We are trying to add the DNS entry in /etc/hosts file . SDK V2.0 overwrites the host file ,so we need a way to add entry in the hosts file once the container is up which need the the superuser credentials.

Can you please provide the password, for the super user? Or is there any way to include the DNS entries in the host files using the SDK V2.0.0?

I'm trying to add hosts with this command

"echo 192.168.0.227 ciscoisenew2.ciscoisenew.lab.blr >> /etc/hosts"

---------------------------------------------------------------------

Container Image :q1docker-release.canlab.ibm.com/gaf/qradar-app-base

---------------------------------------------------------------------

[appuser/]$ sudo echo 192.168.0.227 ciscoisenew2.ciscoisenew.lab.blr >> /etc/hosts

We trust you have received the usual lecture from the local System

Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.

#2) Think before you type.

#3) With great power comes great responsibility.

[sudo] password for appuser:

Hi

So once an app container has started we remove sudo access. This is a new security requirement with the new app framework as everything now has to be executed as a non privileged user inside the container. In order to add the entry to the hosts file you would have to do that during app container startup.

We have a helper python script which allows you to execute root commands at container startup only. This is called as_root. An example for your scenario above would be the following

In your app create a shell script like this container/run/add_dns_entry.sh:

And add a new file container/run/ordering.txt:

These two files define the startup behaviour of the app, with ordering.txt pointing to the file to execute on startup, in this case add_dns_entry.sh, and add_dns_entry.sh adding the new entry to the hosts file at container startup

Note: as_root is only available during container startup it will not work after container startup

Hi,

I tried to follow your recommendation for adding the entry in /etc/hosts. I get bellow error in startup.log file

========================================

amol:~/pxgrid_v2.0$ tail -f store/log/startup.log 

2021-01-15 11:09:05 A0000 Checking if certificates need to be copied from /etc/qradar_pki to /etc/pki

2021-01-15 11:09:05 A0000 /etc/qradar_pki does not exist, skipping

2021-01-15 11:09:05 A0000 Attempting to update hosts file with FQDN if present in environment variables

2021-01-15 11:09:05 A0000 FQDN and console ip found in environment variables, will add to hosts file if required

2021-01-15 11:09:05 A0000 Hosts entry not present for FQDN, adding to /etc/hosts

2021-01-15 11:09:05 A0000 Did not find console PEM cert in environment

2021-01-15 11:09:05 A0000 Executing commands from /opt/app-root/container/run/ordering.txt

2021-01-15 11:09:05 /opt/app-root/container/run/create_dns_entries.sh

/opt/app-root/container/run/create_dns_entries.sh: line 2: /etc/hosts: Permission denied

2021-01-15 11:09:05 A0000_start_container.sh exited with status 1

===========================================

The content of script files are

amol:~/pxgrid_v2.0$ cat container/run/create_dns_entries.sh 

#/bin/bash

as_root echo 192.168.0.227 ciscoisenew2.ciscoisenew.lab.blr >> /etc/hosts

and

amol:~/pxgrid_v2.0$ cat container/run/ordering.txt 

/opt/app-root/container/run/create_dns_entries.sh

amol:~/pxgrid_v2.0$ 

Could you please help us?

Hi,

Please add the command directly in ordering.txt than putting in separate script file.

as_root echo 192.xxx.xxx.227 ciscxxxenew2.xxxx.xxx.blr >> /etc/hosts

Hi

Can you try with this

container/run/create_dns_entries.sh like this

sh-4.4$ cat create_dns_entries.sh

if ! grep -q "192.168.0.227 ciscoisenew2.ciscoisenew.lab.blr" /etc/hosts;

then

Log "ciscoisenew2.ciscoisenew.lab.blr Hosts entry not present. Adding in /etc/hosts"

as_root "echo 192.168.0.227 ciscoisenew2.ciscoisenew.lab.blr >> /etc/hosts"

else

Log "ciscoisenew2.ciscoisenew.lab.blr Hosts entry already present in /etc/hosts, skipping"

fi

and

container/run/ordering.txt in your app zip with this

sh-4.4$ cat ordering.txt

/opt/app-root/container/run/create_dns_entries.sh

Then it should get logged to startup.log under /opt/app-root/store/log like this

2021-01-21 10:38:24 A0000_start_container.sh running with pid 15

2021-01-21 10:38:24 A0000 Configurating default host strategy.

2021-01-21 10:38:24 A0000 Checking if certificates need to be copied from /etc/qradar_pki to /etc/pki

2021-01-21 10:38:24 A0000 /etc/qradar_pki exists, attempting to copy certificates from /etc/qradar_pki to /etc/pki

2021-01-21 10:38:24 A0000 Copied certificates successfully from /etc/qradar_pki to /etc/pki

2021-01-21 10:38:24 A0000 Attempting to update hosts file with FQDN if present in environment variables

2021-01-21 10:38:24 A0000 FQDN and console ip found in environment variables, will add to hosts file if required

2021-01-21 10:38:24 A0000 Hosts entry not present for FQDN, adding to /etc/hosts

2021-01-21 10:38:25 A0000 Did not find console PEM cert in environment

2021-01-21 10:38:25 A0000 Executing commands from /opt/app-root/container/run/ordering.txt

2021-01-21 10:38:25 /opt/app-root/container/run/create_dns_entries.sh

2021-01-21 10:38:25 ciscoisenew2.ciscoisenew.lab.blr Hosts entry not present. Adding in /etc/hosts

2021-01-21 10:38:25 as_root command [echo 192.168.0.227 ciscoisenew2.ciscoisenew.lab.blr >> /etc/hosts] exited with status 0

2021-01-21 10:38:25 A0000_start_container.sh exited with status 0

2021-01-21 10:38:25 A9800_configure.sh running with pid 45

2021-01-21 10:38:25 A9800 Altering sudo access for appuser to allow only update_ca_bundle.sh

2021-01-21 10:38:25 A9800_configure.sh exited with status 0

and /etc/hosts gets the new entry from my test app like this

sh-4.4$ cat /etc/hosts

127.0.0.1 localhost

::1 localhost ip6-localhost ip6-loopback

fe00::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

169.254.3.7 9bc647b1a5b9

192.168.0.227 ciscoisenew2.ciscoisenew.lab.blr