Skip to content

3891sinneD/docker-ripe-atlas

 
 

Repository files navigation

RIPE Atlas Docker Image

This is the RIPE Atlas software probe packaged as a Docker image.

Build Status

Requirements

  • 1 CPU core (of course)
  • 20MiB memory
  • 100MiB HDD
  • A Linux installation with Docker installed
  • Internet access

Tags

The following prebuilt tags are available at Docker Hub. The latest tag supports multi-arch, and should be used by default.

  • latest: For all supported devices listed below (multi-arch)
  • latest-arm64: For arm64 (aarch64) devices
  • latest-armv7l: For armv7l (armhf) devices
  • latest-i386: For i386 devices
  • latest-amd64: For amd64 devices

Running

Using docker run

First we start the container:

docker run --detach --restart=always \
	--log-driver json-file --log-opt max-size=10m \
	--cpus=1 --memory=64m --memory-reservation=64m \
	--cap-drop=ALL --cap-add=CHOWN --cap-add=SETUID --cap-add=SETGID --cap-add=DAC_OVERRIDE --cap-add=NET_RAW \
	-v /var/atlas-probe/etc:/var/atlas-probe/etc \
	-v /var/atlas-probe/status:/var/atlas-probe/status \
	-e RXTXRPT=yes \
	-e ATLAS_UID=1000 `#optional to map the container's internal user to an user on the host machine. ` \
  	-e ATLAS_GID=1000 `#optional to map the container's internal group to a group on the host machine.` \
	--name ripe-atlas --hostname "$(hostname --fqdn)" \
	jamesits/ripe-atlas:latest

ATLAS_UID and ATLAS_GID

In this example we used ATLAS_UID=1000 and ATLAS_GID=1000, to find the id's of the user on your host use id user_you_want_to_use as below on your host

id user_you_want_to_use

The output will be like

uid=<id>(user_you_want_to_use) gid=<id>(user_you_want_to_use)

Using Docker Compose

An example docker-compose.yaml is provided.

git clone https://github.com/Jamesits/docker-ripe-atlas.git
cd docker-ripe-atlas
docker-compose pull
docker-compose up -d

Registering the Probe

Fetch the generated public key:

cat /var/atlas-probe/etc/probe_key.pub

Register the probe with your public key. After the registration being manually processed, you'll see your new probe in your account.

Building

If you don't want to use the prebuilt image hosted on the Docker Hub, you can build your own image.

DOCKER_BUILDKIT=1 docker build -t ripe-atlas .

Optionally you can build the image with custom id's for the atlas user and/or group

DOCKER_BUILDKIT=1 docker build -t ripe-atlas --build-arg="ATLAS_UID=1234" --build-arg="ATLAS_GID=1234" .
DOCKER_BUILDKIT=1 docker build -t ripe-atlas --build-arg="ATLAS_UID=1234" .
DOCKER_BUILDKIT=1 docker build -t ripe-atlas --build-arg="ATLAS_GID=1234" .

Note that building this container image requires BuildKit.

Caveats

IPv6

Docker does not enable IPv6 by default. If you want IPv6 support, some level of setup and a basic understanding of IPv6 is required. Swarm mode & some Kubernetes implementation supports IPv6 too with extra configuration.

Using native address assignment

If you happened to have a block of static IPv6 addresses routed to your host, you can directly assign one of the addresses to the container. Edit /etc/docker/daemon.json and add native IPv6 address blocks, then restart the Docker daemon. An example:

{
  "ipv6": true,
  "fixed-cidr-v6": "2001:db8:a1a3::/48"
}

Notes:

  • These config work on Docker for Linux only
  • If daemon.json exists, merge the config lines instead of directly overwriting it; if it doesn't exist, create it manually
  • For more info, see the official doc

Using NAT (NPTv6)

If your ISP does not conform to BCOP 690 (very common), and/or your router cannot route smaller blocks of IPv6 to one server even if it has been assigned a block of valid IPv6 addresses (also very common), the method above might not work for you. As a workaround, you can setup NAT with either Docker's builtin experimental IPv6 NAT support, robbertkl/docker-ipv6nat or similar projects. Manual iptables/nftables NAT setup is also possible, but hanc marginis exiguitas non caperet.

Firstly, edit kernel parameters to enable IPv6 routing.

cat > /etc/sysctl.d/50-docker-ipv6.conf <<EOF
net.ipv6.conf.eth0.accept_ra=2
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1
EOF
sysctl -p /etc/sysctl.d/50-docker-ipv6.conf

Notes:

  • This potentially introduces more attack surface and might require you set up IPv6 firewall rules to make yourself safe
  • This might break your network and your mileage may vary
  • Swap eth0 with your primary network adapter name
  • If you use static IPv6 assignment instead of SLAAC, change accept_ra to 0

Secondly, create a IPv6 NAT enabled network.

docker network create --ipv6 --subnet=fd00:a1a3::/48 ripe-atlas-network
docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro -v /lib/modules:/lib/modules:ro --cap-drop=ALL --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_MODULE --net=host --name=ipv6nat robbertkl/ipv6nat:latest

Finally, start the RIPE Atlas container with argument --net=ripe-atlas-network.

Auto Update

Use this recipe for auto updating the docker container.

docker run --detach --restart=always -v /var/run/docker.sock:/var/run/docker.sock --name watchtower containrrr/watchtower --cleanup --label-enable

Then start the RIPE Atlas container with argument --label=com.centurylinklabs.watchtower.enable=true.

Backup

All the config files are stored at /var/atlas-probe. Just backup it.

About

This is the RIPE Atlas software probe packaged as a Docker image.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Dockerfile 73.8%
  • Shell 26.2%