use old java based remote management interfaces like ILO,RMM,IPMI via docker container

if you are a sysadmin chances are, you already had to deal with remote management interfaces that rely on old java versions with unsigned certificates and what not. If, in addition to that, you work for a company with security policies that restrict you from using such nasty java webstart apps wich basically violate every security best practice out there, chances are, you can't use those interfaces anymore because you aren't allowed to do so or you don't want to have your system configured in a way that would allow such apps to still run on your own system.

docker to the rescue :) .. a quick workaround for this problem is, to create a docker container which has the necessary java stuff, a web browser and some method of bringing the GUI to your own desktop. in this example i am using novnc, which is a web-based vnc client. luckily all the heavy lifting has already be done by Doro wu and friends, so all we have to do is create our own docker container based on his ubuntu+novnc image and add icedtea (open source java webstart client) to the mix in order to use our admin GUI's.

first of all, install docker of course.. be it on your own machine or on some server you may use for such things

lets get started.. these commands are for linux, but i've heard there is windows and there is docker for windows out there.. no clue about that though ;)

mkdir novnc-icedtea
cd novnc-icedtea

now create a dockerfile using your favourite editor to do what I have described above:

FROM dorowu/ubuntu-desktop-lxde-vnc:latest
RUN apt-get update \
    && apt-get install -y icedtea-netx \
    && apt-get autoclean -y \
    && apt-get autoremove -y \
    && rm -rf /var/lib/apt/lists/*

build the container:

docker build --tag novnc-icedtea:1.0 .

finally, run it!

docker run -p 6080:80 -v /dev/shm:/dev/shm --name novnc -d novnc-icedtea:1.0

(the dev/shm mapping is needed if you want to use firefox as it requires more space than the makers of the base novnc image packed into their image)

now open a web browser and surf to http://localhost:6080

in there you can open firefox and then finally open your remote management console in it using javaws and by clicking away all the warnings :)

once you are done you can stop this container with

docker stop novnc 

and if you need it again in the future, you can start it again with

docker start novnc 

and if you have finally replaced your old servers with newer ones that come with a web-based remote console, you can remove the container using

docker rm novnc 
docker rmi novnc-icedtea:1.0 
  • use_old_java_based_remote_management_interfaces_like_ilo_rmm_ipmi_via_docker_container.txt
  • Last modified: 08.10.2020 11:25
  • by Pascal Suter