LUNA is the project that I was working on, a month ago, I was in a situation where I had to use Linux over Windows systems. that’s when I thought of something lighter and easier than Kubernetes. Actually, it’s a short story. we were organising a CTF event in our university and I was assigned the task to create and set up the CTF environment in two labs. What we had were windows systems. Not a single Linux System was there and that’s when we had to remove the challenges that could only be solved using Linux which was pretty bad, right! And that’s how I came up with the idea of hosting a server that will serve docker containers.
The Luna is written in Python3. It requires Flask multithreading sockets and py_console for a beautiful output. GitHub: https://github.com/luckythandel/LUNA
By default, It will run on the 1337 port. but you can change the values in the server.py
The main method is running and handling the threads which are basically clients connecting and asking for the docker containers info. The Luna can be configured as you configure the docker. So, whatever the limits of docker are, are the limits of Luna. By the way, since you can create privileged containers with custom Linux capabilities and provide a container with its own storage(in the limit), it seems you will rarely face problems while using it.
I have defined a function to create a docker container box_request with arguments networkHost=Ture, storage=”500m”. If the networkHost is True then the docker container network mode is bridge and storage is for the memory limits. that’s what makes Luna so much easier to customize. I have used three Linux machines, Kalirolling, Redhat/ubi8, ubuntu:20.04. It was not necessary nice every machine is a docker container but still, I added it.
I have written the code for creating and accessing each docker container with proper exception handling.
container_rm is a function with arguments timeout and container_id which will remove the docker container after a specific given time. you can change the timeout according to your need.
And then there is this function container_password_change(container_id, pass_len=12, user=”user”, root=False), it is changing the default password (kingpin, you can find it in Dockerfiles) of the user inside the container. and I have defined root=Flase by default. This is for changing the password for user root since I have not enabled the root login through ssh, it is not required that you change the root password. it returns a randomly generated password from random.choice
line number 53 generate the password and assign it in the variable new_passwd. and line 58 is checking If root boolean is True, in that case, change the password for root too. This process of changing the password is running in a try-except block that can handle the exception.
Client script is totally based upon how the server will send and receive data. I have used pxssh of the pexpect library which helps me to directly give ssh connection of a docker container that the client has just created.
The details of the container will be fetched in the connection_creator function in JSON format. I have used json library here. the total JSON result is stored in container_inspect_json after getting data from socket in continer_inspect. line 69 gets the IP address and password was sent by the server separately using sockets.
I was thinking of its setup over a public server. It was really costly and hard to implement, the idea of setting up an OpenVPN server. But then I thought of routing. Routing is easy but things are more manual now. I will have to configure server-side and client-side both to router the packets for Luna.
I have used Bash shell scripting to set up the Luna on the Linux system to run it as a server. it is a small script checking for the requirements to run Luna and getting your networks done to run Luna docker containers with. checking all the network interfaces and enabling ipv4 forwarding to add iptables masquerade rule.
This script also setup the docker images using Dockerfiles.
you can easily install it and test it yourself, all the instructions are given on the repo of Luna
