Merge pull request #539 from jdeathe/centos-7-develop

Release changes for 2.2.4

CHANGELOG.md

@@ -4,6 +4,15 @@
 
 Summary of release changes for Version 2 - CentOS-7
 
+### 2.2.4 - 2017-09-13
+
+- Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.3.
+- Updates `sudo` package to sudo-1.8.6p7-23.el7_3.
+- Adds permissions to restrict access to the healthcheck script.
+- Fixes declaration of local readonly and array bash variables in SCMI scripts.
+- Fixes missing trailing newline in source vagrant insecure public key.
+- Fixes missing trailing newline for keys added to `~/.ssh/authorized_keys`.
+
 ### 2.2.3 - 2017-06-14
 
 - Adds clearer, improved [shpec](https://github.com/rylnd/shpec) test case output.

Dockerfile

@@ -28,7 +28,7 @@ RUN rpm --rebuilddb \
 		openssh-clients-6.6.1p1-35.el7_3 \
 		openssl-1.0.1e-60.el7 \
 		python-setuptools-0.9.8-4.el7 \
-		sudo-1.8.6p7-21.el7_3 \
+		sudo-1.8.6p7-23.el7_3 \
 		vim-minimal-7.4.160-1.el7_3.1 \
 		yum-plugin-versionlock-1.1.31-40.el7 \
 		xz-5.2.2-1.el7 \
@@ -55,7 +55,7 @@ RUN rpm --rebuilddb \
 # supervisord to be easily inspected with "docker logs".
 # -----------------------------------------------------------------------------
 RUN easy_install \
-		'supervisor == 3.3.2' \
+		'supervisor == 3.3.3' \
 		'supervisor-stdout == 0.1.1' \
 	&& mkdir -p \
 		/var/log/supervisor/
@@ -130,7 +130,7 @@ RUN mkdir -p \
 		/etc/services-config/supervisor/supervisord.d/sshd-bootstrap.conf \
 		/etc/supervisord.d/sshd-bootstrap.conf \
 	&& chmod 700 \
-		/usr/sbin/{scmi,sshd-{bootstrap,wrapper}}
+		/usr/{bin/healthcheck,sbin/{scmi,sshd-{bootstrap,wrapper}}}
 
 EXPOSE 22
 
@@ -154,7 +154,7 @@ ENV SSH_AUTHORIZED_KEYS="" \
 # -----------------------------------------------------------------------------
 # Set image metadata
 # -----------------------------------------------------------------------------
-ARG RELEASE_VERSION="2.2.3"
+ARG RELEASE_VERSION="2.2.4"
 LABEL \
 	maintainer="James Deathe <[email protected]>" \
 	install="docker run \

README.md

@@ -7,12 +7,12 @@ Includes public key authentication, Automated password generation and supports c
 
 ## Overview & links
 
-The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.8.1` OR `1.8.1` for the [1.8.1](https://github.com/jdeathe/centos-ssh/tree/1.8.1) release tag and `centos-7-2.2.3` OR `2.2.3` for the [2.2.3](https://github.com/jdeathe/centos-ssh/tree/2.2.3) release tag.
+The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.8.2` OR `1.8.2` for the [1.8.2](https://github.com/jdeathe/centos-ssh/tree/1.8.2) release tag and `centos-7-2.2.4` OR `2.2.4` for the [2.2.4](https://github.com/jdeathe/centos-ssh/tree/2.2.4) release tag.
 
 ### Tags and respective `Dockerfile` links
 
-- `centos-7`,`centos-7-2.2.3`,`2.2.3` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile)
-- `centos-6`,`centos-6-1.8.1`,`1.8.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile)
+- `centos-7`,`centos-7-2.2.4`,`2.2.4` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile)
+- `centos-6`,`centos-6-1.8.2`,`1.8.2` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile)
 
 The Dockerfile can be used to build a base image that is the bases for several other docker images.
 
@@ -105,10 +105,10 @@ $ docker run \
   --rm \
   --privileged \
   --volume /:/media/root \
-  jdeathe/centos-ssh:2.2.3 \
+  jdeathe/centos-ssh:2.2.4 \
   /usr/sbin/scmi install \
     --chroot=/media/root \
-    --tag=2.2.3 \
+    --tag=2.2.4 \
     --name=ssh.pool-1.1.1 \
     --setopt="--volume {{NAME}}.config-ssh:/etc/ssh"
 ```
@@ -122,10 +122,10 @@ $ docker run \
   --rm \
   --privileged \
   --volume /:/media/root \
-  jdeathe/centos-ssh:2.2.3 \
+  jdeathe/centos-ssh:2.2.4 \
   /usr/sbin/scmi uninstall \
     --chroot=/media/root \
-    --tag=2.2.3 \
+    --tag=2.2.4 \
     --name=ssh.pool-1.1.1 \
     --setopt="--volume {{NAME}}.config-ssh:/etc/ssh"
 ```
@@ -139,10 +139,10 @@ $ docker run \
   --rm \
   --privileged \
   --volume /:/media/root \
-  jdeathe/centos-ssh:2.2.3 \
+  jdeathe/centos-ssh:2.2.4 \
   /usr/sbin/scmi install \
     --chroot=/media/root \
-    --tag=2.2.3 \
+    --tag=2.2.4 \
     --name=ssh.pool-1.1.1 \
     --manager=systemd \
     --register \
@@ -162,7 +162,7 @@ Since release tags `1.7.2` / `2.1.2` the install template has been added to the
 _NOTE:_ A prerequisite of the following examples is that the image has been pulled (or loaded from the release package).
 
 ```
-$ docker pull jdeathe/centos-ssh:2.2.3
+$ docker pull jdeathe/centos-ssh:2.2.4
 ```
 
 To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option.
@@ -171,7 +171,7 @@ To see detailed information about the image run `scmi` with the `--info` option.
 $ eval "sudo -E $(
     docker inspect \
     -f "{{.ContainerConfig.Labels.install}}" \
-    jdeathe/centos-ssh:2.2.3
+    jdeathe/centos-ssh:2.2.4
   ) --info"
 ```
 
@@ -181,7 +181,7 @@ To perform an installation using the docker name `ssh.pool-1.2.1` simply use the
 $ eval "sudo -E $(
     docker inspect \
     -f "{{.ContainerConfig.Labels.install}}" \
-    jdeathe/centos-ssh:2.2.3
+    jdeathe/centos-ssh:2.2.4
   ) --name=ssh.pool-1.2.1"
 ```
 
@@ -191,7 +191,7 @@ To uninstall use the *same command* that was used to install but with the `unins
 $ eval "sudo -E $(
     docker inspect \
     -f "{{.ContainerConfig.Labels.uninstall}}" \
-    jdeathe/centos-ssh:2.2.3
+    jdeathe/centos-ssh:2.2.4
   ) --name=ssh.pool-1.2.1"
 ```
 
@@ -204,7 +204,7 @@ To see detailed information about the image run `scmi` with the `--info` option.
 ```
 $ sudo -E atomic install \
   -n ssh.pool-1.3.1 \
-  jdeathe/centos-ssh:2.2.3 \
+  jdeathe/centos-ssh:2.2.4 \
   --info
 ```
 
@@ -213,14 +213,14 @@ To perform an installation using the docker name `ssh.pool-1.3.1` simply use the
 ```
 $ sudo -E atomic install \
   -n ssh.pool-1.3.1 \
-  jdeathe/centos-ssh:2.2.3
+  jdeathe/centos-ssh:2.2.4
 ```
 
 Alternatively, you could use the `scmi` options `--name` or `-n` for naming the container.
 
 ```
 $ sudo -E atomic install \
-  jdeathe/centos-ssh:2.2.3 \
+  jdeathe/centos-ssh:2.2.4 \
   --name ssh.pool-1.3.1
 ```
 
@@ -229,7 +229,7 @@ To uninstall use the *same command* that was used to install but with the `unins
 ```
 $ sudo -E atomic uninstall \
   -n ssh.pool-1.3.1 \
-  jdeathe/centos-ssh:2.2.3
+  jdeathe/centos-ssh:2.2.4
 ```
 
 #### Using environment variables

src/etc/services-config/ssh/authorized_keys

@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key

src/etc/systemd/system/centos-ssh@.service

@@ -51,7 +51,7 @@ Environment="DOCKER_USER=jdeathe"
 Environment="DOCKER_IMAGE_NAME=centos-ssh"
 Environment="DOCKER_CONTAINER_OPTS="
 Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages"
-Environment="DOCKER_IMAGE_TAG=2.2.3"
+Environment="DOCKER_IMAGE_TAG=2.2.4"
 Environment="DOCKER_PORT_MAP_TCP_22=2020"
 Environment="SSH_AUTHORIZED_KEYS="
 Environment="SSH_AUTOSTART_SSHD=true"

src/opt/scmi/environment.sh

@@ -1,12 +1,12 @@
 # -----------------------------------------------------------------------------
 # Constants
 # -----------------------------------------------------------------------------
-DOCKER_USER=jdeathe
-DOCKER_IMAGE_NAME=centos-ssh
+readonly DOCKER_USER=jdeathe
+readonly DOCKER_IMAGE_NAME=centos-ssh
 
 # Tag validation patterns
-DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$'
-DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$'
+readonly DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$'
+readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$'
 
 # -----------------------------------------------------------------------------
 # Variables

src/opt/scmi/service-unit.sh

@@ -1,7 +1,7 @@
 # -----------------------------------------------------------------------------
 # Constants
 # -----------------------------------------------------------------------------
-SERVICE_UNIT_ENVIRONMENT_KEYS="
+readonly SERVICE_UNIT_ENVIRONMENT_KEYS="
  DOCKER_CONTAINER_OPTS
  DOCKER_IMAGE_PACKAGE_PATH
  DOCKER_IMAGE_TAG
@@ -20,7 +20,7 @@ SERVICE_UNIT_ENVIRONMENT_KEYS="
  SSH_USER_PASSWORD_HASHED
  SSH_USER_SHELL
 "
-SERVICE_UNIT_REGISTER_ENVIRONMENT_KEYS="
+readonly SERVICE_UNIT_REGISTER_ENVIRONMENT_KEYS="
  REGISTER_ETCD_PARAMETERS
  REGISTER_TTL
  REGISTER_UPDATE_INTERVAL

src/usr/sbin/scmi

@@ -8,27 +8,27 @@ cd -- "$(
 function scmi ()
 {
 	# Constants
-	local readonly SCMI_INCLUDE_FILES="
+	local -r SCMI_INCLUDE_FILES="
 	 environment.sh
 	 default.sh
 	 service-unit.sh
 	"
-	local readonly SCMI_MANAGER_TYPE_PATTERN='^(docker|fleet|systemd)$'
-	local readonly SCMI_NAME_FORMAT='{<name>|<name>.[group]}.<instance>.<node>'
-	local readonly SCMI_PACKAGE_NAME="scmi"
+	local -r SCMI_MANAGER_TYPE_PATTERN='^(docker|fleet|systemd)$'
+	local -r SCMI_NAME_FORMAT='{<name>|<name>.[group]}.<instance>.<node>'
+	local -r SCMI_PACKAGE_NAME="scmi"
 
 	# Default settings
 	local SCMI_COMMAND=""
 	local SCMI_CHROOT_PATH="/"
-	declare -a local SCMI_ENV
+	local -a SCMI_ENV
 	local SCMI_IMAGE_PACKAGE_PATH="/var/opt/scmi/packages"
 	local SCMI_INFO=false
 	local SCMI_MANAGER_TYPE="docker"
 	local SCMI_NAME=""
 	local SCMI_QUIET=false
 	local SCMI_REGISTER_ENABLED=false
 	local SCMI_RESTART=""
-	declare -a local SCMI_SETOPT
+	local -a SCMI_SETOPT
 	local SCMI_TAG="latest"
 
 	# Abort if not run by root user or with sudo
@@ -703,8 +703,8 @@ function scmi_fleet_get_unit_state ()
 
 function scmi_fleet_install ()
 {
-	declare -a local UNIT_FILE_HASH
-	declare -a local PIDS
+	local -a UNIT_FILE_HASH
+	local -a PIDS
 	local STATUS_COMMAND
 
 	scmi_fleet_prerequisites
@@ -1360,8 +1360,8 @@ function scmi_is_valid_managed_docker_name ()
 function scmi_manager_type_command_prerequisites ()
 {
 	local COMMAND
-	declare -a local COMMANDS
-	declare -a local COMMAND_PATHS=(
+	local -a COMMANDS
+	local -a COMMAND_PATHS=(
 		'/usr/local/bin'
 		'/usr/bin'
 	)
@@ -1816,7 +1816,7 @@ function scmi_systemd_get_unit_file_path ()
 
 function scmi_systemd_install ()
 {
-	declare -a local PIDS
+	local -a PIDS
 	local STATUS_COMMAND
 
 	scmi_systemd_prerequisites

src/usr/sbin/sshd-bootstrap

@@ -699,7 +699,7 @@ if [[ ! -d ${OPTS_SSH_USER_HOME}/.ssh ]]; then
 			"${OPTS_SSH_USER_HOME}"
 	else
 		printf \
-			-- '%s' \
+			-- '%s\n' \
 			"${OPTS_SSH_AUTHORIZED_KEYS}" \
 			> "${OPTS_SSH_USER_HOME}"/.ssh/authorized_keys