diff --git a/Dockerfile b/Dockerfile index de99d18..fee50bc 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # ============================================================================= # jdeathe/centos-ssh # -# CentOS-6 6.6 x86_64 / EPEL Repo. / OpenSSH / Supervisor. +# CentOS-6 6.6 x86_64 / EPEL/IUS Repos. / OpenSSH / Supervisor. # # ============================================================================= FROM centos:centos6.6 @@ -9,23 +9,33 @@ FROM centos:centos6.6 MAINTAINER James Deathe # ----------------------------------------------------------------------------- -# Import the Centos-6 RPM GPG key to prevent warnings and Add EPEL Repository +# Import the RPM GPG keys and install Repositories # ----------------------------------------------------------------------------- RUN rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 \ && rpm --import http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6 \ - && rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm + && rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm \ + && rpm --import https://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY \ + && rpm -Uvh https://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-14.ius.centos6.noarch.rpm # ----------------------------------------------------------------------------- # Base Install # ----------------------------------------------------------------------------- RUN yum -y install \ + vim-minimal-7.2.411-1.8.el6 \ + sudo-1.8.6p3-15.el6 \ + openssh-5.3p1-104.el6_6.1 \ + openssh-server-5.3p1-104.el6_6.1 \ + openssh-clients-5.3p1-104.el6_6.1 \ + python-pip-1.3.1-4.el6 \ + yum-plugin-versionlock-1.1.30-30.el6 \ + && yum versionlock add \ vim-minimal \ sudo \ openssh \ openssh-server \ openssh-clients \ python-pip \ - && yum -y update bash \ + yum-plugin-versionlock \ && rm -rf /var/cache/yum/* \ && yum clean all @@ -35,7 +45,7 @@ RUN yum -y install \ # We require supervisor-stdout to allow output of services started by # supervisord to be easily inspected with "docker logs". # ----------------------------------------------------------------------------- -RUN pip install --upgrade 'pip >= 1.4, < 1.5' \ +RUN pip install --upgrade 'pip == 1.4.1' \ && pip install --upgrade supervisor supervisor-stdout \ && mkdir -p /var/log/supervisor/ diff --git a/README-short.txt b/README-short.txt index 706ef95..00320a8 100644 --- a/README-short.txt +++ b/README-short.txt @@ -1 +1 @@ -CentOS-6 6.6 x86_64 / EPEL Repo. / OpenSSH / Supervisor. \ No newline at end of file +CentOS-6 6.6 x86_64 / EPEL/IUS Repos / OpenSSH / Supervisor. \ No newline at end of file diff --git a/README.md b/README.md index 7cfac9c..176e7c7 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Includes public key authentication, Automated password generation, supports cust The [Dockerfile](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) can be used to build a base image that is the bases for several other docker images. -Included in the build is the EPEL repository and SSH, vi and are installed along with python-pip, supervisor and supervisor-stdout. +Included in the build is the EPEL repository, the IUS repository and SSH, vi and are installed along with python-pip, supervisor and supervisor-stdout. [Supervisor](http://supervisord.org/) is used to start and the sshd daemon when a docker container based on this image is run. To enable simple viewing of stdout for the sshd subprocess, supervisor-stdout is included. This allows you to see output from the supervisord controlled subprocesses with `docker logs `. @@ -35,10 +35,10 @@ $ docker run -d \ Create a "data volume" for configuration, this allows you to share the same configuration between multiple docker containers and, by mounting a host directory into the data volume you can override the default configuration files provided. Make a directory on the docker host for storing container configuration files. This directory needs to contain at least the following files: -- authorized_keys -- ssh-bootstrap.conf -- sshd_config -- supervisord.conf +- [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys) +- [ssh/ssh-bootstrap.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/ssh-bootstrap.conf) +- [ssh/sshd_config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/sshd_config) +- [supervisor/supervisord.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/supervisor/supervisord.conf) ``` $ mkdir -p /etc/services-config/ssh.pool-1 @@ -49,7 +49,8 @@ Create the data volume, mounting our docker host's configuration directory to /e ``` $ docker run \ --name volume-config.ssh.pool-1.1.1 \ - -v /etc/services-config/ssh.pool-1:/etc/services-config/ssh \ + -v /etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh \ + -v /etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor \ busybox:latest \ /bin/true ``` @@ -143,7 +144,7 @@ The following example shows how to copy your file to a remote docker host: ``` $ scp ~/.ssh/id_rsa.pub \ - @:/etc/services-config/ssh.pool-1/authorized_keys + @:/etc/services-config/ssh.pool-1/ssh/authorized_keys ``` #### [ssh/ssh-bootstrap.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/ssh-bootstrap.conf) diff --git a/build.sh b/build.sh index 56bf8a8..ebd800a 100755 --- a/build.sh +++ b/build.sh @@ -1,8 +1,8 @@ #!/usr/bin/env bash # Change working directory -DIR_PATH="$( cd "$( echo "${0%/*}" )"; pwd )" -if [[ $DIR_PATH == */* ]]; then +DIR_PATH="$( if [ "$( echo "${0%/*}" )" != "$( echo "${0}" )" ] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" +if [[ $DIR_PATH == */* ]] && [[ $DIR_PATH != "$( pwd )" ]] ; then cd $DIR_PATH fi diff --git a/etc/ssh-bootstrap b/etc/ssh-bootstrap index 21739ce..acbbc6a 100644 --- a/etc/ssh-bootstrap +++ b/etc/ssh-bootstrap @@ -28,8 +28,13 @@ if [[ ! -d ${OPTS_SSH_USER_HOME_DIR}/.ssh ]]; then echo "Initialise SSH..." # Generate new host keys - ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key - ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key + rm -f /etc/ssh/{ssh_host_rsa_key,ssh_host_rsa_key.pub,ssh_host_dsa_key,ssh_host_dsa_key.pub} + ssh-keygen -q -C "" -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key + ssh-keygen -q -C "" -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key + if [ -x /sbin/restorecon ]; then + /sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub + /sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub + fi useradd -u 500 -m -G users,wheel ${OPTS_SSH_USER} diff --git a/run.conf b/run.conf index ed93dd1..666776b 100644 --- a/run.conf +++ b/run.conf @@ -8,6 +8,10 @@ SERVICE_UNIT_LOCAL_ID=1 SERVICE_UNIT_INSTANCE=1 MOUNT_PATH_CONFIG=/etc/services-config +# Mac hosts need to be in User writable directory +if [ "$(uname)" == "Darwin" ]; then + MOUNT_PATH_CONFIG=~/services-config +fi DOCKER_IMAGE_REPOSITORY_NAME=${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG} DOCKER_NAME=${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP}.${SERVICE_UNIT_LOCAL_ID}.${SERVICE_UNIT_INSTANCE} diff --git a/run.sh b/run.sh index 70b1b2e..ce4bec7 100755 --- a/run.sh +++ b/run.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash -DIR_PATH="$( cd "$( echo "${0%/*}" )"; pwd )" -if [[ $DIR_PATH == */* ]]; then +DIR_PATH="$( if [ "$( echo "${0%/*}" )" != "$( echo "${0}" )" ] ; then cd "$( echo "${0%/*}" )"; fi; pwd )" +if [[ $DIR_PATH == */* ]] && [[ $DIR_PATH != "$( pwd )" ]] ; then cd $DIR_PATH fi @@ -11,7 +11,7 @@ have_docker_container_name () { NAME=$1 - if [[ -n $(docker ps -a | grep -v -e "${NAME}/.*,.*" | grep -o ${NAME}) ]]; then + if [[ -n $(docker ps -a | awk -v pattern="^${NAME}$" '$NF ~ pattern { print $NF; }') ]]; then return 0 else return 1 @@ -22,7 +22,7 @@ is_docker_container_name_running () { NAME=$1 - if [[ -n $(docker ps | grep -v -e "${NAME}/.*,.*" | grep -o ${NAME}) ]]; then + if [[ -n $(docker ps | awk -v pattern="^${NAME}$" '$NF ~ pattern { print $NF; }') ]]; then return 0 else return 1 @@ -46,10 +46,35 @@ remove_docker_container_name () # Configuration volume if [ ! "${VOLUME_CONFIG_NAME}" == "$(docker ps -a | grep -v -e \"${VOLUME_CONFIG_NAME}/.*,.*\" | grep -e '[ ]\{1,\}'${VOLUME_CONFIG_NAME} | grep -o ${VOLUME_CONFIG_NAME})" ]; then ( +CONTAINER_MOUNT_PATH_CONFIG=${MOUNT_PATH_CONFIG}/${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP} + +# The Docker Host needs the target configuration directories + +if [ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/ssh ]; then + CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/ssh) + $CMD || sudo $CMD +fi + +if [[ ! -n $(find ${CONTAINER_MOUNT_PATH_CONFIG}/ssh -maxdepth 1 -type f) ]]; then + CMD=$(cp -R etc/services-config/ssh/ ${CONTAINER_MOUNT_PATH_CONFIG}/ssh/) + $CMD || sudo $CMD +fi + +if [ ! -d ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor ]; then + CMD=$(mkdir -p ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor) + $CMD || sudo $CMD +fi + +if [[ ! -n $(find ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor -maxdepth 1 -type f) ]]; then + CMD=$(cp -R etc/services-config/supervisor/ ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor/) + $CMD || sudo $CMD +fi + set -x docker run \ --name ${VOLUME_CONFIG_NAME} \ - -v ${MOUNT_PATH_CONFIG}/${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP}:/etc/services-config/ssh \ + -v ${CONTAINER_MOUNT_PATH_CONFIG}/ssh:/etc/services-config/ssh \ + -v ${CONTAINER_MOUNT_PATH_CONFIG}/supervisor:/etc/services-config/supervisor \ busybox:latest \ /bin/true; ) @@ -70,6 +95,6 @@ docker run \ ) if is_docker_container_name_running ${DOCKER_NAME} ; then - docker ps | grep -v -e "${DOCKER_NAME}/.*,.*" | grep ${DOCKER_NAME} + docker ps | awk -v pattern="${DOCKER_NAME}$" '$NF ~ pattern { print $0 ; }' echo " ---> Docker container running." fi