0

I'm trying to disable firewall inside redislabs/redis docker container, in order to create a new Redis database (according to https://forum.uipath.com/t/haa-cannot-allocate-nodes-for-shards-when-creating-redis-db/310838). I need to connect in this container as root user, however the default user is 'redislabs' and I've not found anywhere what's this user's password. Moreover, the 'root' user in this container is not exactly a superuser.

The commands that was executed are listed below:

Creating a container based on Redis official image:

docker run -d --cap-add sys_resource -h re-node1 --name re-node1 -p 18443:8443 -p 19443:9443 -p 14000-14005:12000-12005 -p 18070:8070 redislabs/redis:latest

Starting cluster:

docker exec -it --privileged re-node1 "/opt/redislabs/bin/rladmin" cluster create name re-cluster.local username demo@redis.com password redislabs

Checking cluster's state:

docker exec -it re-node1 bash -c "/opt/redislabs/bin/rladmin info cluster"

Connecting in container as root:

docker exec -u 0 -it re-node1 bash

root@re-node1:/opt# iptables -L

iptables v1.6.1: can't initialize iptables table `filter': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

More details: https://github.com/redis-field-engineering/redis-connect-dist/blob/main/examples/oracle/demo/setup_re.sh

Ronan Vargas
  • 1
  • 1
    The default user is usually root, but this can be overridden with the `USER` instruction in the `Dockerfile`. To access IP tables you need specific capabilities - see this answer: https://unix.stackexchange.com/questions/459206/list-ip-tables-in-docker-container – viggnah Jul 21 '22 at 13:40

1 Answers1

1

Based on the information retrieved, it seems that the issue you're encountering is due to the fact that the Redis Docker container is running in a restricted environment where the root user does not have full privileges. This is a common security measure in Docker containers to limit the potential damage if the container is compromised.

Here are some steps you can take to disable the firewall:

  1. Use the --privileged flag: When starting your Docker container, you can use the --privileged flag. This gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.

  2. Use a custom Dockerfile: You can create a custom Dockerfile where you switch to the root user, perform the necessary operations, and then switch back to the 'redislabs' user. Here is an example:

    FROM redislabs/redis:latest
USER root
RUN your-commands-here
USER redislabs

    Then you can build and run your Docker container from this Dockerfile.

  3. Use sudo within the container: If the 'redislabs' user is in the sudoers file, you could use sudo to run commands as root within the container. However, this would require knowing the 'redislabs' user's password, which is not typically available.

Please note that these methods can pose a security risk, especially in a production environment. It's generally recommended to avoid running containers with escalated privileges unless absolutely necessary. If you're just trying to set up a Redis database, there may be other, safer ways to accomplish your goal.

Ryan Sevey
  • 11
  • 1