From c3d8f0d4fc1d27787384d5429b0d74fed0c9510c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Tue, 8 Aug 2017 13:54:24 +0200
Subject: [PATCH] Optional usage of ssh keys

---
 Dockerfile      |  4 ++--
 README.md       | 25 +++++++++++++++++++++----
 docker-entry.sh | 16 ++++++++++++++++
 3 files changed, 39 insertions(+), 6 deletions(-)
 create mode 100755 docker-entry.sh

diff --git a/Dockerfile b/Dockerfile
index 65674b6..dd65083 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,9 +8,9 @@ RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.n
 
 RUN /usr/sbin/sshd-keygen \
  && useradd -m -d /home/jenkins -s /bin/bash jenkins \
- && echo "jenkins:jenkins" | chpasswd \
  && sed -i '/root\tALL=/a jenkins ALL=(ALL) NOPASSWD: ALL' /etc/sudoers
 
 EXPOSE 22
 
-CMD ["/usr/sbin/sshd", "-D"]
+COPY docker-entry.sh /
+CMD ["/docker-entry.sh", "/usr/sbin/sshd", "-D"]
diff --git a/README.md b/README.md
index f3b4e13..16a210a 100644
--- a/README.md
+++ b/README.md
@@ -14,14 +14,31 @@ In Jenkins:
 
 * for example with *Docker Plugin*
 
-Credentials:
+## Simple way
 
-* jenkins/jenkins
+Initial password is created during start, but only if */context/.ssh* directory is not found locally:
 
-Manual launch:
+* user: **jenkins**
+* password: **jenkins**
+
+Steps:
+
+    docker pull valtri/docker-jenkins-centos
+    docker run -itd --name jenkins-centos valtri/docker-jenkins-centos
+
+## Recommended way
+
+Access using ssh keys and no password will be created.
+
+Steps:
+
+	ssh-keygen -t rsa -f jenkins_node
+	mkdir -p context/.ssh
+	#SELinux: chcon -Rt svirt_sandbox_file_t context/
+	cp -p jenkins_node.pub context/.ssh/authorized_keys
 
     docker pull valtri/docker-jenkins-centos
-    docker run -itd --name jenkins-contos valtri/docker-jenkins-centos
+    docker run -itd --name jenkins-centos --volume `pwd`/context:/context:ro valtri/docker-jenkins-centos
 
 # Tags
 
diff --git a/docker-entry.sh b/docker-entry.sh
new file mode 100755
index 0000000..c9a2abe
--- /dev/null
+++ b/docker-entry.sh
@@ -0,0 +1,16 @@
+#! /bin/bash -e
+
+if ! test -d ~jenkins/.ssh; then
+	if test -d /context -a -d /context/.ssh; then
+		cp -va /context/.ssh ~jenkins/
+	else
+		mkdir ~jenkins/.ssh
+		echo "Settings jenkins password"
+		echo "jenkins:jenkins" | chpasswd
+	fi
+
+	chmod 0700 ~jenkins/.ssh
+	chown -R jenkins:jenkins ~jenkins/.ssh
+fi
+
+exec "$@"