It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Secure Connector Container

  • Last updated on

The Secure Connector running firmware 1.1.0 or higher can now run a single LXC container. Linux containers must be enabled in the Secure Connector configuration. The container is assigned an IP address from the data network defined on the Firewall Control Center.

The container is distributed and installed via the firmware update page on the Control Center. The container is transferred and then unpacked on the Secure Connector. All deb packages are installed, and the doit script is executed during deployment. The /root/start.sh script is executed every time the Secure Connector is started. To allow SSH access, a Secure Connector firewall management rule must be added to allow traffic into the container zone.

The new, enhanced container feature for LXC, Docker, and IoT Edge is currently in EA and will be free of charge at least until October-31-2021. Starting November 2021, we will make this new functionality available for purchase, and all existing deployments will need to be licensed.

Resource Limits for Containers

  • 1 CPU core
  • 512 MB RAM
  • 2 GB Storage 

Container Requirements

Each container must be in a .tgz archive. The file name must include the string container. E.g, my_container.tgz or my_container_v01.tgz

  • deb packages – The deb packages must be compiled for ARM-HF.
  • doit – This script is executed during the installation.
  • /root/start.sh – This script is executed every time the Secure Connector boots and after the installation of the container.

Enable Container Support

  1. Go to your cluster > Cluster Settings > Secure Connector Editor.
  2. Click Lock.
  3. Double-click to edit the device or Secure Connector template.
  4. In the left menu, click Container Settings.
  5. Select the Container enabled check box.

  6. Enter the Root Password for container support on the Secure Connector.
    sc_container_settings.png
  7. Click OK.

  8. Click Activate.

Create a Firewall Rule

Add a Secure Connector firewall management rule to allow SSH access into the container zone. Configure the rule with the following settings:

  • Allow – Select the check box.
  • Source Zone – Select CONT. This is the zone associated with the container.
  • Services – Select SSH.

fsc_container_rule.png

For more information, see How to Create Secure Connector Firewall Management Rules.

Example for LXC Container

This is a simple example for a container installation script. The image itself is already provisioned on the Secure Connector. The script will install the application. Additional required binaries can be added to the *.tgz  package.

wget_container.tgz

doit script:

#!/bin/bash 
echo $(date) "doit script executed" >> /home/InstallContainer.log 
echo $(date) "Running u Update and upgrade" >> /home/InstallContainer.log 
apt-get update -y && apt-get upgrade -y>> /home/InstallContainer.log 
echo $(date) "Installing packeges....." >> /home/InstallContainer.log 
apt-get install wget -y >> /home/InstallContainer.log 
if [ "$?" -eq "0" ]
then 
        echo $(date) "wget installed!" >> /home/InstallContainer.log 
else 
        echo $(date) "wget installation failed!" >> /home/InstallContainer.log
        exit 1 
fi 
echo $(date) "Copy start script and make it executable" >> /home/InstallContainer.log 
cp start.sh /root/start.sh && chmod +x /root/start.sh >> /home/InstallContainer.log 
if [ "$?" -eq "0" ] 
then 
        echo $(date) "Installation completed successfully !" >> /home/InstallContainer.log 
        echo  "=======doit script finished======" >> /home/InstallContainer.log 
        exit 0 
else 
        echo $(date) "Adding start.sh failed – please configure manually" >> /home/InstallContainer.log 
        echo  "=======doit script finished======" >> /home/InstallContainer.log 
        exit 1 
fi

start.sh script:

#!/bin/bash 
while : 
do 
        wget barracuda.com -O  
        sleep 60 
done 

Create a *.tgz archive including doit, start.sh as well as other binaries if applicable for the installation. The archive must include “container” in the archive name. For example: <Name>_container.tgz

tar -cvzf wget_container.tgz doit start.sh 

Install a Container via Firmware Update in Barracuda Firewall Admin

Containers are installed just like Secure Connector firmware updates. Copy the container .tgz file to the Control Center and distribute it just like a firmware update. When the archive is on the Secure Connector, the deb packages are installed and the installation scripts executed.

For more information, see Secure Connector Firmware Updates.