How start application after network host has been set / is ready?

Filisimus · March 9, 2023, 5:02pm

Hi guys,
so I would like to use suricata on an small IoT with balena. The docker.compose file looks like this

services:
  main:
    network_mode: host
    labels:
      io.balena.features.dbus: "1"

And here is the dockerfile.template:

FROM balenalib/%%BALENA_MACHINE_NAME%%-node:8

FROM ubuntu
RUN apt-get update && apt-get install suricata net-tools iproute2 -y

WORKDIR /usr/src/app

COPY src/ ./src/
COPY index_yaml/index.yaml /var/lib/suricata/update/cache/index.yaml

RUN ifconfig
RUN suricata --pcap -c /usr/src/app/src/suricata.yaml

The problem I’m facing is that if I start suricata here it wont work because the network adapters from the host aren’t available yet, I get an error message that suricata can’t find the network device in question and yes, as I can see via ifconfig, it is not available yet. (only eth0 and lo)
If I remove the suricata command from the dockerfile.template, push it and open a terminal session with ‘main’ the network device is there. (enp4s0)
So how can I start suricata after the network devices are ready, please?

Thanks in advance and Kind Regards,
Filisimus

Filisimus · March 10, 2023, 12:07pm

The magic keyword is ENTRYPOINT

JonWood · March 10, 2023, 3:56pm

The ifconfig you’re running in your Dockerfile is unrelated to the what you’d see on a production device - RUN commands are executed while the Docker image is being built, not when the image is run on a device.

Likewise, when you say RUN suricata ... in your Dockerfile what you’re doing is a packet capture on the network interfaces available to the builder that’s building your image.

You’re looking for CMD suricata --pcap -c /usr/src/app/src/suricata.yml, which will instruct Docker to use that as the command to execute when the container is started on a device.

Filisimus · March 10, 2023, 4:10pm

Thank you for your explanation