Can't connect to whaler_victim

[cjastacio]

After installation, docker -H=myhostonlyvmipaddress run hello-world doesn't work and log files are filled with the following.

2020-02-07 22:29:57,224 - WARNING - VictimContainer - VictimContainer: Lost connection, retrying in 10s...[HTTPConnectionPool(host='whaler_victim', port=2375): Max retries exceeded with url: /v1.35/events (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fe8afccc9d0>: Failed to establish a new connection: [Errno 111] Connection refused',))]
2020-02-07 22:30:07,236 - DEBUG - connectionpool - Starting new HTTP connection (63): whaler_victim:2375

[cjastacio]

For anyone who comes across this, I worked on this bug with a friend and found a workaround. We added the following environment variable to VictomContainer.py in the Modules directory.

environment='DOCKER_TLS_CERTDIR='

This gets passed in as part of self.cli.containers.run at line 25. The gist of the issue was the the docker in docker container now defaults to TLS connections which is great for security but not so much for this purpose. Passing in the above environment variable as null short circuits this by telling the DinD container that there is no certificate directory and so it won't use TLS connections. This in turn means that the container will listen on port 2375 again.

[slow-J]

For anyone who comes across this, I worked on this bug with a friend and found a workaround. We added the following environment variable to VictomContainer.py in the Modules directory.

environment='DOCKER_TLS_CERTDIR='

This gets passed in as part of self.cli.containers.run at line 25. The gist of the issue was the the docker in docker container now defaults to TLS connections which is great for security but not so much for this purpose. Passing in the above environment variable as null short circuits this by telling the DinD container that there is no certificate directory and so it won't use TLS connections. This in turn means that the container will listen on port 2375 again.

Hi, I have added the line environment='DOCKER_TLS_CERTDIR=' to whaler/agent/modules on line 8.

When I execute whaler/reset-reploy.sh -d and execute on another host:
docker -H=<ip> run hello-world

I still get:
2020-03-06 17:05:31,863 - DEBUG - connectionpool - Starting new HTTP connection (5): whaler_victim:2375 2020-03-06 17:05:31,864 - WARNING - VictimContainer - VictimContainer: Lost connection, retrying in 10s...[HTTPConnectionPool(host='whaler_victim', port=2375): Max retries exceeded with url: /v1.35/events (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4b2e538750>: Failed to establish a new connection: [Errno 111] Connection refused',))]

Is there a step that I'm missing to this workaround?

[cjastacio]

The change needs to go in whaler/agent/modules/Victimcontainer.py. Starting from line 25 here's what the code should look like.

container = self.cli.containers.run( image=Configuration().get("victimContainerImage"), name=Configuration().get("victimContainerName"), network=Configuration().get("victimNetworkName"), privileged=True, restart_policy={"Name": "on-failure"}, ports={'2375/tcp': 2375}, detach=True, dns=['8.8.8.8', '8.8.4.4'], environment='DOCKER_TLS_CERTDIR='

That last line is what was added to make this work again.

[slow-J]

Thanks for the reply, I just had to change it to: , environment=['DOCKER_TLS_CERTDIR='] as it wouldn't accept a string. Works perfect with this.