Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSHD Docker update. #244

Merged
merged 1 commit into from
Jul 25, 2024
Merged

SSHD Docker update. #244

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions cavern-sshd/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,20 @@
FROM centos:7
FROM almalinux:8

RUN \
yum -y install openssh-clients openssh-server sssd-client authconfig && \
yum -y clean all && \
dnf install -y authconfig authselect openldap-clients openssh-clients openssh-server procps-ng sssd-client sssd-ldap sssd-tools && \
touch /run/utmp

RUN mkdir -p /var/log/sshd
RUN mkdir -p /var/log/sssd

# enable sssd-based authentication
RUN authconfig --update --enablesssd --enablesssdauth

ADD src/nsswitch.conf /etc/

COPY src/entrypoint /entrypoint
COPY src/cadc-sssd-start /usr/bin/cadc-sssd-start

EXPOSE 22

ENTRYPOINT [ "/entrypoint" ]
CMD ["/usr/sbin/sshd", "-D", "-e"]
4 changes: 2 additions & 2 deletions cavern-sshd/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ docker build -t cavern-sshd:latest -f Dockerfile .

## configuration

/etc/sshd/sshd_conf controls the configuration and should be overwritten with the desired version with a file system mount. The field ChrootDirectory should specify the root of the file system which to expose. (eg /cavern). This must match the value of VOS_FILESYSTEM_ROOT in Cavern.properties.
/etc/sshd/sshd_conf controls the configuration and should be overwritten with the desired version with a file system mount. The field ChrootDirectory should specify the root of the file system which to expose. (eg /cavern). This must match the value of `org.opencadc.cavern.filesystem.baseDir` in the `cavern.properties`.

The public and private keys for the supported cypher algorithms must also exist in directory /etc/ssd/:
The public and private keys for the supported cypher algorithms must also exist in directory /etc/sshd/:

```
ssh_host_ecdsa_key
Expand Down
6 changes: 6 additions & 0 deletions cavern-sshd/VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
## deployable containers have a semantic and build tag
# semantic version tag: major.minor
# build version tag: timestamp
VER=0.2.0
TAGS="${VER} ${VER}-$(date -u +"%Y%m%dT%H%M%S")"
unset VER
32 changes: 32 additions & 0 deletions cavern-sshd/src/cadc-sssd-start
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/bin/bash

SELF=cadc-sssd-start
CONFIG=/etc/sssd/sssd.conf

TS=$(date)
echo "$TS $SELF START"
echo "user: $USER"
echo "home: $HOME"
CONFIG=/etc/sssd/sssd.conf

if [ -f $CONFIG ]; then
echo "finding sssd domain"
DOMAIN=$(sed -n "/domains = /s/domains = //p" $CONFIG)
echo "domain=$DOMAIN"
else
echo "missing sssd config: $CONFIG"
exit -1
fi

if [ -z ${DOMAIN+x} ]; then
echo "could not find domain in sssd config: $CONFIG"
exit -1
fi

TS=$(date)
echo "$TS $SELF DONE"

/usr/sbin/sssd -D --logger=files

PID=$(pgrep -x 'sssd')
echo "SSSD PID: $PID"
7 changes: 7 additions & 0 deletions cavern-sshd/src/entrypoint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
#!/bin/bash

# Start the SSSD daemon here to have it running behind SSHD.

/usr/bin/cadc-sssd-start

exec ${@}
63 changes: 63 additions & 0 deletions cavern-sshd/src/nsswitch.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: sss files
shadow: files sss
group: sss files
#initgroups: files sss

#hosts: db files nisplus nis dns
hosts: files dns myhostname

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss

netgroup: nisplus sss

publickey: nisplus

automount: files nisplus sss
aliases: files nisplus
Loading