LXC

Please note, these instructions are valid only for a pre-release version of CloudShark 3.9. If you would like to join a limited beta, please contact us.

Launch container

CloudShark running on LXC requires a container running CentOS 7. The following command will launch a new container running CentOS 7 named cs-lxc-container:

lxc launch images:centos/7 cs-lxc-container

Push files

The CloudShark offline installer contains the RPM packages and creates a repository to install them from. This installer will install the cloudshark-tools RPM and create a disabled repository called cloudshark-offline. To begin installing CloudShark first push this file to the root users home directory in the newly created CentOS 7 container:

lxc file push <offline_installer> cs-lxc-container/root/

Configure networking

CloudShark uses the nginx webserver and by default starts this on port 80 (http) and port 443 (https) with a self-signed default cert. The following examples will forward these ports from the host to the LXC container:

lxc config device add cs-lxc-container http proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80
lxc config device add cs-lxc-container https proxy listen=tcp:0.0.0.0:443 connect=tcp:127.0.0.1:443

Console into the container

The next steps require running commands in the container. This can either be done using the lxc exec command or by starting and connecting to a session running /bin/bash within the container as the root user:

lxc exec cs-lxc-container -- /bin/bash

Required packages

CloudShark requires a few packages that are not included in the default CentOS 7 container image. To install these via yum run:

yum -y install sudo hostname tar less

Run offline installer

The offline installer is a makeself executable that contains the RPM files needed to install CloudShark and a script to create a local repository named cloudshark-offline. Running this also installs the cloudshark-tools package and other software required to run CloudShark.

The container needs access to the CentOS repositories while installing via the offline installer. These can be specified in a comma separated list. If the container is using the default repositories the following command will work:

/root/cloudshark-offline-installer.bin base,updates,extras

Install cloudshark-bundle

Now the CloudShark application code can be installed by running:

yum -y --enablerepo cloudshark-offline install cloudshark-bundle

Start cloudshark-puma service

Next the cloudshark-puma service can be started:

systemctl start cloudshark-puma

Licensing (Updated for Beta #2)

In order for us to properly support running containerized instance, the CloudShark license server must be run on the host operating system. We are using a license server called rlm. This is new, and a change from all previous versions of CloudShark.

In your distribution, you will receive a .tgz containing binaries needed to run the license server. These need to be unpacked into a directory on the host and be made executable. We do not recommend running them as root.

Cavaet: You need to run the rlm binary via the full path: i.e /opt/cloudshark-license-server/rlm

 

Place your new cloudshark.lic in the same directory as the rlm binary and run the rlm command.

The guest OS inside the LXC container must be able to communicate with port 5053 on localhost of the Host.

It is also possible to run the license server on a completely separate machine if that makes more sense in your deployment scenario.

Update the license inside the container

If you already have a cloudshark.lic inside the LXC container, it needs to be replaced with a new file that has only the following line:

HOST <host-name-or-ip-address>

That single line instructs the client on how to contact the license server.

Start cloudshark service

Once the license has been configured and the service restarted you can start the rest of the services CloudShark uses by running:

systemctl start cloudshark

Threat Assessment

The Threat Assessment addon require additional software which can be installed by running the following yum command:

yum --enablerepo cloudshark-offline install cloudshark-addon-threat-assessment

Upgrading

To upgrade CloudShark run the latest offline installer and install the latest cloudshark-bundle package:

/root/cloudshark-offline-installer.bin base,updates,extras
yum -y --enablerepo cloudshark-offline install cloudshark-bundle

After upgrading restart CloudShark and required services:

systemctl restart cloudshark-nginx
systemctl restart cloudshark

Known Bugs

This is still a beta, and there are a couple of features that we have fixed since the initial beta.

  • Export’s “Download Original” does not work. (Fixed in Beta #2)
  • The AutoImport functionality is also not working. (Fixed in Beta #2)

We don’t know of any issues in this release that will impact users at this time. If there’s anything else that seems to not be functioning as expected, please let us know!