From 19b129338ebbc2d4b2d3b77044e2e6b778856ef3 Mon Sep 17 00:00:00 2001 From: Rob Ballantyne Date: Fri, 11 Aug 2023 11:59:08 +0100 Subject: [PATCH] Move openssh install mamba system env This will prevent providers clobbering our install with theirs We can now run our ssh daemon on an alternative port alongside the provider --- README.md | 8 ++++---- build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh | 8 +++++--- build/COPY_ROOT/opt/ai-dock/bin/supervisor-sshd.sh | 4 ++-- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 7fa6716..cb179c1 100644 --- a/README.md +++ b/README.md @@ -117,18 +117,18 @@ If you are running locally you may instead opt to mount an executable script at ## Software Management -A small software collection is installed by apt-get. This is mostly to provide basic functionality, but also includes `openssh-server` as the OS vendor is likely to be first to patch any security issues. +A small software collection is installed by apt-get to provide basic utility. -All other software is installed into its own environment by `micromamba`, which is a drop-in replacement for conda/mamba. Read more about it [here](https://mamba.readthedocs.io/en/latest/user_guide/micromamba.html). +All other software is installed by `micromamba`, which is a drop-in replacement for conda/mamba. Read more about it [here](https://mamba.readthedocs.io/en/latest/user_guide/micromamba.html). Micromamba environments are particularly useful where several software packages are required but their dependencies conflict. ### Installed Micromamba Environments -| Environment | Packages / Rationale | +| Environment | Packages | | -------------- | ----------------------------------------- | | `base` | micromamba's base environment | -| `system` | `supervisord`, `rclone` - latest versions | +| `system` | `supervisord`, `openssh`, `rclone` | If you are extending this image or running an interactive session where additional software is required, you should almost certainly create a new environment first. See below for guidance. diff --git a/build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh b/build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh index 243f21b..d1e2a53 100755 --- a/build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh +++ b/build/COPY_ROOT/opt/ai-dock/bin/build/layer0/common.sh @@ -21,7 +21,6 @@ $APT_INSTALL \ libelf1 \ lsb-release \ nano \ - openssh-server \ screen \ tmux \ unzip \ @@ -29,12 +28,13 @@ $APT_INSTALL \ zip # Prepare environment for running SSHD +chmod 700 /root mkdir -p /root/.ssh chmod 700 /root/.ssh touch /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys -mkdir -p /run/sshd -chmod 700 /run/sshd +#mkdir -p /run/sshd +#chmod 700 /run/sshd # Remove less relevant parts of motd rm /etc/update-motd.d/10-help-text @@ -50,6 +50,7 @@ micromamba shell init --shell bash --root-prefix=/opt/micromamba $MAMBA_CREATE -n "${MAMBA_BASE_ENV}" python="${MAMBA_BASE_PYTHON_VERSION}" micromamba -n "${MAMBA_BASE_ENV}" install -y -c conda-forge \ supervisor \ + openssh \ rclone # We will use a config from /etc @@ -58,5 +59,6 @@ rm -rf /root/micromamba/envs/"${MAMBA_BASE_ENV}"/etc/supervisord* # Ensure critical paths/files are present mkdir -p --mode=0755 /etc/apt/keyrings mkdir -p /var/log/supervisor +mkdir -p /var/empty mkdir -p /etc/rclone touch /etc/rclone/rclone.conf diff --git a/build/COPY_ROOT/opt/ai-dock/bin/supervisor-sshd.sh b/build/COPY_ROOT/opt/ai-dock/bin/supervisor-sshd.sh index ecc3021..5375e9d 100755 --- a/build/COPY_ROOT/opt/ai-dock/bin/supervisor-sshd.sh +++ b/build/COPY_ROOT/opt/ai-dock/bin/supervisor-sshd.sh @@ -18,6 +18,6 @@ if [[ ! $(ssh-keygen -l -f $ak_file) ]]; then fi printf "Starting SSH server...\n" - +micromamba -n ${MAMBA_BASE_ENV} run /opt/micromamba/envs/"${MAMBA_BASE_ENV}"/bin/ssh-keygen -A wait -n -/usr/sbin/sshd -D -p $SSH_PORT \ No newline at end of file +micromamba -n ${MAMBA_BASE_ENV} run /opt/micromamba/envs/"${MAMBA_BASE_ENV}"/bin/sshd -D -p $SSH_PORT \ No newline at end of file