From af2c3e760ab3de504e8dcf3bd16c10044f456802 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 2 Oct 2016 07:06:44 +0100 Subject: [PATCH 01/11] ISSUE 392: Adds correct Makefile usage instructions for 'build' target. --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d06d4e7..44a23d9 100644 --- a/Makefile +++ b/Makefile @@ -10,8 +10,7 @@ container image defined by the Dockerfile. Targets: all Combines targets build images install start and ps. - build Runs the packer build job. This is the - default target. + build Builds the image. This is the default target. clean Clean up build artifacts. create Execute the create container template. dist Pull a release version from the registry and save a From ed487e0cc117448dfbbcff1fb9d9d8c84448b700 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Tue, 29 Nov 2016 22:53:34 +0000 Subject: [PATCH 02/11] ISSUE 397: Adds info regarding NULL port values in Makefile help. --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 44a23d9..c0489ad 100644 --- a/Makefile +++ b/Makefile @@ -52,8 +52,9 @@ Variables: - DOCKER_PORT_MAP_TCP_* The port map variable is used to define the initial port mapping to use for the docker host value where "*" corresponds to an exposed port on the container. - Setting this to an empty string will result in an - automatically assigned port. + Setting this to an empty string or 0 will result in + an automatically assigned port and setting to NULL + will prevent the port from being published. - DOCKER_RESTART_POLICY Defines the container restart policy. - DIST_PATH Ouput directory path - where the release package artifacts are placed. From c0fe39fc47bf1e6db89365ce6ed9fa734de59d3f Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 30 Nov 2016 00:39:20 +0000 Subject: [PATCH 03/11] ISSUE 398: Removes requirement for gawk in port handling in SCMI and Systemd. --- etc/systemd/system/centos-ssh@.service | 20 +++++++++----------- opt/scmi/default.sh | 16 +++++++++------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/etc/systemd/system/centos-ssh@.service b/etc/systemd/system/centos-ssh@.service index 0f195ed..3617ec5 100644 --- a/etc/systemd/system/centos-ssh@.service +++ b/etc/systemd/system/centos-ssh@.service @@ -108,18 +108,16 @@ ExecStart=/bin/bash -c \ --env \"SSH_USER_PASSWORD=${SSH_USER_PASSWORD}\" \ --env \"SSH_USER_PASSWORD_HASHED=${SSH_USER_PASSWORD_HASHED}\" \ --env \"SSH_USER_SHELL=${SSH_USER_SHELL}\" \ - $(\ - if [[ ${DOCKER_PORT_MAP_TCP_22} != NULL ]]; then \ - if [[ -n $(/usr/bin/gawk 'match($0, /^([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}:)?([0-9]+)$/, matches) { print matches[2]; }' <<< \"${DOCKER_PORT_MAP_TCP_22}\") ]]; then \ - printf -- '--publish %%s%%s:22' \ - \"$(/usr/bin/gawk 'match($0, /^([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}:)?([0-9]+)$/, matches) { print matches[1]; }' <<< \"${DOCKER_PORT_MAP_TCP_22}\")\" \ - \"$(( $(/usr/bin/gawk 'match($0, /^([0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}:)?([0-9]+)$/, matches) { print matches[2]; }' <<< \"${DOCKER_PORT_MAP_TCP_22}\") + $(/usr/bin/awk -F. '$0=$1' <<< %i) - 1 ))\"; \ - else \ - printf -- '--publish %%s:22' \ - \"${DOCKER_PORT_MAP_TCP_22}\"; \ - fi; \ + $(if [[ ${DOCKER_PORT_MAP_TCP_22} != NULL ]]; then \ + if /usr/bin/grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_22}\"; then \ + printf -- '--publish %%s%%s:22' \ + $(/usr/bin/grep -o '^[0-9\.]*:' <<< \"${DOCKER_PORT_MAP_TCP_22}\") \ + $(( $(/usr/bin/grep -o '[0-9]*$' <<< \"${DOCKER_PORT_MAP_TCP_22}\") + $(/usr/bin/sed 's~\.[0-9]*$~~' <<< %i) - 1 )); \ + else \ + printf -- '--publish %%s:22' \ + \"${DOCKER_PORT_MAP_TCP_22}\"; \ fi; \ - ) \ + fi) \ ${DOCKER_CONTAINER_OPTS} \ ${DOCKER_USER}/${DOCKER_IMAGE_NAME}:${DOCKER_IMAGE_TAG}; \ " diff --git a/opt/scmi/default.sh b/opt/scmi/default.sh index 5b17252..f21997a 100644 --- a/opt/scmi/default.sh +++ b/opt/scmi/default.sh @@ -1,18 +1,20 @@ -# If gawk is available handle incrementing the docker host port for instances +# Handle incrementing the docker host port for instances unless a port range is defined. DOCKER_PUBLISH= if [[ ${DOCKER_PORT_MAP_TCP_22} != NULL ]]; then - if command -v gawk &> /dev/null \ - && [[ -n $(gawk 'match($0, /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?([0-9]+)$/, matches) { print matches[2]; }' <<< "${DOCKER_PORT_MAP_TCP_22}") ]]; then + if grep -qE '^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_22}" \ + && grep -qE '^.+\.([0-9]+)\.([0-9]+)$' <<< "${DOCKER_NAME}"; then printf -v \ DOCKER_PUBLISH \ - -- '--publish %s%s:22' \ - "$(gawk 'match($0, /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?([0-9]+)$/, matches) { print matches[1]; }' <<< "${DOCKER_PORT_MAP_TCP_22}")" \ - "$(( $(gawk 'match($0, /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:)?([0-9]+)$/, matches) { print matches[2]; }' <<< "${DOCKER_PORT_MAP_TCP_22}") + $(gawk 'match($0, /^.+\.([0-9]+)\.([0-9]+)$/, matches) { print matches[1]; }' <<< "${DOCKER_NAME}") - 1 ))" + -- '%s --publish %s%s:22' \ + "${DOCKER_PUBLISH}" \ + "$(grep -o '^[0-9\.]*:' <<< "${DOCKER_PORT_MAP_TCP_22}")" \ + "$(( $(grep -o '[0-9]*$' <<< "${DOCKER_PORT_MAP_TCP_22}") + $(sed 's~\.[0-9]*$~~' <<< "${DOCKER_NAME}" | awk -F. '{ print $NF; }') - 1 ))" else printf -v \ DOCKER_PUBLISH \ - -- '--publish %s:22' \ + -- '%s --publish %s:22' \ + "${DOCKER_PUBLISH}" \ "${DOCKER_PORT_MAP_TCP_22}" fi fi From e6b1b1c8c819504d97b922b93b984ae4cd286e77 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Wed, 30 Nov 2016 01:57:54 +0000 Subject: [PATCH 04/11] ISSUE 407: Adds reduced number of build steps to image in order to reduce image size. --- Dockerfile | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index 06f9b53..127bcd4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,19 +9,15 @@ FROM centos:centos7.2.1511 MAINTAINER James Deathe # ----------------------------------------------------------------------------- -# Import the RPM GPG keys for Repositories +# Base Install + Import the RPM GPG keys for Repositories # ----------------------------------------------------------------------------- -RUN rpm --import \ +RUN rpm --rebuilddb \ + && rpm --import \ http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7 \ && rpm --import \ https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 \ && rpm --import \ - https://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY - -# ----------------------------------------------------------------------------- -# Base Install -# ----------------------------------------------------------------------------- -RUN rpm --rebuilddb \ + https://dl.iuscommunity.org/pub/ius/IUS-COMMUNITY-GPG-KEY \ && yum -y install \ centos-release-scl \ centos-release-scl-rh \ @@ -44,8 +40,12 @@ RUN rpm --rebuilddb \ openssh-clients \ python-setuptools \ yum-plugin-versionlock \ - && rm -rf /var/cache/yum/* \ - && yum clean all + && yum clean all \ + && rm -rf /etc/ld.so.cache \ + && rm -rf /sbin/sln \ + && rm -rf /usr/{{lib,share}/locale,share/{man,doc,info,cracklib,i18n},{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive} \ + && rm -rf /{root,tmp,var/cache/{ldconfig,yum}}/* \ + && > /etc/sysconfig/i18n # ----------------------------------------------------------------------------- # Install supervisord (required to run more than a single process in a container) @@ -129,15 +129,6 @@ RUN mkdir -p \ && chmod 700 \ /usr/sbin/{scmi,sshd-{bootstrap,wrapper}} -# ----------------------------------------------------------------------------- -# Purge -# ----------------------------------------------------------------------------- -RUN rm -rf /etc/ld.so.cache \ - ; rm -rf /sbin/sln \ - ; rm -rf /usr/{{lib,share}/locale,share/{man,doc,info,cracklib,i18n},{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive} \ - ; rm -rf /{root,tmp,var/cache/{ldconfig,yum}}/* \ - ; > /etc/sysconfig/i18n - EXPOSE 22 # ----------------------------------------------------------------------------- From fb250023fc1b1a175790a9c33ddba320becd7548 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Fri, 2 Dec 2016 00:10:09 +0000 Subject: [PATCH 05/11] ISSUE 399: Adds -u parameter to sshd options to help reduce DNS lookups. --- usr/sbin/sshd-wrapper | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/sbin/sshd-wrapper b/usr/sbin/sshd-wrapper index 7f52bb1..71027c8 100755 --- a/usr/sbin/sshd-wrapper +++ b/usr/sbin/sshd-wrapper @@ -6,6 +6,7 @@ SSHD=/usr/sbin/sshd SSHD_OPTIONS=" -D -e + -u 0 " while true; do From cc7e7b8257625d68b05d1807cc8dc318b3210a15 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 4 Dec 2016 00:29:20 +0000 Subject: [PATCH 06/11] ISSUE 414: Adds a change log. --- CHANGELOG.md | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..e767c60 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,87 @@ +# Change Log + +## centos-7 + +Summary of release changes for Version 2 - CentOS-7 + +### 2.1.3 - 2016-10-02 + +- Adds Makefile help target with usage instructions. +- Splits up the Makefile targets into internal and public types. +- Adds correct `scmi` path in usage instructions. +- Changes `PACKAGE_PATH` to `DIST_PATH` in line with the Makefile environment include. Not currently used by `scmi` but changing for consistency. +- Changes `DOCKER_CONTAINER_PARAMETERS_APPEND` to `DOCKER_CONTAINER_OPTS` for usability. This is a potentially breaking change that could affect systemd service configurations if using the Environment variable in a drop-in customisation. However, if using the systemd template unit-files it should be pinned to a specific version tag. The Makefile should only be used for development/testing and usage in `scmi` is internal only as the `--setopt` parameter is used to build up the optional container parameters. +- Removes X-Fleet section from template unit-file. +- Adds support for Base64 encoded `SSH_AUTHORIZED_KEYS` values. This resolves issues with setting multiple keys for the systemd installations. + +### 2.1.2 - 2016-09-16 + +- Fixed issue with sshd process not running on container startup. + +### 2.1.1 - 2016-09-15 + +- Fixes issue running `make dist` before creating package path. +- Removes `Default requiretty` from sudoers configuration. This allows for sudo commands to be run via without the requirement to use the `-t` option of the `ssh` command. +- Adds correct path to scmi on image for install/uninstall. +- Improves readability of Dockerfile. +- Adds consistent method of handling publishing of exposed ports. It's now possible to prevent publishing of the default exposed port when using scmi/make for installation. +- Adds minor improvement to the systemd register template unit-file. +- Adds `/usr/sbin/sshd-wrapper` and moves lock file handling out of supervisord configuration. +- Adds bootstrap script syntax changes for consistency and readability. +- Adds correction to scmi usage instructions; using centos-7-2.1.0 release tag would have resulted in error if attempting an `atomic install`. +- Changes Makefile environment variable from `PACKAGE_PATH` to `DIST_PATH` as the name conflicts with the Dockerfile ARG value used in some downstream builds. This is only used when building the, distributable, image package that gets attached to each release. + +### 2.1.0 - 2016-08-26 + +- Added `scmi` (Services Container Manager Interface) to the image to simplify deployment and management of container instances using simply docker itself, using systemd for single docker hosts or fleet for clustered docker hosts. +- Added metadata labels to the Dockerfile which defines the docker commands to run for operation (install/uninstall). This combined with `scmi` enables the use of Atomic Host's `atomic install|uninistall` commands. +- The `xz` archive package has ben added to the image to allow `scmi` to load an image package from disk instead of requiring registry access to pull release images. +- Updated Supervisor to `3.3.1`. +- Warn operator if any supplied environment variable values failed validation and have been set to a safe default. +- Added `DOCKER_CONTAINER_PARAMETERS_APPEND` which allows the docker operator to append parameters to the default docker create template. +- Removed handling of Configuration Data Volumes from the helper scripts and from the Systemd unit-file definitions. Volumes can be added using the environment variable `DOCKER_CONTAINER_PARAMETERS_APPEND` or with the `--setopt` option with `scmi`. +- Removed the `build.sh` and `run.sh` helper scripts that were deprecated and have been replaced with the Makefile targets. With `make` installed the process of building and running a container from the Dockerfile is `make build install start` or to replicate the previous build helper `make build images install start ps`. +- Systemd template unit-files have been renamed to `centos-ssh@.service` and `centos-ssh.register@.service`. The (optional) register sidekick now contains placeholder `{{SERVICE_UNIT_NAME}}` that is needs gets replaced with the service unit when installing using `scmi`. +- The default value for `DOCKER_IMAGE_PACKAGE_PATH` in the systemd template unit-file has been changed from `/var/services-packages` to `/var/opt/scmi/packages`. + +### 2.0.3 - 2016-06-21 + +- Fixed broken pipe error returned from get_password function in the sshd_bootstrap script. +- Replaced hard-coded volume configuration volume name with Systemd template with the Environment variable `VOLUME_CONFIG_NAME`. +- Fixed issue with setting an empty string for the `DOCKER_PORT_MAP_TCP_22` value - allowing docker to auto-assign a port number. +- Split out build specific configuration from the Makefile into a default.mk file and renamed make.conf to environment.mk - Makefile should now be more portable between Docker projects. + +### 2.0.2 - 2016-05-21 + +- Updated container packages `sudo` and `openssh`. +- Updated container's supervisord to 3.2.3. +- Added `SSH_AUTOSTART_SSHD` && `SSH_AUTOSTART_SSHD_BOOTSTRAP` to allow the operator or downstream developer to prevent the sshd service and/or sshd-bootstrap from startup. +- Added Makefile to replace `build.sh` and `run.sh` helper scripts. See [#162](https://github.com/jdeathe/centos-ssh/pull/162) for notes on usage instructions. +- Set Dockerfile environment variable values in a single build step which helps reduce build time. +- Fixed issue with setting SSH USER UID:GID values in systemd installation. +- Fixed issue with setting of `SSH_SUDO` in Systemd installation. +- Replaced custom awk type filters with docker native commands where possible. +- Fixed issue preventing sshd restarts being possible due to bootstrap lock file dependancy. +- Use `exec` to run the sshd daemon within the container. +- Use `exec` to run the docker daemon process from the systemd unit file template. +- Reduced startup time by ~1 second by not requiring supervisord to wait for the sshd service to stay up for the default 1 second. +- Revised systemd installation process, installer script and service template. `ssh.pool-1.1.1@2020.service` has been replaced by `ssh.pool-1@.service` and local instances are created of the form `ssh.pool-1@1.1`, `ssh.pool-1@2.1`, `ssh.pool-1@3.1` etc. which correspond to docker containers named `ssh.pool-1.1.1`, `ssh.pool-1.2.1`, `ssh.pool-1.3.1` etc. To start 3 systemd managed containers you can simply run: + + ``` + $ for i in {1..3}; do sudo env SERVICE_UNIT_LOCAL_ID=$i ./systemd-install.sh; done + ``` + +- The systemd service registration feature is now enabled via an optional service unit template file `ssh.pool-1.register@.service`. + +### 2.0.1 - 2016-03-20 + +- Fixed '/dev/stdin: Stale file handle' issue seen when using Ubuntu 14.04.4 LTS or Kitematic 0.10.0 as the docker host. +- Fixed default value for `SSH_USER_FORCE_SFTP`. +- Removed the delay for output to docker logs. +- Improved bootstrap startup time and included bootstrap time in the SSHD Details log. +- Added a more robust method of triggering the SSHD process; the sshd-boostrap needs to complete with a non-zero exit code to trigger the SSHD process instead of simply waiting for 2 seconds and starting regardless. +- Systemd definition to use specific tag. + +### 2.0.0 - 2016-02-28 + +- Initial release \ No newline at end of file From 567808d8e8cc86695ac977df16cf95ad82c32e51 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 4 Dec 2016 22:04:24 +0000 Subject: [PATCH 07/11] ISSUE 400: Adds DOCKER_IMAGE_TAG validation rules for semantic version numbers. --- environment.mk | 4 ++-- opt/scmi/environment.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/environment.mk b/environment.mk index 5a86260..265a74c 100644 --- a/environment.mk +++ b/environment.mk @@ -5,8 +5,8 @@ DOCKER_USER := jdeathe DOCKER_IMAGE_NAME := centos-ssh # Tag validation patterns -DOCKER_IMAGE_TAG_PATTERN := ^(latest|(centos-[6-7])|(centos-(6-1|7-2).[0-9]+.[0-9]+))$ -DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^centos-(6-1|7-2).[0-9]+.[0-9]+$ +DOCKER_IMAGE_TAG_PATTERN := ^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$ +DOCKER_IMAGE_RELEASE_TAG_PATTERN := ^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$ # ----------------------------------------------------------------------------- # Variables diff --git a/opt/scmi/environment.sh b/opt/scmi/environment.sh index 6f6e579..cf5765c 100644 --- a/opt/scmi/environment.sh +++ b/opt/scmi/environment.sh @@ -5,8 +5,8 @@ DOCKER_USER=jdeathe DOCKER_IMAGE_NAME=centos-ssh # Tag validation patterns -DOCKER_IMAGE_TAG_PATTERN='^(latest|(centos-[6-7])|(centos-(6-1|7-2).[0-9]+.[0-9]+))$' -DOCKER_IMAGE_RELEASE_TAG_PATTERN='^centos-(6-1|7-2).[0-9]+.[0-9]+$' +DOCKER_IMAGE_TAG_PATTERN='^(latest|centos-[6-7]|((1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+))$' +DOCKER_IMAGE_RELEASE_TAG_PATTERN='^(1|2|centos-(6-1|7-2))\.[0-9]+\.[0-9]+$' # ----------------------------------------------------------------------------- # Variables From f39b611b441b832a71d9f226774d54854307d98b Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 4 Dec 2016 22:36:46 +0000 Subject: [PATCH 08/11] ISSUE 400: Adds more detailed information about tags in the README. --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 06fdc07..a3698e7 100644 --- a/README.md +++ b/README.md @@ -7,10 +7,12 @@ Includes public key authentication, Automated password generation and supports c ## Overview & links -The latest CentOS-6 / CentOS-7 based releases can be pulled from the centos-6 / centos-7 Docker tags respectively. For a specific release tag the convention is `centos-6-1.5.0` for the [1.5.0](https://github.com/jdeathe/centos-ssh/tree/1.5.0) release tag and `centos-7-2.0.0` for the [2.0.0](https://github.com/jdeathe/centos-ssh/tree/2.0.0) release tag. +The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.7.3` OR `1.7.3` for the [1.7.3](https://github.com/jdeathe/centos-ssh/tree/1.7.3) release tag and `centos-7-2.1.3` OR `2.1.3` for the [2.1.3](https://github.com/jdeathe/centos-ssh/tree/2.1.3) release tag. -- centos-7 [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) -- centos-6 [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) +### Tags and respective `Dockerfile` links + +- `centos-7`,`centos-7-2.1.3`,`2.1.3` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) +- `centos-6`,`centos-6-1.7.3`,`1.7.3` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) The Dockerfile can be used to build a base image that is the bases for several other docker images. From 04d142548691222de50e7ef7196d4fcfe14a4288 Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 4 Dec 2016 23:22:13 +0000 Subject: [PATCH 09/11] Updated change log ready for 2.1.4 release. --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e767c60..de0c87c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,16 @@ Summary of release changes for Version 2 - CentOS-7 +### 2.1.4 - 2016-12-04 + +- Adds correct Makefile usage instructions for 'build' target. +- Adds info regarding NULL port values in Makefile help. +- Removes requirement for `gawk` in the port handling functions for SCMI and the systemd template unit-file. +- Adds reduced number of build steps to image which helps reduce final image size. +- Adds `-u` parameter to `sshd` options to help reduce time spent doing DNS lookups during authentication. +- Adds a change log (`CHANGELOG.md`). +- Adds support for semantic version numbered tags. + ### 2.1.3 - 2016-10-02 - Adds Makefile help target with usage instructions. From b875fd7183481e3dc437891b5aa6e4eb5055d12c Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 4 Dec 2016 23:33:31 +0000 Subject: [PATCH 10/11] Update ready for 2.1.4 release. --- Dockerfile | 10 +++---- README.md | 38 +++++++++++++------------- etc/systemd/system/centos-ssh@.service | 2 +- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/Dockerfile b/Dockerfile index 127bcd4..b952a05 100644 --- a/Dockerfile +++ b/Dockerfile @@ -151,23 +151,23 @@ ENV SSH_AUTHORIZED_KEYS="" \ # ----------------------------------------------------------------------------- # Set image metadata # ----------------------------------------------------------------------------- -ARG RELEASE_VERSION="2.1.3" +ARG RELEASE_VERSION="2.1.4" LABEL \ install="docker run \ --rm \ --privileged \ --volume /:/media/root \ -jdeathe/centos-ssh:centos-7-${RELEASE_VERSION} \ +jdeathe/centos-ssh:${RELEASE_VERSION} \ /usr/sbin/scmi install \ --chroot=/media/root \ --name=\${NAME} \ ---tag=centos-7-${RELEASE_VERSION} \ +--tag=${RELEASE_VERSION} \ --setopt='--volume {{NAME}}.config-ssh:/etc/ssh'" \ uninstall="docker run \ --rm \ --privileged \ --volume /:/media/root \ -jdeathe/centos-ssh:centos-7-${RELEASE_VERSION} \ +jdeathe/centos-ssh:${RELEASE_VERSION} \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ --name=\${NAME} \ @@ -175,7 +175,7 @@ jdeathe/centos-ssh:centos-7-${RELEASE_VERSION} \ --setopt='--volume {{NAME}}.config-ssh:/etc/ssh'" \ org.deathe.name="centos-ssh" \ org.deathe.version="${RELEASE_VERSION}" \ - org.deathe.release="jdeathe/centos-ssh:centos-7-${RELEASE_VERSION}" \ + org.deathe.release="jdeathe/centos-ssh:${RELEASE_VERSION}" \ org.deathe.license="MIT" \ org.deathe.vendor="jdeathe" \ org.deathe.url="https://github.com/jdeathe/centos-ssh" \ diff --git a/README.md b/README.md index a3698e7..db6c130 100644 --- a/README.md +++ b/README.md @@ -7,12 +7,12 @@ Includes public key authentication, Automated password generation and supports c ## Overview & links -The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.7.3` OR `1.7.3` for the [1.7.3](https://github.com/jdeathe/centos-ssh/tree/1.7.3) release tag and `centos-7-2.1.3` OR `2.1.3` for the [2.1.3](https://github.com/jdeathe/centos-ssh/tree/2.1.3) release tag. +The latest CentOS-6 / CentOS-7 based releases can be pulled from the `centos-6` / `centos-7` Docker tags respectively. For production use it is recommended to select a specific release tag - the convention is `centos-6-1.7.4` OR `1.7.4` for the [1.7.4](https://github.com/jdeathe/centos-ssh/tree/1.7.4) release tag and `centos-7-2.1.4` OR `2.1.4` for the [2.1.4](https://github.com/jdeathe/centos-ssh/tree/2.1.4) release tag. ### Tags and respective `Dockerfile` links -- `centos-7`,`centos-7-2.1.3`,`2.1.3` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) -- `centos-6`,`centos-6-1.7.3`,`1.7.3` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) +- `centos-7`,`centos-7-2.1.4`,`2.1.4` [(centos-7/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-7/Dockerfile) +- `centos-6`,`centos-6-1.7.4`,`1.7.4` [(centos-6/Dockerfile)](https://github.com/jdeathe/centos-ssh/blob/centos-6/Dockerfile) The Dockerfile can be used to build a base image that is the bases for several other docker images. @@ -45,7 +45,7 @@ $ docker run -d \ jdeathe/centos-ssh:centos-7 ``` -Check the logs for the password (required for sudo˜). +Check the logs for the password (required for sudo). ``` $ docker logs ssh.pool-1.1.1 @@ -90,7 +90,7 @@ $ sftp -p 2021 -i id_rsa_insecure \ ### Running -To run the a docker container from this image you can use the standard docker commands. Alternatively, you can use the embedded (Service Container Manager Interface) [scmi](https://github.com/jdeathe/centos-ssh/blob/centos-7/usr/sbin/scmi) that is included in the image since `centos-6-1.7.2`|`centos-7-2.1.2` or, if you have a checkout of the [source repository](https://github.com/jdeathe/centos-ssh), and have make installed the Makefile provides targets to build, install, start, stop etc. where environment variables can be used to configure the container options and set custom docker run parameters. +To run the a docker container from this image you can use the standard docker commands. Alternatively, you can use the embedded (Service Container Manager Interface) [scmi](https://github.com/jdeathe/centos-ssh/blob/centos-7/usr/sbin/scmi) that is included in the image since `1.7.2` / `2.1.2` or, if you have a checkout of the [source repository](https://github.com/jdeathe/centos-ssh), and have make installed the Makefile provides targets to build, install, start, stop etc. where environment variables can be used to configure the container options and set custom docker run parameters. #### SCMI Installation Examples @@ -103,10 +103,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:centos-7-2.1.2 \ + jdeathe/centos-ssh:2.1.4 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=centos-7-2.1.2 \ + --tag=2.1.4 \ --name=ssh.pool-1.1.1 \ --setopt="--volume {{NAME}}.config-ssh:/etc/ssh" ``` @@ -120,10 +120,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:centos-7-2.1.2 \ + jdeathe/centos-ssh:2.1.4 \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ - --tag=centos-7-2.1.2 \ + --tag=2.1.4 \ --name=ssh.pool-1.1.1 \ --setopt="--volume {{NAME}}.config-ssh:/etc/ssh" ``` @@ -137,10 +137,10 @@ $ docker run \ --rm \ --privileged \ --volume /:/media/root \ - jdeathe/centos-ssh:centos-7-2.1.2 \ + jdeathe/centos-ssh:2.1.4 \ /usr/sbin/scmi install \ --chroot=/media/root \ - --tag=centos-7-2.1.2 \ + --tag=2.1.4 \ --name=ssh.pool-1.1.1 \ --manager=systemd \ --register \ @@ -155,7 +155,7 @@ If your docker host has systemd, fleetd (and optionally etcd) installed then `sc ##### SCMI Image Information -Since release `centos-7-2.1.2` the install template has been added to the image metadata. Using docker inspect you can access `scmi` to simplify install/uninstall tasks. +Since releases `1.7.2` / `2.1.2` the install template has been added to the image metadata. Using docker inspect you can access `scmi` to simplify install/uninstall tasks. To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option. @@ -163,7 +163,7 @@ To see detailed information about the image run `scmi` with the `--info` option. $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh:centos-7-2.1.2 + jdeathe/centos-ssh:2.1.4 ) --info" ``` @@ -173,7 +173,7 @@ To perform an installation using the docker name `ssh.pool-1.2.1` simply use the $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.install}}" \ - jdeathe/centos-ssh:centos-7-2.1.2 + jdeathe/centos-ssh:2.1.4 ) --name=ssh.pool-1.2.1" ``` @@ -183,7 +183,7 @@ To uninstall use the *same command* that was used to install but with the `unins $ eval "sudo -E $( docker inspect \ -f "{{.ContainerConfig.Labels.uninstall}}" \ - jdeathe/centos-ssh:centos-7-2.1.2 + jdeathe/centos-ssh:2.1.4 ) --name=ssh.pool-1.2.1" ``` @@ -196,7 +196,7 @@ To see detailed information about the image run `scmi` with the `--info` option. ``` $ sudo -E atomic install \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:centos-7-2.1.2 \ + jdeathe/centos-ssh:2.1.4 \ --info ``` @@ -205,14 +205,14 @@ To perform an installation using the docker name `ssh.pool-1.3.1` simply use the ``` $ sudo -E atomic install \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:centos-7-2.1.2 + jdeathe/centos-ssh:2.1.4 ``` Alternatively, you could use the `scmi` options `--name` or `-n` for naming the container. ``` $ sudo -E atomic install \ - jdeathe/centos-ssh:centos-7-2.1.2 \ + jdeathe/centos-ssh:2.1.4 \ --name ssh.pool-1.3.1 ``` @@ -221,7 +221,7 @@ To uninstall use the *same command* that was used to install but with the `unins ``` $ sudo -E atomic uninstall \ -n ssh.pool-1.3.1 \ - jdeathe/centos-ssh:centos-7-2.1.2 + jdeathe/centos-ssh:2.1.4 ``` #### Using environment variables diff --git a/etc/systemd/system/centos-ssh@.service b/etc/systemd/system/centos-ssh@.service index 3617ec5..05841a3 100644 --- a/etc/systemd/system/centos-ssh@.service +++ b/etc/systemd/system/centos-ssh@.service @@ -51,7 +51,7 @@ Environment="DOCKER_USER=jdeathe" Environment="DOCKER_IMAGE_NAME=centos-ssh" Environment="DOCKER_CONTAINER_OPTS=" Environment="DOCKER_IMAGE_PACKAGE_PATH=/var/opt/scmi/packages" -Environment="DOCKER_IMAGE_TAG=centos-7-2.1.3" +Environment="DOCKER_IMAGE_TAG=2.1.4" Environment="DOCKER_PORT_MAP_TCP_22=2020" Environment="SSH_AUTHORIZED_KEYS=" Environment="SSH_AUTOSTART_SSHD=true" From ab17ea434679f0fac3338e76cd3755c2dabdf3ac Mon Sep 17 00:00:00 2001 From: James Deathe Date: Sun, 4 Dec 2016 23:48:38 +0000 Subject: [PATCH 11/11] Correction to Dockerfile metadata and README for 2.1.4 release. --- Dockerfile | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b952a05..33badea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -171,7 +171,7 @@ jdeathe/centos-ssh:${RELEASE_VERSION} \ /usr/sbin/scmi uninstall \ --chroot=/media/root \ --name=\${NAME} \ ---tag=centos-7-${RELEASE_VERSION} \ +--tag=${RELEASE_VERSION} \ --setopt='--volume {{NAME}}.config-ssh:/etc/ssh'" \ org.deathe.name="centos-ssh" \ org.deathe.version="${RELEASE_VERSION}" \ diff --git a/README.md b/README.md index db6c130..19c5e08 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,7 @@ If your docker host has systemd, fleetd (and optionally etcd) installed then `sc ##### SCMI Image Information -Since releases `1.7.2` / `2.1.2` the install template has been added to the image metadata. Using docker inspect you can access `scmi` to simplify install/uninstall tasks. +Since release tags `1.7.2` / `2.1.2` the install template has been added to the image metadata. Using docker inspect you can access `scmi` to simplify install/uninstall tasks. To see detailed information about the image run `scmi` with the `--info` option. To see all available `scmi` options run with the `--help` option.