Manually Add DockerHub Image to Unraid 6.8.3
Sometimes you find a cool DockerHub image or need to re-install a App in Unraid but it not longer listed, this is how you manually install it. Some knowledge about the docker image you’re going to install is need, but it’s all done through the GUI so you don’t have to be a Linux guru.
Find a Image
- Head over to hub.docker.com
- You don’t need to signup, to search and use a docker image.
- Click on the image you want to use. Generally most things will run on Unraid docker, no guarantees. If you want supported docker images, stick to those available in the Unraid Community Apps.
- Read the Overview and understand what you’re installing and if there are any prerequisites you need to deal with first. Usually the most important part is the port information so you can setup the ports correctly and connect to whatever you are installing.
Configure the Image in Unraid
- Open a new browser window and connect to your Unraid server.
- Under the Docker section, click Add Container.
- Don’t worry about selecting a template, it’s only going to show you things you have installed or had installed before.
- Enter a Name for this container. (TEST-KMS)
- You can fill in Overview details if you want to leave yourself some notes about what you’re installing.
- Repository is the name of the DockerHub image you want to install. On the DockerHub image page you opened, it’s the name of the image, or whatever comes after hub.docker.com/r/ in the URL. (teddysun/kms)
- You don’t need to select a category.
- You should update the Docker Hub URL with the full URL of the docker image you found so it can be updated easily later on. (https://hub.docker.com/r/teddysun/kms)
- If the image you’re installing is going to have a web interface, you can fill in the WebUI with the URL to it.
- Network Type can usually be left at bridge. If the docker image runs on a unique port that’s not being used, you can set this to host and any/all ports the image uses will automatically be opened on the unraid interface.
Without going too deep into docker networking, bridge will let us map a port from the unraid interface IP to the docker container. This mean you could installed two or more docker images that run on port 80 and still get to them through different ports we assign them. (host) - If you’re assigning a port, click Add Another Path, Port, Variable, Label or Device
- Select Port, and name it (useful to keep track of things if the image uses multiple ports).
- The container port, the port the docker image is going to listen on. eg a Web server would probably listen on port 80 or port 443.
- The host port is the unique port on the Unraid server that you will connect to. eg the docker image has a web server listening on port 80, you find a free port on the Unraid server, eg port 8080. This would allow you to put http://unraidservername:8080 in a browser and get to port 80 in the docker image that’s running.
- If you are setting up a docker image that needs to store data, you will want to setup a path. Click Add Another Path, Port, Variable, Label or Device.
- Select Path, and name it. (again this is to help keep track of of what this path is used for)
- Container Path, this is the path that will be used inside the container. Usually the DockerHub page for the image you are setting up will give you some details about this. Or you may need to understand the image better to know what path the image will be saving data to. (/config)
- Host Path, is the local path on the Unraid server. This is usually a sub-directory in /mnt/user/appdata/. eg /mnt/user/appdata/imagename/config. Remember /mnt/user/appdata is a shared path and sub-directory needs to unique unless you deliberately want to share a directory with another docker container.
- Hit Apply to build and start the container.
- You should see the container being built.
- If the image has a web interface, click on the icon beside the container you just setup and select WebUI. Note, some images take a few minutes to start up.
Obviously this only covers the most basic docker images, but hopefully is enough to get you started if you thought you needed to write your own code or do something fancy at the command line.
Config for KMS Docker Image
Here’s the step by step for a KMS image teddysun/kms. This one is super simple, since it already has a unique port and doesn’t have any persistent data.
- Link for the docker repo https://hub.docker.com/r/teddysun/kms
- From the Docker page in Unraid, Add Container with the following:
Name: KMS
Repository: teddysun/kms
Docker Hub URL: https://hub.docker.com/r/teddysun/kms
Network Type: Host - Click Done and wait a couple minutes.
- From the Docker page in Unraid you should see unraidip:1688/TCP <-> unraidip:1688
- There’s no WebUI for this one, so you can test the connection from powershell with:
Test-NetConnection -ComputerName unraid01 -Port 1688 - If the port is open you should see the line:
TcpTestSucceeded : True
Configure Windows for KMS
To use the server, you’ll need your machine to use a KMS key.
- Get you KMS keys from here:
https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys - From a command prompt (run as administrator) do the following
- Set the KMS key with:
slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX - Point your machine to the new KMS server with:
slmgr.vbs /skms KMS_server_IP:1688 - Attempt activation with:
Slmgr.vbs /ato
With any luck, you should have now activated your machine.
Change unreadable dark blue text in Cygwin
I use rxvt as my default Cygwin terminal with the following properties on the Windows shortcut:
C:\cygwin\bin\rxvt.exe -sl 1500 -fn "Lucida Console-14" -bg black -fg grey -sr -e C:\cygwin\bin\bash.exe --login -i
The blue text used for directories has always been too dark to read comfortably. I finally had enough and figured out what needs to be changed to make the dark blue, light blue:
In your .Xdefaults file (if you had one already or not), add the following:
rxvt*color4: SteelBlue1 rxvt*color12: SteelBlue1
Start a new cygwin rxvt terminal and try it out.
I also found this effects the dark blue comments when using vi.
Cheers
Now for some key words since I had a hard time stumbling across the answer with my Googling: cygwin text to dark, dark blue, unreadable blue, change blue text, change blue folders, change dir colors
Installing ESXi VMware Tools quick and easy on Linux
Installing ESXi VMware Tools quick and easy on Linux
Originally from http://gregcarriger.wordpress.com/2012/05/21/400/
Write this in a bash script, and you have yourself an unattended installer (almost). Assumption here is all the vmware tools prerequisites have been installed (Perl, etc.)
mkdir /mnt/cdrom mount /dev/cdrom /mnt/cdrom cp /mnt/cdrom/VMwareTools-*.tar.gz /tmp umount /mnt/cdrom tar -zxf /tmp/VMwareTools-*.tar.gz -C /tmp ./tmp/vmware-tools-distrib/vmware-install.pl --default rm -f /tmp/VMwareTools-*.tar.gz rm -rf /tmp/vmware-tools-distrib
How to enable execution of unsigned PowerShell scripts?
When you try to execute a PowerShell script and get an error like this:
File C:\PSScripts\hello.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.
At line:1 char:13
+ .\hello.ps1 <<<<
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
You’ll need to allow running unsigned scripts, or unrestrict the execution policy completely.
Enable running unsigned scripts by entering:
set-executionpolicy remotesigned
This will allow running unsigned scripts that you write on your local computer and signed scripts from Internet.
You should type the following to make it go to unrestricted mode:
Set-ExecutionPolicy unrestricted
More on http://technet.microsoft.com/en-us/library/ee176949.aspx
Random linux stuff
I regularly need to filter and modify text output from commands, but when I don’t using them often enough I tend to forget the syntax I used (or why I used it). This is a collection of command filters as a reminder to me, and may help out others.
Getting the last word in a line – OS:CentOS
>$ echo 'The lazy dog jumped over the quick brown fox.' | sed -e 's/.* //g'
fox.
>$ echo 'The lazy dog jumped over the quick brown fox.' | awk '{print $NF}'
fox.
Both ways work; the second works even if there’s a trailing space.
Need to find a process/port running. CentOS /usr/sbin/lsof
sudo lsof -Pni | grep snmp snmpd 31823 snmp 7u IPv4 3810858 UDP *:161 snmpd 31823 snmp 9u IPv6 3810863 UDP *:161 snmpd 31823 snmp 10u IPv4 3810864 TCP *:161 (LISTEN) snmpd 31823 snmp 11u IPv6 3810866 TCP *:161 (LISTEN) snmptrapd 31826 root 8u IPv4 3810878 UDP *:162 snmptrapd 31826 root 9u IPv6 3810882 UDP *:162
Enable SSH on ESXi
Be default ESXi (4.0) does not have SSH enabled. Here’s how you can enable SSH to run command line utilities on your ESXi host.
Go to the ESXi console and press alt+F1
Type: unsupported
Enter the root password(No prompt, typing is blindly)
At the prompt type “vi /etc/inetd.conf”
Look for the line that starts with “#ssh” (you can search with pressing “/”)
Remove the “#” (press the “x” if the cursor is on the character)
Save “/etc/inetd.conf” by typing “:wq!”
Restart the management service “/sbin/services.sh restart”
Good Checkpoint VPN info from CPUG Forums
From http://www.cpug.org/forums/vpns-virtual-private-networks/4764-vpn-trouble-shooting.html:
Trouble shooting VPNs is covered ad infinitum in the Check Point Management II/III courseware… It’s fair to say over 95% of problems are a result of configuration or cross vendor compatibility issues.
Make sure you read http://secureknowledge.checkpoint.co….do?id=sk19423 !
Most VPN debugging consists of looking at the IKE negotiation although first you should check that connectivity actually exists between the two peers. If I ping does the other end see it! Can both sides see the IKE packets arriving during a key exchange?
You need to understand the IKE process to be able to debug.
IKE negotiation consists of two phases – Phase I (Main mode which is six packets) and Phase II (Quick Mode which is three packets). The $FWDIR/log/ike.elg file contains this information (once debugging is enabled). To enable debugging, you need to login to your firewall and enter the command “vpn debug on; vpn debug ikeon” or “vpn debug trunc”. Check Point have a tool called IKEView.exe which parses the information of ike.elg into a GUI making this easier to view.
Note that another useful tool is “vpn debug on mon” which writes all of the IKE captured data into a file ikemonitor.snoop which you can open with wireshark or ethereal.
So Phase I negotiates encryption methods (DES/3DES/AES etc), the key length, the hash Algorithm (MD5/SHA1) and creates a key to protect the messages of the exchange. It does this in 5 stages:
- Peers Authenticate using Certificates or a pre-shared secret.
- Each peer generates a private Diffie-Hellman key from random bits and from that derives a DH public key. These are then exchanged.
- Each peer generates a shared secret from its private key and its peers public key, this is the DH key.
- The peers exchange DH Key material (random bits and mathematical data) and methods for PhaseII are agreed for encryption and integrity.
- Each side generates a symmetric key (based upon the DH key and key material exchanged).
In IkeView under the IP address of the peer, open the Main Mode Packet 1 – expand :
> “P1 Main Mode ==>” for outgoing or “P1 Main Mode <==” for incoming
> MM Packet 1
> Security Association
> prop1 PROTO_ISAKMP
> tran1 KEY_IKE
You should then be able see the proposed Encryption Algorithm, Key Length, Hash Algorithm, Authentication Method, DH Group, and SA renegotiation params (life type – usually secs and duration).
If your encryption fails in Main Mode Packet 1, then you need to check your VPN communities.
Packet 2 ( MM Packet 2 in the trace ) is from the responder to agree on one encryption and hash algorithm
Packets 3 and 4 arent usually used when troublshooting. They perform key exchanges and include a large number called a NONCE. The NONCE is a set of never before used random numbers sent to the other part, signed and returned to prove the parties identity.
Packets 5 and 6 perform the authentication between the peers. The peers IP address shows in the ID field under MM packet 5. Packet 6 shows that the peer has agreed to the proposal and has authorised the host initiating the key exchange.
If your encryption fails in Main Mode Packet 5, then you need to check the authentication – Certificates or pre-shared secrets
Next is Phase II – the IPSec Security Associations (SAs) are negotiated, the shared secret key material used for the SA is determined and there is an additional DH exchange. Phase II failures are generatlly due to a misconfigured VPN domain. Phase II occurs in 3 stages:
- Peers exchange key material and agree encryption and integrity methods for IPSec.
- The DH key is combined with the key material to produce the symmetrical IPSec key.
- Symmetric IPSec keys are generated.
In IkeView under the IP address of the peer, expand Quick Mode packet 1:
> “P2 Quick Mode ==>” for outgoing or “P2 Quick Mode <==” for incoming
> QM Packet 1
> Security Association
> prop1 PROTO_IPSEC_ESP
> tran1 ESP_AES (for an AES encrypted tunnel)
You should be able to see the SA life Type, Duration, Authentication Alg, Encapsulation Mode and Key length.
If your encryption fails here, it is one of the above Phase II settings that needs to be looked at.
There are two ID feilds in a QM packet. Under
> QM Packet 1
> ID
You should be able to see the initiators VPN Domain configuration including the type (ID_IPV4_ADDR_SUBNET) and data (ID Data field).
Under the second ID field you should be able to see the peers VPN Domain configuration.
Packet 2 from the responder agrees to its own subnet or host ID, encryption and hash algorithm.
Packet 3 completes the IKE negotiation.
If all of this works without any errors, then you may have previously initiated an invalid tunnel previously. You can use the VPN tunnel utility “vpn tu” to remove SA keys from the table.
I hope that this helps.
Greg
ServerIron Hot Failover Configuration
Good information on sync’ing configuration changes between two ServeriIron load balacners:
http://www.brocade.com/sites/dotcom/support/Product_Manuals/ServerIron_AdminGuide/manage.2.14.html
Get the most out of VMware Server
You can increase VMware Server (1.09) performance by following a few simple steps.
Set the host memory allocation to “Fit all virtual machine memory into reserved host RAM”. This will prevent VMware Server from swapping guest virtual memory to disk and effecting performance. In Windows this is set under Host > Settings > Memory.
Preallocate your virtual hard drives. Using dynamic virtual drives will leave you with more available disk space for other things, but reduces overall virtual machine performance.
OVA/OVF Files
Recently came across OVA files when someone handed me a couple of virtual machines. I wan’t sure what they were or how to use… google time.
From http://www.linux-mag.com/id/7389:
So, what’s so great about OVF? Since there are so many disparate points of view in the virtualization world, a proposal was made that there should be a way to standardize virtual machine delivery in a hypervisor agnostic fashion. In 2008, the Distributed Management Task Force (DMTF) drafted the OVF Specification V1.0.0. The DMTF is a collective effort by Dell, HP, IBM, Microsoft, VMware and XenSource. Currently, VirtualBox, XenServer and VMware support OVF.
In order to use these virtual machine in VMware Server, you’ll need to convert them into a recognizable format. What’s you’ll need is OVFTool from VMware. With this utility (command line only) you can convert the OVA file into a few different VMware formats; none that are VMware Server compatible. What you’ll need to do is use OVFTool to convert the virtual machine into Virtual Infrustructure (VI) format, then use VMware Converter to create a VMware Server.
This specifies the source is OVA, the target is VMX:
ovftool.exe" -st=OVA -tt=VMX vm1.ova vm1.vmx
Then using VMware Converter the source is going to be a Virtual Appliance and select the vm1.vmx file that was created to OVFTool.
Here’s some examples (directly from ovftool.exe –help examples):
Source Locator Examples:
c:\ovfs\my_vapp.ovf
c:\vms\my_vm.vmx
vi://username:pass@localhost/my_datacenter/vm/ \
my_vms_folder/my_vm_name
Destination Locator Examples:
c:\ovfs\my_vapp.ovf
c:\vms\my_vm.vmx
vi://username:pass@localhost/my_datacenter/host/ \
esx01.example.com
vi://username:pass@localhost/my_datacenter/host/ \
esx01.example.com/Resources/my_resourcepool
Note: the /host/ and /Resources/ part of the above inventory path are
fixed and must be specified when using a vi destination locator.
The /Resources/ part is only used when specifying a resource
pool.
Examples:
ovftool -tt=vmx c:\ovfs\my_vapp.ovf c:\vms\
(.ovf file to .vmx file. Result files will
be: c:\vms\my_vapp\my_vapp.[vmx|vmdk])
ovftool c:\vms\my_vm.vmx c:\ovfs\my_vapp.ovf
(.vmx file to .ovf file. Result files will be c:\ovfs\my_vapp.[ovf|vmdk])
ovftool http://my_ovf_server/ovfs/my_vapp.ova c:\vms\my_vm.vmx
(.ova file to .vmx file)
ovftool c:\ovfs\my_vapp.ovf vi://username:pass@my_esx_host
(.ovf file to ESX host using default mappings)
ovftool c:\ovfs\my_vm.vmx vi://username:pass@my_esx_host
(.vmx file to ESX host using default mappings)
ovftool https://my_ovf_server/ovfs/my_vapp.ovf \
vi://username:pass@my_esx_host
(.ovf file from a web server to ESX host using defaults)
ovftool c:\ovfs\my_vapp.ovf \
vi://username:pass@my_vc_server/?ip=10.20.30.40
(.ovf file to vCenter server using managed ESX host ip address)
ovftool "vi://username:pass@my_vc_server/my_datacenter?ds=\
[Storage1] foo/foo.vmx" c:\ovfs\
(VM on ESX/vCenter server to OVF using datastore location query)
ovftool c:\ovfs\my_vapp.ovf \
vi://username:pass@my_vc_server/my_datacenter/host/my_host
(.ovf file to vCenter server using vCenter inventory path)
ovftool vi://username:pass@my_host/my_datacenter/vm/my_vm_folder/my_vm_name \
c:\ovfs\my_vapp.ovf
(VC/ESX vm to .ovf file)
ovftool https://my_ovflib/vm/my_vapp.ovf
(shows summary information about the OVF package [probe mode])
Stuff I Know 