jdeathe / centos-ssh Goto Github PK
View Code? Open in Web Editor NEWOpenSSH / Supervisor / EPEL/IUS/SCL Repos - CentOS - Docker image build.
Home Page: https://hub.docker.com/r/jdeathe/centos-ssh
License: Other
OpenSSH / Supervisor / EPEL/IUS/SCL Repos - CentOS - Docker image build.
Home Page: https://hub.docker.com/r/jdeathe/centos-ssh
License: Other
...
sshd stdout | Could not load host key: /etc/ssh/ssh_host_rsa_key
sshd stdout | Could not load host key: /etc/ssh/ssh_host_dsa_key
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
sshd_bootstrap stdout | Initialise SSH...
Issue occurs because Supervisord does not wait for completion of one process before starting another with a lower priority.
Will resolve issue raised here too: #3
Supervisord 3.2.0 was released 2015-11-30.
http://supervisord.org/changes.html#id1
Can remove the requirement for Python PIP if we install using easy_install that is available from the core CentOS repositories with the python-setuptools package.
easy_install 'supervisor == 3.2.0' 'supervisor-stdout == 0.1.1'
The helper functions implemented for configuration variable validation should be split out into functions that validate an input value and return true / false and getter functions to return a value with a default, safe, value.
Docker helper functions have been created that use global scope variables instead of local scope variables.
Not causing any bugs currently but should be fixed as general maintenance/improvement.
Environment variables used to set the user settings will override the configuration volume in a new installation when using the new default values in the ssh-bootstrap.conf configuration file. This is achieved by assigning the variables in ssh-bootstrap.conf the value of the environment variable, (if set), or allowing an alternative value if not. In the following example the SSH_USER will be set to "custom-user" if the SSH_USER environment variable is not set or an empty string but if the user runs the container with an SSH_USER environment variable set it will override the value.
SSH_USER="${SSH_USER:-custom-user}"
Existing installations that use custom values in the ssh-bootstrap.conf saved on a configuration "data" volume will not allow override by the environment variables. Also users can hard code a value in the ssh-bootstrap.conf to prevent the value being replaced by that set using the environment variable.
Example Warnings shown from MacOSX host
docker exec -it ssh.pool-1.1.1 bash
bash: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_MESSAGES: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_NUMERIC: cannot change locale (en_US.UTF-8): No such file or directory
bash: warning: setlocale: LC_TIME: cannot change locale (en_US.UTF-8): No such file or directory
It is not necessary to create a directory for content that is added via the ADD command since it will automatically generate any directories that are required in the path.
https://github.com/jdeathe/centos-ssh/blob/1.3.0/Dockerfile#L77
ssh-bootstrap script should be in /usr/bin/ really as they should be read only.
Ref: https://github.com/jdeathe/centos-ssh/blob/1.2.0/README.md#sshauthorized_keys
Need to update the destination path in the scp example to include the ssh directory.
ie: change:
/etc/services-config/ssh.pool-1/authorized_keys
to:
/etc/services-config/ssh.pool-1/ssh/authorized_keys
Can use docker port instead of the method provided:
docker port [OPTIONS] CONTAINER [PRIVATE_PORT[/PROTO]]
SSH, by default, sets up a new environment. It could be useful to have the environment variables set by Docker when using linked containers for example.
Would need to make sure not to change HOME
and PATH
.
SSHD has options for setting up user specific environment variables so might be better to use this method than adding the values into /etc/environment
I thought using volume_name:container_path syntax would keep the files in place within the container however this was incorrect; you still need to ensure the files are copied to the docker_host path.
Seems that using a volume without a host path is the most robust technique.
This might be working as intended, or maybe not :)
As per the Docker docs:
These Environment variables are only set for the first process in the container. Similarly, some daemons (such as sshd) will scrub them when spawning shells for connection.
Am I, or am I not, supposed to be able to see environment variables when connecting with ssh? Are there any workarounds? Or is the intention that all containers expose additional ports and that they communicate via the Docker host over them?
It would make things more consistent if the port mapping could be defined in the run.conf. 2020:22 is used in some places so would be a good default instead of having "-p :22" in some places and "-p 2020:22" in others.
https://github.com/jdeathe/centos-ssh/blob/1.4.2/build.sh#L23
...
docker images | awk -v FS='[ ]+' \
-v pattern="^${NAME_PARTS[0]}[ ]+${NAME_PARTS[1]} " \
'$0 ~ pattern { print $0; }'
...
Ref: 2115ac3
In line with how all other configuration data is stored the Supervisord configuration has been moved in to a directory named "supervisor". The README instructions for creating a data volume should be updated to include this change. https://github.com/jdeathe/centos-ssh/blob/1.2.0/README.md#optional-configuration-data-volume
Ref: #24
Target for Removal in Release: 1.11
When creating a container with a bind-mounted volume– docker run -v /host/path:/container/path – docker was automatically creating the /host/path if it didn’t already exist.
This auto-creation of the host path is deprecated and docker will error out if the path does not exist.
To aid in making a tag reproducible the package versions being installed should be specified in the Dockerfile. Adding the version-lock package will make it easier for security updates to be applied without changing the version of packages installed as part of the Dockerfile.
The feature to allow parameters to be passed as the cmd for docker run via the run.sh helper script has made the run command more complicated than necessary. The entrypoint should only be included if necessary to keep the command running as defined in the Dockerfile and introduce less change from 1.4.1.
https://github.com/jdeathe/centos-ssh/blob/master/run.sh#L91
https://github.com/jdeathe/centos-ssh/blob/master/run.sh#L92
Add a feature to the run.sh helper script to allow it to to run commands instead of the default entrypoint and command. This is helpful when debugging a container that is not already running or fails to run using the default entrypoint + command.
The HOME
directory for the SSH_USER
is not set to the value of SSH_USER_HOME_DIR
; instead it is set to "/home/${SSH_USER}"
Should not disable PAM authentication to allow for more options in how to secure access.
Ref: 2115ac3
In line with how all other configuration data is stored the SSH configuration has been moved in to a directory named "ssh". The README instructions for creating a data volume should be updated to include this change. https://github.com/jdeathe/centos-ssh/blob/1.2.0/README.md#optional-configuration-data-volume
This will allow for more package options in images created from this source but would also require more care in installation of packages to ensure they are sourced from the correct repository.
Check for additional configuration files in /etc/supervisord.d/
...
[include]
files=/etc/supervisord.d/*.conf
Ref: From https://github.com/jdeathe/centos-ssh#custom-configuration
Changes made to resolve #72 mean that later sections of the README content are now outdated. The example demonstrating how to copy authorized_keys to the docker host is using an incorrect path and should be replaced with an example of docker cp
method.
There is a typo on the variable name in the show_docker_image function:
DOCKER_NAME instead of NAME
Introduced with: 72cae89#diff-1b0c2b516b83393edb7200ad5ff12181
https://wiki.centos.org/AdditionalResources/Repositories
You can install EPEL by running yum install epel-release. The epel-release package is included in the CentOS Extras repository that is enabled by default.
By default to run any sudo commands the SSH_USER must enter the password. This might be undesirable for some use cases so would be nice to have the option change this when running the container and/or via configuration.
https://github.com/jdeathe/centos-ssh/blob/1.4.0/Dockerfile#L72
Would need to updated the following from the bootstrap script:
%wheel ALL=(ALL) ALL
To
%wheel ALL=(ALL) NOPASSWD: ALL
Latest versions of the base packages for CentOS 6.6 are:
Updated this to a BUG since full (uncached) builds now fail with the following yum error when specifying the existing packages:
No package sudo-1.8.6p3-15.el6 available.
No package openssh-5.3p1-104.el6_6.1 available.
No package openssh-server-5.3p1-104.el6_6.1 available.
No package openssh-clients-5.3p1-104.el6_6.1 available.
No package python-pip-1.3.1-4.el6 available.
It's possible to ADD multiple files to the same destination directory in 1 step instead of doing each file at a time.
Ref: https://github.com/jdeathe/centos-ssh/blob/1.4.0/Dockerfile#L78
Create a docker-compose.yml file to define the example container + data volume
Currently the user is added with the default shell of /bin/bash but would be good if there was the option to use an alternative such as /bin/sh
Should be able to configure some basic settings via environment variables instead of having to use a configuration volume.
Allow the values of SSH_USER, SSH_PASSWORD and SSH_USER_HOME_DIR to be set and override any settings defined in the configuration volume.
Setting the root password in this way doesn't seem necessary at this point.
The default SSH public key is currently set to the Vagrant insecure public key by default and requires the user to manually replace it after the container is running or use a configuration volume and replace the public key entries there. It should be possible to add a custom public key on running the container by setting an configuration environment variable.
CentOS 7 adds support for additional OpenSSH key types and enables rsa, ecdsa and ed25519 by default but disables dsa in CentOS 6 rsa and dsa are generated by default.
I'm interested in using this docker image, but it's unclear what license it's offered under. I see that Docker recommends that you have a license in the repo: http://docs.docker.com/docker-hub/official_repos/#license
Use case would be to allow an SFTP user write access to specific directories from a application's data container by using the --volumes-from parameter to pull in a data container's volumes.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.