update cli

README.md

@@ -1,39 +1,32 @@
 # Cloud Foundry Docker Bosh Cli [![Docker Automated build](docker_automated.svg)](https://hub.docker.com/r/orangecloudfoundry/orange-cf-bosh-cli/)
 The `cf-bosh-cli` project helps you to deploy bosh cli with tools through docker image:
 
-### Programming packages
-* `ruby` - Ruby Programming Language (https://www.ruby-lang.org/)
-* `go` - Go Programming Language (https://golang.org/)
-* `node` - NodeJS Programming Language (https://nodejs.org/en/)
-
 ### Generic tools
 * `git` - Git client
-* `spruce` - YAML templating tool, for BOSH deployment manifests generation (https://github.com/geofffranks/spruce)
 * `jq` - JSON processing tool (https://stedolan.github.io/jq/)
-* `cerstrap` - Simple certificate manager (https://github.com/square/certstrap)
+* `spruce` - YAML templating tool, for BOSH deployment manifests generation (https://github.com/geofffranks/spruce)
 * `yarn` - Package manager (https://yarnpkg.com/fr/)
 
 ### Bosh deployments tools
 * `bosh` - Bosh directors V2 CLI (https://bosh.io/docs/cli-v2.html)
 * `bosh-gen` - Generators for BOSH releases creation (https://github.com/cloudfoundry-community/bosh-gen)
 * `cf` - Cloud Foundry CLI (https://github.com/cloudfoundry/cli)
 * `uaac` - Cloud Foundry UAA CLI (https://github.com/cloudfoundry/cf-uaac)
-* `uaa` - UAA CLI go (https://github.com/starkandwayne/uaa-cli-releases)
 * `credhub` - Credhub CLI (https://github.com/cloudfoundry-incubator/credhub-cli)
 * `fly` - Concourse CLI (https://github.com/concourse/fly)
 * `terraform` - Provides a common configuration to launch infrastructure (https://www.terraform.io/)
 * `terraform-provider-cloudfoundry` - Terraform plugin for Cloudfoundry (https://github.com/orange-cloudfoundry/terraform-provider-cloudfoundry)
 
 ### Backup and Storage tools
-* `shield` - Shield CLI (https://docs.pivotal.io/partners/starkandwayne-shield/)
 * `bbr` - Bosh Backup and Restore CLI (http://docs.cloudfoundry.org/bbr/)
 * `gof3r` - Client for fast, parallelized and pipelined streaming access to S3 bucket (https://github.com/rlmcpherson/s3gof3r)
 * `mc` - Minio S3 CLI (https://github.com/minio/mc)
+* `shield` - Shield CLI (https://docs.pivotal.io/partners/starkandwayne-shield/)
 
 ### Kubernetes tools
-* `smctl` - Service Manager CLI (https://github.com/Peripli/service-manager-cli/#service-manager-cli)
 * `kubectl` - Kubernetes CLI (https://kubernetes.io/docs/reference/generated/kubectl/overview/)
 * `helm` - Kubernetes Package Manager (https://docs.helm.sh/)
+* `smctl` - Service Manager CLI (https://github.com/Peripli/service-manager-cli/#service-manager-cli)
 
 ### BDD tools
 * `mysqlsh` - MySQL shell CLI (https://dev.mysql.com/doc/mysql-shell-excerpt/5.7/en/)
@@ -59,19 +52,19 @@ Then, build the image: <code>docker build -t cf-bosh-cli .</code>
 Launch the image. Don't miss to assign an host port to the container ssh port (22) :
 <code>docker run --name cf-bosh-cli -d -p 2222:22 -v /home/bosh -v /data orangecloudfoundry/orange-cf-bosh-cli</code>
 
-Then, log into the container with ssh : <code>ssh -p 2222 bosh@127.0.0.1</code>
+Then, log into the container with ssh : <code>ssh -p 2222 bosh@localhost</code>
 
-The password at first logon is "welcome" (you have to change your password). When you are logged into the container, you must add your ssh public key into the file <code>~/.ssh/authorized_keys</code> (RSA format). This last step will make the container secure after each restart/update (password auth will be disabled).
+The password at first logon is "welcome" (you have to change this password). When you are logged into the container, you must add your ssh public key into the file <code>~/.ssh/authorized_keys</code> (RSA format). This last step will make the container secure after each restart/update (password auth will be disabled).
 
 #### With public ssh key provided to the container
 It's also possible to add your public key to the container threw an environment variable.
 
 Launch the image. Don't miss to assign an host port to the container ssh port (22) :
 <code>docker run --name cf-bosh-cli -d -p 2222:22 -v /home/bosh -v /data -e "SSH_PUBLIC_KEY=<put here your ssh-rsa public key>" orangecloudfoundry/orange-cf-bosh-cli</code>
 
-Then, log into the container with ssh : <code>ssh -p 2222 -i <path to your rsa private key> bosh@127.0.0.1</code>
+Then, log into the container with ssh : <code>ssh -p 2222 -i <path to your rsa private key> bosh@localhost</code>
 
-The password in this case is completely disabled. By default, the file containing the public key <code>~/.ssh/authorized_keys</code> is overwrited after container restart or update. By setting the variable <code>SSH_PUBLIC_KEY_DONT_OVERWRITE=true</code>, this file is not overwrited if it already exists and is not empty.
+The password in this case is completely disabled. By default, the file containing the public key <code>~/.ssh/authorized_keys</code> is overwrited after container restart or update.
 
 ### How to use it using "Docker Bosh Release"
 Another option is to deploy the container threw the "Docker Bosh Release" (https://github.com/cloudfoundry-community/docker-boshrelease).
@@ -84,16 +77,13 @@ In the following example:
 
 Example of bosh deployment manifest:
 ```
-<%
-director_uuid = 'fa2a0823-b875-4fe3-9bf1-3de6a9bdddb8'
 deployment_name = 'bosh-cli'
 static_ip = '10.203.7.100'
 dns_servers = '10.203.6.102'
 http_proxy = 'http:/proxy:3128'
 https_proxy = 'http://proxy:3128'
 docker_image = 'orangecloudfoundry/orange-cf-bosh-cli'
 docker_tag = 'latest'
-%>
 ---
 name: <%= deployment_name %>
 director_uuid: <%= director_uuid %>
@@ -159,38 +149,35 @@ jobs:
           - <%= static_ip %>
 
 properties:
-  env:
-    http_proxy: "<%= http_proxy %>"
-    https_proxy: "<%= https_proxy %>"
   containers:
   - name: data_container
     image: <%= docker_image %>:<%= docker_tag %>
+    bind_volumes:
+    - "/data"
     volumes:
-    - /data
+    - "/etc/ssl/certs:/etc/ssl/certs:ro"
+
   - name: user1_bosh_cli
     image: <%= docker_image %>:<%= docker_tag %>
     hostname: user1_bosh_cli
     env_vars:
-    - "http_proxy=<%= http_proxy %>"
-    - "https_proxy=<%= https_proxy %>"
-    #This container will be provisioned with a publioc key. The other containers will use standard password authentication
     - "SSH_PUBLIC_KEY=<put here your ssh-rsa public key>"
     bind_ports:
-    - "2222:22"
+    - "????:22"
     volumes:
     - /home/bosh
     depends_on:
     - data_container
     volumes_from:
     - data_container
+
   - name: user2_bosh_cli
     image: <%= docker_image %>:<%= docker_tag %>
     hostname: user2_bosh_cli
     env_vars:
-    - "http_proxy=<%= http_proxy %>"
-    - "https_proxy=<%= https_proxy %>"
+    - "SSH_PUBLIC_KEY=<put here your ssh-rsa public key>"
     bind_ports:
-    - "2223:22"
+    - "????:22"
     volumes:
     - /home/bosh
     depends_on:

scripts/check_ssh_security → bosh-cli/check_ssh_security.sh

@@ -4,10 +4,10 @@
 # This script is installed in "/usr/local/bin"
 #===========================================================================
 
-if [ -f /home/<username>/.ssh/authorized_keys ] && \
-   [ `cat /home/<username>/.ssh/authorized_keys | grep "^ssh-rsa" | wc -l` -ne 0 ] && \
-   [ `cat /etc/ssh/sshd_config | grep "^PasswordAuthentication yes" | wc -l` -eq 1 ] ; then
-  /usr/local/bin/disable_ssh_password_auth
+if [ -f /home/bosh/.ssh/authorized_keys ] && \
+   [ $(cat /home/bosh/.ssh/authorized_keys | grep "^ssh-rsa" | wc -l) -ne 0 ] && \
+   [ $(cat /etc/ssh/sshd_config | grep "^PasswordAuthentication yes" | wc -l) -eq 1 ] ; then
+  /usr/local/bin/disable_ssh_password_auth.sh
 
   if [ "$1" != "container_init" ] ; then
     supervisorctl restart sshd

scripts/disable_ssh_password_auth → bosh-cli/disable_ssh_password_auth.sh

@@ -4,8 +4,8 @@
 # This script is installed in "/usr/local/bin"
 #============================================================================================
 
-echo "Disabling ssh password auth..."
+echo "Disabling ssh password authentication..."
 sed -i 's/^PasswordAuthentication .*/PasswordAuthentication no/g' /etc/ssh/sshd_config
-sudo sh -c "echo \"<username>:\`date +%s | sha256sum | base64 | head -c 32 ; echo\`\" | chpasswd"
-chage -I -1 -m 0 -M 99999 -E -1 <username>
-echo "Disabling ssh password auth done."
+sudo sh -c "echo \"bosh:\$(date +%s | sha256sum | base64 | head -c 32 ; echo\)\" | chpasswd"
+chage -I -1 -m 0 -M 99999 -E -1 bosh
+echo "Disabling ssh password authentication done."

scripts/log-uaac → bosh-cli/log-uaac.sh

@@ -47,12 +47,12 @@ else
     while [ ${flag} = 0 ] ; do
       flag=1
       printf "%bTarget UAA :%b\n\n" "${REVERSE}${GREEN}" "${STD}"
-      printf "%b1%b : cf\n" "${GREEN}${BOLD}" "${STD}"
-      printf "%b2%b : micro\n" "${GREEN}${BOLD}" "${STD}"
-      printf "%b3%b : master\n" "${GREEN}${BOLD}" "${STD}"
-      printf "%b4%b : ops\n" "${GREEN}${BOLD}" "${STD}"
-      printf "%b5%b : kubo\n" "${GREEN}${BOLD}" "${STD}"
-      printf "%b6%b : coab\n" "${GREEN}${BOLD}" "${STD}"
+      printf "%b1%b : cf (master-depls/cf)\n" "${GREEN}${BOLD}" "${STD}"
+      printf "%b2%b : micro (micro-depls/credhub-ha)\n" "${GREEN}${BOLD}" "${STD}"
+      printf "%b3%b : master (micro-depls/bosh-master)\n" "${GREEN}${BOLD}" "${STD}"
+      printf "%b4%b : ops (master-depls/bosh-ops)\n" "${GREEN}${BOLD}" "${STD}"
+      printf "%b5%b : kubo (master-depls/bosh-kubo)\n" "${GREEN}${BOLD}" "${STD}"
+      printf "%b6%b : coab (master-depls/bosh-coab)\n" "${GREEN}${BOLD}" "${STD}"
       printf "\n%bYour choice :%b " "${GREEN}${BOLD}" "${STD}" ; read choice
       case "${choice}" in
         1) getCredhub "SYSTEM_DOMAIN" "/secrets/cloudfoundry_system_domain"
@@ -68,13 +68,14 @@ else
 
     getCredhub "ADMIN_PASSWORD" "${ADMIN_CLIENT_SECRET}"
     if [ ${flagError} = 0 ] ; then
+      uaac token delete --all
       uaac target ${UAA_TARGET} --ca-cert ${BOSH_CA_CERT} > /dev/null 2>&1
       if [ $? = 0 ] ; then
         uaac token client get admin -s ${ADMIN_PASSWORD}
       else
         printf "\n%bERROR : Connexion failed.%b\n\n" "${RED}" "${STD}"
       fi
-    fi
+    f
   fi
 fi
 printf "\n"

scripts/profile → bosh-cli/profile

@@ -4,12 +4,11 @@
 #===========================================================================
 
 #--- Check ssh security
-sudo /usr/local/bin/check_ssh_security "user_login"
+sudo /usr/local/bin/check_ssh_security.sh "user_login"
 
 #--- Modify home user (on shared disk)
 export MY_BOSH_USER=`hostname`
 export HOME=/data/shared/${MY_BOSH_USER}
-DATA_SHARED_TOOLS_DIR="/data/shared/tools"
 
 #--- Create user directory
 if [ ! -d ${HOME} ] ; then
@@ -25,9 +24,6 @@ export XDG_CONFIG_HOME=${HOME}
 #--- Redefine command history file path
 export HISTFILE=${HOME}/.bash_history
 
-#--- GO environment
-export GOPATH=${HOME}/go
-
 #--- CF cli environment
 export CF_COLOR=true
 #export CF_STAGING_TIMEOUT=15            #--- Time wait for buildpack loading (in minutes)
@@ -45,28 +41,31 @@ else
 fi
 if [ ! -L ${HOME}/.cf/plugins ] ; then
   rm -fr ${HOME}/.cf/plugins > /dev/null 2>&1
-  ln -s /home/<username>/.cf/plugins ${HOME}/.cf/plugins
+  ln -s /home/bosh/.cf/plugins ${HOME}/.cf/plugins
 fi
 
 #--- Redefine Path to binary
-export PATH=.:/data/shared/${MY_BOSH_USER}/bin:${DATA_SHARED_TOOLS_DIR}:${PATH}:/usr/local/go/bin:${GOPATH}/bin
+export PATH=.:/data/shared/${MY_BOSH_USER}/bin:${PATH}
 
 #--- Init ".bash_aliases"
 echo "#--- Aliases" > ${HOME}/.bash_aliases
 echo "alias f='function __f() { printf \"\n\";find . ! -regex \".*[/]\.git[/]?.*\" -type f -print0 | xargs -0 grep -I -i --color \"\$1\";unset -f __f;printf \"\n\"; }; __f'" >> ${HOME}/.bash_aliases
 echo "alias diff='colordiff'" >> ${HOME}/.bash_aliases
 echo "alias fly='fly -t concourse-micro'" >> ${HOME}/.bash_aliases
-echo "alias log-bosh='. log-bosh'" >> ${HOME}/.bash_aliases
-echo "alias log-credhub='. log-credhub'" >> ${HOME}/.bash_aliases
-echo "alias log-fly='. log-fly'" >> ${HOME}/.bash_aliases
-echo "alias log-mc='. log-mc'" >> ${HOME}/.bash_aliases
-echo "alias log-openstack='. log-openstack'" >> ${HOME}/.bash_aliases
-echo "alias log-uaa='. log-uaa'" >> ${HOME}/.bash_aliases
-echo "alias log-uaac='. log-uaac'" >> ${HOME}/.bash_aliases
-echo "alias switch='. switch'" >> ${HOME}/.bash_aliases
+echo "alias gitlog='git log --graph --pretty=format:'\''%C(yellow)%H%Creset -%C(yellow)%d%Creset %s %Cgreen(%cn %ci)%Creset'\'' --abbrev-commit'" >> ${HOME}/.bash_aliases
+echo "alias log-bosh='. log-bosh.sh'" >> ${HOME}/.bash_aliases
+echo "alias log-cf='. log-cf.sh'" >> ${HOME}/.bash_aliases
+echo "alias log-credhub='. log-credhub.sh'" >> ${HOME}/.bash_aliases
+echo "alias log-fly='. log-fly.sh'" >> ${HOME}/.bash_aliases
+echo "alias log-mc='. log-mc.sh'" >> ${HOME}/.bash_aliases
+echo "alias log-openstack='. log-openstack.sh'" >> ${HOME}/.bash_aliases
+echo "alias log-uaac='. log-uaac.sh'" >> ${HOME}/.bash_aliases
+echo "alias switch='. switch.sh'" >> ${HOME}/.bash_aliases
+echo "alias tools='. tools.sh'" >> ${HOME}/.bash_aliases
 echo "alias os='openstack'" >> ${HOME}/.bash_aliases
 
 #--- Adapt user prompt and terminal name
+DATA_SHARED_TOOLS_DIR="/data/shared/tools"
 if [ -f ${DATA_SHARED_TOOLS_DIR}/bosh_cli_env ] ; then
   export BOSH_CLI_ENV=`cat ${DATA_SHARED_TOOLS_DIR}/bosh_cli_env`
 else
@@ -78,7 +77,7 @@ else
 fi
 
 echo ". ~/.bashrc" > ${HOME}/.bash_profile
-cp /home/<username>/.bashrc ${HOME}/.bashrc
+cp /home/bosh/.bashrc ${HOME}/.bashrc
 
 echo "#--- User prompt and terminal name" >> ${HOME}/.bashrc
 printf "export PS1='\${debian_chroot:+(\$debian_chroot)}\[\\\033[01;32m\]\h@${BOSH_CLI_ENV}\[\\\033[00m\]:\[\\\033[01;34m\]\w\[\\\033[00m\]$ '\n" >> ${HOME}/.bashrc

bosh-cli/supervisord.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+#===========================================================================
+# Entry point for docker container startup
+#===========================================================================
+
+#--- Push the public key if required
+if [ -n "${SSH_PUBLIC_KEY}" ] ; then
+  if [[ "${SSH_PUBLIC_KEY}" != "ssh-rsa"* ]] ; then
+    SSH_PUBLIC_KEY="ssh-rsa ${SSH_PUBLIC_KEY} public.key@pushed"
+  fi
+  echo "${SSH_PUBLIC_KEY}" > /home/bosh/.ssh/authorized_keys
+  chmod 600 /home/bosh/.ssh/authorized_keys
+  chown bosh:users /home/bosh/.ssh/authorized_keys
+  /usr/local/bin/disable_ssh_password_auth.sh
+fi
+
+#--- Check ssh security
+/usr/local/bin/check_ssh_security.sh "container_init"
+
+#---  Launch ssh daemon
+echo "Starting sshd..."
+/usr/bin/supervisord -c /etc/supervisor/supervisord.conf

scripts/switch → bosh-cli/switch.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 #===========================================================================
-# Switch to Bosh deployment within bosh director
+# Switch to Bosh deployment within the same bosh director
 #===========================================================================
 
 #--- Colors and styles
@@ -11,8 +11,8 @@ export STD='\033[0m'
 export BOLD='\033[1m'
 export REVERSE='\033[7m'
 
-result=$(bosh env | grep "not logged in" 2>&1)
-if [ "${result}" != "" ] ; then
+result=$(bosh env > /dev/null 2>&1)
+if [ ${result} != 0 ] ; then
   printf "\n\n%bERROR : You are not connected to bosh director.%b\n\n" "${RED}" "${STD}"
 else
   #--- Select specific deployment (BOSH_DEPLOYMENT variable)

scripts/tools → bosh-cli/tools.sh

@@ -10,21 +10,19 @@ export BOLD='\033[1m'
 export REVERSE='\033[7m'
 
 display() {
-  flag=$(which $1)
-  if [ "${flag}" != "" ] ; then
-    printf "%b%-15s%b: %s\n" "${GREEN}${BOLD}" "$1" "${STD}" "$2"
-  fi
+  printf "%b%-15s%b: %s\n" "${GREEN}${BOLD}" "$1" "${STD}" "$2"
 }
 
 clear
 printf "%bTOOLS%b\n" "${GREEN}${BOLD}${REVERSE}" "${STD}"
+display "f" "String search in the sub-trees"
+display "gitlog" "Display git commits in nice format"
 display "log-bosh" "Log with bosh CLI V2"
 display "log-cf" "Log with cf CLI"
 display "log-credhub" "Log with credhub CLI"
 display "log-fly" "Log with concourse CLI"
 display "log-mc" "Log with minio/OBOS S3 CLI"
 display "log-openstack" "Log with openstack CLI tools"
-display "log-uaa" "Log with uaa go CLI tools"
 display "log-uaac" "Log with uaac ruby CLI tools"
-display "switch" "Switch to bosh deployment"
-printf "\n"
+display "switch" "Switch to new bosh deployment in the same director"
+printf "\n"