmitch.github.io

delete branch : master

delete time in 24 days

create barnchsudo-bmitch/sudo-bmitch.github.io

branch : main

created branch time in 24 days

delete branch sudo-bmitch/presentations

delete branch : master

delete time in 24 days

create barnchsudo-bmitch/presentations

branch : main

created branch time in 24 days

delete branch sudo-bmitch/docker-stack-wait

delete branch : master

delete time in 24 days

create barnchsudo-bmitch/docker-stack-wait

branch : main

created branch time in 24 days

delete branch sudo-bmitch/docker-config-update

delete branch : master

delete time in 24 days

create barnchsudo-bmitch/docker-config-update

branch : main

created branch time in 24 days

delete branch sudo-bmitch/docker-base

delete branch : master

delete time in 24 days

create barnchsudo-bmitch/docker-base

branch : main

created branch time in 24 days

startedlawl/NoiseTorch

started time in 25 days

created taginstadock/ansible_collection

tagv0.1.0

Ansible Collection used by InstaDock

created time in a month

issue commentmoby/moby

Stopped container is shown in docker ps

Has anyone with the issue attempted to update their containerd install from an upstream release? No point in pushing a bump of that version into docker-ce if it doesn't fix anyone's issue.

FilipRy

comment created time in a month

issue commentdocker/for-linux

Support centos 8  

@jamshid you need to talk to Mirantis about that. Docker no longer manages the EE product.

Songxwn

comment created time in a month

startedhackmdio/codimd

started time in a month

issue commentdocker/distribution

Pull through proxy does not support basic auth

I hacked on the following changes to get basic auth working. However there's enough stuff that I deleted that I hesitate to clean it up and make a PR without a second opinion from the Docker team. Let me know if this looks like the right approach or if I removed something important.

https://github.com/sudo-bmitch/distribution/commit/caf98652cff3294e6cc6d065f9256277e8615108

sudo-bmitch

comment created time in a month

create barnchsudo-bmitch/distribution

branch : issue-3153

created branch time in a month

issue openeddocker/roadmap

[Docker Hub] Support multi-stage targets

Tell us about your request I would like to build a specific target in a multi-stage Dockerfile from Docker Hub's automated builds.

Which service(s) is this request for? Docker Hub

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? Some of my docker builds include a Dockerfile that supports multiple targets, generating multiple images for different scenarios. At least one of these builds copies artifacts from another image making build order important.

Are you currently working around the issue? I'm using multiple Dockerfile's. Since I'm avoiding duplicating content between the Dockerfiles, I periodically get build failures when my scratch image copies an artifact from another image that hasn't built the latest version yet.

Additional context This feature was requested a while back in hub-feedback.

created time in 2 months

issue commentsudo-bmitch/docker-stack-wait

Not waiting for the stack to be removed

Hi @jeff-cook. That's not a use case I designed this script to handle. It could probably be added, but watching for a stack to be deleted should be a short loop similar to:

while ! docker stack services ${stack_name} 2>&1 | grep -q 'Nothing found in stack:'; do sleep 5; done
jeff-cook

comment created time in 2 months

startedgorilla/mux

started time in 2 months

push eventinstadock/ansible_collection

Brandon Mitchell

commit sha 0a346e9c77db376f5ee034032d4dd9c0576b270b

Updating sysctl user namespace limits

view details

push time in 2 months

issue commentmoby/moby

Cannot start container: Getting the final child's pid from pipe caused "EOF"

Just found the following indicating that it's a configuration issue on my side:

sysctl -w user.max_user_namespaces=15000

https://github.com/docker/docker.github.io/issues/7962#issuecomment-450889365

ceecko

comment created time in 2 months

issue commentmoby/moby

Cannot start container: Getting the final child's pid from pipe caused "EOF"

Seeing this on a fresh lab deploy, no other containers running, CentOS 7, with userns enabled. My Debian 10 environment isn't seeing any issues. Disabling userns made the issue go away.

[root@vm-1 docker]# docker version
Client: Docker Engine - Community
 Version:           19.03.11
 API version:       1.40
 Go version:        go1.13.10
 Git commit:        42e35e61f3
 Built:             Mon Jun  1 09:13:48 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.11
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.13.10
  Git commit:       42e35e61f3
  Built:            Mon Jun  1 09:12:26 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

[root@vm-1 docker]# cat /etc/docker/daemon.json
{
  "experimental": false,
  "features": {"buildkit": true },
  "hosts": ["unix:///var/run/docker.sock"],
  "labels": ["from_ansible=true"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3",
    "labels": "com.docker.stack.namespace,com.docker.swarm.service.name,environment"
  },
  "storage-driver": "overlay2",
  "userns-remap": "dockerns:dockerns"
}

[root@vm-1 docker]# more /etc/subuid
dockerns:100000:65536

[root@vm-1 docker]# more /etc/subgid
dockerns:100000:65536

[root@vm-1 docker]# docker run -it --rm busybox echo hello
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
76df9210b28c: Pull complete
Digest: sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209
Status: Downloaded newer image for busybox:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:319: getting the final child's pid from pipe caused \"EOF\"": unknown.

[bmitch@vm-1 ~]$ cat /etc/os-release
NAME="CentOS Linux"       
VERSION="7 (Core)"                                          
ID="centos"
ID_LIKE="rhel fedora"         
VERSION_ID="7"                                              
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"         
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
                      
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"                
REDHAT_SUPPORT_PRODUCT="centos"   
REDHAT_SUPPORT_PRODUCT_VERSION="7"

[root@vm-1 docker]# journalctl -u docker | tail
Jun 15 21:21:21 vm-1 dockerd[1638]: time="2020-06-15T21:21:21.335146186Z" level=info msg="Loading containers: start."
Jun 15 21:21:21 vm-1 dockerd[1638]: time="2020-06-15T21:21:21.756251741Z" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Jun 15 21:21:21 vm-1 dockerd[1638]: time="2020-06-15T21:21:21.860590393Z" level=info msg="Loading containers: done."
Jun 15 21:21:21 vm-1 dockerd[1638]: time="2020-06-15T21:21:21.894862938Z" level=info msg="Docker daemon" commit=42e35e61f3 graphdriver(s)=overlay2 version=19.03.11
Jun 15 21:21:21 vm-1 dockerd[1638]: time="2020-06-15T21:21:21.894947518Z" level=info msg="Daemon has completed initialization"
Jun 15 21:21:21 vm-1 systemd[1]: Started Docker Application Container Engine.
Jun 15 21:21:21 vm-1 dockerd[1638]: time="2020-06-15T21:21:21.976800756Z" level=info msg="API listen on /var/run/docker.sock"
Jun 15 21:21:26 vm-1 dockerd[1638]: time="2020-06-15T21:21:26.626754125Z" level=error msg="stream copy error: reading from a closed fifo"
Jun 15 21:21:26 vm-1 dockerd[1638]: time="2020-06-15T21:21:26.876435720Z" level=error msg="96f1eba1fcc0ecaf53eace842a337ea14bcf3c463eb8ab0f2fb8c6cb754929a6 cleanup: failed to delete container from containerd: no such container"
Jun 15 21:21:26 vm-1 dockerd[1638]: time="2020-06-15T21:21:26.923436311Z" level=error msg="Handler for POST /v1.40/containers/96f1eba1fcc0ecaf53eace842a337ea14bcf3c463eb8ab0f2fb8c6cb754929a6/start returned error: OCI runtime create failed: container_linux.go:349: starting container process caused \"process_linux.go:319: getting the final child's pid from pipe caused \\\"EOF\\\"\": unknown"
ceecko

comment created time in 2 months

push eventinstadock/ansible_collection

Brandon Mitchell

commit sha e0927f44602c90dd4e8a109c51ac2a1409a1c081

Run userns steps before starting daemon

view details

push time in 2 months

push eventinstadock/ansible_collection

Brandon Mitchell

commit sha e5b27f1e2ce593587515e86c80d391db11368350

Add userns group if it does not exist

view details

push time in 2 months

push eventinstadock/ansible_collection

Brandon Mitchell

commit sha b204ddf817eb98ec58b73b43be4f8e3bfcc3d2ad

Adding userns, version locking, and various bug fixes

view details

push time in 2 months

startedtianon/gosu

started time in 2 months

issue commentmoby/buildkit

FROM private registry fails with 401 forbidden

Thanks for linking that @jsravn, hit the same issue and needed to update my docker_auth install.Worked perfect after that.

jsravn

comment created time in 3 months

push eventsudo-bmitch/sudo-bmitch.github.io

Brandon Mitchell

commit sha 3a5b63becbbfebeee73db742a47ed90f56d0017c

Updating presentations

view details

push time in 3 months

push eventsudo-bmitch/presentations

Brandon Mitchell

commit sha 87b8c2941932fb9dd4e17648c01ca637c158655f

Adding intro presentation - early draft/WIP

view details

Brandon Mitchell

commit sha 54cd2395590d6cfc19513147520844e39a05ffdb

Adding intro presentation - early draft/WIP

view details

Brandon Mitchell

commit sha 0d9ea5a0ec54c311f48f7bf93d49eaaee3a48148

Updating intro for DevSecOps meetup

view details

Brandon Mitchell

commit sha 19265d25fff87f02b8f79682af01c248017d0fec

Merge branch 'docker-intro' of github.com:sudo-bmitch/presentations into docker-intro

view details

Brandon Mitchell

commit sha a6c7ce555b5d706f8223f078da8d33c31c95354f

Fixing link in readme

view details

Brandon Mitchell

commit sha 42c881cedef0ad10b007f93e2fa6bad4fa87e00c

Fixing link in readme

view details

Brandon Mitchell

commit sha e9146b243f65425fcc9e7534575c3bf16e8239ab

Updating TOC

view details

Brandon Mitchell

commit sha 80bfab81d4535daa653b01e02ba1df2a35885973

Updating font to fit right side of asciinema recordings

view details

Brandon Mitchell

commit sha 21c61c1b60b85ffc8d88ed48454c3764b878c1f4

First draft of registry presentation

view details

Brandon Mitchell

commit sha f11f71d0261593e336ab4a0b92174a3ca5a1cc63

Demos added, reformed into dockercon template

view details

Brandon Mitchell

commit sha b0980b5b38fdd3a964b92b18a4531007b1fd628f

DockerCon 2020 Registry Presentation

view details

Brandon Mitchell

commit sha 114326edd8a4015c43e77faec9280150a753cd28

Updating readme with presentation links

view details

Brandon Mitchell

commit sha c3b8b177325957f454845ea65328f0aa3a1d9a35

Updating mirror script

view details

Brandon Mitchell

commit sha b865b288926210c2a99c6aa4f669169bdee17d75

Merge pull request #3 from sudo-bmitch/registry Registry

view details

push time in 3 months

PR merged sudo-bmitch/presentations

Registry

Adding my registry presentation for DockerCon 2020. This also pulls in my docker intro presentation which still needs some work.

+21681 -7

0 comment

101 changed files

sudo-bmitch

pr closed time in 3 months

PR opened sudo-bmitch/presentations

Registry

Adding my registry presentation for DockerCon 2020. This also pulls in my docker intro presentation which still needs some work.

+21681 -7

0 comment

101 changed files

pr created time in 3 months

create barnchsudo-bmitch/presentations

branch : registry

created branch time in 3 months

issue commentpi-hole/AdminLTE

Queryads broken when using nginx reverse proxy

This was fixed in https://github.com/pi-hole/AdminLTE/pull/1046

rawr0r

comment created time in 3 months

push eventsudo-bmitch/docker-base

Brandon Mitchell

commit sha 2bc11becb270195e6ab7f91f999c14f09456c1a7

Updating build args for local registries, adding add-certs script

view details

push time in 3 months

pull request commentdrone-plugins/drone-docker

Update Docker to 19.03.8

@spfz does either this PR, or the one I linked, work for you? I believe the drone maintainers are looking for feedback from the community before approving.

tuxity

comment created time in 3 months

more