Unable to connect in RedisLabs/Redis container as root user

Question

I'm trying to disable firewall inside redislabs/redis docker container, in order to create a new Redis database (according to https://forum.uipath.com/t/haa-cannot-allocate-nodes-for-shards-when-creating-redis-db/310838). I need to connect in this container as root user, however the default user is 'redislabs' and I've not found anywhere what's this user's password. Moreover, the 'root' user in this container is not exactly a superuser.

The commands that was executed are listed below:

Creating a container based on Redis official image:

docker run -d --cap-add sys_resource -h re-node1 --name re-node1 -p 18443:8443 -p 19443:9443 -p 14000-14005:12000-12005 -p 18070:8070 redislabs/redis:latest

Starting cluster:

docker exec -it --privileged re-node1 "/opt/redislabs/bin/rladmin" cluster create name re-cluster.local username [email protected] password redislabs

Checking cluster's state:

docker exec -it re-node1 bash -c "/opt/redislabs/bin/rladmin info cluster"

Connecting in container as root:

docker exec -u 0 -it re-node1 bash

root@re-node1:/opt# iptables -L

iptables v1.6.1: can't initialize iptables table `filter': Permission denied (you must be root)

Perhaps iptables or your kernel needs to be upgraded.

More details: https://github.com/redis-field-engineering/redis-connect-dist/blob/main/examples/oracle/demo/setup_re.sh

Answer 1

Based on the information retrieved, it seems that the issue you're encountering is due to the fact that the Redis Docker container is running in a restricted environment where the root user does not have full privileges. This is a common security measure in Docker containers to limit the potential damage if the container is compromised.

Here are some steps you can take to disable the firewall:

1. Use the --privileged flag: When starting your Docker container, you can use the --privileged flag. This gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.

2. Use a custom Dockerfile: You can create a custom Dockerfile where you switch to the root user, perform the necessary operations, and then switch back to the 'redislabs' user. Here is an example:

   FROM redislabs/redis:latest
   USER root
   RUN your-commands-here
   USER redislabs
   

   Then you can build and run your Docker container from this Dockerfile.

3. Use sudo within the container: If the 'redislabs' user is in the sudoers file, you could use sudo to run commands as root within the container. However, this would require knowing the 'redislabs' user's password, which is not typically available.

Please note that these methods can pose a security risk, especially in a production environment. It's generally recommended to avoid running containers with escalated privileges unless absolutely necessary. If you're just trying to set up a Redis database, there may be other, safer ways to accomplish your goal.