From 089bea41afa5e23b8567837b3a260886d7038d31 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 8 Jan 2016 16:24:50 +0000 Subject: [PATCH 01/24] ISSUE 46: Configuration volume is optional so do not use by default. --- docker-compose.yml | 32 ++++++++++++++++------------ run.conf | 23 ++++++++++++++------ run.sh | 52 ++++++++++++++++++++++++---------------------- 3 files changed, 63 insertions(+), 44 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index e15ad04..9ba3959 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,21 +13,27 @@ # View logs of service ssh.pool-1.1.1: # docker-compose logs ssh.pool-1.1.1 # ----------------------------------------------------------------------------- -volume-config.ssh.pool-1.1.1: - image: "busybox:latest" - container_name: "volume-config.ssh.pool-1.1.1" - volumes: - - "./etc/services-config/ssh:/etc/services-config/ssh" - - "./etc/services-config/supervisor:/etc/services-config/supervisor" - # - "/etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh" - # - "/etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor" - # - "~/services-config/ssh.pool-1/ssh:/etc/services-config/ssh" - # - "~/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor" - command: /bin/true +# volume-config.ssh: +# image: "busybox:latest" +# container_name: "volume-config.ssh" +# volumes: +# - "./etc/services-config/ssh:/etc/services-config/ssh" +# - "./etc/services-config/supervisor:/etc/services-config/supervisor" +# command: /bin/true +# volume-config.ssh.pool-1: +# image: "busybox:latest" +# container_name: "volume-config.ssh.pool-1" +# volumes: +# # - "/etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh" +# # - "/etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor" +# # - "~/services-config/ssh.pool-1/ssh:/etc/services-config/ssh" +# # - "~/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor" +# command: /bin/true ssh.pool-1.1.1: image: "jdeathe/centos-ssh:latest" container_name: "ssh.pool-1.1.1" ports: - "2020:22" - volumes_from: - - volume-config.ssh.pool-1.1.1 \ No newline at end of file + # volumes_from: + # - volume-config.ssh + # # - volume-config.ssh.pool-1 \ No newline at end of file diff --git a/run.conf b/run.conf index 666776b..e040a45 100644 --- a/run.conf +++ b/run.conf @@ -7,13 +7,24 @@ SERVICE_UNIT_SHARED_GROUP=pool-1 SERVICE_UNIT_LOCAL_ID=1 SERVICE_UNIT_INSTANCE=1 -MOUNT_PATH_CONFIG=/etc/services-config -# Mac hosts need to be in User writable directory -if [ "$(uname)" == "Darwin" ]; then - MOUNT_PATH_CONFIG=~/services-config -fi +# Mac hosts using docker-machine or a vagrant VM should have the home directory +# /Users/$(whoami) synched to the docker host. +MOUNT_PATH_CONFIG=./etc/services-config +#MOUNT_PATH_CONFIG=/etc/services-config +#MOUNT_PATH_CONFIG=~/services-config DOCKER_IMAGE_REPOSITORY_NAME=${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} DOCKER_NAME=${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP}.${SERVICE_UNIT_LOCAL_ID}.${SERVICE_UNIT_INSTANCE} -VOLUME_CONFIG_NAME=volume-config.${DOCKER_NAME} \ No newline at end of file +CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG} + VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME} + +#CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG}/${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} +# VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} + +#CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG}/${DOCKER_NAME} +# VOLUME_CONFIG_NAME=volume-config.${DOCKER_NAME} + +# Use of a configuration volume requires manual maintenance and access to the +# filesystem of the docker host so is now disabled by default. +VOLUME_CONFIG_ENABLED=false diff --git a/run.sh b/run.sh index 43558c8..e478241 100755 --- a/run.sh +++ b/run.sh @@ -44,40 +44,42 @@ remove_docker_container_name () } # Configuration volume -if ! have_docker_container_name ${VOLUME_CONFIG_NAME} ; then +# The Docker Host needs the target configuration directories +if [[ ${VOLUME_CONFIG_ENABLED} == "true" ]] && ! have_docker_container_name ${VOLUME_CONFIG_NAME} ; then - CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG}/${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} - - # The Docker Host needs the target configuration directories - - if [ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/ssh ]; then - CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/ssh) - $CMD || sudo $CMD + if [[ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/ssh ]]; then + CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/ssh) + $CMD || sudo $CMD fi if [[ ! -n $(find ${CONTAINER_MOUNT_PATH_CONFIG}/ssh -maxdepth 1 -type f) ]]; then - CMD=$(cp -R etc/services-config/ssh ${CONTAINER_MOUNT_PATH_CONFIG}/) - $CMD || sudo $CMD + CMD=$(cp -R etc/services-config/ssh ${CONTAINER_MOUNT_PATH_CONFIG}/) + $CMD || sudo $CMD fi - if [ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor ]; then - CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor) - $CMD || sudo $CMD + if [[ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor ]]; then + CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor) + $CMD || sudo $CMD fi if [[ ! -n $(find ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor -maxdepth 1 -type f) ]]; then - CMD=$(cp -R etc/services-config/supervisor ${CONTAINER_MOUNT_PATH_CONFIG}/) - $CMD || sudo $CMD + CMD=$(cp -R etc/services-config/supervisor ${CONTAINER_MOUNT_PATH_CONFIG}/) + $CMD || sudo $CMD fi -( -set -x -docker run \ - --name ${VOLUME_CONFIG_NAME} \ - -v ${CONTAINER_MOUNT_PATH_CONFIG}/ssh:/etc/services-config/ssh \ - -v ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor:/etc/services-config/supervisor \ - busybox:latest \ - /bin/true; -) + + ( + set -x + docker run \ + --name ${VOLUME_CONFIG_NAME} \ + -v ${CONTAINER_MOUNT_PATH_CONFIG}/ssh:/etc/services-config/ssh \ + -v ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor:/etc/services-config/supervisor \ + busybox:latest \ + /bin/true; + ) +fi + +if [[ ${VOLUME_CONFIG_ENABLED} == "true" ]] && have_docker_container_name ${VOLUME_CONFIG_NAME}; then + VOLUMES_FROM="--volumes-from ${VOLUME_CONFIG_NAME}" fi # Force replace container of same name if found to exist @@ -90,7 +92,7 @@ docker run \ -d \ --name ${DOCKER_NAME} \ -p :22 \ - --volumes-from ${VOLUME_CONFIG_NAME} \ + ${VOLUMES_FROM:-} \ ${DOCKER_IMAGE_REPOSITORY_NAME} ) From 6802f9b780fc9fb3bb4d67ea6ef9c64d44d7ca8e Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 10 Jan 2016 17:17:58 +0000 Subject: [PATCH 02/24] ISSUE 70: Added feature to pass commands on running a container. --- run.sh | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/run.sh b/run.sh index 43558c8..3b0e2b8 100755 --- a/run.sh +++ b/run.sh @@ -80,25 +80,40 @@ docker run \ ) fi -# Force replace container of same name if found to exist +# Application container remove_docker_container_name ${DOCKER_NAME} +if [[ -z ${1+x} ]]; then + echo "Running container ${DOCKER_NAME} as a background/daemon process." + DOCKER_OPERATOR_OPTIONS="-d --entrypoint /bin/bash" + DOCKER_COMMAND="/usr/bin/supervisord --configuration=/etc/supervisord.conf" +else + # This is useful for running commands like 'export' or 'env' to check the + # environment variables set by the --link docker option. + # + # If you need to pipe to another command, quote the commands. e.g: + # ./run.sh "env | grep MYSQL | sort" + printf "Running container %s with CMD [/bin/bash -c '%s']\n" "${DOCKER_NAME}" "${*}" + DOCKER_OPERATOR_OPTIONS="-it --entrypoint /bin/bash --env TERM=${TERM:-xterm}" + DOCKER_COMMAND="${@}" +fi + # In a sub-shell set xtrace - prints the docker command to screen for reference ( set -x docker run \ - -d \ + ${DOCKER_OPERATOR_OPTIONS} \ --name ${DOCKER_NAME} \ -p :22 \ --volumes-from ${VOLUME_CONFIG_NAME} \ - ${DOCKER_IMAGE_REPOSITORY_NAME} + ${DOCKER_IMAGE_REPOSITORY_NAME} -c "${DOCKER_COMMAND}" ) # Use environment variables instead of configuration volume # ( # set -x # docker run \ -# -d \ +# ${DOCKER_OPERATOR_OPTIONS} \ # --name ${DOCKER_NAME} \ # -p :22 \ # --env "SSH_USER=app-1" \ @@ -108,7 +123,7 @@ docker run \ # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmLedI2mEJimvIm1OzT1EYJCMwegL/jfsXARLnYkZvJlEHFYDmRgS+YQ+MA9PKHyriCPmVNs/6yVc2lopwPWioXt0+ulH/H43PgB6/4fkP0duauHsRtpp7z7dhqgZOXqdLUn/Ybp0rz0+yKUOBb9ggjE5n7hYyDGtZR9Y11pJ4TuRHmL6wv5mnj9WRzkUlJNYkr6X5b6yAxtQmX+2f33u2qGdAwADddE/uZ4vKnC0jFsv5FdvnwRf2diF/9AagDb7xhZ9U3hPOyLj31H/OUce4xBpGXRfkUYkeW8Qx+zEbEBVlGxDroIMZmHJIknBDAzVfft+lsg1Z06NCYOJ+hSew== # " \ -# ${DOCKER_IMAGE_REPOSITORY_NAME} +# ${DOCKER_IMAGE_REPOSITORY_NAME} -c "${DOCKER_COMMAND}" # ) if is_docker_container_name_running ${DOCKER_NAME} ; then From cf9be7dfdbec2d584b7cedeafd4636558ebcd782 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 10 Jan 2016 17:32:59 +0000 Subject: [PATCH 03/24] ISSUE 73: Maintenance - use consistent BASH syntax. --- build.sh | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/build.sh b/build.sh index 0802bf3..f9c471e 100755 --- a/build.sh +++ b/build.sh @@ -1,12 +1,12 @@ #!/usr/bin/env bash # Change working directory -DIR_PATH="$( if [ "$( echo "${0%/*}" )" != "$( echo "${0}" )" ] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" -if [[ $DIR_PATH == */* ]] && [[ $DIR_PATH != "$( pwd )" ]] ; then - cd $DIR_PATH +DIR_PATH="$( if [[ $( echo "${0%/*}" ) != $( echo "${0}" ) ]] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" +if [[ ${DIR_PATH} == */* ]] && [[ ${DIR_PATH} != $( pwd ) ]] ; then + cd ${DIR_PATH} fi -NO_CACHE="$1" +NO_CACHE=$1 source build.conf @@ -16,28 +16,27 @@ show_docker_image () local NAME_PARTS=(${NAME//:/ }) # Set 'latest' tag if no tag requested - if [ ${#NAME_PARTS[@]} == 1 ]; then + if [[ ${#NAME_PARTS[@]} == 1 ]]; then NAME_PARTS[1]='latest' fi docker images | grep -e "^${NAME_PARTS[0]}[ ]\{1,\}${NAME_PARTS[1]}" } -echo Building ${DOCKER_IMAGE_REPOSITORY_NAME}... +echo "Building ${DOCKER_IMAGE_REPOSITORY_NAME}" # Allow cache to be bypassed -if [ "$NO_CACHE" == "true" ]; then +if [[ ${NO_CACHE} == "true" ]]; then echo " ---> Skipping cache" else NO_CACHE="false" fi # Build from working directory -docker build --no-cache=$NO_CACHE -t ${DOCKER_IMAGE_REPOSITORY_NAME} . - +docker build --no-cache=${NO_CACHE} -t ${DOCKER_IMAGE_REPOSITORY_NAME} . # Display the last docker image echo "Docker image:" show_docker_image ${DOCKER_IMAGE_REPOSITORY_NAME} -echo " ---> Build complete" \ No newline at end of file +echo " ---> Build complete" From aa3f3d3d804a2feefe6620e86fcfce8673e454d6 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 10 Jan 2016 17:42:25 +0000 Subject: [PATCH 04/24] ISSUE 73: Maintenance - use consistent BASH syntax. --- run.sh | 79 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 44 insertions(+), 35 deletions(-) diff --git a/run.sh b/run.sh index 3b0e2b8..3fbcc6f 100755 --- a/run.sh +++ b/run.sh @@ -1,8 +1,9 @@ #!/usr/bin/env bash -DIR_PATH="$( if [ "$( echo "${0%/*}" )" != "$( echo "${0}" )" ] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" -if [[ $DIR_PATH == */* ]] && [[ $DIR_PATH != "$( pwd )" ]] ; then - cd $DIR_PATH +# Change working directory +DIR_PATH="$( if [[ $( echo "${0%/*}" ) != $( echo "${0}" ) ]] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" +if [[ ${DIR_PATH} == */* ]] && [[ ${DIR_PATH} != $( pwd ) ]] ; then + cd ${DIR_PATH} fi source run.conf @@ -11,22 +12,30 @@ have_docker_container_name () { local NAME=$1 + if [[ -z ${NAME} ]]; then + return 1 + fi + if [[ -n $(docker ps -a | awk -v pattern="^${NAME}$" '$NF ~ pattern { print $NF; }') ]]; then return 0 - else - return 1 fi + + return 1 } is_docker_container_name_running () { local NAME=$1 + if [[ -z ${NAME} ]]; then + return 1 + fi + if [[ -n $(docker ps | awk -v pattern="^${NAME}$" '$NF ~ pattern { print $NF; }') ]]; then return 0 - else - return 1 fi + + return 1 } remove_docker_container_name () @@ -35,49 +44,49 @@ remove_docker_container_name () if have_docker_container_name ${NAME} ; then if is_docker_container_name_running ${NAME} ; then - echo Stopping container ${NAME}... + echo "Stopping container ${NAME}" (docker stop ${NAME}) fi - echo Removing container ${NAME}... + echo "Removing container ${NAME}" (docker rm ${NAME}) fi } # Configuration volume if ! have_docker_container_name ${VOLUME_CONFIG_NAME} ; then - + # For configuration that is specific to the running container CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG}/${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} # The Docker Host needs the target configuration directories - - if [ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/ssh ]; then - CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/ssh) - $CMD || sudo $CMD + if [[ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/ssh ]]; then + CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/ssh) + $CMD || sudo $CMD fi - if [[ ! -n $(find ${CONTAINER_MOUNT_PATH_CONFIG}/ssh -maxdepth 1 -type f) ]]; then - CMD=$(cp -R etc/services-config/ssh ${CONTAINER_MOUNT_PATH_CONFIG}/) - $CMD || sudo $CMD + if [[ -z $(find ${CONTAINER_MOUNT_PATH_CONFIG}/ssh -maxdepth 1 -type f) ]]; then + CMD=$(cp -R etc/services-config/ssh ${CONTAINER_MOUNT_PATH_CONFIG}/) + $CMD || sudo $CMD fi - if [ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor ]; then - CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor) - $CMD || sudo $CMD + if [[ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor ]]; then + CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor) + $CMD || sudo $CMD fi - if [[ ! -n $(find ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor -maxdepth 1 -type f) ]]; then - CMD=$(cp -R etc/services-config/supervisor ${CONTAINER_MOUNT_PATH_CONFIG}/) - $CMD || sudo $CMD + if [[ -z $(find ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor -maxdepth 1 -type f) ]]; then + CMD=$(cp -R etc/services-config/supervisor ${CONTAINER_MOUNT_PATH_CONFIG}/) + $CMD || sudo $CMD fi -( -set -x -docker run \ - --name ${VOLUME_CONFIG_NAME} \ - -v ${CONTAINER_MOUNT_PATH_CONFIG}/ssh:/etc/services-config/ssh \ - -v ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor:/etc/services-config/supervisor \ - busybox:latest \ - /bin/true; -) + + ( + set -x + docker run \ + --name ${VOLUME_CONFIG_NAME} \ + -v ${CONTAINER_MOUNT_PATH_CONFIG}/ssh:/etc/services-config/ssh \ + -v ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor:/etc/services-config/supervisor \ + busybox:latest \ + /bin/true; + ) fi # Application container @@ -116,13 +125,13 @@ docker run \ # ${DOCKER_OPERATOR_OPTIONS} \ # --name ${DOCKER_NAME} \ # -p :22 \ -# --env "SSH_USER=app-1" \ -# --env "SSH_USER_HOME_DIR=/home/app" \ -# --env "SSH_USER_SHELL=/bin/sh" \ # --env "SSH_AUTHORIZED_KEYS= # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmLedI2mEJimvIm1OzT1EYJCMwegL/jfsXARLnYkZvJlEHFYDmRgS+YQ+MA9PKHyriCPmVNs/6yVc2lopwPWioXt0+ulH/H43PgB6/4fkP0duauHsRtpp7z7dhqgZOXqdLUn/Ybp0rz0+yKUOBb9ggjE5n7hYyDGtZR9Y11pJ4TuRHmL6wv5mnj9WRzkUlJNYkr6X5b6yAxtQmX+2f33u2qGdAwADddE/uZ4vKnC0jFsv5FdvnwRf2diF/9AagDb7xhZ9U3hPOyLj31H/OUce4xBpGXRfkUYkeW8Qx+zEbEBVlGxDroIMZmHJIknBDAzVfft+lsg1Z06NCYOJ+hSew== # " \ +# --env "SSH_USER=app-1" \ +# --env "SSH_USER_HOME_DIR=/home/app" \ +# --env "SSH_USER_SHELL=/bin/sh" \ # ${DOCKER_IMAGE_REPOSITORY_NAME} -c "${DOCKER_COMMAND}" # ) From 9bfd7bab320db5f282b790ab41bbb0a355447964 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 10 Jan 2016 17:49:14 +0000 Subject: [PATCH 05/24] ISSUE 73: Maintenance - use consistent BASH syntax. --- etc/ssh-bootstrap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/ssh-bootstrap b/etc/ssh-bootstrap index 894705a..41cfdb7 100644 --- a/etc/ssh-bootstrap +++ b/etc/ssh-bootstrap @@ -143,7 +143,7 @@ if [[ ! -d ${OPTS_SSH_USER_HOME_DIR}/.ssh ]]; then rm -f /etc/ssh/{ssh_host_rsa_key,ssh_host_rsa_key.pub,ssh_host_dsa_key,ssh_host_dsa_key.pub} ssh-keygen -q -C "" -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key ssh-keygen -q -C "" -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key - if [ -x /sbin/restorecon ]; then + if [[ -x /sbin/restorecon ]]; then /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub fi From d5a9a21b7e7536aef1640cab55a015248612fd41 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 10 Jan 2016 19:01:39 +0000 Subject: [PATCH 06/24] ISSUE 46: Use same image for volumes as the application container. --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index 8a47527..641523f 100755 --- a/run.sh +++ b/run.sh @@ -81,7 +81,7 @@ if [[ ${VOLUME_CONFIG_ENABLED} == "true" ]] && ! have_docker_container_name ${VO --name ${VOLUME_CONFIG_NAME} \ -v ${CONTAINER_MOUNT_PATH_CONFIG}/ssh:/etc/services-config/ssh \ -v ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor:/etc/services-config/supervisor \ - busybox:latest \ + ${DOCKER_IMAGE_REPOSITORY_NAME} \ /bin/true; ) fi From 11516ad2bb4a0ad77230cdde7653d992e55090cb Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 10 Jan 2016 19:04:23 +0000 Subject: [PATCH 07/24] ISSUE 46: Use same image for volumes as the application container. --- README.md | 4 ++-- docker-compose.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8227705..40b36a7 100644 --- a/README.md +++ b/README.md @@ -52,14 +52,14 @@ Make a directory on the docker host for storing container configuration files. T $ mkdir -p /etc/services-config/ssh.pool-1 ``` -Create the data volume, mounting our docker host's configuration directory to /etc/services-config/ssh in the docker container. Note that docker will pull the busybox:latest image if you don't already have available locally. +Create the data volume, mounting our docker host's configuration directory to /etc/services-config/ssh in the docker container. Note that docker we use the same image as for the application container to reduce the number of images/layers required. ``` $ docker run \ --name volume-config.ssh.pool-1.1.1 \ -v /etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh \ -v /etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor \ - busybox:latest \ + "jdeathe/centos-ssh:latest" \ /bin/true ``` diff --git a/docker-compose.yml b/docker-compose.yml index 9ba3959..a421a1d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,14 +14,14 @@ # docker-compose logs ssh.pool-1.1.1 # ----------------------------------------------------------------------------- # volume-config.ssh: -# image: "busybox:latest" +# image: "jdeathe/centos-ssh:latest" # container_name: "volume-config.ssh" # volumes: # - "./etc/services-config/ssh:/etc/services-config/ssh" # - "./etc/services-config/supervisor:/etc/services-config/supervisor" # command: /bin/true # volume-config.ssh.pool-1: -# image: "busybox:latest" +# image: "jdeathe/centos-ssh:latest" # container_name: "volume-config.ssh.pool-1" # volumes: # # - "/etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh" From 80bdf3d0bac7f09126f1220b5c7d23ab5091d90e Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Jan 2016 12:15:49 +0000 Subject: [PATCH 08/24] ISSUE 46: Add option to use named volumes and remove feature to define the docker host path. --- docker-compose.yml | 50 +++++++++++++++++++++++++++++----------------- run.conf | 26 ++++++++++-------------- run.sh | 32 +++++++++-------------------- 3 files changed, 51 insertions(+), 57 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a421a1d..e873eb2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,24 @@ # ----------------------------------------------------------------------------- # Setup: -# Edit volume-config.ssh.pool-1.1.1/volumes with the appropriate -# host_path:container_path where the host_path must exist on the docker -# host filesystem. +# Use of a configuration volumes is optional and allow configuration +# changes to persist and be re-applied to a new container instance. +# +# 1. If configuration volumes are required, choose an appropriate naming +# scheme depending on how the configuration is intended to be applied on +# the docker host: +# +# - volume-config.ssh fo configuration of all "ssh" container instances. +# - volume-config.ssh.pool-1 for configuration of all "ssh" container +# instances in the "pool-1" group. +# - volume-config.ssh.pool-1.1.1 for configuration of the container named +# ssh.pool-1.1.1 specifically. +# +# 2. Edit volume_name/container_name, volume_name/volumes with the +# appropriate volume_name:container_path mapping or leave as container_path +# to let docker handle the volume naming within /var/lib/docker/volumes/ on +# the docker host. +# +# 3. Edit ssh.pool-1.1.1/volumes_from to apply the required volume_name. # # Run in background: # docker-compose up -d @@ -13,21 +29,18 @@ # View logs of service ssh.pool-1.1.1: # docker-compose logs ssh.pool-1.1.1 # ----------------------------------------------------------------------------- -# volume-config.ssh: -# image: "jdeathe/centos-ssh:latest" -# container_name: "volume-config.ssh" -# volumes: -# - "./etc/services-config/ssh:/etc/services-config/ssh" -# - "./etc/services-config/supervisor:/etc/services-config/supervisor" -# command: /bin/true -# volume-config.ssh.pool-1: +# volume-config.ssh.pool-1.1.1: +# # volume-config.ssh.pool-1: +# # volume-config.ssh: # image: "jdeathe/centos-ssh:latest" -# container_name: "volume-config.ssh.pool-1" +# container_name: "volume-config.ssh.pool-1.1.1" +# # container_name: "volume-config.ssh.pool-1" +# # container_name: "volume-config.ssh" # volumes: -# # - "/etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh" -# # - "/etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor" -# # - "~/services-config/ssh.pool-1/ssh:/etc/services-config/ssh" -# # - "~/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor" +# - "/etc/services-config" +# # - "volume-config.ssh.pool-1.1.1:/etc/services-config" +# # - "volume-config.ssh.pool-1:/etc/services-config" +# # - "volume-config.ssh:/etc/services-config" # command: /bin/true ssh.pool-1.1.1: image: "jdeathe/centos-ssh:latest" @@ -35,5 +48,6 @@ ssh.pool-1.1.1: ports: - "2020:22" # volumes_from: - # - volume-config.ssh - # # - volume-config.ssh.pool-1 \ No newline at end of file + # - volume-config.ssh.pool-1.1.1 + # # - volume-config.ssh.pool-1 + # # - volume-config.ssh diff --git a/run.conf b/run.conf index e040a45..83e6303 100644 --- a/run.conf +++ b/run.conf @@ -7,24 +7,18 @@ SERVICE_UNIT_SHARED_GROUP=pool-1 SERVICE_UNIT_LOCAL_ID=1 SERVICE_UNIT_INSTANCE=1 -# Mac hosts using docker-machine or a vagrant VM should have the home directory -# /Users/$(whoami) synched to the docker host. -MOUNT_PATH_CONFIG=./etc/services-config -#MOUNT_PATH_CONFIG=/etc/services-config -#MOUNT_PATH_CONFIG=~/services-config - DOCKER_IMAGE_REPOSITORY_NAME=${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} DOCKER_NAME=${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP}.${SERVICE_UNIT_LOCAL_ID}.${SERVICE_UNIT_INSTANCE} -CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG} - VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME} - -#CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG}/${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} -# VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} +# VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME} +# VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} +VOLUME_CONFIG_NAME=volume-config.${DOCKER_NAME} -#CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG}/${DOCKER_NAME} -# VOLUME_CONFIG_NAME=volume-config.${DOCKER_NAME} - -# Use of a configuration volume requires manual maintenance and access to the -# filesystem of the docker host so is now disabled by default. +# Use of a configuration volume requires additional maintenance and access to the +# filesystem of the docker host so is disabled by default. VOLUME_CONFIG_ENABLED=false + +# Using named volumes allows for easier identification of files located in +# /var/lib/docker/volumes/ on the docker host. If set to true, the value of +# VOLUME_CONFIG_NAME is used in place of an automatically generated ID. +VOLUME_CONFIG_NAMED=false diff --git a/run.sh b/run.sh index 641523f..52d4b62 100755 --- a/run.sh +++ b/run.sh @@ -53,34 +53,20 @@ remove_docker_container_name () } # Configuration volume -# The Docker Host needs the target configuration directories -if [[ ${VOLUME_CONFIG_ENABLED} == "true" ]] && ! have_docker_container_name ${VOLUME_CONFIG_NAME}; then - if [[ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/ssh ]]; then - CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/ssh) - $CMD || sudo $CMD - fi - - if [[ -z $(find ${CONTAINER_MOUNT_PATH_CONFIG}/ssh -maxdepth 1 -type f) ]]; then - CMD=$(cp -R etc/services-config/ssh ${CONTAINER_MOUNT_PATH_CONFIG}/) - $CMD || sudo $CMD - fi - - if [[ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor ]]; then - CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor) - $CMD || sudo $CMD - fi +if [[ ${VOLUME_CONFIG_ENABLED} == true ]] && ! have_docker_container_name ${VOLUME_CONFIG_NAME}; then - if [[ -z $(find ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor -maxdepth 1 -type f) ]]; then - CMD=$(cp -R etc/services-config/supervisor ${CONTAINER_MOUNT_PATH_CONFIG}/) - $CMD || sudo $CMD + echo "Creating configuration volume." + if [[ ${VOLUME_CONFIG_NAMED} == true ]]; then + DOCKER_VOLUMES="-v ${VOLUME_CONFIG_NAME}:/etc/services-config" + else + DOCKER_VOLUMES="-v /etc/services-config" fi ( set -x docker run \ --name ${VOLUME_CONFIG_NAME} \ - -v ${CONTAINER_MOUNT_PATH_CONFIG}/ssh:/etc/services-config/ssh \ - -v ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor:/etc/services-config/supervisor \ + -v ${VOLUME_CONFIG_NAME}:/etc/services-config \ ${DOCKER_IMAGE_REPOSITORY_NAME} \ /bin/true; ) @@ -105,7 +91,7 @@ else fi if [[ ${VOLUME_CONFIG_ENABLED} == "true" ]] && have_docker_container_name ${VOLUME_CONFIG_NAME}; then - VOLUMES_FROM="--volumes-from ${VOLUME_CONFIG_NAME}" + DOCKER_VOLUMES_FROM="--volumes-from ${VOLUME_CONFIG_NAME}" fi # In a sub-shell set xtrace - prints the docker command to screen for reference @@ -115,7 +101,7 @@ docker run \ ${DOCKER_OPERATOR_OPTIONS} \ --name ${DOCKER_NAME} \ -p :22 \ - ${VOLUMES_FROM:-} \ + ${DOCKER_VOLUMES_FROM:-} \ ${DOCKER_IMAGE_REPOSITORY_NAME} -c "${DOCKER_COMMAND}" ) From ccd9e3e45db78aff35e42acee8f6ed6ffe26d0dd Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Jan 2016 12:36:32 +0000 Subject: [PATCH 09/24] ISSUE 46: Updated README with instructions for named configuration volume usage. --- README.md | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 40b36a7..c8dc870 100644 --- a/README.md +++ b/README.md @@ -40,27 +40,25 @@ $ docker run -d \ ### (Optional) Configuration Data Volume -Create a "data volume" for configuration, this allows you to share the same configuration between multiple docker containers and, by mounting a host directory into the data volume you can override the default configuration files provided. +A configuration "data volume" allows you to share the same configuration files between multiple docker containers. Docker mounts a host directory into the data volume allowing you to edit the default configuration files and have those changes persist. -Make a directory on the docker host for storing container configuration files. This directory needs to contain at least the following files: -- [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys) -- [ssh/ssh-bootstrap.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/ssh-bootstrap.conf) -- [ssh/sshd_config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/sshd_config) -- [supervisor/supervisord.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/supervisor/supervisord.conf) +To create a named data volume, mounting our docker host's configuration directory /var/lib/docker/volumes/volume-config.ssh.pool-1.1.1 to /etc/services-config in the docker container use the following run command. Note that we use the same image as for the application container to reduce the number of images/layers required. ``` -$ mkdir -p /etc/services-config/ssh.pool-1 +$ docker run \ + --name volume-config.ssh.pool-1.1.1 \ + -v volume-config.ssh.pool-1.1.1:/etc/services-config \ + jdeathe/centos-ssh:latest \ + /bin/true ``` -Create the data volume, mounting our docker host's configuration directory to /etc/services-config/ssh in the docker container. Note that docker we use the same image as for the application container to reduce the number of images/layers required. +To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following or you could run a ```bash``` shell and then make the changes required using vi. On exiting the container it will be removed since we specify the ```--rm``` parameter. ``` -$ docker run \ - --name volume-config.ssh.pool-1.1.1 \ - -v /etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh \ - -v /etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor \ - "jdeathe/centos-ssh:latest" \ - /bin/true +$ docker run --rm -it \ + jdeathe/centos-ssh:latest \ + --volumes-from=volume-config.ssh.pool-1.1.1 \ + vi /etc/services-config/ ``` ### Running From fbb65fa4a700598dc2d52b149848315e83be9461 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Jan 2016 12:38:51 +0000 Subject: [PATCH 10/24] ISSUE 46: Updated README with small change. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c8dc870..2f21106 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ $ docker run \ /bin/true ``` -To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following or you could run a ```bash``` shell and then make the changes required using vi. On exiting the container it will be removed since we specify the ```--rm``` parameter. +To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following or you could run a ```bash``` shell and then make the changes required using ```vi```. On exiting the container it will be removed since we specify the ```--rm``` parameter. ``` $ docker run --rm -it \ From 449e02390b4467320820c51f4c41f7234322a050 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Jan 2016 15:34:28 +0000 Subject: [PATCH 11/24] ISSUE 46: Added infomation on named/unamed volume usage. --- README.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/README.md b/README.md index 2f21106..5f6c90d 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,26 @@ $ docker run -d \ A configuration "data volume" allows you to share the same configuration files between multiple docker containers. Docker mounts a host directory into the data volume allowing you to edit the default configuration files and have those changes persist. +#### Standard volume + +Naming of the volume is optional, it is possible to leave the naming up to Docker by simply specifying the container path only. + +``` +$ docker run \ + --name volume-config.ssh.pool-1.1.1 \ + -v /etc/services-config \ + jdeathe/centos-ssh:latest \ + /bin/true +``` + +To identify the docker host file path to the Volume's within the container volume-config.ssh.pool-1.1.1 you can use ```docker inspect``` to view the Mounts. + +``` +$ docker inspect --format '{{json .Mounts }}' volume-config.ssh.pool-1.1.1 +``` + +#### Named volume + To create a named data volume, mounting our docker host's configuration directory /var/lib/docker/volumes/volume-config.ssh.pool-1.1.1 to /etc/services-config in the docker container use the following run command. Note that we use the same image as for the application container to reduce the number of images/layers required. ``` @@ -52,6 +72,8 @@ $ docker run \ /bin/true ``` +#### Editing configuration + To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following or you could run a ```bash``` shell and then make the changes required using ```vi```. On exiting the container it will be removed since we specify the ```--rm``` parameter. ``` From 7f61a6172621a2322788bd61913f429137af84e1 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Jan 2016 20:09:24 +0000 Subject: [PATCH 12/24] ISSUE 46: Attempt to make consistent BASH syntax. --- build.sh | 4 ++-- run.sh | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/build.sh b/build.sh index f9c471e..cbda8f0 100755 --- a/build.sh +++ b/build.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash # Change working directory -DIR_PATH="$( if [[ $( echo "${0%/*}" ) != $( echo "${0}" ) ]] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" -if [[ ${DIR_PATH} == */* ]] && [[ ${DIR_PATH} != $( pwd ) ]] ; then +DIR_PATH="$( if [[ $( echo "${0%/*}" ) != $( echo "${0}" ) ]]; then cd "$( echo "${0%/*}" )"; fi; pwd )" +if [[ ${DIR_PATH} == */* ]] && [[ ${DIR_PATH} != $( pwd ) ]]; then cd ${DIR_PATH} fi diff --git a/run.sh b/run.sh index 52d4b62..e828a61 100755 --- a/run.sh +++ b/run.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash # Change working directory -DIR_PATH="$( if [[ $( echo "${0%/*}" ) != $( echo "${0}" ) ]] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" -if [[ ${DIR_PATH} == */* ]] && [[ ${DIR_PATH} != $( pwd ) ]] ; then +DIR_PATH="$( if [[ $( echo "${0%/*}" ) != $( echo "${0}" ) ]]; then cd "$( echo "${0%/*}" )"; fi; pwd )" +if [[ ${DIR_PATH} == */* ]] && [[ ${DIR_PATH} != $( pwd ) ]]; then cd ${DIR_PATH} fi @@ -42,8 +42,8 @@ remove_docker_container_name () { local NAME=$1 - if have_docker_container_name ${NAME} ; then - if is_docker_container_name_running ${NAME} ; then + if have_docker_container_name ${NAME}; then + if is_docker_container_name_running ${NAME}; then echo "Stopping container ${NAME}" (docker stop ${NAME}) fi @@ -90,7 +90,7 @@ else DOCKER_COMMAND="${@}" fi -if [[ ${VOLUME_CONFIG_ENABLED} == "true" ]] && have_docker_container_name ${VOLUME_CONFIG_NAME}; then +if [[ ${VOLUME_CONFIG_ENABLED} == true ]] && have_docker_container_name ${VOLUME_CONFIG_NAME}; then DOCKER_VOLUMES_FROM="--volumes-from ${VOLUME_CONFIG_NAME}" fi @@ -122,7 +122,7 @@ docker run \ # ${DOCKER_IMAGE_REPOSITORY_NAME} -c "${DOCKER_COMMAND}" # ) -if is_docker_container_name_running ${DOCKER_NAME} ; then +if is_docker_container_name_running ${DOCKER_NAME}; then docker ps | awk -v pattern="${DOCKER_NAME}$" '$NF ~ pattern { print $0 ; }' echo " ---> Docker container running." fi From 8405a76a63aa53025363ac6924a26f6bd0ccff4b Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 10:06:26 +0000 Subject: [PATCH 13/24] ISSUE 75: Updated README examples. --- README.md | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 5f6c90d..d4f7a68 100644 --- a/README.md +++ b/README.md @@ -54,10 +54,12 @@ $ docker run \ /bin/true ``` -To identify the docker host file path to the Volume's within the container volume-config.ssh.pool-1.1.1 you can use ```docker inspect``` to view the Mounts. +To identify the docker host directory path to the volume within the container volume-config.ssh.pool-1.1.1 you can use ```docker inspect``` to view the Mounts. ``` -$ docker inspect --format '{{json .Mounts }}' volume-config.ssh.pool-1.1.1 +$ docker inspect \ + --format '{{ json (index .Mounts 0).Source }}' \ + volume-config.ssh.pool-1.1.1 ``` #### Named volume @@ -72,14 +74,22 @@ $ docker run \ /bin/true ``` +When using named volumes the directory path from the docker host mounts the path on the container so we need to upload the configuration files. The simplest method of achieving this is to upload the contents of the [etc/services-config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/) directory using ```docker cp```. + +``` +$ docker cp \ + ./etc/services-config/. \ + volume-config.ssh.pool-1.1.1:/etc/services-config +``` + #### Editing configuration To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following or you could run a ```bash``` shell and then make the changes required using ```vi```. On exiting the container it will be removed since we specify the ```--rm``` parameter. ``` $ docker run --rm -it \ - jdeathe/centos-ssh:latest \ --volumes-from=volume-config.ssh.pool-1.1.1 \ + jdeathe/centos-ssh:latest \ vi /etc/services-config/ ``` @@ -234,14 +244,15 @@ $ docker port ssh.pool-1.1.1 22 To connect to the running container use: ``` -$ ssh -p -i ~/.ssh/id_rsa_insecure \ +$ ssh -p \ + -i ~/.ssh/id_rsa_insecure \ app-admin@ \ -o StrictHostKeyChecking=no ``` ### Custom Configuration -If using the optional data volume for container configuration you are able to customise the configuration. In the following examples your custom docker configuration files should be located on the Docker host under the directory ```/etc/service-config//``` where `````` should match the applicable container name such as "ssh.pool-1.1.1" or, if the configuration is common across a group of containers, simply "ssh.pool-1" for the given examples. +If using the optional data volume for container configuration you are able to customise the configuration. In the following examples your custom docker configuration files should be located on the Docker host under the directory ```/var/lib/docker/volumes//``` where `````` should identify the applicable container name such as "volume-config.ssh.pool-1.1.1" if using named volumes or will be an ID generated automatically by Docker. To identify the correct path on the Docker host use the ```docker inspect``` command. #### [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys) @@ -253,24 +264,27 @@ $ ssh-keygen -q -t rsa -f ~/.ssh/id_rsa You should now have an SSH public key, (~/.ssh/id_rsa.pub), that can be used to replace the default one in your custom authorized_keys file. -The following example shows how to copy your file to a remote docker host for cases where using a configuration volume mapping the path "/etc/services-config/ssh.pool-1/ssh/authorized_keys" to "/etc/services-config/ssh/authorized_keys": +To copy your file to a remote docker host where using a configuration volume mapping of "volume-config.ssh.pool-1.1.1:/etc/services-config" linked to a running container named "ssh.pool-1.1.1" use: ``` -$ scp ~/.ssh/id_rsa.pub \ - @:/etc/services-config/ssh.pool-1/ssh/authorized_keys +$ docker cp ~/.ssh/id_rsa.pub \ + ssh.pool-1.1.1:/var/lib/docker/volumes/etc/services-config/ssh/authorized_keys ``` -To replace the autorized_keys directly on a running container with the ```SSH_USER``` app-admin: +Alternatively, to replace the autorized_keys directly on a running container with the ```SSH_USER``` app-admin using SSH use: ``` -$ cat ~/.ssh/id_rsa.pub | ssh -p -i ~/.vagrant.d/insecure_private_key \ - app-admin@ "mkdir -p ~/.ssh && cat > ~/.ssh/authorized_keys" +$ cat ~/.ssh/id_rsa.pub | ssh -p \ + -i ~/.vagrant.d/insecure_private_key \ + app-admin@ \ + "cat > ~/.ssh/authorized_keys" ``` To connect to the running container use: ``` -$ ssh -p app-admin@ \ +$ ssh -p \ + app-admin@ \ -o StrictHostKeyChecking=no ``` From 1b6b936ed298a82bdeee24bb29c061a82d151390 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 10:21:08 +0000 Subject: [PATCH 14/24] ISSUE 75: Updated comment notes regarding use of named volumes. --- docker-compose.yml | 9 +++++++-- run.conf | 2 ++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index e873eb2..8d276dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,6 @@ # ----------------------------------------------------------------------------- # Setup: -# Use of a configuration volumes is optional and allow configuration +# Use of a configuration "data" volumes is optional and allow configuration # changes to persist and be re-applied to a new container instance. # # 1. If configuration volumes are required, choose an appropriate naming @@ -18,7 +18,12 @@ # to let docker handle the volume naming within /var/lib/docker/volumes/ on # the docker host. # -# 3. Edit ssh.pool-1.1.1/volumes_from to apply the required volume_name. +# 3. If using a named volume you need to copy the contents of the +# configuration directory into the volume container. The simplest way to do +# this is with docker cp as follows: +# docker cp ./etc/services-config/. volume_name:/etc/services-config +# +# 4. Edit ssh.pool-1.1.1/volumes_from to apply the required volume_name. # # Run in background: # docker-compose up -d diff --git a/run.conf b/run.conf index 83e6303..946842e 100644 --- a/run.conf +++ b/run.conf @@ -21,4 +21,6 @@ VOLUME_CONFIG_ENABLED=false # Using named volumes allows for easier identification of files located in # /var/lib/docker/volumes/ on the docker host. If set to true, the value of # VOLUME_CONFIG_NAME is used in place of an automatically generated ID. +# NOTE: When using named volumes you need to copy the contents of the directory +# into the configuration "data" volume container. VOLUME_CONFIG_NAMED=false From 816ded5178b282914db77e1a0e99caafedbb56dd Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 10:42:54 +0000 Subject: [PATCH 15/24] ISSUE 75: Added back list of required configuration files. --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d4f7a68..2648429 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ $ docker cp \ #### Editing configuration -To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following or you could run a ```bash``` shell and then make the changes required using ```vi```. On exiting the container it will be removed since we specify the ```--rm``` parameter. +To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following, where can be one of the [required configuration files](https://github.com/jdeathe/centos-ssh/blob/centos-6/README.md#required-configuration-files), or you could run a ```bash``` shell and then make the changes required using ```vi```. On exiting the container it will be removed since we specify the ```--rm``` parameter. ``` $ docker run --rm -it \ @@ -93,6 +93,12 @@ $ docker run --rm -it \ vi /etc/services-config/ ``` +##### Required configuration files +- [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys) +- [ssh/ssh-bootstrap.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/ssh-bootstrap.conf) +- [ssh/sshd_config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/sshd_config) +- [supervisor/supervisord.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/supervisor/supervisord.conf) + ### Running To run the a docker container from this image you can use the included run.sh and run.conf scripts. The helper script will stop any running container of the same name, remove it and run a new daemonised container on an unspecified host port. Alternatively you can use the following methods. From a5ec22351e8457fe9c42117d411f9cf401fb36e7 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 11:03:30 +0000 Subject: [PATCH 16/24] ISSUE 75: Added explanation for the required configuration files. --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 2648429..c3f3ec0 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,9 @@ $ docker run --rm -it \ ``` ##### Required configuration files + +The following configuration files are required to run the applicatiobn container and should be located in the directory /etc/services-config/. + - [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys) - [ssh/ssh-bootstrap.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/ssh-bootstrap.conf) - [ssh/sshd_config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/sshd_config) From 98fc512804e87aa955edd15d9644019eba9f1485 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 12:04:44 +0000 Subject: [PATCH 17/24] ISSUE 75: Corrected docker_host file path in example and use data volume container as target instead of application container. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c3f3ec0..4d4efbc 100644 --- a/README.md +++ b/README.md @@ -273,11 +273,11 @@ $ ssh-keygen -q -t rsa -f ~/.ssh/id_rsa You should now have an SSH public key, (~/.ssh/id_rsa.pub), that can be used to replace the default one in your custom authorized_keys file. -To copy your file to a remote docker host where using a configuration volume mapping of "volume-config.ssh.pool-1.1.1:/etc/services-config" linked to a running container named "ssh.pool-1.1.1" use: +To copy your file to a remote docker host where using a configuration "data" volume container named "volume-config.ssh.pool-1.1.1" with a volume mapping of "volume-config.ssh.pool-1.1.1:/etc/services-config" use: ``` $ docker cp ~/.ssh/id_rsa.pub \ - ssh.pool-1.1.1:/var/lib/docker/volumes/etc/services-config/ssh/authorized_keys + volume-config.ssh.pool-1.1.1:/etc/services-config/ssh/authorized_keys ``` Alternatively, to replace the autorized_keys directly on a running container with the ```SSH_USER``` app-admin using SSH use: From 2c9dd49ffea314567b0d4cb3b134aa21c922d1f8 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 12:08:21 +0000 Subject: [PATCH 18/24] ISSUE 76: Fixed issue with named volumes not getting named correctly on the Docker host. --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index e828a61..044ea96 100755 --- a/run.sh +++ b/run.sh @@ -66,7 +66,7 @@ if [[ ${VOLUME_CONFIG_ENABLED} == true ]] && ! have_docker_container_name ${VOLU set -x docker run \ --name ${VOLUME_CONFIG_NAME} \ - -v ${VOLUME_CONFIG_NAME}:/etc/services-config \ + ${DOCKER_VOLUMES} \ ${DOCKER_IMAGE_REPOSITORY_NAME} \ /bin/true; ) From 58a9e6af93eb1bb61c3cef8dd824210d207c1869 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 12:24:12 +0000 Subject: [PATCH 19/24] ISSUE 76: Populate the configuration data volume if it is a named volume. --- run.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/run.sh b/run.sh index 044ea96..a3824a4 100755 --- a/run.sh +++ b/run.sh @@ -57,19 +57,30 @@ if [[ ${VOLUME_CONFIG_ENABLED} == true ]] && ! have_docker_container_name ${VOLU echo "Creating configuration volume." if [[ ${VOLUME_CONFIG_NAMED} == true ]]; then - DOCKER_VOLUMES="-v ${VOLUME_CONFIG_NAME}:/etc/services-config" + DOCKER_VOLUME_MAPPING=${VOLUME_CONFIG_NAME}:/etc/services-config else - DOCKER_VOLUMES="-v /etc/services-config" + DOCKER_VOLUME_MAPPING=/etc/services-config fi ( set -x docker run \ --name ${VOLUME_CONFIG_NAME} \ - ${DOCKER_VOLUMES} \ + -v ${DOCKER_VOLUME_MAPPING} \ ${DOCKER_IMAGE_REPOSITORY_NAME} \ /bin/true; ) + + # Named data volumes require files to be copied into place. + if [[ ${VOLUME_CONFIG_NAMED} == true ]]; then + echo "Populating configuration volume." + ( + set -x + docker cp \ + ./etc/services-config/. \ + ${DOCKER_VOLUMES_MAPPING}; + ) + fi fi # Application container From b6606a1a7d0b5ef059b54a8841873c211b8bb7fe Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 12:32:20 +0000 Subject: [PATCH 20/24] ISSUE 76: Corrected variable name required for container_name:docker_host_path. --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index a3824a4..0a3d785 100755 --- a/run.sh +++ b/run.sh @@ -78,7 +78,7 @@ if [[ ${VOLUME_CONFIG_ENABLED} == true ]] && ! have_docker_container_name ${VOLU set -x docker cp \ ./etc/services-config/. \ - ${DOCKER_VOLUMES_MAPPING}; + ${DOCKER_VOLUME_MAPPING}; ) fi fi From e0c2a63208e811f8a976a74e7db671d873e71d4a Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 12:48:30 +0000 Subject: [PATCH 21/24] ISSUE 75: Corrected syntax error in example use of mounting volumes from a configuration container. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4d4efbc..33324c4 100644 --- a/README.md +++ b/README.md @@ -88,7 +88,7 @@ To make changes to the configuration files you need a running container that use ``` $ docker run --rm -it \ - --volumes-from=volume-config.ssh.pool-1.1.1 \ + --volumes-from volume-config.ssh.pool-1.1.1 \ jdeathe/centos-ssh:latest \ vi /etc/services-config/ ``` From 777d025226499c859e4d075ec3033058ecf257dd Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 20:34:05 +0000 Subject: [PATCH 22/24] ISSUE 79: Implemented a less intrusive feature to allow parameters to be passed as a command of docker run. --- run.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/run.sh b/run.sh index 0a3d785..d9cc261 100755 --- a/run.sh +++ b/run.sh @@ -86,10 +86,9 @@ fi # Application container remove_docker_container_name ${DOCKER_NAME} -if [[ -z ${1+x} ]]; then +if [[ ${#} -eq 0 ]]; then echo "Running container ${DOCKER_NAME} as a background/daemon process." - DOCKER_OPERATOR_OPTIONS="-d --entrypoint /bin/bash" - DOCKER_COMMAND="/usr/bin/supervisord --configuration=/etc/supervisord.conf" + DOCKER_OPERATOR_OPTIONS="-d" else # This is useful for running commands like 'export' or 'env' to check the # environment variables set by the --link docker option. @@ -98,7 +97,6 @@ else # ./run.sh "env | grep MYSQL | sort" printf "Running container %s with CMD [/bin/bash -c '%s']\n" "${DOCKER_NAME}" "${*}" DOCKER_OPERATOR_OPTIONS="-it --entrypoint /bin/bash --env TERM=${TERM:-xterm}" - DOCKER_COMMAND="${@}" fi if [[ ${VOLUME_CONFIG_ENABLED} == true ]] && have_docker_container_name ${VOLUME_CONFIG_NAME}; then @@ -113,7 +111,7 @@ docker run \ --name ${DOCKER_NAME} \ -p :22 \ ${DOCKER_VOLUMES_FROM:-} \ - ${DOCKER_IMAGE_REPOSITORY_NAME} -c "${DOCKER_COMMAND}" + ${DOCKER_IMAGE_REPOSITORY_NAME}${@:+ -c }"${@}" ) # Use environment variables instead of configuration volume @@ -126,11 +124,12 @@ docker run \ # --env "SSH_AUTHORIZED_KEYS= # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmLedI2mEJimvIm1OzT1EYJCMwegL/jfsXARLnYkZvJlEHFYDmRgS+YQ+MA9PKHyriCPmVNs/6yVc2lopwPWioXt0+ulH/H43PgB6/4fkP0duauHsRtpp7z7dhqgZOXqdLUn/Ybp0rz0+yKUOBb9ggjE5n7hYyDGtZR9Y11pJ4TuRHmL6wv5mnj9WRzkUlJNYkr6X5b6yAxtQmX+2f33u2qGdAwADddE/uZ4vKnC0jFsv5FdvnwRf2diF/9AagDb7xhZ9U3hPOyLj31H/OUce4xBpGXRfkUYkeW8Qx+zEbEBVlGxDroIMZmHJIknBDAzVfft+lsg1Z06NCYOJ+hSew== -# " \ +# " \ # --env "SSH_USER=app-1" \ # --env "SSH_USER_HOME_DIR=/home/app" \ # --env "SSH_USER_SHELL=/bin/sh" \ -# ${DOCKER_IMAGE_REPOSITORY_NAME} -c "${DOCKER_COMMAND}" +# ${DOCKER_VOLUMES_FROM:-} \ +# ${DOCKER_IMAGE_REPOSITORY_NAME}${@:+ -c }"${@}" # ) if is_docker_container_name_running ${DOCKER_NAME}; then From 1d93e049f344dfb1118a2d9526970ab0991b7476 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Jan 2016 22:54:12 +0000 Subject: [PATCH 23/24] ISSUE 81: Add default docker host port of 2020 set in run.conf. --- run.conf | 2 ++ run.sh | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/run.conf b/run.conf index 946842e..24e41f3 100644 --- a/run.conf +++ b/run.conf @@ -10,6 +10,8 @@ SERVICE_UNIT_INSTANCE=1 DOCKER_IMAGE_REPOSITORY_NAME=${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} DOCKER_NAME=${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP}.${SERVICE_UNIT_LOCAL_ID}.${SERVICE_UNIT_INSTANCE} +DOCKER_HOST_PORT_SSH=2020 + # VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME} # VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} VOLUME_CONFIG_NAME=volume-config.${DOCKER_NAME} diff --git a/run.sh b/run.sh index d9cc261..e93525a 100755 --- a/run.sh +++ b/run.sh @@ -109,7 +109,7 @@ set -x docker run \ ${DOCKER_OPERATOR_OPTIONS} \ --name ${DOCKER_NAME} \ - -p :22 \ + -p ${DOCKER_HOST_PORT_SSH:-}:22 \ ${DOCKER_VOLUMES_FROM:-} \ ${DOCKER_IMAGE_REPOSITORY_NAME}${@:+ -c }"${@}" ) @@ -120,7 +120,7 @@ docker run \ # docker run \ # ${DOCKER_OPERATOR_OPTIONS} \ # --name ${DOCKER_NAME} \ -# -p :22 \ +# -p ${DOCKER_HOST_PORT_SSH:-}:22 \ # --env "SSH_AUTHORIZED_KEYS= # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmLedI2mEJimvIm1OzT1EYJCMwegL/jfsXARLnYkZvJlEHFYDmRgS+YQ+MA9PKHyriCPmVNs/6yVc2lopwPWioXt0+ulH/H43PgB6/4fkP0duauHsRtpp7z7dhqgZOXqdLUn/Ybp0rz0+yKUOBb9ggjE5n7hYyDGtZR9Y11pJ4TuRHmL6wv5mnj9WRzkUlJNYkr6X5b6yAxtQmX+2f33u2qGdAwADddE/uZ4vKnC0jFsv5FdvnwRf2diF/9AagDb7xhZ9U3hPOyLj31H/OUce4xBpGXRfkUYkeW8Qx+zEbEBVlGxDroIMZmHJIknBDAzVfft+lsg1Z06NCYOJ+hSew== From 26a3cc461a30de756291b57803b10be09aab39f5 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 13 Jan 2016 16:01:45 +0000 Subject: [PATCH 24/24] ISSUE 83: Updated Overview description with correct package and repository details. Added links to the additional repositries included. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 33324c4..0d87cea 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Includes public key authentication, Automated password generation, supports cust The [Dockerfile](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) can be used to build a base image that is the bases for several other docker images. -Included in the build is the EPEL repository, the IUS repository and SSH, vi and are installed along with python-pip, supervisor and supervisor-stdout. +Included in the build are the [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include ssh, sudo and vi along with python-setuptools, supervisor and supervisor-stdout. [Supervisor](http://supervisord.org/) is used to start and the sshd daemon when a docker container based on this image is run. To enable simple viewing of stdout for the sshd subprocess, supervisor-stdout is included. This allows you to see output from the supervisord controlled subprocesses with `docker logs `.