Merge pull request #421 from jdeathe/centos-7-develop

Release changes for 2.1.4

CHANGELOG.md

@@ -0,0 +1,97 @@
+# Change Log
+
+## centos-7
+
+Summary of release changes for Version 2 - CentOS-7
+
+### 2.1.4 - 2016-12-04
+
+- Adds correct Makefile usage instructions for 'build' target.
+- Adds info regarding NULL port values in Makefile help.
+- Removes requirement for `gawk` in the port handling functions for SCMI and the systemd template unit-file.
+- Adds reduced number of build steps to image which helps reduce final image size.
+- Adds `-u` parameter to `sshd` options to help reduce time spent doing DNS lookups during authentication.
+- Adds a change log (`CHANGELOG.md`).
+- Adds support for semantic version numbered tags.
+
+### 2.1.3 - 2016-10-02
+
+- Adds Makefile help target with usage instructions.
+- Splits up the Makefile targets into internal and public types.
+- Adds correct `scmi` path in usage instructions.
+- Changes `PACKAGE_PATH` to `DIST_PATH` in line with the Makefile environment include. Not currently used by `scmi` but changing for consistency.
+- Changes `DOCKER_CONTAINER_PARAMETERS_APPEND` to `DOCKER_CONTAINER_OPTS` for usability. This is a potentially breaking change that could affect systemd service configurations if using the Environment variable in a drop-in customisation. However, if using the systemd template unit-files it should be pinned to a specific version tag. The Makefile should only be used for development/testing and usage in `scmi` is internal only as the `--setopt` parameter is used to build up the optional container parameters. 
+- Removes X-Fleet section from template unit-file.
+- Adds support for Base64 encoded `SSH_AUTHORIZED_KEYS` values. This resolves issues with setting multiple keys for the systemd installations.
+
+### 2.1.2 - 2016-09-16
+
+- Fixed issue with sshd process not running on container startup.
+
+### 2.1.1 - 2016-09-15
+
+- Fixes issue running `make dist` before creating package path.
+- Removes `Default requiretty` from sudoers configuration. This allows for sudo commands to be run via without the requirement to use the `-t` option of the `ssh` command.
+- Adds correct path to scmi on image for install/uninstall.
+- Improves readability of Dockerfile.
+- Adds consistent method of handling publishing of exposed ports. It's now possible to prevent publishing of the default exposed port when using scmi/make for installation.
+- Adds minor improvement to the systemd register template unit-file.
+- Adds `/usr/sbin/sshd-wrapper` and moves lock file handling out of supervisord configuration.
+- Adds bootstrap script syntax changes for consistency and readability.
+- Adds correction to scmi usage instructions; using centos-7-2.1.0 release tag would have resulted in error if attempting an `atomic install`.
+- Changes Makefile environment variable from `PACKAGE_PATH` to `DIST_PATH` as the name conflicts with the Dockerfile ARG value used in some downstream builds. This is only used when building the, distributable, image package that gets attached to each release.
+
+### 2.1.0 - 2016-08-26
+
+- Added `scmi` (Services Container Manager Interface) to the image to simplify deployment and management of container instances using simply docker itself, using systemd for single docker hosts or fleet for clustered docker hosts.
+- Added metadata labels to the Dockerfile which defines the docker commands to run for operation (install/uninstall). This combined with `scmi` enables the use of Atomic Host's `atomic install|uninistall` commands.
+- The `xz` archive package has ben added to the image to allow `scmi` to load an image package from disk instead of requiring registry access to pull release images.
+- Updated Supervisor to `3.3.1`.
+- Warn operator if any supplied environment variable values failed validation and have been set to a safe default.
+- Added `DOCKER_CONTAINER_PARAMETERS_APPEND` which allows the docker operator to append parameters to the default docker create template.
+- Removed handling of Configuration Data Volumes from the helper scripts and from the Systemd unit-file definitions. Volumes can be added using the environment variable `DOCKER_CONTAINER_PARAMETERS_APPEND` or with the `--setopt` option with `scmi`.
+- Removed the `build.sh` and `run.sh` helper scripts that were deprecated and have been replaced with the Makefile targets. With `make` installed the process of building and running a container from the Dockerfile is `make build install start` or to replicate the previous build helper `make build images install start ps`.
+- Systemd template unit-files have been renamed to `[email protected]` and `[email protected]`. The (optional) register sidekick now contains placeholder `{{SERVICE_UNIT_NAME}}` that is needs gets replaced with the service unit when installing using `scmi`.
+- The default value for `DOCKER_IMAGE_PACKAGE_PATH` in the systemd template unit-file has been changed from `/var/services-packages` to `/var/opt/scmi/packages`.
+
+### 2.0.3 - 2016-06-21
+
+- Fixed broken pipe error returned from get_password function in the sshd_bootstrap script.
+- Replaced hard-coded volume configuration volume name with Systemd template with the Environment variable `VOLUME_CONFIG_NAME`.
+- Fixed issue with setting an empty string for the `DOCKER_PORT_MAP_TCP_22` value - allowing docker to auto-assign a port number.
+- Split out build specific configuration from the Makefile into a default.mk file and renamed make.conf to environment.mk - Makefile should now be more portable between Docker projects.
+
+### 2.0.2 - 2016-05-21
+
+- Updated container packages `sudo` and `openssh`.
+- Updated container's supervisord to 3.2.3.
+- Added `SSH_AUTOSTART_SSHD` && `SSH_AUTOSTART_SSHD_BOOTSTRAP` to allow the operator or downstream developer to prevent the sshd service and/or sshd-bootstrap from startup.
+- Added Makefile to replace `build.sh` and `run.sh` helper scripts. See [#162](https://github.com/jdeathe/centos-ssh/pull/162) for notes on usage instructions.
+- Set Dockerfile environment variable values in a single build step which helps reduce build time.
+- Fixed issue with setting SSH USER UID:GID values in systemd installation.
+- Fixed issue with setting of `SSH_SUDO` in Systemd installation.
+- Replaced custom awk type filters with docker native commands where possible.
+- Fixed issue preventing sshd restarts being possible due to bootstrap lock file dependancy.
+- Use `exec` to run the sshd daemon within the container.
+- Use `exec` to run the docker daemon process from the systemd unit file template.
+- Reduced startup time by ~1 second by not requiring supervisord to wait for the sshd service to stay up for the default 1 second.
+- Revised systemd installation process, installer script and service template. `[email protected]` has been replaced by `[email protected]` and local instances are created of the form `[email protected]`, `[email protected]`, `[email protected]` etc. which correspond to docker containers named `ssh.pool-1.1.1`, `ssh.pool-1.2.1`, `ssh.pool-1.3.1` etc. To start 3 systemd managed containers you can simply run:
+
+  ```
+  $ for i in {1..3}; do sudo env SERVICE_UNIT_LOCAL_ID=$i ./systemd-install.sh; done
+  ```
+
+- The systemd service registration feature is now enabled via an optional service unit template file `[email protected]`. 
+
+### 2.0.1 - 2016-03-20
+
+- Fixed '/dev/stdin: Stale file handle' issue seen when using Ubuntu 14.04.4 LTS or Kitematic 0.10.0 as the docker host.
+- Fixed default value for `SSH_USER_FORCE_SFTP`.
+- Removed the delay for output to docker logs.
+- Improved bootstrap startup time and included bootstrap time in the SSHD Details log.
+- Added a more robust method of triggering the SSHD process; the sshd-boostrap needs to complete with a non-zero exit code to trigger the SSHD process instead of simply waiting for 2 seconds and starting regardless.
+- Systemd definition to use specific tag.
+
+### 2.0.0 - 2016-02-28
+
+- Initial release

Dockerfile

@@ -9,19 +9,15 @@ FROM centos:centos7.2.1511
 MAINTAINER James Deathe <[email protected]>
 
 # -----------------------------------------------------------------------------
-# Import the RPM GPG keys for Repositories
+# Base Install + Import the RPM GPG keys for Repositories
 # -----------------------------------------------------------------------------
-RUN rpm --import \
+RUN rpm --rebuilddb \
+	&& rpm --import \
 		http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7 \
 	&& rpm --import \
 		https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 \
 	&& rpm --import \
-		https://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY
-
-# -----------------------------------------------------------------------------
-# Base Install
-# -----------------------------------------------------------------------------
-RUN rpm --rebuilddb \
+		https://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY \
 	&& yum -y install \
 		centos-release-scl \
 		centos-release-scl-rh \
@@ -44,8 +40,12 @@ RUN rpm --rebuilddb \
 		openssh-clients \
 		python-setuptools \
 		yum-plugin-versionlock \
-	&& rm -rf /var/cache/yum/* \
-	&& yum clean all
+	&& yum clean all \
+	&& rm -rf /etc/ld.so.cache \
+	&& rm -rf /sbin/sln \
+	&& rm -rf /usr/{{lib,share}/locale,share/{man,doc,info,cracklib,i18n},{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive} \
+	&& rm -rf /{root,tmp,var/cache/{ldconfig,yum}}/* \
+	&& > /etc/sysconfig/i18n
 
 # -----------------------------------------------------------------------------
 # Install supervisord (required to run more than a single process in a container)
@@ -129,15 +129,6 @@ RUN mkdir -p \
 	&& chmod 700 \
 		/usr/sbin/{scmi,sshd-{bootstrap,wrapper}}
 
-# -----------------------------------------------------------------------------
-# Purge
-# -----------------------------------------------------------------------------
-RUN rm -rf /etc/ld.so.cache \
-	; rm -rf /sbin/sln \
-	; rm -rf /usr/{{lib,share}/locale,share/{man,doc,info,cracklib,i18n},{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive} \
-	; rm -rf /{root,tmp,var/cache/{ldconfig,yum}}/* \
-	; > /etc/sysconfig/i18n
-
 EXPOSE 22
 
 # -----------------------------------------------------------------------------
@@ -160,31 +151,31 @@ ENV SSH_AUTHORIZED_KEYS="" \
 # -----------------------------------------------------------------------------
 # Set image metadata
 # -----------------------------------------------------------------------------
-ARG RELEASE_VERSION="2.1.3"
+ARG RELEASE_VERSION="2.1.4"
 LABEL \
 	install="docker run \
 --rm \
 --privileged \
 --volume /:/media/root \
-jdeathe/centos-ssh:centos-7-${RELEASE_VERSION} \
+jdeathe/centos-ssh:${RELEASE_VERSION} \
 /usr/sbin/scmi install \
 --chroot=/media/root \
 --name=\${NAME} \
---tag=centos-7-${RELEASE_VERSION} \
+--tag=${RELEASE_VERSION} \
 --setopt='--volume {{NAME}}.config-ssh:/etc/ssh'" \
 	uninstall="docker run \
 --rm \
 --privileged \
 --volume /:/media/root \
-jdeathe/centos-ssh:centos-7-${RELEASE_VERSION} \
+jdeathe/centos-ssh:${RELEASE_VERSION} \
 /usr/sbin/scmi uninstall \
 --chroot=/media/root \
 --name=\${NAME} \
---tag=centos-7-${RELEASE_VERSION} \
+--tag=${RELEASE_VERSION} \
 --setopt='--volume {{NAME}}.config-ssh:/etc/ssh'" \
 	org.deathe.name="centos-ssh" \
 	org.deathe.version="${RELEASE_VERSION}" \
-	org.deathe.release="jdeathe/centos-ssh:centos-7-${RELEASE_VERSION}" \
+	org.deathe.release="jdeathe/centos-ssh:${RELEASE_VERSION}" \
 	org.deathe.license="MIT" \
 	org.deathe.vendor="jdeathe" \
 	org.deathe.url="https://github.com/jdeathe/centos-ssh" \

Makefile

@@ -10,8 +10,7 @@ container image defined by the Dockerfile.
 
 Targets:
   all                       Combines targets build images install start and ps.
-  build                     Runs the packer build job. This is the
-                            default target.
+  build                     Builds the image. This is the default target.
   clean                     Clean up build artifacts.
   create                    Execute the create container template.
   dist                      Pull a release version from the registry and save a
@@ -53,8 +52,9 @@ Variables:
   - DOCKER_PORT_MAP_TCP_*   The port map variable is used to define the initial 
                             port mapping to use for the docker host value where  
                             "*" corresponds to an exposed port on the container.
-                            Setting this to an empty string will result in an 
-                            automatically assigned port.
+                            Setting this to an empty string or 0 will result in 
+                            an automatically assigned port and setting to NULL 
+                            will prevent the port from being published.
   - DOCKER_RESTART_POLICY   Defines the container restart policy. 
   - DIST_PATH               Ouput directory path - where the release package 
                             artifacts are placed.

README.md

@@ -7,10 +7,12 @@ Includes public key authentication, Automated password generation and supports c
 
 ## Overview & links
 
-The latest CentOS-6 / CentOS-7 based releases can be pulled from the centos-6 / centos-7 Docker tags respectively. For a specific release tag the convention is `centos-6-1.5.0` for the [1.5.0](https://github.com/jdeathe/centos-ssh/tree/1.5.0) release tag and `centos-7-2.0.0` for the [2.0.0](https://github.com/jdeathe/centos-ssh/tree/2.0.0) release tag.
+The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.7.4` OR `1.7.4` for the [1.7.4](https://github.com/jdeathe/centos-ssh/tree/1.7.4) release tag and `centos-7-2.1.4` OR `2.1.4` for the [2.1.4](https://github.com/jdeathe/centos-ssh/tree/2.1.4) release tag.
 
-- centos-7 [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile)
-- centos-6 [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile)
+### Tags and respective `Dockerfile` links
+
+- `centos-7`,`centos-7-2.1.4`,`2.1.4` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile)
+- `centos-6`,`centos-6-1.7.4`,`1.7.4` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile)
 
 The Dockerfile can be used to build a base image that is the bases for several other docker images.
 
@@ -43,7 +45,7 @@ $ docker run -d \
   jdeathe/centos-ssh:centos-7
 ```
 
-Check the logs for the password (required for sudo˜).
+Check the logs for the password (required for sudo).
 
 ```
 $ docker logs ssh.pool-1.1.1
@@ -88,7 +90,7 @@ $ sftp -p 2021 -i id_rsa_insecure \
 
 ### Running
 
-To run the a docker container from this image you can use the standard docker commands. Alternatively, you can use the embedded (Service Container Manager Interface) [scmi](https://github.com/jdeathe/centos-ssh/blob/centos-7/usr/sbin/scmi) that is included in the image since `centos-6-1.7.2`|`centos-7-2.1.2` or, if you have a checkout of the [source repository](https://github.com/jdeathe/centos-ssh), and have make installed the Makefile provides targets to build, install, start, stop etc. where environment variables can be used to configure the container options and set custom docker run parameters.
+To run the a docker container from this image you can use the standard docker commands. Alternatively, you can use the embedded (Service Container Manager Interface) [scmi](https://github.com/jdeathe/centos-ssh/blob/centos-7/usr/sbin/scmi) that is included in the image since `1.7.2` / `2.1.2` or, if you have a checkout of the [source repository](https://github.com/jdeathe/centos-ssh), and have make installed the Makefile provides targets to build, install, start, stop etc. where environment variables can be used to configure the container options and set custom docker run parameters.
 
 #### SCMI Installation Examples
 
@@ -101,10 +103,10 @@ $ docker run \
   --rm \
   --privileged \
   --volume /:/media/root \
-  jdeathe/centos-ssh:centos-7-2.1.2 \
+  jdeathe/centos-ssh:2.1.4 \
   /usr/sbin/scmi install \
     --chroot=/media/root \
-    --tag=centos-7-2.1.2 \
+    --tag=2.1.4 \
     --name=ssh.pool-1.1.1 \
     --setopt="--volume {{NAME}}.config-ssh:/etc/ssh"
 ```
@@ -118,10 +120,10 @@ $ docker run \
   --rm \
   --privileged \
   --volume /:/media/root \
-  jdeathe/centos-ssh:centos-7-2.1.2 \
+  jdeathe/centos-ssh:2.1.4 \
   /usr/sbin/scmi uninstall \
     --chroot=/media/root \
-    --tag=centos-7-2.1.2 \
+    --tag=2.1.4 \
     --name=ssh.pool-1.1.1 \
     --setopt="--volume {{NAME}}.config-ssh:/etc/ssh"
 ```
@@ -135,10 +137,10 @@ $ docker run \
   --rm \
   --privileged \
   --volume /:/media/root \
-  jdeathe/centos-ssh:centos-7-2.1.2 \
+  jdeathe/centos-ssh:2.1.4 \
   /usr/sbin/scmi install \
     --chroot=/media/root \
-    --tag=centos-7-2.1.2 \
+    --tag=2.1.4 \
     --name=ssh.pool-1.1.1 \
     --manager=systemd \
     --register \
@@ -153,15 +155,15 @@ If your docker host has systemd, fleetd (and optionally etcd) installed then `sc
 
 ##### SCMI Image Information
 
-Since release `centos-7-2.1.2` the install template has been added to the image metadata. Using docker inspect you can access `scmi` to simplify install/uninstall tasks.
+Since release tags `1.7.2` / `2.1.2` the install template has been added to the image metadata. Using docker inspect you can access `scmi` to simplify install/uninstall tasks.
 
 To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option.
 
 ```
 $ eval "sudo -E $(
     docker inspect \
     -f "{{.ContainerConfig.Labels.install}}" \
-    jdeathe/centos-ssh:centos-7-2.1.2
+    jdeathe/centos-ssh:2.1.4
   ) --info"
 ```
 
@@ -171,7 +173,7 @@ To perform an installation using the docker name `ssh.pool-1.2.1` simply use the
 $ eval "sudo -E $(
     docker inspect \
     -f "{{.ContainerConfig.Labels.install}}" \
-    jdeathe/centos-ssh:centos-7-2.1.2
+    jdeathe/centos-ssh:2.1.4
   ) --name=ssh.pool-1.2.1"
 ```
 
@@ -181,7 +183,7 @@ To uninstall use the *same command* that was used to install but with the `unins
 $ eval "sudo -E $(
     docker inspect \
     -f "{{.ContainerConfig.Labels.uninstall}}" \
-    jdeathe/centos-ssh:centos-7-2.1.2
+    jdeathe/centos-ssh:2.1.4
   ) --name=ssh.pool-1.2.1"
 ```
 
@@ -194,7 +196,7 @@ To see detailed information about the image run `scmi` with the `--info` option.
 ```
 $ sudo -E atomic install \
   -n ssh.pool-1.3.1 \
-  jdeathe/centos-ssh:centos-7-2.1.2 \
+  jdeathe/centos-ssh:2.1.4 \
   --info
 ```
 
@@ -203,14 +205,14 @@ To perform an installation using the docker name `ssh.pool-1.3.1` simply use the
 ```
 $ sudo -E atomic install \
   -n ssh.pool-1.3.1 \
-  jdeathe/centos-ssh:centos-7-2.1.2
+  jdeathe/centos-ssh:2.1.4
 ```
 
 Alternatively, you could use the `scmi` options `--name` or `-n` for naming the container.
 
 ```
 $ sudo -E atomic install \
-  jdeathe/centos-ssh:centos-7-2.1.2 \
+  jdeathe/centos-ssh:2.1.4 \
   --name ssh.pool-1.3.1
 ```
 
@@ -219,7 +221,7 @@ To uninstall use the *same command* that was used to install but with the `unins
 ```
 $ sudo -E atomic uninstall \
   -n ssh.pool-1.3.1 \
-  jdeathe/centos-ssh:centos-7-2.1.2
+  jdeathe/centos-ssh:2.1.4
 ```
 
 #### Using environment variables

environment.mk

@@ -5,8 +5,8 @@ DOCKER_USER := jdeathe
 DOCKER_IMAGE_NAME := centos-ssh
 
 # Tag validation patterns
-DOCKER_IMAGE_TAG_PATTERN := ^(latest|(centos-[6-7])|(centos-(6-1|7-2).[0-9]+.[0-9]+))$
-DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^centos-(6-1|7-2).[0-9]+.[0-9]+$
+DOCKER_IMAGE_TAG_PATTERN := ^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$
+DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$
 
 # -----------------------------------------------------------------------------
 # Variables