This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '2' | |
| services: | |
| # Data store | |
| db: | |
| image: mongo:3.2 | |
| volumes: | |
| - mongo-data:/data/db | |
| expose: | |
| - "27017" | |
| # Session store |
lucj
/ gist:7453246c96b85d5959165e2b6b435207
Created
August 7, 2016 12:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| logentries: | |
| command: '-t 82855f8b-5341-34d5-3e54-12b612c26efa --no-stats' | |
| image: 'logentries/docker-logentries' | |
| restart: always | |
| volumes: | |
| - '/var/run/docker.sock:/var/run/docker.sock' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Url on which GitLab will be reachable. | |
| ## For more details on configuring external_url see: | |
| ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/configuration.md#configuring-the-external-url-for-gitlab | |
| external_url "https://gitlab.mydomain.com" | |
| ################ | |
| # GitLab Nginx # | |
| ################ | |
| ## see: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/master/doc/settings/nginx.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2016/08/19 13:02:38 [notice] 135#135: signal process started | |
| Generating RSA private key, 2048 bit long modulus | |
| ...............................+++ | |
| ...........................................................................................+++ | |
| e is 65537 (0x10001) | |
| Signing certificates from https://acme-v01.api.letsencrypt.org ... | |
| Parsing account key... | |
| Parsing CSR... | |
| Registering account... | |
| Registered! |
lucj
/ swarmmode-test.txt
Created
August 22, 2016 19:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2 Raspberry one PI 2 B+ and one PI 3 running Raspbian | |
| Version | |
| pi@pi2:~ $ docker version | |
| Client: | |
| Version: 1.12.1 | |
| API version: 1.24 | |
| Go version: go1.6.3 | |
| Git commit: 23cf638 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <tunables/global> | |
| profile docker-default flags=(attach_disconnected,mediate_deleted) { | |
| #include <abstractions/base> | |
| network, | |
| capability, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@node1:~# aa-status | |
| apparmor module is loaded. | |
| 13 profiles are loaded. | |
| 13 profiles are in enforce mode. | |
| /sbin/dhclient | |
| /usr/bin/lxc-start | |
| /usr/lib/NetworkManager/nm-dhcp-client.action | |
| /usr/lib/NetworkManager/nm-dhcp-helper | |
| /usr/lib/connman/scripts/dhclient-script | |
| /usr/lib/lxd/lxd-bridge-proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@node1:~# aa-status | |
| apparmor module is loaded. | |
| 13 profiles are loaded. | |
| 13 profiles are in enforce mode. | |
| /sbin/dhclient | |
| /usr/bin/lxc-start | |
| /usr/lib/NetworkManager/nm-dhcp-client.action | |
| /usr/lib/NetworkManager/nm-dhcp-helper | |
| /usr/lib/connman/scripts/dhclient-script | |
| /usr/lib/lxd/lxd-bridge-proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # check if access to the file is authorized within the container confined in docker-default AppArmor profile | |
| root@4008beda0927:~# cat /proc/sysrq-trigger | |
| cat: /proc/sysrq-trigger: Permission denied | |
| root@4008beda0927:~# | |
| # check if access to the file is authorized within the unconfined container | |
| root@9f2173cfd7bc:~# cat /proc/sysrq-trigger | |
| cat: /proc/sysrq-trigger: Input/output error | |
| root@9f2173cfd7bc:~# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@node ~]# cat /etc/selinux/config | |
| # This file controls the state of SELinux on the system. | |
| # SELINUX= can take one of these three values: | |
| # enforcing - SELinux security policy is enforced. | |
| # permissive - SELinux prints warnings instead of enforcing. | |
| # disabled - No SELinux policy is loaded. | |
| SELINUX=permissive | |
| # SELINUXTYPE= can take one of three two values: | |
| # targeted - Targeted processes are protected, |
OlderNewer