From 48e66a20cf77df71d241b5301d691d3a5d78090d Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 31 Aug 2017 22:31:53 +0100 Subject: [PATCH 01/10] ISSUE 525: Updates supervisor to 3.3.3. --- CHANGELOG.md | 4 ++++ Dockerfile | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8c91d41..f589733 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ Summary of release changes for Version 2 - CentOS-7 +### 2.2.4 - Unreleased + +- Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.3. + ### 2.2.3 - 2017-06-14 - Adds clearer, improved [shpec](https://github.com/rylnd/shpec) test case output. diff --git a/Dockerfile b/Dockerfile index f9c4f9a..00125c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,7 @@ RUN rpm --rebuilddb \ # supervisord to be easily inspected with "docker logs". # ----------------------------------------------------------------------------- RUN easy_install \ - 'supervisor == 3.3.2' \ + 'supervisor == 3.3.3' \ 'supervisor-stdout == 0.1.1' \ && mkdir -p \ /var/log/supervisor/ From 8efc5b06e6cc33fa6e5af6fec2be730f874eb67b Mon Sep 17 00:00:00 2001 From: James Deathe Date: Thu, 31 Aug 2017 23:44:18 +0100 Subject: [PATCH 02/10] ISSUE 525: Updates sudo package to latest. --- CHANGELOG.md | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f589733..c0bc52b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Summary of release changes for Version 2 - CentOS-7 ### 2.2.4 - Unreleased - Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.3. +- Updates `sudo` package to sudo-1.8.6p7-23.el7_3. ### 2.2.3 - 2017-06-14 diff --git a/Dockerfile b/Dockerfile index 00125c5..7928155 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,7 @@ RUN rpm --rebuilddb \ openssh-clients-6.6.1p1-35.el7_3 \ openssl-1.0.1e-60.el7 \ python-setuptools-0.9.8-4.el7 \ - sudo-1.8.6p7-21.el7_3 \ + sudo-1.8.6p7-23.el7_3 \ vim-minimal-7.4.160-1.el7_3.1 \ yum-plugin-versionlock-1.1.31-40.el7 \ xz-5.2.2-1.el7 \ From 8b4f46f6b0e347cfc3d15ea737da41ec70990ed7 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 1 Sep 2017 00:09:27 +0100 Subject: [PATCH 03/10] ISSUE 521: Adds necessary permissions to the healthcheck script. --- CHANGELOG.md | 1 + Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0bc52b..4624d81 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ Summary of release changes for Version 2 - CentOS-7 - Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.3. - Updates `sudo` package to sudo-1.8.6p7-23.el7_3. +- Adds permissions to restrict access to the healthcheck script. ### 2.2.3 - 2017-06-14 diff --git a/Dockerfile b/Dockerfile index 7928155..5419ca1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -130,7 +130,7 @@ RUN mkdir -p \ /etc/services-config/supervisor/supervisord.d/sshd-bootstrap.conf \ /etc/supervisord.d/sshd-bootstrap.conf \ && chmod 700 \ - /usr/sbin/{scmi,sshd-{bootstrap,wrapper}} + /usr/{bin/healthcheck,sbin/{scmi,sshd-{bootstrap,wrapper}}} EXPOSE 22 From 6468b99c29154a752a663a09d1f6a796c2bc4e81 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Sep 2017 20:10:04 +0100 Subject: [PATCH 04/10] ISSUE 519: Fixes declaration of local readonly and array variables in SCMI scripts. --- CHANGELOG.md | 1 + src/opt/scmi/environment.sh | 8 ++++---- src/opt/scmi/service-unit.sh | 4 ++-- src/usr/sbin/scmi | 22 +++++++++++----------- 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4624d81..a4587ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Summary of release changes for Version 2 - CentOS-7 - Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.3. - Updates `sudo` package to sudo-1.8.6p7-23.el7_3. - Adds permissions to restrict access to the healthcheck script. +- Fixes declaration of local readonly and array bash variables in SCMI scripts. ### 2.2.3 - 2017-06-14 diff --git a/src/opt/scmi/environment.sh b/src/opt/scmi/environment.sh index 44d083e..128dc0f 100644 --- a/src/opt/scmi/environment.sh +++ b/src/opt/scmi/environment.sh @@ -1,12 +1,12 @@ # ----------------------------------------------------------------------------- # Constants # ----------------------------------------------------------------------------- -DOCKER_USER=jdeathe -DOCKER_IMAGE_NAME=centos-ssh +readonly DOCKER_USER=jdeathe +readonly DOCKER_IMAGE_NAME=centos-ssh # Tag validation patterns -DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$' -DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$' +readonly DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$' +readonly DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$' # ----------------------------------------------------------------------------- # Variables diff --git a/src/opt/scmi/service-unit.sh b/src/opt/scmi/service-unit.sh index 9ded1c6..9578a16 100644 --- a/src/opt/scmi/service-unit.sh +++ b/src/opt/scmi/service-unit.sh @@ -1,7 +1,7 @@ # ----------------------------------------------------------------------------- # Constants # ----------------------------------------------------------------------------- -SERVICE_UNIT_ENVIRONMENT_KEYS=" +readonly SERVICE_UNIT_ENVIRONMENT_KEYS=" DOCKER_CONTAINER_OPTS DOCKER_IMAGE_PACKAGE_PATH DOCKER_IMAGE_TAG @@ -20,7 +20,7 @@ SERVICE_UNIT_ENVIRONMENT_KEYS=" SSH_USER_PASSWORD_HASHED SSH_USER_SHELL " -SERVICE_UNIT_REGISTER_ENVIRONMENT_KEYS=" +readonly SERVICE_UNIT_REGISTER_ENVIRONMENT_KEYS=" REGISTER_ETCD_PARAMETERS REGISTER_TTL REGISTER_UPDATE_INTERVAL diff --git a/src/usr/sbin/scmi b/src/usr/sbin/scmi index 4704b39..4cab928 100755 --- a/src/usr/sbin/scmi +++ b/src/usr/sbin/scmi @@ -8,19 +8,19 @@ cd -- "$( function scmi () { # Constants - local readonly SCMI_INCLUDE_FILES=" + local -r SCMI_INCLUDE_FILES=" environment.sh default.sh service-unit.sh " - local readonly SCMI_MANAGER_TYPE_PATTERN='^(docker|fleet|systemd)$' - local readonly SCMI_NAME_FORMAT='{|.[group]}..' - local readonly SCMI_PACKAGE_NAME="scmi" + local -r SCMI_MANAGER_TYPE_PATTERN='^(docker|fleet|systemd)$' + local -r SCMI_NAME_FORMAT='{|.[group]}..' + local -r SCMI_PACKAGE_NAME="scmi" # Default settings local SCMI_COMMAND="" local SCMI_CHROOT_PATH="/" - declare -a local SCMI_ENV + local -a SCMI_ENV local SCMI_IMAGE_PACKAGE_PATH="/var/opt/scmi/packages" local SCMI_INFO=false local SCMI_MANAGER_TYPE="docker" @@ -28,7 +28,7 @@ function scmi () local SCMI_QUIET=false local SCMI_REGISTER_ENABLED=false local SCMI_RESTART="" - declare -a local SCMI_SETOPT + local -a SCMI_SETOPT local SCMI_TAG="latest" # Abort if not run by root user or with sudo @@ -703,8 +703,8 @@ function scmi_fleet_get_unit_state () function scmi_fleet_install () { - declare -a local UNIT_FILE_HASH - declare -a local PIDS + local -a UNIT_FILE_HASH + local -a PIDS local STATUS_COMMAND scmi_fleet_prerequisites @@ -1360,8 +1360,8 @@ function scmi_is_valid_managed_docker_name () function scmi_manager_type_command_prerequisites () { local COMMAND - declare -a local COMMANDS - declare -a local COMMAND_PATHS=( + local -a COMMANDS + local -a COMMAND_PATHS=( '/usr/local/bin' '/usr/bin' ) @@ -1816,7 +1816,7 @@ function scmi_systemd_get_unit_file_path () function scmi_systemd_install () { - declare -a local PIDS + local -a PIDS local STATUS_COMMAND scmi_systemd_prerequisites From 9f9b889f4c1d0f5817d814d936b473d48fb3448f Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Sep 2017 21:08:59 +0100 Subject: [PATCH 05/10] ISSUE 519: Adds more generic ready state function to tests. --- test/shpec/operation_shpec.sh | 122 ++++++++++++++++++++++++++++------ 1 file changed, 102 insertions(+), 20 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index c5f0c96..8a88371 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -35,23 +35,30 @@ function __get_container_port () "${value}" } +# container - Docker container name. +# counter - Timeout counter in seconds. +# process_pattern - Regular expression pattern used to match running process. +# ready_test - Command used to test if the service is ready. function __is_container_ready () { local container="${1:-}" - local process_pattern="${2:-}" local counter=$( awk \ - -v seconds="${3:-10}" \ + -v seconds="${2:-10}" \ 'BEGIN { print 10 * seconds; }' ) + local process_pattern="${3:-}" + local ready_test="${4:-true}" until (( counter == 0 )); do sleep 0.1 if docker exec ${container} \ - bash -c "ps axo command" \ - | grep -qE "${process_pattern}" \ - > /dev/null 2>&1; then + bash -c "ps axo command \ + | grep -qE \"${process_pattern}\" \ + && eval \"${ready_test}\"" \ + &> /dev/null + then break fi @@ -158,7 +165,12 @@ function test_basic_ssh_operations () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -284,7 +296,12 @@ function test_basic_sftp_operations () if ! __is_container_ready \ sftp.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -399,7 +416,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -456,7 +478,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -512,7 +539,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -568,7 +600,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -646,7 +683,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -702,7 +744,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -759,7 +806,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -817,7 +869,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -865,7 +922,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -943,7 +1005,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -1006,7 +1073,12 @@ function test_custom_ssh_configuration () if ! __is_container_ready \ ssh.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -1088,7 +1160,12 @@ function test_custom_sftp_configuration () if ! __is_container_ready \ sftp.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi @@ -1189,7 +1266,12 @@ function test_custom_sftp_configuration () if ! __is_container_ready \ sftp.pool-1.1.1 \ - "/usr/sbin/sshd -D"; then + ${STARTUP_TIME} \ + "/usr/sbin/sshd " \ + "grep \ + '^Server listening on 0\.0\.0\.0 port 22\.' \ + /var/log/secure" + then exit 1 fi From e1eca59923d99723278efaf9d7f0db5ddedc34b6 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Mon, 11 Sep 2017 21:11:35 +0100 Subject: [PATCH 06/10] ISSUE 519: Adds 1 second correction to statup delay in healthcheck tests. --- test/shpec/operation_shpec.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 8a88371..03ca80d 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -1348,7 +1348,7 @@ function test_healthcheck () awk \ -v interval_seconds="${interval_seconds}" \ -v startup_time="${STARTUP_TIME}" \ - 'BEGIN { print interval_seconds + startup_time; }' + 'BEGIN { print 1 + interval_seconds + startup_time; }' ) it "Returns healthy after startup." @@ -1423,7 +1423,7 @@ function test_healthcheck () awk \ -v interval_seconds="${interval_seconds}" \ -v startup_time="${STARTUP_TIME}" \ - 'BEGIN { print interval_seconds + startup_time; }' + 'BEGIN { print 1 + interval_seconds + startup_time; }' ) it "Returns healthy after startup." From 72796c6209f8e0e07dec74a6dff19e276311edd6 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Sep 2017 21:52:35 +0100 Subject: [PATCH 07/10] ISSUE 528: Fixes missing trailing newline in source vagrant insecure public key. --- CHANGELOG.md | 1 + src/etc/services-config/ssh/authorized_keys | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a4587ff..4459b34 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ Summary of release changes for Version 2 - CentOS-7 - Updates `sudo` package to sudo-1.8.6p7-23.el7_3. - Adds permissions to restrict access to the healthcheck script. - Fixes declaration of local readonly and array bash variables in SCMI scripts. +- Fixes missing trailing newline in source vagrant insecure public key. ### 2.2.3 - 2017-06-14 diff --git a/src/etc/services-config/ssh/authorized_keys b/src/etc/services-config/ssh/authorized_keys index e026dfe..18a9c00 100755 --- a/src/etc/services-config/ssh/authorized_keys +++ b/src/etc/services-config/ssh/authorized_keys @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key \ No newline at end of file +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key From d55244983ddadcf169e9d84ab3d1958d4fa47b68 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Sep 2017 22:31:55 +0100 Subject: [PATCH 08/10] ISSUE 528: Adds newline to values added to the SSH_USER's ~/.ssh/authorized_keys file. --- CHANGELOG.md | 1 + src/usr/sbin/sshd-bootstrap | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4459b34..558e251 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ Summary of release changes for Version 2 - CentOS-7 - Adds permissions to restrict access to the healthcheck script. - Fixes declaration of local readonly and array bash variables in SCMI scripts. - Fixes missing trailing newline in source vagrant insecure public key. +- Fixes missing trailing newline for keys added to `~/.ssh/authorized_keys`. ### 2.2.3 - 2017-06-14 diff --git a/src/usr/sbin/sshd-bootstrap b/src/usr/sbin/sshd-bootstrap index cbed6eb..3704bae 100755 --- a/src/usr/sbin/sshd-bootstrap +++ b/src/usr/sbin/sshd-bootstrap @@ -699,7 +699,7 @@ if [[ ! -d ${OPTS_SSH_USER_HOME}/.ssh ]]; then "${OPTS_SSH_USER_HOME}" else printf \ - -- '%s' \ + -- '%s\n' \ "${OPTS_SSH_AUTHORIZED_KEYS}" \ > "${OPTS_SSH_USER_HOME}"/.ssh/authorized_keys From 31e4de2675c00eaba71a7c8cd254688fd1adc44e Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 12 Sep 2017 23:14:45 +0100 Subject: [PATCH 09/10] ISSUE 528: Adds test for ability to append to ~/.ssh/authorized_keys. --- test/shpec/operation_shpec.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/test/shpec/operation_shpec.sh b/test/shpec/operation_shpec.sh index 03ca80d..174d338 100644 --- a/test/shpec/operation_shpec.sh +++ b/test/shpec/operation_shpec.sh @@ -378,6 +378,7 @@ function test_basic_sftp_operations () function test_custom_ssh_configuration () { + local append_line="" local container_port_22="" local user="" local user_env_value="" @@ -576,6 +577,21 @@ function test_custom_ssh_configuration () "${user_key_signature}" \ "${PUBLIC_KEY_ID_RSA_TEST_1_SIGNATURE}" end + + it "Can append to key" + append_line="$(docker exec -t \ + ssh.pool-1.1.1 \ + bash -c "printf -- '#\n' \ + >> /home/app-admin/.ssh/authorized_keys \ + && tail -n 1 \ + < /home/app-admin/.ssh/authorized_keys \ + | tr -d '\n'" + )" + + assert equal \ + "${append_line}" \ + "#" + end end describe "Configure multiple public keys" From 3e09d527aba6915503b2379ed90a267a2d6712a2 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 13 Sep 2017 09:44:06 +0100 Subject: [PATCH 10/10] Changes for releases 1.8.2 and 2.2.4 --- CHANGELOG.md | 2 +- Dockerfile | 2 +- README.md | 34 +++++++++++----------- src/etc/systemd/system/centos-ssh@.service | 2 +- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 558e251..b87f810 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ Summary of release changes for Version 2 - CentOS-7 -### 2.2.4 - Unreleased +### 2.2.4 - 2017-09-13 - Updates [supervisor](http://supervisord.org/changes.html) to version 3.3.3. - Updates `sudo` package to sudo-1.8.6p7-23.el7_3. diff --git a/Dockerfile b/Dockerfile index 5419ca1..a362fcf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -154,7 +154,7 @@ ENV SSH_AUTHORIZED_KEYS="" \ # ----------------------------------------------------------------------------- # Set image metadata # ----------------------------------------------------------------------------- -ARG RELEASE_VERSION="2.2.3" +ARG RELEASE_VERSION="2.2.4" LABEL \ maintainer="James Deathe " \ install="docker run \ diff --git a/README.md b/README.md index 67c9d36..2f9aa3d 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,12 @@ Includes public key authentication, Automated password generation and supports c ## Overview & links -The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.8.1` OR `1.8.1` for the [1.8.1](https://github.com/jdeathe/centos-ssh/tree/1.8.1) release tag and `centos-7-2.2.3` OR `2.2.3` for the [2.2.3](https://github.com/jdeathe/centos-ssh/tree/2.2.3) release tag. +The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.8.2` OR `1.8.2` for the [1.8.2](https://github.com/jdeathe/centos-ssh/tree/1.8.2) release tag and `centos-7-2.2.4` OR `2.2.4` for the [2.2.4](https://github.com/jdeathe/centos-ssh/tree/2.2.4) release tag. ### Tags and respective `Dockerfile` links -- `centos-7`,`centos-7-2.2.3`,`2.2.3` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) -- `centos-6`,`centos-6-1.8.1`,`1.8.1` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) +- `centos-7`,`centos-7-2.2.4`,`2.2.4` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) +- `centos-6`,`centos-6-1.8.2`,`1.8.2` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) The Dockerfile can be used to build a base image that is the bases for several other docker images. @@ -105,10 +105,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:2.2.3 \ + jdeathe/centos-ssh:2.2.4 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=2.2.3 \ + --tag=2.2.4 \ --name=ssh.pool-1.1.1 \ --setopt="--volume {{NAME}}.config-ssh:/etc/ssh" ``` @@ -122,10 +122,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:2.2.3 \ + jdeathe/centos-ssh:2.2.4 \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ - --tag=2.2.3 \ + --tag=2.2.4 \ --name=ssh.pool-1.1.1 \ --setopt="--volume {{NAME}}.config-ssh:/etc/ssh" ``` @@ -139,10 +139,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:2.2.3 \ + jdeathe/centos-ssh:2.2.4 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=2.2.3 \ + --tag=2.2.4 \ --name=ssh.pool-1.1.1 \ --manager=systemd \ --register \ @@ -162,7 +162,7 @@ Since release tags `1.7.2` / `2.1.2` the install template has been added to the _NOTE:_ A prerequisite of the following examples is that the image has been pulled (or loaded from the release package). ``` -$ docker pull jdeathe/centos-ssh:2.2.3 +$ docker pull jdeathe/centos-ssh:2.2.4 ``` To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option. @@ -171,7 +171,7 @@ To see detailed information about the image run `scmi` with the `--info` option. $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh:2.2.3 + jdeathe/centos-ssh:2.2.4 ) --info" ``` @@ -181,7 +181,7 @@ To perform an installation using the docker name `ssh.pool-1.2.1` simply use the $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh:2.2.3 + jdeathe/centos-ssh:2.2.4 ) --name=ssh.pool-1.2.1" ``` @@ -191,7 +191,7 @@ To uninstall use the *same command* that was used to install but with the `unins $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.uninstall}}" \ - jdeathe/centos-ssh:2.2.3 + jdeathe/centos-ssh:2.2.4 ) --name=ssh.pool-1.2.1" ``` @@ -204,7 +204,7 @@ To see detailed information about the image run `scmi` with the `--info` option. ``` $ sudo -E atomic install \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:2.2.3 \ + jdeathe/centos-ssh:2.2.4 \ --info ``` @@ -213,14 +213,14 @@ To perform an installation using the docker name `ssh.pool-1.3.1` simply use the ``` $ sudo -E atomic install \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:2.2.3 + jdeathe/centos-ssh:2.2.4 ``` Alternatively, you could use the `scmi` options `--name` or `-n` for naming the container. ``` $ sudo -E atomic install \ - jdeathe/centos-ssh:2.2.3 \ + jdeathe/centos-ssh:2.2.4 \ --name ssh.pool-1.3.1 ``` @@ -229,7 +229,7 @@ To uninstall use the *same command* that was used to install but with the `unins ``` $ sudo -E atomic uninstall \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:2.2.3 + jdeathe/centos-ssh:2.2.4 ``` #### Using environment variables diff --git a/src/etc/systemd/system/centos-ssh@.service b/src/etc/systemd/system/centos-ssh@.service index da365c7..54e94e6 100644 --- a/src/etc/systemd/system/centos-ssh@.service +++ b/src/etc/systemd/system/centos-ssh@.service @@ -51,7 +51,7 @@ Environment="DOCKER_USER=jdeathe" Environment="DOCKER_IMAGE_NAME=centos-ssh" Environment="DOCKER_CONTAINER_OPTS=" Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages" -Environment="DOCKER_IMAGE_TAG=2.2.3" +Environment="DOCKER_IMAGE_TAG=2.2.4" Environment="DOCKER_PORT_MAP_TCP_22=2020" Environment="SSH_AUTHORIZED_KEYS=" Environment="SSH_AUTOSTART_SSHD=true"