mfthomps / Labtainers

Labtainers: A Docker-based cyber lab framework
https://nps.edu/web/c3o/labtainers
272 stars 68 forks source link

Support running labtainers labs in headless docker env (using Guacamole ?) #8

Open olberger opened 6 years ago

olberger commented 6 years ago

In cloud contexts or when running Labtainers on a docker host without X display (Windows ?, remote cloud Linux host ?), there may be no X display to open the lab containers' GUIs : gnome-terminal, xterm, firefox, etc.

I think it could be interesting to integrate Guacamole or any similar software to allow running an X display "in memory" (XVnc for instance, which is standard I think) and offer access to the X sessions through a Web page, created by Guacamole, which would display a "desktop" view of the labs GUIs in an HTML5 canvas.

This may be of use for non-Linux hosts maybe (should labtainers be installable without a base Linux docker host, which is another issue ;), which wouldn't support native X displays where labtainers scripts will be run

olberger commented 6 years ago

We've been working on including XVNC inside the "master container" (see https://github.com/mfthomps/Labtainers/issues/1), in order to access to the labs through VNC, and it seems that may be working soon.

In the meantime, here's a snapshot of the latest hack: https://github.com/olberger/Labtainers/commit/0f4c3dc3e2bce8aeb145d1f6fa0632ca21d819ed

FYI, I have pushed a docker image as olberger/labtainer.master:0.4 which should provide that.

Stay tuned ;-)

olberger commented 5 years ago

We've worked on a more advanced version of this feature. See my post at https://www.freelists.org/post/labtainers/Labtainer-Guacamole-demo

olberger commented 5 years ago

FYI, here's our current version for doing that : https://htmlpreview.github.io/?https://gitlab.com/olberger/virtual-labs/raw/master/labtainer-docker/labtainer-docker.html

I've improved the accompanying script https://gitlab.com/olberger/virtual-labs/blob/master/labtainer-docker/start-labtainer so as to allow to share specific dirs between host and guest, to allow updating labtainers from local tarballs (test registry fashion), or working on a new lab by editing on host and testing inside labtainers.

olberger commented 5 years ago

The Guacamole experiment doesn't seem to be working very well (see https://gitlab.com/olberger/virtual-labs/issues/1).

Maybe noVNC would be better. Possibly reusing what's in https://github.com/fcwu/docker-ubuntu-vnc-desktop for instance (kudos to Tony Hirst via https://blog.ouseful.info/2019/02/06/viewing-dockerised-desktops-via-an-x11-bridge-novnc/)

jeremytourville commented 3 years ago

I have been working on this same issue recently. Have you tried running VNC at the VM OS level instead of inside the docker contaner? I'd love to collaborate with @olberger @mfthomps on this issue.

mfthomps commented 3 years ago

Running VNC in a container works pretty well. We can use that to run on Docker Desktop for Windows or Macs. And it supports a cloud-based solution as described here: https://github.com/mfthomps/Labtainers/tree/master/headless-lite

jeremytourville commented 3 years ago

I appreciate the feedback. My use case scenario involved providing users the ability to login remotely using Guacamole and presenting the user with a GUI so that labtainers and CyberCIEGE could be run. Any option that achieves the end goal is acceptable though . I guess I need to get up to speed on noVNC and it's capabilities.

mfthomps commented 3 years ago

Well things were working well with the noVNC. Perhaps Docker "fixed" something. Now the unix X11 socket at /tmp/.X11-unix can no longer be shared with the container. I'll need to investigate. For now, no GUI works on the "headless" version of Labtainers.

Correction: Labtainers and CyberCIEGE work fine with headless Labtainers on Linux. It is only the Docker Desktop for Mac (and perhaps Windows) that break the X11 socket.

So your use-case should work. To see how it looks, use the headless-labtainers.sh script on a Linux VM such as the Labtainers appliance. And see the notional cloud configuration file for deploying on servers. This would give students browser-based access to Labtainers and CyberCIEGE.