From 2eebb901a600d7633d2c0af5673e06b977767eec Mon Sep 17 00:00:00 2001
From: Stefano Alberto Russo <stefano.russo@gmail.com>
Date: Thu, 4 Nov 2021 22:43:18 +0100
Subject: [PATCH] Added base and SSh containers.
---
SSH/Dockerfile | 28 ++++++++++++
SSH/build.sh | 3 ++
SSH/files/entrypoint.sh | 39 +++++++++++++++++
SSH/run.sh | 2 +
base/Dockerfile | 57 ++++++++++++++++++++++++
base/build.sh | 3 ++
base/files/base_entrypoint.sh | 82 +++++++++++++++++++++++++++++++++++
base/files/sudoers | 30 +++++++++++++
base/run.sh | 2 +
9 files changed, 246 insertions(+)
create mode 100644 SSH/Dockerfile
create mode 100755 SSH/build.sh
create mode 100644 SSH/files/entrypoint.sh
create mode 100755 SSH/run.sh
create mode 100644 base/Dockerfile
create mode 100755 base/build.sh
create mode 100644 base/files/base_entrypoint.sh
create mode 100644 base/files/sudoers
create mode 100755 base/run.sh
diff --git a/SSH/Dockerfile b/SSH/Dockerfile
new file mode 100644
index 0000000..a231169
--- /dev/null
+++ b/SSH/Dockerfile
@@ -0,0 +1,28 @@
+FROM base
+MAINTAINER Stefano Alberto Russo <stefano.russo@inaf.it>
+
+# Switch to root
+USER root
+
+# Install OpenSSH
+RUN apt-get install openssh-server -y
+
+# Set a fixed password for metauser (will be changed in the entypoint)
+RUN echo "metauser:metapass" | chpasswd
+
+# Set entrypoint command
+COPY files/entrypoint.sh /entrypoint.sh
+RUN chmod 755 /entrypoint.sh
+ENV DEFAULT_ENTRYPOINT_COMMAND="/entrypoint.sh"
+
+# Fix home permissions
+RUN chmod 777 /home
+
+# Set user (mainly for Singularity)
+USER metauser
+
+# Set container name
+ENV CONTAINER_NAME='SSH'
+
+
+
diff --git a/SSH/build.sh b/SSH/build.sh
new file mode 100755
index 0000000..12c8b48
--- /dev/null
+++ b/SSH/build.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build . -t ssh
diff --git a/SSH/files/entrypoint.sh b/SSH/files/entrypoint.sh
new file mode 100644
index 0000000..02db98c
--- /dev/null
+++ b/SSH/files/entrypoint.sh
@@ -0,0 +1,39 @@
+#/bin/bash
+
+# Set port
+if [ "x$BASE_PORT" == "x" ]; then
+ BASE_PORT=22
+fi
+
+# Set password
+if [ "x$AUTH_PASS" != "x" ]; then
+ echo "[INFO] Setting linux password" # In the Dockerflie remove the -e
+ echo -e "metapass\n$AUTH_PASS\n$AUTH_PASS" | passwd
+fi
+
+# Prepare conf
+mkdir ${HOME}/custom_ssh
+ssh-keygen -f ${HOME}/custom_ssh/ssh_host_rsa_key -N '' -t rsa
+ssh-keygen -f ${HOME}/custom_ssh/ssh_host_dsa_key -N '' -t dsa
+
+cat << EOF > ${HOME}/custom_ssh/sshd_config
+Port $BASE_PORT
+HostKey ${HOME}/custom_ssh/ssh_host_rsa_key
+HostKey ${HOME}/custom_ssh/ssh_host_dsa_key
+AuthorizedKeysFile .ssh/authorized_keys
+ChallengeResponseAuthentication no
+UsePAM yes
+Subsystem sftp /usr/lib/ssh/sftp-server
+PidFile ${HOME}/custom_ssh/sshd.pid
+EOF
+
+# Run
+echo "[INFO] Now running SSH server on port $BASE_PORT and listening."
+/usr/sbin/sshd -D -f ${HOME}/custom_ssh/sshd_config
+EXIT_CODE=$?
+echo "Exit code: $EXIT_CODE"
+if [[ "x$EXIT_CODE" != "x0" ]] && [[ "x$EXIT_CODE" != "x130" ]] ; then
+ echo "This exit code is an error, exiting."
+ exit $?
+fi
+echo ""
\ No newline at end of file
diff --git a/SSH/run.sh b/SSH/run.sh
new file mode 100755
index 0000000..cf33061
--- /dev/null
+++ b/SSH/run.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+docker run -v$PWD/:/data -p2222:2222 -eAUTH_PASS='testpass' -eBASE_PORT=2222 -it ssh
diff --git a/base/Dockerfile b/base/Dockerfile
new file mode 100644
index 0000000..b0612b6
--- /dev/null
+++ b/base/Dockerfile
@@ -0,0 +1,57 @@
+FROM ubuntu:18.04
+MAINTAINER Stefano Alberto Russo <stefano.russo@inaf.it>
+
+#----------------------
+# Basics
+#----------------------
+
+# Set non-interactive
+ENV DEBIAN_FRONTEND noninteractive
+
+# Update first of all
+RUN apt-get update
+
+# Utilities
+RUN apt-get install -y nano telnet unzip wget supervisor build-essential python-dev git-core openjdk-8-jre
+
+
+#------------------------
+# "Meta" user
+#------------------------
+
+# Add group. We chose GID 65527 to try avoiding conflicts.
+RUN groupadd -g 65527 metauser
+
+# Add user. We chose UID 65527 to try avoiding conflicts.
+RUN useradd metauser -d /home/metauser -u 65527 -g 65527 -m -s /bin/bash
+
+# Add metuaser user to sudoers
+RUN adduser metauser sudo
+
+# Install suodo
+RUN apt-get install sudo -y
+
+# No pass sudo (for everyone, actually)
+COPY files/sudoers /etc/sudoers
+
+# Prepare for user-space logs
+RUN mkdir /home/metauser/.logs && chown metauser:metauser /home/metauser/.logs
+
+# Rename metauser home folder as a "vanilla" home folder
+RUN mv /home/metauser /metauser_home_vanilla
+
+# Set container name
+ENV CONTAINER_NAME='base'
+
+# Entrypoint
+COPY files/base_entrypoint.sh /
+RUN chmod 755 /base_entrypoint.sh
+ENTRYPOINT ["/base_entrypoint.sh"]
+ENV DEFAULT_ENTRYPOINT_COMMAND="/bin/bash"
+
+# Allow to move the /home_vanilla folder in /home
+RUN chmod 777 /home
+
+# Set user
+USER metauser
+
diff --git a/base/build.sh b/base/build.sh
new file mode 100755
index 0000000..d4f5524
--- /dev/null
+++ b/base/build.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build . -t base
diff --git a/base/files/base_entrypoint.sh b/base/files/base_entrypoint.sh
new file mode 100644
index 0000000..daaa283
--- /dev/null
+++ b/base/files/base_entrypoint.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+
+ # Exit on any error. More complex thing could be done in future
+# (see https://stackoverflow.com/questions/4381618/exit-a-script-on-error)
+set -e
+
+
+if [ "x$SAFE_MODE" == "xTrue" ]; then
+ echo ""
+ echo "[INFO] Not executing entrypoint as we are in safe mode, just opening a Bash shell."
+ exec /bin/bash
+else
+ echo ""
+ echo "[INFO] Executing entrypoint..."
+
+
+ #---------------------
+ # Setup home
+ #---------------------
+
+ if [ -f "/home/metauser/.initialized" ]; then
+ :
+ else
+ echo "[INFO] Setting up home"
+ mkdir -p /home/metauser
+
+ # Copy over vanilla home contents
+ for x in /metauser_home_vanilla/* /metauser_home_vanilla/.[!.]* /metauser_home_vanilla/..?*; do
+ if [ -e "$x" ]; then cp -a "$x" /home/metauser/; fi
+ done
+
+ # Mark as initialized
+ touch /home/metauser/.initialized
+ fi
+
+ # Manually set home (mainly for Singularity)
+ echo "[INFO] Setting up HOME env var"
+ export HOME=/home/metauser
+ cd /home/metauser
+
+ #---------------------
+ # Save env
+ #---------------------
+ echo "[INFO] Dumping env"
+
+ # Save env vars for later usage (e.g. ssh)
+
+ env | \
+ while read env_var; do
+ if [[ $env_var == HOME\=* ]]; then
+ : # Skip HOME var
+ elif [[ $env_var == PWD\=* ]]; then
+ : # Skip PWD var
+ else
+ echo "export $env_var" >> /tmp/env.sh
+ fi
+ done
+
+ #---------------------
+ # Prompt
+ #---------------------
+
+ echo "[INFO] Setting new prompt @$CONTAINER_NAME container"
+ echo 'export PS1="${debian_chroot:+($debian_chroot)}\u@$CONTAINER_NAME@\h:\w\$ "' >> /home/metauser/.bashrc
+
+
+ #---------------------
+ # Entrypoint command
+ #---------------------
+
+ if [ "$@x" == "x" ]; then
+ echo -n "[INFO] Executing default entrypoint command: "
+ echo $DEFAULT_ENTRYPOINT_COMMAND
+ exec $DEFAULT_ENTRYPOINT_COMMAND
+ else
+ echo -n "[INFO] Executing entrypoint command: "
+ echo $@
+ exec $@
+ fi
+
+fi
+
diff --git a/base/files/sudoers b/base/files/sudoers
new file mode 100644
index 0000000..47ab37c
--- /dev/null
+++ b/base/files/sudoers
@@ -0,0 +1,30 @@
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults env_reset
+Defaults mail_badpass
+Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root ALL=(ALL:ALL) ALL
+
+# Members of the admin group may gain root privileges
+%admin ALL=(ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo ALL=(ALL:ALL) NOPASSWD:ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
diff --git a/base/run.sh b/base/run.sh
new file mode 100755
index 0000000..a7f1984
--- /dev/null
+++ b/base/run.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+docker run -v$PWD/:/data -it base
--
GitLab