From 31e67d8dd277fed7ec074927cd2bee66e05664d6 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 4 Jun 2017 00:34:59 +0100 Subject: [PATCH 01/13] ISSUE 499: Breaks up the basic operations tests making better use of define blocks. --- test/shpec/operation_shpec.sh | 235 ++++++++++++++++++++-------------- 1 file changed, 142 insertions(+), 93 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index b998851..c857f18 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -17,6 +17,33 @@ function __destroy () : } +function __is_container_ready () +{ + local container="${1:-}" + local process_pattern="${2:-}" + local counter=$(( + 2 * 30 + )) + + until (( counter == 0 )); do + sleep 0.1 + + if docker exec ${container} \ + bash -c "ps x" \ + | grep -qE "${process_pattern}"; then + break + fi + + (( counter -= 1 )) + done + + if (( counter == 0 )); then + return 1 + fi + + return 0 +} + function __setup () { chmod 600 \ @@ -64,8 +91,13 @@ function __terminate_container () fi } -function test_basic_operations () +function test_basic_ssh_operations () { + local container_port_22="" + local password="" + local status_ssh_connection="" + local user_home="" + describe "Basic SSH operations" trap "__terminate_container ssh.pool-1.1.1 &> /dev/null; \ __destroy; \ @@ -76,79 +108,86 @@ function test_basic_operations () ssh.pool-1.1.1 \ &> /dev/null - it "Runs an SSH container named ssh.pool-1.1.1 on port ${DOCKER_PORT_MAP_TCP_22}." - local container_port_22="" + describe "Runs named container" - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ jdeathe/centos-ssh:latest \ &> /dev/null - container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp - )" - container_port_22=${container_port_22##*:} + it "Can publish container port 22 to host port ${DOCKER_PORT_MAP_TCP_22}." + container_port_22="$( + docker port \ + ssh.pool-1.1.1 \ + 22/tcp + )" + container_port_22=${container_port_22##*:} - if [[ ${DOCKER_PORT_MAP_TCP_22} == 0 ]] \ - || [[ -z ${DOCKER_PORT_MAP_TCP_22} ]]; then - assert gt \ - "${container_port_22}" \ - "30000" - else - assert equal \ - "${container_port_22}" \ - "${DOCKER_PORT_MAP_TCP_22}" - fi + if [[ ${DOCKER_PORT_MAP_TCP_22} == 0 ]] \ + || [[ -z ${DOCKER_PORT_MAP_TCP_22} ]]; then + assert gt \ + "${container_port_22}" \ + "30000" + else + assert equal \ + "${container_port_22}" \ + "${DOCKER_PORT_MAP_TCP_22}" + fi + end end - sleep ${BOOTSTRAP_BACKOFF_TIME} - - it "Generates a password that can be retrieved from the log." - local password="" + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi + describe "SSH user's password" password="$( - docker logs ssh.pool-1.1.1 \ + docker logs \ + ssh.pool-1.1.1 \ | awk '/^password :.*$/ { print $3 }' )" - assert unequal \ - "${password}" \ - "" + it "Can be retrieved from the log." + assert unequal \ + "${password}" \ + "" + end - it "Displays the password in plain text." + it "Displays in plain text." assert unequal \ "${password}" \ "${REDACTED_VALUE}" end end - it "Allows the user to connect using SSH + private key authentication." - local status_ssh_connection="" - local user_home="" + describe "SSH connection" # Prevent sudo lecture output when testing the sudo password docker exec ssh.pool-1.1.1 \ bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- printf \ - '%s\\n' \ - "\${HOME}" \ - &> /dev/null + it "Can connect using private key authentication." + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- printf \ + '%s\\n' \ + "\${HOME}" \ + &> /dev/null - status_ssh_connection=${?} + status_ssh_connection=${?} - assert equal \ - "${status_ssh_connection}" \ - 0 + assert equal \ + "${status_ssh_connection}" \ + 0 + end it "Requires a password for sudo commands." user_home="$( @@ -182,7 +221,13 @@ function test_basic_operations () trap - \ INT TERM EXIT end - +} + +function test_basic_sftp_operations () +{ + local container_port_22="" + local status_sftp_connection="" + describe "Basic SFTP operations" trap "__terminate_container sftp.pool-1.1.1 &> /dev/null; \ __destroy; \ @@ -193,58 +238,64 @@ function test_basic_operations () sftp.pool-1.1.1 \ &> /dev/null - it "Runs an SFTP container named sftp.pool-1.1.1 on port ${DOCKER_PORT_MAP_TCP_22}." - local container_port_22="" + # it "Runs an SFTP container named sftp.pool-1.1.1 on port ${DOCKER_PORT_MAP_TCP_22}." + describe "Runs named container" - docker run -d \ + docker run \ + --detach \ --name sftp.pool-1.1.1 \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ --env SSH_USER_FORCE_SFTP=true \ jdeathe/centos-ssh:latest \ &> /dev/null - container_port_22="$( - docker port \ - sftp.pool-1.1.1 \ - 22/tcp - )" - container_port_22=${container_port_22##*:} + it "Can publish container port 22 to host port ${DOCKER_PORT_MAP_TCP_22}." + container_port_22="$( + docker port \ + sftp.pool-1.1.1 \ + 22/tcp + )" + container_port_22=${container_port_22##*:} - if [[ ${DOCKER_PORT_MAP_TCP_22} == 0 ]] \ - || [[ -z ${DOCKER_PORT_MAP_TCP_22} ]]; then - assert gt \ - "${container_port_22}" \ - "30000" - else - assert equal \ - "${container_port_22}" \ - "${DOCKER_PORT_MAP_TCP_22}" - fi + if [[ ${DOCKER_PORT_MAP_TCP_22} == 0 ]] \ + || [[ -z ${DOCKER_PORT_MAP_TCP_22} ]]; then + assert gt \ + "${container_port_22}" \ + "30000" + else + assert equal \ + "${container_port_22}" \ + "${DOCKER_PORT_MAP_TCP_22}" + fi + end end - sleep ${BOOTSTRAP_BACKOFF_TIME} - - it "Allows the user to connect using SFTP + private key authentication." - local status_sftp_connection="" + if ! __is_container_ready \ + sftp.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - sftp -q \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - -o Port=${container_port_22} \ - app-admin@${DOCKER_HOSTNAME} \ - <<< "version" \ - &> /dev/null + describe "SFTP Connection" - status_sftp_connection=${?} + it "Can connect using private key authentication." + sftp -q \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + -o Port=${container_port_22} \ + app-admin@${DOCKER_HOSTNAME} \ + <<< "version" \ + &> /dev/null - assert equal \ - "${status_sftp_connection}" \ - 0 + status_sftp_connection=${?} - it "Allows the user to upload a file to their _data directory." - local status_sftp_connection="" + assert equal \ + "${status_sftp_connection}" \ + 0 + end + it "Can write to the user's _data directory." sftp -q \ -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ -o StrictHostKeyChecking=no \ @@ -262,8 +313,6 @@ function test_basic_operations () end it "Jails the user into a chroot directory." - local status_sftp_connection="" - docker exec sftp.pool-1.1.1 \ touch /home/app-admin/root_test @@ -283,13 +332,12 @@ function test_basic_operations () 0 end - __terminate_container \ - sftp.pool-1.1.1 \ - &> /dev/null + __terminate_container \ + sftp.pool-1.1.1 \ + &> /dev/null - trap - \ - INT TERM EXIT - end + trap - \ + INT TERM EXIT end } @@ -1165,7 +1213,8 @@ fi describe "jdeathe/centos-ssh:latest" __destroy __setup - test_basic_operations + test_basic_ssh_operations + test_basic_sftp_operations test_custom_configuration __destroy end From 655479d4a7979c5ede3e167d70f3d53692c4c621 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 6 Jun 2017 00:30:18 +0100 Subject: [PATCH 02/13] ISSUE 499: Adds clearer test output, grouped with context. --- test/shpec/operation_shpec.sh | 850 ++++++++++++++++++---------------- 1 file changed, 443 insertions(+), 407 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index c857f18..69fbb3c 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -1,6 +1,6 @@ -readonly BOOTSTRAP_BACKOFF_TIME=2 readonly DOCKER_HOSTNAME="localhost" readonly REDACTED_VALUE="********" +readonly STARTUP_TIME=2 readonly TEST_DIRECTORY="test" readonly PUBLIC_KEY_ID_RSA_TEST_1="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHzd+mYXSGLQSZwUJWwYKOBI6I7mhHh3Ow0DbTQvQUHhkDcQVrqjpBKZq8SsnEK4ExyJeRQ5TtT5VqolfVG6LlaT3yxXmJxx75Y8oypFAKz7oCOQCJugqubAkx2YpT6KO7d6UOPqOuLpmFi3t+Ryf49TbNljSes1sbSCxUDlTekxG+It+/eZUqXWudornYJCfmMe1UAYtRwMKiyDWqU1LN1Kb2zVR76YpjMxK9IiEJjhpZS/R70zxGEijFrL+Rv4Bx8y/UjAVVtTkvpaEajx7pMnd0fsfnUwhYLoVHgG5ZdHAYSRy8j/0+mpeVEsTQZJAnegUbVNuBEc3x2b1xgkS3 test_key_1" readonly PUBLIC_KEY_ID_RSA_TEST_1_SIGNATURE="45:46:b0:ef:a5:e3:c9:6f:1e:66:94:ba:e1:fd:df:65" @@ -29,8 +29,9 @@ function __is_container_ready () sleep 0.1 if docker exec ${container} \ - bash -c "ps x" \ - | grep -qE "${process_pattern}"; then + bash -c "ps -axo command" \ + | grep -qE "${process_pattern}" \ + > /dev/null 2>&1; then break fi @@ -104,11 +105,10 @@ function test_basic_ssh_operations () exit 1" \ INT TERM EXIT - __terminate_container \ - ssh.pool-1.1.1 \ - &> /dev/null - describe "Runs named container" + __terminate_container \ + ssh.pool-1.1.1 \ + &> /dev/null docker run \ --detach \ @@ -165,7 +165,6 @@ function test_basic_ssh_operations () end describe "SSH connection" - # Prevent sudo lecture output when testing the sudo password docker exec ssh.pool-1.1.1 \ bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' @@ -189,7 +188,7 @@ function test_basic_ssh_operations () 0 end - it "Requires a password for sudo commands." + it "Requires a password for sudo." user_home="$( echo ${password} \ | ssh -q \ @@ -227,6 +226,7 @@ function test_basic_sftp_operations () { local container_port_22="" local status_sftp_connection="" + local user_shell="" describe "Basic SFTP operations" trap "__terminate_container sftp.pool-1.1.1 &> /dev/null; \ @@ -234,12 +234,10 @@ function test_basic_sftp_operations () exit 1" \ INT TERM EXIT - __terminate_container \ - sftp.pool-1.1.1 \ - &> /dev/null - - # it "Runs an SFTP container named sftp.pool-1.1.1 on port ${DOCKER_PORT_MAP_TCP_22}." describe "Runs named container" + __terminate_container \ + sftp.pool-1.1.1 \ + &> /dev/null docker run \ --detach \ @@ -277,7 +275,6 @@ function test_basic_sftp_operations () fi describe "SFTP Connection" - it "Can connect using private key authentication." sftp -q \ -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ @@ -332,6 +329,19 @@ function test_basic_sftp_operations () 0 end + it "Sets the /sbin/nologin shell." + user_shell="$( + docker exec sftp.pool-1.1.1 \ + getent passwd app-admin \ + | cut -d: -f7 + )" + + assert equal \ + "${user_shell}" \ + "/sbin/nologin" + end + end + __terminate_container \ sftp.pool-1.1.1 \ &> /dev/null @@ -341,23 +351,32 @@ function test_basic_sftp_operations () end } -function test_custom_configuration () +function test_custom_ssh_configuration () { + local container_port_22="" + local user="" + local user_env_value="" + local user_home="" + local user_id="" + local user_key="" + local user_key_signature="" + local user_password="" + local user_shell="" + local user_sudo="" + describe "Customised SSH configuration" trap "__terminate_container ssh.pool-1.1.1 &> /dev/null; \ __destroy; \ exit 1" \ INT TERM EXIT - it "Allows configuration of passwordless sudo." - local container_port_22="" - local user_home="" - + describe "Configure sudo command" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ @@ -371,28 +390,32 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} - - user_home="$( - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- sudo \ - printf \ - '%s\\n' \ - "\${HOME}" - )" + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - assert equal \ - "${user_home}" \ - "/home/app-admin" + it "Can set no password for all commands." + user_home="$( + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- sudo \ + printf \ + '%s\\n' \ + "\${HOME}" + )" - it "Displays the sudo settings in the logs output summary." - local user_sudo="" + assert equal \ + "${user_home}" \ + "/home/app-admin" + end + it "Logs the setting value." user_sudo="$( docker logs ssh.pool-1.1.1 \ | awk '/^sudo :.*$/ { print $0; }' @@ -404,15 +427,13 @@ function test_custom_configuration () end end - it "Allows configuration of the username." - local container_port_22="" - local user_home="" - + describe "Configure username" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ --env "SSH_USER=centos" \ @@ -422,33 +443,38 @@ function test_custom_configuration () container_port_22="$( docker port \ - ssh.pool-1.1.1 \ - 22/tcp + ssh.pool-1.1.1 \ + 22/tcp )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} - - user_home="$( - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - centos@${DOCKER_HOSTNAME} \ - -- printf \ - '%s\\n' \ - "\${HOME}" - )" + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - assert equal \ - "${user_home}" \ - "/home/centos" + it "Can set the username." + user_home="$( + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + centos@${DOCKER_HOSTNAME} \ + -- printf \ + '%s\\n' \ + "\${HOME}" + )" - it "Displays the user in the logs output summary." - local user="" + assert equal \ + "${user_home}" \ + "/home/centos" + end - user="$(docker logs ssh.pool-1.1.1 \ + it "Logs the setting value." + user="$( + docker logs ssh.pool-1.1.1 \ | awk '/^user :.*$/ { print $0; }' )" @@ -458,15 +484,13 @@ function test_custom_configuration () end end - it "Allows configuration of an alternative public key." - local container_port_22="" - local user_home="" - + describe "Configure public key" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ --env "SSH_AUTHORIZED_KEYS=${PUBLIC_KEY_ID_RSA_TEST_1}" \ @@ -481,27 +505,31 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} - - user_home="$( - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_test_1 \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- printf \ - '%s\\n' \ - "\${HOME}" - )" + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - assert equal \ - "${user_home}" \ - "/home/app-admin" + it "Can set the key." + user_home="$( + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_test_1 \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- printf \ + '%s\\n' \ + "\${HOME}" + )" - it "Displays the key's signature in the logs output summary." - local user_key_signature="" + assert equal \ + "${user_home}" \ + "/home/app-admin" + end + it "Logs the key signature." user_key_signature="$( docker logs ssh.pool-1.1.1 \ | awk '/^45:46:b0:ef:a5:e3:c9:6f:1e:66:94:ba:e1:fd:df:65$/ { print $1; }' @@ -511,32 +539,36 @@ function test_custom_configuration () "${user_key_signature}" \ "${PUBLIC_KEY_ID_RSA_TEST_1_SIGNATURE}" end + end - it "Allows multiple keys to be added as a base64 encoded string." - local container_port_22="" - local user_key="" - - __terminate_container \ - ssh.pool-1.1.1 \ - &> /dev/null + describe "Configure multiple public keys" + __terminate_container \ + ssh.pool-1.1.1 \ + &> /dev/null - docker run -d \ - --name ssh.pool-1.1.1 \ - --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ - --env "SSH_AUTHORIZED_KEYS=${PUBLIC_KEY_ID_RSA_TEST_COMBINED_BASE64}" \ - --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ - jdeathe/centos-ssh:latest \ - &> /dev/null + docker run \ + --detach \ + --name ssh.pool-1.1.1 \ + --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ + --env "SSH_AUTHORIZED_KEYS=${PUBLIC_KEY_ID_RSA_TEST_COMBINED_BASE64}" \ + --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ + jdeathe/centos-ssh:latest \ + &> /dev/null - container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp - )" - container_port_22=${container_port_22##*:} + container_port_22="$( + docker port \ + ssh.pool-1.1.1 \ + 22/tcp + )" + container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi + it "Can set multiple keys." user_home="$( ssh -q \ -p ${container_port_22} \ @@ -550,6 +582,7 @@ function test_custom_configuration () )" user_home+=":" + user_home+="$( ssh -q \ -p ${container_port_22} \ @@ -565,38 +598,34 @@ function test_custom_configuration () assert equal \ "${user_home}" \ "/home/app-admin:/home/app-admin" + end - it "Displays the key's signatures in the logs output summary." - local user_key_signature="" - - user_key_signature="$( - docker logs ssh.pool-1.1.1 \ - | awk '/^45:46:b0:ef:a5:e3:c9:6f:1e:66:94:ba:e1:fd:df:65$/ { print $1; }' - )" + it "Logs the key signatures." + user_key_signature="$( + docker logs ssh.pool-1.1.1 \ + | awk '/^45:46:b0:ef:a5:e3:c9:6f:1e:66:94:ba:e1:fd:df:65$/ { print $1; }' + )" - user_key_signature+=" " + user_key_signature+=" " - user_key_signature+="$( - docker logs ssh.pool-1.1.1 \ - | awk '/^b3:2e:5d:8c:76:d3:c7:24:13:a3:4f:6f:4d:a2:31:9c$/ { print $1; }' - )" + user_key_signature+="$( + docker logs ssh.pool-1.1.1 \ + | awk '/^b3:2e:5d:8c:76:d3:c7:24:13:a3:4f:6f:4d:a2:31:9c$/ { print $1; }' + )" - assert equal \ - "${user_key_signature}" \ - "${PUBLIC_KEY_ID_RSA_TEST_1_SIGNATURE} ${PUBLIC_KEY_ID_RSA_TEST_2_SIGNATURE}" - end + assert equal \ + "${user_key_signature}" \ + "${PUBLIC_KEY_ID_RSA_TEST_1_SIGNATURE} ${PUBLIC_KEY_ID_RSA_TEST_2_SIGNATURE}" end end - it "Allows configuration of the user's home directory where %u is replaced with the username in the path." - local container_port_22="" - local user_home="" - + describe "Configure home" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ --env "SSH_USER=app-1" \ @@ -612,47 +641,49 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} - - user_home="$( - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-1@${DOCKER_HOSTNAME} \ - -- printf \ - '%s\\n' \ - "\${HOME}" - )" + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - assert equal \ - "${user_home}" \ - "/var/www/app-1" + it "Can replace %u with username in the path." + user_home="$( + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-1@${DOCKER_HOSTNAME} \ + -- printf \ + '%s\\n' \ + "\${HOME}" + )" - it "Displays the user's home directory in the logs output summary." - local home="" + assert equal \ + "${user_home}" \ + "/var/www/app-1" + end - home="$( + it "Logs the setting value." + user_home="$( docker logs ssh.pool-1.1.1 \ | awk '/^home :.*$/ { print $0; }' )" assert equal \ - "${home/home : /}" \ + "${user_home/home : /}" \ "/var/www/app-1" end end - it "Allows configuration of the user's uid:gid." - local container_port_22="" - local user_id="" - + describe "Configure id" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ --env "SSH_USER_ID=1000:502" \ @@ -667,28 +698,32 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} - - user_id="$( - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- printf \ - '%s:%s\\n' \ - "\$(id --user app-admin)" \ - "\$(id --group app-admin)" - )" + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - assert equal \ - "${user_id}" \ - "1000:502" + it "Can set the user's uid:gid." + user_id="$( + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- printf \ + '%s:%s\\n' \ + "\$(id --user app-admin)" \ + "\$(id --group app-admin)" + )" - it "Displays the user's uid:gid in the logs output summary." - local user_id="" + assert equal \ + "${user_id}" \ + "1000:502" + end + it "Logs the setting value." user_id="$( docker logs ssh.pool-1.1.1 \ | awk '/^id :.*$/ { print $0; }' @@ -700,15 +735,13 @@ function test_custom_configuration () end end - it "Allows configuration of the user's shell." - local container_port_22="" - local user_shell="" - + describe "Configure shell" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ --env "SSH_USER_SHELL=/bin/sh" \ @@ -723,29 +756,33 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} - - user_shell="$( - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- printf \ - '%s\\n' \ - "\$(getent passwd app-admin \ - | cut -d: -f7 - )" - )" + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - assert equal \ - "${user_shell}" \ - "/bin/sh" + it "Can set the user's shell." + user_shell="$( + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- printf \ + '%s\\n' \ + "\$(getent passwd app-admin \ + | cut -d: -f7 + )" + )" - it "Displays the user's shell in the logs output summary." - local user_shell="" + assert equal \ + "${user_shell}" \ + "/bin/sh" + end + it "Logs the setting value." user_shell="$( docker logs ssh.pool-1.1.1 \ | awk '/^shell :.*$/ { print $0; }' @@ -757,15 +794,13 @@ function test_custom_configuration () end end - it "Allows configuration to enable the environment to be inherited." - local container_port_22="" - local user_env_value="" - + describe "Configure environment" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_SUDO=ALL=(ALL) NOPASSWD:ALL" \ --env "SSH_INHERIT_ENVIRONMENT=true" \ @@ -780,40 +815,48 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - user_env_value="$( - ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- printf \ - '%s\\n' \ - "\$(env | grep SSH_INHERIT_ENVIRONMENT=true)" - )" + it "Can inherit the environment." + user_env_value="$( + ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- printf \ + '%s\\n' \ + "\$(env | grep SSH_INHERIT_ENVIRONMENT=true)" + )" - assert equal \ - "${user_env_value}" \ - "SSH_INHERIT_ENVIRONMENT=true" + assert equal \ + "${user_env_value}" \ + "SSH_INHERIT_ENVIRONMENT=true" + end end - it "Allows configuration of a plain text password." - local container_port_22="" - local user_home="" - + describe "Configure password" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_USER_PASSWORD=Insecure_Passw0rd£" \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ jdeathe/centos-ssh:latest \ &> /dev/null + # Prevent sudo lecture output when testing the sudo password + docker exec ssh.pool-1.1.1 \ + bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' + container_port_22="$( docker port \ ssh.pool-1.1.1 \ @@ -821,65 +864,67 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - # Prevent sudo lecture output when testing the sudo password - docker exec ssh.pool-1.1.1 \ - bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' - - sleep ${BOOTSTRAP_BACKOFF_TIME} + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - user_home="$( - echo 'Insecure_Passw0rd£' \ - | ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- sudo -p "[password_test]" -S \ - printf \ - '%s\\n' \ - "\${HOME}" - )" + it "Can set a plain text password." + user_home="$( + echo 'Insecure_Passw0rd£' \ + | ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- sudo -p "[password_test]" -S \ + printf \ + '%s\\n' \ + "\${HOME}" + )" - assert equal \ - "${user_home}" \ - "/home/app-admin" - - it "Will redact the SSH_USER_PASSWORD environment variable after bootstrap." - # TODO - # user_password="$( - # docker exec ssh.pool-1.1.1 env \ - # | grep '^SSH_USER_PASSWORD=' - # )" - # - # assert equal \ - # "${user_password/SSH_USER_PASSWORD=/}" \ - # "${REDACTED_VALUE}" + assert equal \ + "${user_home}" \ + "/home/app-admin" end - it "Will redact the user's password in the logs output summary." - local password="" + # TODO + # it "Will redact the value of SSH_USER_PASSWORD after bootstrap." + # user_password="$( + # docker exec ssh.pool-1.1.1 env \ + # | grep '^SSH_USER_PASSWORD=' + # )" + # + # assert equal \ + # "${user_password/SSH_USER_PASSWORD=/}" \ + # "${REDACTED_VALUE}" + # end - password="$( + it "Logs a redacted value." + user_password="$( docker logs ssh.pool-1.1.1 \ | awk '/^password :.*$/ { print $0; }' )" assert equal \ - "${password/password : /}" \ + "${user_password/password : /}" \ "${REDACTED_VALUE}" end - end - it "Allows configuration of a hashed password." - local container_port_22="" - local user_home="" + # Reset sudo configuration + docker exec ssh.pool-1.1.1 \ + bash -c 'rm -f /etc/sudoers.d/no_lecture' + end + describe "Configure hashed password" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env 'SSH_USER_PASSWORD=$6$pepper$g5/OhofGtHVo3wqRgVHFQrJDyK0mV9bDpF5HP964wuIkQ7MXuYq1KRTmShaUmTQW3ZRsjw2MjC1LNPh5HMcrY0' \ --env "SSH_USER_PASSWORD_HASHED=true" \ @@ -887,6 +932,10 @@ function test_custom_configuration () jdeathe/centos-ssh:latest \ &> /dev/null + # Prevent sudo lecture output when testing the sudo password + docker exec ssh.pool-1.1.1 \ + bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' + container_port_22="$( docker port \ ssh.pool-1.1.1 \ @@ -894,29 +943,31 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - # Prevent sudo lecture output when testing the sudo password - docker exec ssh.pool-1.1.1 \ - bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' - - sleep ${BOOTSTRAP_BACKOFF_TIME} + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - user_home="$( - echo 'Passw0rd!' \ - | ssh -q \ - -p ${container_port_22} \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - app-admin@${DOCKER_HOSTNAME} \ - -- sudo -p "[password_test]" -S \ - printf \ - '%s\\n' \ - "\${HOME}" - )" + it "Can set a hashed password." + user_home="$( + echo 'Passw0rd!' \ + | ssh -q \ + -p ${container_port_22} \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + app-admin@${DOCKER_HOSTNAME} \ + -- sudo -p "[password_test]" -S \ + printf \ + '%s\\n' \ + "\${HOME}" + )" - assert equal \ - "${user_home}" \ - "/home/app-admin" + assert equal \ + "${user_home}" \ + "/home/app-admin" + end # TODO # it "Will redact the SSH_USER_PASSWORD environment variable after bootstrap." @@ -930,72 +981,68 @@ function test_custom_configuration () # "${REDACTED_VALUE}" # end - it "Will redact the user's password in the logs output summary." - local password="" - - password="$( + it "Logs a redacted value." + user_password="$( docker logs ssh.pool-1.1.1 \ | awk '/^password :.*$/ { print $0; }' )" assert equal \ - "${password/password : /}" \ + "${user_password/password : /}" \ "${REDACTED_VALUE}" end end - it "Allows preventing the startup of the sshd bootstrap." - local container_port_22="" - local sshd_bootstrap_info="" - + describe "Configure autostart" __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_AUTOSTART_SSHD_BOOTSTRAP=false" \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ jdeathe/centos-ssh:latest \ &> /dev/null - sleep ${BOOTSTRAP_BACKOFF_TIME} + if ! __is_container_ready \ + ssh.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - sshd_bootstrap_info="$( + it "Can disable sshd-bootstrap." docker logs ssh.pool-1.1.1 \ - | awk '/INFO success: sshd-bootstrap entered RUNNING state/ { print $0; }' - )" + | grep -qE 'INFO success: sshd-bootstrap entered RUNNING state' - assert equal \ - "${sshd_bootstrap_info}" \ - "" - end - - it "Allows preventing the startup of the sshd daemon." - local container_port_22="" - local docker_top="" + assert equal \ + "${?}" \ + "1" + end __terminate_container \ ssh.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name ssh.pool-1.1.1 \ --env "SSH_AUTOSTART_SSHD=false" \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ jdeathe/centos-ssh:latest \ &> /dev/null - sleep ${BOOTSTRAP_BACKOFF_TIME} + sleep ${STARTUP_TIME} - docker_top="$( + it "Can disable sshd daemon." docker top ssh.pool-1.1.1 \ - | awk '/\/usr\/sbin\/sshd -/ { print $0; }' - )" + | grep -qE '/usr/sbin/sshd -D' - assert equal \ - "${docker_top}" \ - "" + assert equal \ + "${?}" \ + "1" + end end __terminate_container \ @@ -1005,6 +1052,14 @@ function test_custom_configuration () trap - \ INT TERM EXIT end +} + +function test_custom_sftp_configuration () +{ + local container_port_22="" + local chroot_path="" + local status_sftp_connection="" + local user_shell="" describe "Customised SFTP configuration" trap "__terminate_container sftp.pool-1.1.1 &> /dev/null; \ @@ -1018,17 +1073,15 @@ function test_custom_configuration () sftp.pool-1.1.1 \ &> /dev/null - it "Allows configuration of the user's ChrootDirectory where %u is replaced with the username in the path." - local container_port_22="" - local status_sftp_connection="" - - docker run -d \ + describe "Configure a ChrootDirectory" + docker run \ + --detach \ --name sftp.pool-1.1.1 \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ --env SSH_CHROOT_DIRECTORY="/chroot/%u" \ --env SSH_USER_FORCE_SFTP=true \ jdeathe/centos-ssh:latest \ - &> /dev/null + &> /dev/null container_port_22="$( docker port \ @@ -1037,31 +1090,35 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} - - docker exec sftp.pool-1.1.1 \ - touch /chroot/app-admin/home/app-admin/root_test - docker exec sftp.pool-1.1.1 \ - chown app-admin:app-admin /chroot/app-admin/home/app-admin/root_test + if ! __is_container_ready \ + sftp.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - sftp -q \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - -o Port=${container_port_22} \ - app-admin@${DOCKER_HOSTNAME} \ - <<< "ls /home/app-admin/root_test" \ - | grep -q "^/home/app-admin/root_test" + it "Can replace %u with username in the path." + docker exec sftp.pool-1.1.1 \ + touch /chroot/app-admin/home/app-admin/root_test + docker exec sftp.pool-1.1.1 \ + chown app-admin:app-admin /chroot/app-admin/home/app-admin/root_test - status_sftp_connection=${?} + sftp -q \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + -o Port=${container_port_22} \ + app-admin@${DOCKER_HOSTNAME} \ + <<< "ls /home/app-admin/root_test" \ + | grep -q "^/home/app-admin/root_test" - assert equal \ - "${status_sftp_connection}" \ - 0 + status_sftp_connection=${?} - it "Displays the chroot path in the logs output summary." - local chroot_path="" + assert equal \ + "${status_sftp_connection}" \ + 0 + end + it "Logs the setting value." chroot_path="$( docker logs sftp.pool-1.1.1 \ | awk '/^chroot path :.*$/ { print $0; }' @@ -1072,36 +1129,7 @@ function test_custom_configuration () "/chroot/app-admin" end - it "Configures the user with the /sbin/nologin shell." - local user_shell="" - - user_shell="$( - docker exec sftp.pool-1.1.1 \ - getent passwd app-admin \ - | cut -d: -f7 - )" - - assert equal \ - "${user_shell}" \ - "/sbin/nologin" - - it "Displays the user's shell in the logs output summary." - local user_shell="" - - user_shell="$( - docker logs sftp.pool-1.1.1 \ - | awk '/^shell :.*$/ { print $0; }' - )" - - assert equal \ - "${user_shell/shell : /}" \ - "/sbin/nologin" - end - end - - it "Allows the user to write to their HOME directory." - local status_sftp_connection="" - + it "Can write to HOME directory." sftp -q \ -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ -o StrictHostKeyChecking=no \ @@ -1119,10 +1147,7 @@ function test_custom_configuration () end end - it "Allows configuration of SFTP access to a volume mounted from another container." - local container_port_22="" - local status_sftp_connection="" - + describe "Cross container data volume" __terminate_container \ sftp.pool-1.1.1 \ &> /dev/null @@ -1136,13 +1161,16 @@ function test_custom_configuration () www-data.pool-1.1.1 \ &> /dev/null - docker run -d \ + docker run \ + --detach \ --name www-data.pool-1.1.1 \ + --env "SSH_AUTOSTART_SSHD=false" \ + --env "SSH_AUTOSTART_SSHD_BOOTSTRAP=true" \ --volume www-data.pool-1.1.1:/var/www \ jdeathe/centos-ssh:latest \ - &> /dev/null + &> /dev/null - sleep ${BOOTSTRAP_BACKOFF_TIME} + sleep ${STARTUP_TIME} docker cp \ test/fixture/test_directory/var/www/. \ @@ -1150,7 +1178,8 @@ function test_custom_configuration () docker exec www-data.pool-1.1.1 \ chown -R app-admin:app-admin /var/www/test - docker run -d \ + docker run \ + --detach \ --name sftp.pool-1.1.1 \ --publish ${DOCKER_PORT_MAP_TCP_22}:22 \ --env SSH_CHROOT_DIRECTORY="/var/www" \ @@ -1158,7 +1187,7 @@ function test_custom_configuration () --env SSH_USER_HOME="/var/www" \ --volumes-from www-data.pool-1.1.1 \ jdeathe/centos-ssh:latest \ - &> /dev/null + &> /dev/null container_port_22="$( docker port \ @@ -1167,36 +1196,42 @@ function test_custom_configuration () )" container_port_22=${container_port_22##*:} - sleep ${BOOTSTRAP_BACKOFF_TIME} + if ! __is_container_ready \ + sftp.pool-1.1.1 \ + "/usr/sbin/sshd -D"; then + exit 1 + fi - sftp -q \ - -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ - -o StrictHostKeyChecking=no \ - -o LogLevel=error \ - -o Port=${container_port_22} \ - app-admin@${DOCKER_HOSTNAME} \ - <<< "ls test/public_html/index.html" \ - | grep -q "^test/public_html/index.html" + it "Can list contents of mounted volume." + sftp -q \ + -i ${TEST_DIRECTORY}/fixture/id_rsa_insecure \ + -o StrictHostKeyChecking=no \ + -o LogLevel=error \ + -o Port=${container_port_22} \ + app-admin@${DOCKER_HOSTNAME} \ + <<< "ls test/public_html/index.html" \ + | grep -q "^test/public_html/index.html" - status_sftp_connection=${?} + status_sftp_connection=${?} - assert equal \ - "${status_sftp_connection}" \ - 0 - end + assert equal \ + "${status_sftp_connection}" \ + 0 + end - __terminate_container \ - sftp.pool-1.1.1 \ - &> /dev/null + __terminate_container \ + sftp.pool-1.1.1 \ + &> /dev/null - __terminate_container \ - www-data.pool-1.1.1 \ - &> /dev/null + __terminate_container \ + www-data.pool-1.1.1 \ + &> /dev/null - docker volume \ - rm \ - www-data.pool-1.1.1 \ - &> /dev/null + docker volume \ + rm \ + www-data.pool-1.1.1 \ + &> /dev/null + end trap - \ INT TERM EXIT @@ -1215,6 +1250,7 @@ describe "jdeathe/centos-ssh:latest" __setup test_basic_ssh_operations test_basic_sftp_operations - test_custom_configuration + test_custom_ssh_configuration + test_custom_sftp_configuration __destroy end From 8ff4e440791765b6bb1858397efa0350f46848a2 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 7 Jun 2017 15:27:24 +0100 Subject: [PATCH 03/13] ISSUE 499: Fixes ps syntax error. --- test/shpec/operation_shpec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 69fbb3c..60ed34e 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -29,7 +29,7 @@ function __is_container_ready () sleep 0.1 if docker exec ${container} \ - bash -c "ps -axo command" \ + bash -c "ps axo command" \ | grep -qE "${process_pattern}" \ > /dev/null 2>&1; then break From b4fadadcfa3a3bedb7bdb0ce332534d27dd409f1 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 9 Jun 2017 13:03:59 +0100 Subject: [PATCH 04/13] Adds function for getting container port. --- test/shpec/operation_shpec.sh | 112 ++++++++++++++++++---------------- 1 file changed, 58 insertions(+), 54 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 60ed34e..3e46495 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -17,6 +17,24 @@ function __destroy () : } +function __get_container_port () +{ + local container="${1:-}" + local port="${2:-}" + local value="" + + value="$( + docker port \ + ${container} \ + ${port} + )" + value=${value##*:} + + printf -- \ + '%s' \ + "${value}" +} + function __is_container_ready () { local container="${1:-}" @@ -119,11 +137,10 @@ function test_basic_ssh_operations () it "Can publish container port 22 to host port ${DOCKER_PORT_MAP_TCP_22}." container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if [[ ${DOCKER_PORT_MAP_TCP_22} == 0 ]] \ || [[ -z ${DOCKER_PORT_MAP_TCP_22} ]]; then @@ -249,11 +266,10 @@ function test_basic_sftp_operations () it "Can publish container port 22 to host port ${DOCKER_PORT_MAP_TCP_22}." container_port_22="$( - docker port \ - sftp.pool-1.1.1 \ - 22/tcp + __get_container_port \ + sftp.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if [[ ${DOCKER_PORT_MAP_TCP_22} == 0 ]] \ || [[ -z ${DOCKER_PORT_MAP_TCP_22} ]]; then @@ -384,11 +400,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -442,11 +457,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ + __get_container_port \ ssh.pool-1.1.1 \ 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -499,11 +513,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -556,11 +569,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -635,11 +647,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -692,11 +703,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -750,11 +760,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -809,11 +818,10 @@ function test_custom_ssh_configuration () &> /dev/null container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -858,11 +866,10 @@ function test_custom_ssh_configuration () bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -937,11 +944,10 @@ function test_custom_ssh_configuration () bash -c 'echo "Defaults lecture_file = /dev/null" > /etc/sudoers.d/no_lecture' container_port_22="$( - docker port \ - ssh.pool-1.1.1 \ - 22/tcp + __get_container_port \ + ssh.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ ssh.pool-1.1.1 \ @@ -1084,11 +1090,10 @@ function test_custom_sftp_configuration () &> /dev/null container_port_22="$( - docker port \ - sftp.pool-1.1.1 \ - 22/tcp + __get_container_port \ + sftp.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ sftp.pool-1.1.1 \ @@ -1190,11 +1195,10 @@ function test_custom_sftp_configuration () &> /dev/null container_port_22="$( - docker port \ - sftp.pool-1.1.1 \ - 22/tcp + __get_container_port \ + sftp.pool-1.1.1 \ + 22/tcp )" - container_port_22=${container_port_22##*:} if ! __is_container_ready \ sftp.pool-1.1.1 \ From 17d0920609c670ef36677cc7781f15680a7e61df Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 9 Jun 2017 20:36:43 +0100 Subject: [PATCH 05/13] ISSUE 499: Removes variables for return codes where they are not necessary. --- test/shpec/operation_shpec.sh | 31 +++++++------------------------ 1 file changed, 7 insertions(+), 24 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 3e46495..8386e9a 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -114,7 +114,6 @@ function test_basic_ssh_operations () { local container_port_22="" local password="" - local status_ssh_connection="" local user_home="" describe "Basic SSH operations" @@ -198,10 +197,8 @@ function test_basic_ssh_operations () "\${HOME}" \ &> /dev/null - status_ssh_connection=${?} - assert equal \ - "${status_ssh_connection}" \ + "${?}" \ 0 end @@ -242,7 +239,6 @@ function test_basic_ssh_operations () function test_basic_sftp_operations () { local container_port_22="" - local status_sftp_connection="" local user_shell="" describe "Basic SFTP operations" @@ -301,10 +297,8 @@ function test_basic_sftp_operations () <<< "version" \ &> /dev/null - status_sftp_connection=${?} - assert equal \ - "${status_sftp_connection}" \ + "${?}" \ 0 end @@ -318,10 +312,8 @@ function test_basic_sftp_operations () <<< "put ${TEST_DIRECTORY}/fixture/test_file" \ &> /dev/null - status_sftp_connection=${?} - assert equal \ - "${status_sftp_connection}" \ + "${?}" \ 0 end @@ -338,10 +330,8 @@ function test_basic_sftp_operations () <<< "ls /root_test" \ | grep -q "^/root_test" - status_sftp_connection=${?} - assert equal \ - "${status_sftp_connection}" \ + "${?}" \ 0 end @@ -1064,7 +1054,6 @@ function test_custom_sftp_configuration () { local container_port_22="" local chroot_path="" - local status_sftp_connection="" local user_shell="" describe "Customised SFTP configuration" @@ -1116,10 +1105,8 @@ function test_custom_sftp_configuration () <<< "ls /home/app-admin/root_test" \ | grep -q "^/home/app-admin/root_test" - status_sftp_connection=${?} - assert equal \ - "${status_sftp_connection}" \ + "${?}" \ 0 end @@ -1144,10 +1131,8 @@ function test_custom_sftp_configuration () <<< "put ${TEST_DIRECTORY}/fixture/test_file" \ &> /dev/null - status_sftp_connection=${?} - assert equal \ - "${status_sftp_connection}" \ + "${?}" \ 0 end end @@ -1216,10 +1201,8 @@ function test_custom_sftp_configuration () <<< "ls test/public_html/index.html" \ | grep -q "^test/public_html/index.html" - status_sftp_connection=${?} - assert equal \ - "${status_sftp_connection}" \ + "${?}" \ 0 end From d557787e8f5d40320c919ea1299cc8b1389b7300 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 9 Jun 2017 20:48:36 +0100 Subject: [PATCH 06/13] ISSUE 499: Adds change log description for test case improvements. --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b1d97d..41ef276 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Summary of release changes for Version 2 - CentOS-7 +### 2.2.3 - Unreleased + +- Adds clearer, improved [shpec](https://github.com/rylnd/shpec) test case output. + ### 2.2.2 - 2017-05-24 - Updates `openssh` package 6.6.1p1-35.el7_3. From b6d1fd81a3df930fec47b9727ff8cf5f0c91875c Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sat, 10 Jun 2017 01:45:20 +0100 Subject: [PATCH 07/13] ISSUE 503: Updates supervisor to version 3.3.2. --- CHANGELOG.md | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 41ef276..7913648 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Summary of release changes for Version 2 - CentOS-7 ### 2.2.3 - Unreleased - Adds clearer, improved [shpec](https://github.com/rylnd/shpec) test case output. +- Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.2. ### 2.2.2 - 2017-05-24 diff --git a/Dockerfile b/Dockerfile index 558cb69..8990a40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,7 @@ RUN rpm --rebuilddb \ # supervisord to be easily inspected with "docker logs". # ----------------------------------------------------------------------------- RUN easy_install \ - 'supervisor == 3.3.1' \ + 'supervisor == 3.3.2' \ 'supervisor-stdout == 0.1.1' \ && mkdir -p \ /var/log/supervisor/ From 98d686d60d2aec03cdf47dcdc8bc1294d86f6536 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sat, 10 Jun 2017 02:09:05 +0100 Subject: [PATCH 08/13] ISSUE 502: Adds use of the subsystem lock directory for bootstrap lock files. --- CHANGELOG.md | 1 + src/usr/sbin/sshd-bootstrap | 4 ++-- src/usr/sbin/sshd-wrapper | 10 +++++----- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7913648..db4589e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Summary of release changes for Version 2 - CentOS-7 - Adds clearer, improved [shpec](https://github.com/rylnd/shpec) test case output. - Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.2. +- Adds use of `/var/lock/subsys/` (subsystem lock directory) for bootstrap lock files. ### 2.2.2 - 2017-05-24 diff --git a/src/usr/sbin/sshd-bootstrap b/src/usr/sbin/sshd-bootstrap index a4d4af9..cbed6eb 100755 --- a/src/usr/sbin/sshd-bootstrap +++ b/src/usr/sbin/sshd-bootstrap @@ -1,7 +1,7 @@ #!/usr/bin/env bash # Create lock file -touch /tmp/sshd-bootstrap.lock +touch /var/lock/subsys/sshd-bootstrap TIMER_START="$( date +%s.%N @@ -772,6 +772,6 @@ if [[ ! -d ${OPTS_SSH_USER_HOME}/.ssh ]]; then fi # Release lock file -rm -f /tmp/sshd-bootstrap.lock +rm -f /var/lock/subsys/sshd-bootstrap exit 0 diff --git a/src/usr/sbin/sshd-wrapper b/src/usr/sbin/sshd-wrapper index 71027c8..7177350 100755 --- a/src/usr/sbin/sshd-wrapper +++ b/src/usr/sbin/sshd-wrapper @@ -1,9 +1,9 @@ #!/usr/bin/env bash -NICE=/bin/nice -NICENESS="${SSH_NICENESS:-10}" -SSHD=/usr/sbin/sshd -SSHD_OPTIONS=" +readonly NICE=/bin/nice +readonly NICENESS="${SSH_NICENESS:-10}" +readonly SSHD=/usr/sbin/sshd +readonly SSHD_OPTIONS=" -D -e -u 0 @@ -11,7 +11,7 @@ SSHD_OPTIONS=" while true; do sleep 0.1 - [[ -e /tmp/sshd-bootstrap.lock ]] || break + [[ -e /var/lock/subsys/sshd-bootstrap ]] || break done exec ${NICE} \ From 30c755920eae80932f020302ff300a9dbebce7df Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 11 Jun 2017 23:30:52 +0100 Subject: [PATCH 09/13] ISSUE 501: Adds Docker healthcheck. --- CHANGELOG.md | 1 + Dockerfile | 4 ++++ src/usr/bin/healthcheck | 19 +++++++++++++++++++ 3 files changed, 24 insertions(+) create mode 100755 src/usr/bin/healthcheck diff --git a/CHANGELOG.md b/CHANGELOG.md index db4589e..420665b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Summary of release changes for Version 2 - CentOS-7 - Adds clearer, improved [shpec](https://github.com/rylnd/shpec) test case output. - Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.2. - Adds use of `/var/lock/subsys/` (subsystem lock directory) for bootstrap lock files. +- Adds a Docker healthcheck. ### 2.2.2 - 2017-05-24 diff --git a/Dockerfile b/Dockerfile index 8990a40..7da3af9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -89,6 +89,8 @@ RUN sed -i \ # ----------------------------------------------------------------------------- # Copy files into place # ----------------------------------------------------------------------------- +ADD src/usr/bin \ + /usr/bin/ ADD src/usr/sbin \ /usr/sbin/ ADD src/opt/scmi \ @@ -183,4 +185,6 @@ jdeathe/centos-ssh:${RELEASE_VERSION} \ org.deathe.url="https://github.com/jdeathe/centos-ssh" \ org.deathe.description="CentOS-7 7.3.1611 x86_64 - SCL, EPEL and IUS Repositories / Supervisor / OpenSSH." +HEALTHCHECK CMD ["/usr/bin/healthcheck"] + CMD ["/usr/bin/supervisord", "--configuration=/etc/supervisord.conf"] \ No newline at end of file diff --git a/src/usr/bin/healthcheck b/src/usr/bin/healthcheck new file mode 100755 index 0000000..6467e0e --- /dev/null +++ b/src/usr/bin/healthcheck @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +set -e + +source /etc/sshd-bootstrap.conf + +# sshd-bootstrap +if [[ ${SSH_AUTOSTART_SSHD_BOOTSTRAP} == true ]]; then + [[ -e /var/lock/subsys/sshd-bootstrap ]] && exit 1 + grep -qE "^# ${SSH_USER}" /etc/sudoers || exit 1 +fi + +# sshd-wrapper +if [[ ${SSH_AUTOSTART_SSHD} == true ]]; then + ps axo command \ + | grep -qE '^/usr/sbin/sshd -D' || exit 1 +fi + +exit 0 From 6fe4d167a81552bf87b368b1323c31264f04f970 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 12 Jun 2017 00:01:42 +0100 Subject: [PATCH 10/13] ISSUE 501: Adds smaller interval, timeout and increased healthcheck retries. --- Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7da3af9..c488d92 100644 --- a/Dockerfile +++ b/Dockerfile @@ -185,6 +185,10 @@ jdeathe/centos-ssh:${RELEASE_VERSION} \ org.deathe.url="https://github.com/jdeathe/centos-ssh" \ org.deathe.description="CentOS-7 7.3.1611 x86_64 - SCL, EPEL and IUS Repositories / Supervisor / OpenSSH." -HEALTHCHECK CMD ["/usr/bin/healthcheck"] +HEALTHCHECK \ + --interval=0.5s \ + --timeout=1s \ + --retries=5 \ + CMD ["/usr/bin/healthcheck"] CMD ["/usr/bin/supervisord", "--configuration=/etc/supervisord.conf"] \ No newline at end of file From 6403146bda3f5bbd10b0ac8b2abf3272419477e8 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 13 Jun 2017 01:03:29 +0100 Subject: [PATCH 11/13] ISSUE 501: Adds healthcheck tests. --- test/shpec/operation_shpec.sh | 174 +++++++++++++++++++++++++++++++++- 1 file changed, 171 insertions(+), 3 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 8386e9a..8179925 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -39,9 +39,11 @@ function __is_container_ready () { local container="${1:-}" local process_pattern="${2:-}" - local counter=$(( - 2 * 30 - )) + local counter=$( + awk \ + -v seconds="${3:-10}" \ + 'BEGIN { print 10 * seconds; }' + ) until (( counter == 0 )); do sleep 0.1 @@ -1225,6 +1227,171 @@ function test_custom_sftp_configuration () end } +function test_healthcheck () +{ + local -r interval_seconds=0.5 + local -r retries=5 + local health_status="" + + describe "Healthcheck" + trap "__terminate_container ssh.pool-1.1.1 &> /dev/null; \ + __destroy; \ + exit 1" \ + INT TERM EXIT + + describe "Default configuration" + __terminate_container \ + ssh.pool-1.1.1 \ + &> /dev/null + + docker run \ + --detach \ + --name ssh.pool-1.1.1 \ + jdeathe/centos-ssh:latest \ + &> /dev/null + + it "Returns a valid status on starting." + health_status="$( + docker inspect \ + --format='{{json .State.Health.Status}}' \ + ssh.pool-1.1.1 + )" + + assert __shpec_matcher_egrep \ + "${health_status}" \ + "\"(?:starting|healthy|unhealthy)\"" + end + + sleep $( + awk \ + -v interval_seconds="${interval_seconds}" \ + -v startup_time="${STARTUP_TIME}" \ + 'BEGIN { print interval_seconds + startup_time; }' + ) + + it "Returns healthy after startup." + health_status="$( + docker inspect \ + --format='{{json .State.Health.Status}}' \ + ssh.pool-1.1.1 + )" + + assert equal \ + "${health_status}" \ + "\"healthy\"" + end + + it "Returns unhealthy on failure." + # sshd-wrapper failure + docker exec -t \ + ssh.pool-1.1.1 \ + bash -c "mv \ + /usr/sbin/sshd \ + /usr/sbin/sshd2" \ + && docker exec -t \ + ssh.pool-1.1.1 \ + bash -c "if [[ -n \$(pgrep -f '^/usr/sbin/sshd -D') ]]; then \ + kill -9 \$(pgrep -f '^/usr/sbin/sshd -D'); \ + fi" + + sleep $( + awk \ + -v interval_seconds="${interval_seconds}" \ + -v retries="${retries}" \ + 'BEGIN { print interval_seconds * retries; }' + ) + + health_status="$( + docker inspect \ + --format='{{json .State.Health.Status}}' \ + ssh.pool-1.1.1 + )" + + assert equal \ + "${health_status}" \ + "\"unhealthy\"" + end + end + + describe "Autostart false" + __terminate_container \ + ssh.pool-1.1.1 \ + &> /dev/null + + docker run \ + --detach \ + --name ssh.pool-1.1.1 \ + --env SSH_AUTOSTART_SSHD=false \ + jdeathe/centos-ssh:latest \ + &> /dev/null + + it "Returns a valid status on starting." + health_status="$( + docker inspect \ + --format='{{json .State.Health.Status}}' \ + ssh.pool-1.1.1 + )" + + assert __shpec_matcher_egrep \ + "${health_status}" \ + "\"(?:starting|healthy|unhealthy)\"" + end + + sleep $( + awk \ + -v interval_seconds="${interval_seconds}" \ + -v startup_time="${STARTUP_TIME}" \ + 'BEGIN { print interval_seconds + startup_time; }' + ) + + it "Returns healthy after startup." + health_status="$( + docker inspect \ + --format='{{json .State.Health.Status}}' \ + ssh.pool-1.1.1 + )" + + assert equal \ + "${health_status}" \ + "\"healthy\"" + end + + it "Returns unhealthy on failure." + # sshd-bootstrap failure + docker exec -t \ + ssh.pool-1.1.1 \ + bash -c "sed -i \ + -e 's~# app-admin~~' \ + /etc/sudoers" + + sleep $( + awk \ + -v interval_seconds="${interval_seconds}" \ + -v retries="${retries}" \ + 'BEGIN { print interval_seconds * retries; }' + ) + + health_status="$( + docker inspect \ + --format='{{json .State.Health.Status}}' \ + ssh.pool-1.1.1 + )" + + assert equal \ + "${health_status}" \ + "\"unhealthy\"" + end + end + + __terminate_container \ + ssh.pool-1.1.1 \ + &> /dev/null + + trap - \ + INT TERM EXIT + end +} + if [[ ! -d ${TEST_DIRECTORY} ]]; then printf -- \ "ERROR: Please run from the project root.\n" \ @@ -1239,5 +1406,6 @@ describe "jdeathe/centos-ssh:latest" test_basic_sftp_operations test_custom_ssh_configuration test_custom_sftp_configuration + test_healthcheck __destroy end From 099eae12ff6cdb8d02644f6040daa72e34a0a6ab Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 13 Jun 2017 02:00:03 +0100 Subject: [PATCH 12/13] ISSUE 501: Adds time for failure to register + remove non-capture group from regex. --- test/shpec/operation_shpec.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 8179925..c5f0c96 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -1259,7 +1259,7 @@ function test_healthcheck () assert __shpec_matcher_egrep \ "${health_status}" \ - "\"(?:starting|healthy|unhealthy)\"" + "\"(starting|healthy|unhealthy)\"" end sleep $( @@ -1298,7 +1298,7 @@ function test_healthcheck () awk \ -v interval_seconds="${interval_seconds}" \ -v retries="${retries}" \ - 'BEGIN { print interval_seconds * retries; }' + 'BEGIN { print 1 + interval_seconds * retries; }' ) health_status="$( @@ -1334,7 +1334,7 @@ function test_healthcheck () assert __shpec_matcher_egrep \ "${health_status}" \ - "\"(?:starting|healthy|unhealthy)\"" + "\"(starting|healthy|unhealthy)\"" end sleep $( @@ -1368,7 +1368,7 @@ function test_healthcheck () awk \ -v interval_seconds="${interval_seconds}" \ -v retries="${retries}" \ - 'BEGIN { print interval_seconds * retries; }' + 'BEGIN { print 1 + interval_seconds * retries; }' ) health_status="$( From 1b801365a7093076f9ca01171cdb2d76e01c8f54 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 14 Jun 2017 01:12:40 +0100 Subject: [PATCH 13/13] Release changes for 2.2.3. --- CHANGELOG.md | 2 +- Dockerfile | 2 +- README.md | 34 +++++++++++----------- src/etc/systemd/system/centos-ssh@.service | 2 +- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 420665b..8c91d41 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Summary of release changes for Version 2 - CentOS-7 -### 2.2.3 - Unreleased +### 2.2.3 - 2017-06-14 - Adds clearer, improved [shpec](https://github.com/rylnd/shpec) test case output. - Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.2. diff --git a/Dockerfile b/Dockerfile index c488d92..f9c4f9a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -154,7 +154,7 @@ ENV SSH_AUTHORIZED_KEYS="" \ # ----------------------------------------------------------------------------- # Set image metadata # ----------------------------------------------------------------------------- -ARG RELEASE_VERSION="2.2.2" +ARG RELEASE_VERSION="2.2.3" LABEL \ maintainer="James Deathe " \ install="docker run \ diff --git a/README.md b/README.md index 6a85c14..67c9d36 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,12 @@ Includes public key authentication, Automated password generation and supports c ## Overview & links -The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.8.0` OR `1.8.0` for the [1.8.0](https://github.com/jdeathe/centos-ssh/tree/1.8.0) release tag and `centos-7-2.2.2` OR `2.2.2` for the [2.2.2](https://github.com/jdeathe/centos-ssh/tree/2.2.2) release tag. +The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.8.1` OR `1.8.1` for the [1.8.1](https://github.com/jdeathe/centos-ssh/tree/1.8.1) release tag and `centos-7-2.2.3` OR `2.2.3` for the [2.2.3](https://github.com/jdeathe/centos-ssh/tree/2.2.3) release tag. ### Tags and respective `Dockerfile` links -- `centos-7`,`centos-7-2.2.2`,`2.2.2` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) -- `centos-6`,`centos-6-1.8.0`,`1.8.0` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) +- `centos-7`,`centos-7-2.2.3`,`2.2.3` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) +- `centos-6`,`centos-6-1.8.1`,`1.8.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) The Dockerfile can be used to build a base image that is the bases for several other docker images. @@ -105,10 +105,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:2.2.2 \ + jdeathe/centos-ssh:2.2.3 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=2.2.2 \ + --tag=2.2.3 \ --name=ssh.pool-1.1.1 \ --setopt="--volume {{NAME}}.config-ssh:/etc/ssh" ``` @@ -122,10 +122,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:2.2.2 \ + jdeathe/centos-ssh:2.2.3 \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ - --tag=2.2.2 \ + --tag=2.2.3 \ --name=ssh.pool-1.1.1 \ --setopt="--volume {{NAME}}.config-ssh:/etc/ssh" ``` @@ -139,10 +139,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:2.2.2 \ + jdeathe/centos-ssh:2.2.3 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=2.2.2 \ + --tag=2.2.3 \ --name=ssh.pool-1.1.1 \ --manager=systemd \ --register \ @@ -162,7 +162,7 @@ Since release tags `1.7.2` / `2.1.2` the install template has been added to the _NOTE:_ A prerequisite of the following examples is that the image has been pulled (or loaded from the release package). ``` -$ docker pull jdeathe/centos-ssh:2.2.2 +$ docker pull jdeathe/centos-ssh:2.2.3 ``` To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option. @@ -171,7 +171,7 @@ To see detailed information about the image run `scmi` with the `--info` option. $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh:2.2.2 + jdeathe/centos-ssh:2.2.3 ) --info" ``` @@ -181,7 +181,7 @@ To perform an installation using the docker name `ssh.pool-1.2.1` simply use the $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh:2.2.2 + jdeathe/centos-ssh:2.2.3 ) --name=ssh.pool-1.2.1" ``` @@ -191,7 +191,7 @@ To uninstall use the *same command* that was used to install but with the `unins $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.uninstall}}" \ - jdeathe/centos-ssh:2.2.2 + jdeathe/centos-ssh:2.2.3 ) --name=ssh.pool-1.2.1" ``` @@ -204,7 +204,7 @@ To see detailed information about the image run `scmi` with the `--info` option. ``` $ sudo -E atomic install \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:2.2.2 \ + jdeathe/centos-ssh:2.2.3 \ --info ``` @@ -213,14 +213,14 @@ To perform an installation using the docker name `ssh.pool-1.3.1` simply use the ``` $ sudo -E atomic install \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:2.2.2 + jdeathe/centos-ssh:2.2.3 ``` Alternatively, you could use the `scmi` options `--name` or `-n` for naming the container. ``` $ sudo -E atomic install \ - jdeathe/centos-ssh:2.2.2 \ + jdeathe/centos-ssh:2.2.3 \ --name ssh.pool-1.3.1 ``` @@ -229,7 +229,7 @@ To uninstall use the *same command* that was used to install but with the `unins ``` $ sudo -E atomic uninstall \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:2.2.2 + jdeathe/centos-ssh:2.2.3 ``` #### Using environment variables diff --git a/src/etc/systemd/system/centos-ssh@.service b/src/etc/systemd/system/centos-ssh@.service index 51f0e7d..da365c7 100644 --- a/src/etc/systemd/system/centos-ssh@.service +++ b/src/etc/systemd/system/centos-ssh@.service @@ -51,7 +51,7 @@ Environment="DOCKER_USER=jdeathe" Environment="DOCKER_IMAGE_NAME=centos-ssh" Environment="DOCKER_CONTAINER_OPTS=" Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages" -Environment="DOCKER_IMAGE_TAG=2.2.2" +Environment="DOCKER_IMAGE_TAG=2.2.3" Environment="DOCKER_PORT_MAP_TCP_22=2020" Environment="SSH_AUTHORIZED_KEYS=" Environment="SSH_AUTOSTART_SSHD=true"