Merge pull request #87 from jdeathe/master

Release changes ready for centos-6-1.4.2
jdeathe · Jan 13, 2016 · d0ac483 · d0ac483
2 parents c771595 + bfe170a
commit d0ac483
Show file tree

Hide file tree

Showing 6 changed files with 205 additions and 108 deletions.
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ Includes public key authentication, Automated password generation, supports cust
 
 The [Dockerfile](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) can be used to build a base image that is the bases for several other docker images.
 
-Included in the build is the EPEL repository, the IUS repository and SSH, vi and are installed along with python-pip, supervisor and supervisor-stdout.
+Included in the build are the [EPEL](http://fedoraproject.org/wiki/EPEL) and [IUS](https://ius.io) repositories. Installed packages include ssh, sudo and vi along with python-setuptools, supervisor and supervisor-stdout.
 
 [Supervisor](http://supervisord.org/) is used to start and the sshd daemon when a docker container based on this image is run. To enable simple viewing of stdout for the sshd subprocess, supervisor-stdout is included. This allows you to see output from the supervisord controlled subprocesses with `docker logs <docker-container-name>`.
 
@@ -40,29 +40,68 @@ $ docker run -d \
 
 ### (Optional) Configuration Data Volume
 
-Create a "data volume" for configuration, this allows you to share the same configuration between multiple docker containers and, by mounting a host directory into the data volume you can override the default configuration files provided.
+A configuration "data volume" allows you to share the same configuration files between multiple docker containers. Docker mounts a host directory into the data volume allowing you to edit the default configuration files and have those changes persist.
 
-Make a directory on the docker host for storing container configuration files. This directory needs to contain at least the following files:
-- [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys)
-- [ssh/ssh-bootstrap.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/ssh-bootstrap.conf)
-- [ssh/sshd_config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/sshd_config)
-- [supervisor/supervisord.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/supervisor/supervisord.conf)
+#### Standard volume
+
+Naming of the volume is optional, it is possible to leave the naming up to Docker by simply specifying the container path only.
+
+```
+$ docker run \
+  --name volume-config.ssh.pool-1.1.1 \
+  -v /etc/services-config \
+  jdeathe/centos-ssh:latest \
+  /bin/true
+```
+
+To identify the docker host directory path to the volume within the container volume-config.ssh.pool-1.1.1 you can use ```docker inspect``` to view the Mounts.
 
 ```
-$ mkdir -p /etc/services-config/ssh.pool-1
+$ docker inspect \
+  --format '{{ json (index .Mounts 0).Source }}' \
+  volume-config.ssh.pool-1.1.1
 ```
 
-Create the data volume, mounting our docker host's configuration directory to /etc/services-config/ssh in the docker container. Note that docker will pull the busybox:latest image if you don't already have available locally.
+#### Named volume
+
+To create a named data volume, mounting our docker host's configuration directory /var/lib/docker/volumes/volume-config.ssh.pool-1.1.1 to /etc/services-config in the docker container use the following run command. Note that we use the same image as for the application container to reduce the number of images/layers required.
 
 ```
 $ docker run \
   --name volume-config.ssh.pool-1.1.1 \
-  -v /etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh \
-  -v /etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor \
-  busybox:latest \
+  -v volume-config.ssh.pool-1.1.1:/etc/services-config \
+  jdeathe/centos-ssh:latest \
   /bin/true
 ```
 
+When using named volumes the directory path from the docker host mounts the path on the container so we need to upload the configuration files. The simplest method of achieving this is to upload the contents of the [etc/services-config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/) directory using ```docker cp```.
+
+```
+$ docker cp \
+  ./etc/services-config/. \
+  volume-config.ssh.pool-1.1.1:/etc/services-config
+```
+
+#### Editing configuration
+
+To make changes to the configuration files you need a running container that uses the volumes from the configuration volume. To edit a single file you could use the following, where <path_to_file> can be one of the [required configuration files](https://github.com/jdeathe/centos-ssh/blob/centos-6/README.md#required-configuration-files), or you could run a ```bash``` shell and then make the changes required using ```vi```. On exiting the container it will be removed since we specify the ```--rm``` parameter.
+
+```
+$ docker run --rm -it \
+  --volumes-from volume-config.ssh.pool-1.1.1 \
+  jdeathe/centos-ssh:latest \
+  vi /etc/services-config/<path_to_file>
+```
+
+##### Required configuration files
+
+The following configuration files are required to run the applicatiobn container and should be located in the directory /etc/services-config/.
+
+- [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys)
+- [ssh/ssh-bootstrap.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/ssh-bootstrap.conf)
+- [ssh/sshd_config](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/sshd_config)
+- [supervisor/supervisord.conf](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/supervisor/supervisord.conf)
+
 ### Running
 
 To run the a docker container from this image you can use the included run.sh and run.conf scripts. The helper script will stop any running container of the same name, remove it and run a new daemonised container on an unspecified host port. Alternatively you can use the following methods.
@@ -214,14 +253,15 @@ $ docker port ssh.pool-1.1.1 22
 To connect to the running container use:
 
 ```
-$ ssh -p <container-port> -i ~/.ssh/id_rsa_insecure \
+$ ssh -p <container-port> \
+  -i ~/.ssh/id_rsa_insecure \
   app-admin@<docker-host-ip> \
   -o StrictHostKeyChecking=no
 ```
 
 ### Custom Configuration
 
-If using the optional data volume for container configuration you are able to customise the configuration. In the following examples your custom docker configuration files should be located on the Docker host under the directory ```/etc/service-config/<container-name>/``` where ```<container-name>``` should match the applicable container name such as "ssh.pool-1.1.1" or, if the configuration is common across a group of containers, simply "ssh.pool-1" for the given examples.
+If using the optional data volume for container configuration you are able to customise the configuration. In the following examples your custom docker configuration files should be located on the Docker host under the directory ```/var/lib/docker/volumes/<volume-name>/``` where ```<volume-name>``` should identify the applicable container name such as "volume-config.ssh.pool-1.1.1" if using named volumes or will be an ID generated automatically by Docker. To identify the correct path on the Docker host use the ```docker inspect``` command.
 
 #### [ssh/authorized_keys](https://github.com/jdeathe/centos-ssh/blob/centos-6/etc/services-config/ssh/authorized_keys)
 
@@ -233,24 +273,27 @@ $ ssh-keygen -q -t rsa -f ~/.ssh/id_rsa
 
 You should now have an SSH public key, (~/.ssh/id_rsa.pub), that can be used to replace the default one in your custom authorized_keys file.
 
-The following example shows how to copy your file to a remote docker host for cases where using a configuration volume mapping the path "/etc/services-config/ssh.pool-1/ssh/authorized_keys" to "/etc/services-config/ssh/authorized_keys":
+To copy your file to a remote docker host where using a configuration "data" volume container named "volume-config.ssh.pool-1.1.1" with a volume mapping of "volume-config.ssh.pool-1.1.1:/etc/services-config" use:
 
 ```
-$ scp ~/.ssh/id_rsa.pub \
-  <docker-host-user>@<docker-host-ip>:/etc/services-config/ssh.pool-1/ssh/authorized_keys
+$ docker cp ~/.ssh/id_rsa.pub \
+  volume-config.ssh.pool-1.1.1:/etc/services-config/ssh/authorized_keys
 ```
 
-To replace the autorized_keys directly on a running container with the ```SSH_USER``` app-admin:
+Alternatively, to replace the autorized_keys directly on a running container with the ```SSH_USER``` app-admin using SSH use:
 
 ```
-$ cat ~/.ssh/id_rsa.pub | ssh -p <container-port> -i ~/.vagrant.d/insecure_private_key \
-  app-admin@<docker-host-ip> "mkdir -p ~/.ssh && cat > ~/.ssh/authorized_keys"
+$ cat ~/.ssh/id_rsa.pub | ssh -p <container-port> \
+  -i ~/.vagrant.d/insecure_private_key \
+  app-admin@<docker-host-ip> \
+  "cat > ~/.ssh/authorized_keys"
 ```
 
 To connect to the running container use:
 
 ```
-$ ssh -p <container-port> app-admin@<docker-host-ip> \
+$ ssh -p <container-port> \
+  app-admin@<docker-host-ip> \
   -o StrictHostKeyChecking=no
 ```
 

diff --git a/build.sh b/build.sh
@@ -1,12 +1,12 @@
 #!/usr/bin/env bash
 
 # Change working directory
-DIR_PATH="$( if [ "$( echo "${0%/*}" )" != "$( echo "${0}" )" ] ; then cd "$( echo "${0%/*}" )"; fi; pwd )"
-if [[ $DIR_PATH == */* ]] && [[ $DIR_PATH != "$( pwd )" ]] ; then
-	cd $DIR_PATH
+DIR_PATH="$( if [[ $( echo "${0%/*}" ) != $( echo "${0}" ) ]]; then cd "$( echo "${0%/*}" )"; fi; pwd )"
+if [[ ${DIR_PATH} == */* ]] && [[ ${DIR_PATH} != $( pwd ) ]]; then
+	cd ${DIR_PATH}
 fi
 
-NO_CACHE="$1"
+NO_CACHE=$1
 
 source build.conf
 
@@ -16,28 +16,27 @@ show_docker_image ()
 	local NAME_PARTS=(${NAME//:/ })
 
 	# Set 'latest' tag if no tag requested
-	if [ ${#NAME_PARTS[@]} == 1 ]; then
+	if [[ ${#NAME_PARTS[@]} == 1 ]]; then
 		NAME_PARTS[1]='latest'
 	fi
 
 	docker images | grep -e "^${NAME_PARTS[0]}[ ]\{1,\}${NAME_PARTS[1]}"
 }
 
-echo Building ${DOCKER_IMAGE_REPOSITORY_NAME}...
+echo "Building ${DOCKER_IMAGE_REPOSITORY_NAME}"
 
 # Allow cache to be bypassed
-if [ "$NO_CACHE" == "true" ]; then
+if [[ ${NO_CACHE} == "true" ]]; then
 	echo " ---> Skipping cache"
 else
 	NO_CACHE="false"
 fi
 
 # Build from working directory
-docker build --no-cache=$NO_CACHE -t ${DOCKER_IMAGE_REPOSITORY_NAME} .
-
+docker build --no-cache=${NO_CACHE} -t ${DOCKER_IMAGE_REPOSITORY_NAME} .
 
 # Display the last docker image
 echo "Docker image:"
 show_docker_image ${DOCKER_IMAGE_REPOSITORY_NAME}
 
-echo " ---> Build complete"
+echo " ---> Build complete"
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,8 +1,29 @@
 # -----------------------------------------------------------------------------
 # Setup: 
-#     Edit volume-config.ssh.pool-1.1.1/volumes with the appropriate 
-#     host_path:container_path where the host_path must exist on the docker
-#     host filesystem.
+#     Use of a configuration "data" volumes is optional and allow configuration 
+#     changes to persist and be re-applied to a new container instance.
+#
+#     1. If configuration volumes are required, choose an appropriate naming 
+#     scheme depending on how the configuration is intended to be applied on 
+#     the docker host:
+#
+#       - volume-config.ssh fo configuration of all "ssh" container instances.
+#       - volume-config.ssh.pool-1 for configuration of all "ssh" container 
+#       instances in the "pool-1" group.
+#       - volume-config.ssh.pool-1.1.1 for configuration of the container named 
+#       ssh.pool-1.1.1 specifically.
+#
+#     2. Edit volume_name/container_name, volume_name/volumes with the  
+#     appropriate volume_name:container_path mapping or leave as container_path  
+#     to let docker handle the volume naming within /var/lib/docker/volumes/ on
+#     the docker host.
+#
+#     3. If using a named volume you need to copy the contents of the 
+#     configuration directory into the volume container. The simplest way to do
+#     this is with docker cp as follows: 
+#         docker cp ./etc/services-config/. volume_name:/etc/services-config
+#
+#     4. Edit ssh.pool-1.1.1/volumes_from to apply the required volume_name.
 #
 # Run in background: 
 #     docker-compose up -d
@@ -13,21 +34,25 @@
 # View logs of service ssh.pool-1.1.1: 
 #     docker-compose logs ssh.pool-1.1.1
 # -----------------------------------------------------------------------------
-volume-config.ssh.pool-1.1.1:
-  image: "busybox:latest"
-  container_name: "volume-config.ssh.pool-1.1.1"
-  volumes:
-    - "./etc/services-config/ssh:/etc/services-config/ssh"
-    - "./etc/services-config/supervisor:/etc/services-config/supervisor"
-    # - "/etc/services-config/ssh.pool-1/ssh:/etc/services-config/ssh"
-    # - "/etc/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor"
-    # - "~/services-config/ssh.pool-1/ssh:/etc/services-config/ssh"
-    # - "~/services-config/ssh.pool-1/supervisor:/etc/services-config/supervisor"
-  command: /bin/true
+# volume-config.ssh.pool-1.1.1:
+# # volume-config.ssh.pool-1:
+# # volume-config.ssh:
+#   image: "jdeathe/centos-ssh:latest"
+#   container_name: "volume-config.ssh.pool-1.1.1"
+#   # container_name: "volume-config.ssh.pool-1"
+#   # container_name: "volume-config.ssh"
+#   volumes:
+#     - "/etc/services-config"
+#     # - "volume-config.ssh.pool-1.1.1:/etc/services-config"
+#     # - "volume-config.ssh.pool-1:/etc/services-config"
+#     # - "volume-config.ssh:/etc/services-config"
+#   command: /bin/true
 ssh.pool-1.1.1:
   image: "jdeathe/centos-ssh:latest"
   container_name: "ssh.pool-1.1.1"
   ports:
     - "2020:22"
-  volumes_from:
-    - volume-config.ssh.pool-1.1.1
+  # volumes_from:
+  #   - volume-config.ssh.pool-1.1.1
+  #   # - volume-config.ssh.pool-1
+  #   # - volume-config.ssh
diff --git a/etc/ssh-bootstrap b/etc/ssh-bootstrap
@@ -143,7 +143,7 @@ if [[ ! -d ${OPTS_SSH_USER_HOME_DIR}/.ssh ]]; then
 	rm -f /etc/ssh/{ssh_host_rsa_key,ssh_host_rsa_key.pub,ssh_host_dsa_key,ssh_host_dsa_key.pub}
 	ssh-keygen -q -C "" -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key
 	ssh-keygen -q -C "" -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key
-	if [ -x /sbin/restorecon ]; then
+	if [[ -x /sbin/restorecon ]]; then
 		/sbin/restorecon /etc/ssh/ssh_host_rsa_key.pub
 		/sbin/restorecon /etc/ssh/ssh_host_dsa_key.pub
 	fi

diff --git a/run.conf b/run.conf
@@ -7,13 +7,22 @@ SERVICE_UNIT_SHARED_GROUP=pool-1
 SERVICE_UNIT_LOCAL_ID=1
 SERVICE_UNIT_INSTANCE=1
 
-MOUNT_PATH_CONFIG=/etc/services-config
-# Mac hosts need to be in User writable directory
-if [ "$(uname)" == "Darwin" ]; then
-	MOUNT_PATH_CONFIG=~/services-config
-fi
-
 DOCKER_IMAGE_REPOSITORY_NAME=${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}
 DOCKER_NAME=${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP}.${SERVICE_UNIT_LOCAL_ID}.${SERVICE_UNIT_INSTANCE}
 
-VOLUME_CONFIG_NAME=volume-config.${DOCKER_NAME}
+DOCKER_HOST_PORT_SSH=2020
+
+# VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME}
+# VOLUME_CONFIG_NAME=volume-config.${SERVICE_UNIT_NAME}.${SERVICE_UNIT_SHARED_GROUP}
+VOLUME_CONFIG_NAME=volume-config.${DOCKER_NAME}
+
+# Use of a configuration volume requires additional maintenance and access to the 
+# filesystem of the docker host so is disabled by default.
+VOLUME_CONFIG_ENABLED=false
+
+# Using named volumes allows for easier identification of files located in
+# /var/lib/docker/volumes/ on the docker host. If set to true, the value of  
+# VOLUME_CONFIG_NAME is used in place of an automatically generated ID.
+# NOTE: When using named volumes you need to copy the contents of the directory
+# into the configuration "data" volume container.
+VOLUME_CONFIG_NAMED=false