Docker Community Forums

Share and learn in the Docker community.

Tenable.SC service in 'active (exited)' state. Cant get service to keep running

docker
build
#1

I am seeking to install Tenable Security Center software (rpm) into a CentOS docker container running ontop a host OS of Debian. The Security Center software is suppose to provide a GUI on port 443 for interacting with the software.

On a VIRTUAL MACHINE, installing the SecurityCenter-5.8.0-el7.x86_64.rpm is enough to get it up and working. Services automatically launch after install, and a GUI is on https ://localhost. Simply run ‘yum install SecurityCenter-5.8.0-el7.x86_64.rpm -y’ and it simply works. Here is a output of ‘systemctl status SecurityCenter’ from the VM for reference later.

Im seeking to repeat this, but in a docker container. Here are the steps i took thus far.

I created a initally created Dockerfile as such and built a image. My Dockerfile looked as such.

FROM centos:7
ENV container docker
COPY SecurityCenter--el7.x86_64.rpm /tmp/
RUN yum upgrade -y;\
yum install /tmp/SecurityCenter-
-el7.x86_64.rpm -y;\
yum clean all;
EXPOSE 443 22
CMD ["/usr/sbin/init"]

I created a image, and launched it with

docker run -d -p 443:443 securitycenter

This did not work, there was no GUI at https ://localhost. I Connected in with ‘docker exec -it bash’ . I tired to run

systemctl status SecurityCenter

but it returned

Failed to get D-Bus connection: Operation not permitted

I believe i fixed this correctly by following documentation at the offical CentOS Docker Hub. This was unrelated to SecuirtyCenter at all. I edited my dockerfile so that i would have Systemd integration. The new (and my current) Dockerfile looks as such. ( The only this changed was intergrating systemd account to documention.)

FROM centos:7
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i ==
systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-usPreformatted texter.target.wants/
;\
rm -f /etc/systemd/system/.wants/;\
rm -f /lib/systemd/system/local-fs.target.wants/; \
rm -f /lib/systemd/system/sockets.target.wants/udev; \
rm -f /lib/systemd/system/sockets.target.wants/initctl; \
rm -f /lib/systemd/system/basic.target.wants/
;\
rm -f /lib/systemd/system/anaconda.target.wants/;
VOLUME [ “/sys/fs/cgroup” ]
COPY SecurityCenter-
-el7.x86_64.rpm /tmp/
RUN yum upgrade -y;\
yum install /tmp/SecurityCenter-*-el7.x86_64.rpm -y;\
yum clean all;
RUN systemctl enable SecurityCenter.service
EXPOSE 443 22
CMD ["/usr/sbin/init"]

I built this into another image and lauched it with the following. (adding in extra stuff required for systemd according to documation)

docker run -d -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /tmp/$(mktemp -d):/run -p 443:443 securitycenter

The Systemd intergration seems to have worked, but the service is in a exited state and still not working.
>[root@acc2d9da93aa /]# systemctl status SecurityCenter
● SecurityCenter.service - SYSV: Starts and stops the Lightning daemons
Loaded: loaded (/etc/rc.d/init.d/SecurityCenter; bad; vendor preset: disabled)
Active: active (exited) since Sat 2019-02-02 19:42:10 UTC; 1h 22min ago
Docs: man:systemd-sysv-generator(8)

>Feb 02 19:42:10 acc2d9da93aa systemd[1]: Starting SYSV: Starts and stops the Lightning daemons…
Feb 02 19:42:10 acc2d9da93aa systemd[1]: Started SYSV: Starts and stops the Lightning daemons.
[root@acc2d9da93aa /]#

Is there a reason why the SecurityCenter service is exiting? Im trying to compare it to the working VM output, which i showed at the top, to figure out what is wrong. Ives been at this for a LONG time now, and cant seem to figure it out.

We have 20+ VM instances of ONLY this software, it would be very nice to get it to run in a container. Hopefully someone can point me in the correct direction