Pitted Knowledge of the Almighty Olive: February 2018

Feb 20, 2018

Fail2Ban unbanning process

Log into the target machine with Fail2Ban installed
Look at the list of banned IPs and identify the IP you wish to unban:
```
sudo iptables -L -n
```
Discover the names of the jails:
```
sudo fail2ban-client status
```

Unban the IP:

sudo fail2ban-client set ssh-iptables unbanip 123.123.123.123

Running a new GitLab Runner for private GitLab server

This guide was created in conjunction with the official tutorial.

On your Docker installation, download the Gitlab Runner container. When it is eventually run, there are two volumes that are automatically created: /etc/gitlab-runner and /home/gitlab-runner. You may choose to mount these locally on your host instead.
During the run step, make sure you mount your host's docker socket, either using the -v parameter (-v /var/run/docker.sock:/var/run/docker.sock) or your tool of preference.
Open up a shell console on the Runner container.
Run the registration process (gitlab-runner register) and follow the prompts (the details are listed in the Admin Area under Overview -> Runners)

Feb 19, 2018

Exposing your docker daemon API via network port (and getting it into Portainer)

These instructions will be targeted to Linux installations with systemd installed. In particular, I have used an Ubuntu-flavoured distro (ElementaryOS). I presume you have already installed docker onto your machine.

Stop the Docker daemon if is is already running
```
sudo systemctl stop docker.service
```
You can check the status of the service (including if it is even installed)
```
sudo systemctl status docker.service
```

Open the service configuration file

sudo nano /lib/systemd/system/docker.service

Find the line with 'ExecStart' and modify it as follows (saving it once complete):
```
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H fd://
```
Reload all of the daemons:
```
sudo systemctl daemon-reload
```
Start the service
```
sudo systemctl start docker.service
```
Open up your portainer installation, navigate to the 'Endpoints' menu item and then enter in the IP and port for your target computer.

Feb 14, 2018

Navigating a private Docker Repository

All this content can be gained by reading the Registry HTTP API v2 specification.

All URLs are assumed to by appended to https://[hostname|ip]:[port]/

Listing Images

/v2/_catalog

This will output a JSON object in the format of:


{
    "repositories": [
        "image1",
        "image2"
    ]
}

List Tags for Image

/v2/[name]/tags/list

This will output a JSON object in the format of:

{
    "name": "image1",
    "tags": [
        "1.0",
        "latest"
    ]
}

Manifest for an Image

/v2/[name]/manifests/[tag]

This will output a JSON object with the manifest information.