StrongDM [https://www.strongdm.com/] is a proxy. It combines authentication, authorization, networking, and observability into a single pane of glass and it manages and audits access to databases, servers, clusters, and web apps.
The StrongDM network consists of a local client, gateway intermediary, and configuration layer.
Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. The service has both free and premium tiers. The software that hosts the containers is called Docker Engine. It was first started in 2013 and is developed by Docker, Inc.
In this blog I demonstrate how to connect to StrongDM datasource from a Docker container. This is how to guide.
Assume strongdm PostgreSQL DB datasource my_pg_strongdm_datasource defined on port 23456.
Step 1 - Create runMe.sh script that will be run from Docker container
#!/bin/bash
echo "$0: Start: $(date)"
echo "Viewing the PostgreSQL Client Version"
psql -Version
echo "Viewing the PostgreSQL Server Version"
# logs into sdm
sdm login
# updates to latest release
sdm update
# starts listener manually
sdm listen --daemon &
# attempts sdm status until successful
until sdm status &> /dev/null;
do
sleep 1
echo "waiting for SDM to start"
done
sdm connect my_pg_strongdm_datasource
sdm status | grep 23456
export PGPASSWORD='123456'
psql -h localhost -p 23456 -U postgres -d postgres -c 'select version();'
echo "$0: End: $(date)"
Step 2 - Create Dockerfile
FROM ubuntu:22.04
MAINTAINER Dmitry Romanoff
RUN apt-get update && apt-get install telnet -y
RUN apt-get install wget -y && apt-get install gnupg -y
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7FCC7D46ACCC4CF8
RUN sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt jammy-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
RUN wget -qO- https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
RUN apt-get update
RUN apt-get install postgresql-client -y
COPY runMe.sh runMe.sh
RUN chmod +x runMe.sh
ENV SDM_HOME=/home/sdm/.sdm
RUN adduser --uid 9001 --ingroup root --disabled-password --gecos "" sdm \
&& apt-get update \
# Install build and runtime dependencies
&& apt-get install --no-install-recommends -y \
curl \
unzip \
psmisc \
ca-certificates \
# Download the strongDM client binary
&& curl -J -O -L https://app.strongdm.com/releases/cli/linux \
# Unzip it
&& unzip sdmcli* \
# Install it
&& ./sdm install --user sdm --nologin \
# Remove no longer needed build dependencies
&& apt-get remove -y \
curl \
unzip \
ca-certificates \
# Delete the zip file
&& rm sdmcli* \
# Clean up APT
&& apt-get autoremove -y \
&& rm -rf /var/lib/apt/lists/*
ENTRYPOINT ["/runMe.sh"]
Step 3 - Create Docker image from the Dockerfile
docker build --no-cache . -t strongdm_pg_from_container
Step 4 - Start container
docker run -it strongdm_pg_from_container -p 23456:23456
Step 5 - Check how the psql client installed inside the Docker container is connecting to the PostgreSQL DB (database) StrongDM datasource.
docker run -it strongdm_pg_from_container -p 23456:23456
/runMe.sh: Start: Sat Dec 3 20:25:49 UTC 2022
Viewing the PostgreSQL Client Version
psql (PostgreSQL) 15.1 (Ubuntu 15.1-1.pgdg22.04+1)
Viewing the PostgreSQL Server Version
Email address or User ID: myuser@mydomain.com
Please complete logging in at: https://app.strongdm.com/auth/11111111111
authentication successful
updating sdm...
sdm is updated
connect successful
my_pg_strongdm_datasource connected 23456 postgres
version
--------------------------------------------------------------------------------------------------------------
PostgreSQL 13.3 on aarch64-unknown-linux-gnu, compiled by gcc (GCC) 7.3.1 20180712 (Red Hat 7.3.1-6), 64-bit
(1 row)
/runMe.sh: End: Sat Dec 3 20:26:31 UTC 2022
Conclusion
In this blog I demonstrated how to install a StrongDM client and connect to PostgreSQL StrongDM datasource from a Docker container.
Top comments (1)
Hey! Thank you for this, I liked it ;) keep writing, you got my follow!