From a33b390c51b2f79e61781921f8ca36f2f0ed17ca Mon Sep 17 00:00:00 2001 From: Ralf Mueller Date: Thu, 16 May 2019 13:26:02 +0300 Subject: [PATCH] host networking, ssh port, server paramter The start.sh script starts the container with host networking as default. With bridged networking does nfs export from the container does not work, due to conflicts in the rpc port 111 The ssh port can be configured ad container start with SSH_PORT container environment variable. This allows to login to the container it is started with host networking. ssh -p $SSH_PORT localhost Bug-fix : The start-up script forwards the https port to the server now. handling SIGTERM added to docker entrypoint to stop nfs-server A signal handler for SIGTERM has been added to the docker entrypoint script. The handler stops the nfs-server to avoid the hanging nfs processed after stopping the container. The handler exits with 0, which speeds up the container stopping. Change-Id: I8c5f31f2d0bc1b35876b0d42f0d9390dc3375e62 Signed-off-by: Ralf Mueller --- docker-build/remote-installer/Dockerfile | 20 +++++++++---- scripts/start.sh | 51 +++++++++++++++++++++++++------- 2 files changed, 54 insertions(+), 17 deletions(-) diff --git a/docker-build/remote-installer/Dockerfile b/docker-build/remote-installer/Dockerfile index 38626eb..98f6ceb 100644 --- a/docker-build/remote-installer/Dockerfile +++ b/docker-build/remote-installer/Dockerfile @@ -29,7 +29,8 @@ CLIENT_CERT="clientcert.pem" \ CLIENT_KEY="clientkey.pem" \ SERVER_CERT="servercert.pem" \ SERVER_KEY="serverkey.pem" \ -INSTALLER_MOUNT="/opt/remoteinstaller" +INSTALLER_MOUNT="/opt/remoteinstaller" \ +SSH_PORT="22" ENV IMAGES_STORE="$INSTALLER_MOUNT/images" ENV IMAGES_HTML="/var/www/lighttpd/images" @@ -96,17 +97,24 @@ RUN mkdir -p "$SCRIPTS_DIR" \ COPY src/scripts/get_journals.sh src/scripts/print_hosts.py "$SCRIPTS_DIR"/ -RUN echo '#!/bin/bash' >>$STARTUP \ +RUN echo '#!/bin/bash -x' >>$STARTUP \ +&& echo "function handle_sigterm() {" >>$STARTUP \ +&& echo -e " echo Stopping nfs-server" >>$STARTUP \ +&& echo -e " systemctl stop nfs-server" >>$STARTUP \ +&& echo -e " exit 0" >>$STARTUP \ +&& echo "}" >>$STARTUP \ +&& echo "trap 'handle_sigterm' 15" >>$STARTUP \ && echo 'printenv >/etc/remoteinstaller/environment' >>$STARTUP \ -&& echo mkdir /run/systemd/system >>$STARTUP \ -&& echo nohup /usr/lib/systemd/systemd --system '&>/dev/null &' >>$STARTUP \ +&& echo 'mkdir /run/systemd/system' >>$STARTUP \ +&& echo 'nohup /usr/lib/systemd/systemd --system' '&>/dev/null &' >>$STARTUP \ && echo "echo -e \"\$PW\n\$PW\n\n\" |passwd" >>$STARTUP \ && echo mount -o bind "$IMAGES_STORE" "$IMAGES_HTML" >>$STARTUP \ && echo 'sed -i "s/server.port = 80/server.port = $HTTPS_PORT/" /etc/lighttpd/lighttpd.conf' >>$STARTUP \ +&& echo 'sed -i "s/.*Port 22/Port $SSH_PORT/" /etc/ssh/sshd_config' >>$STARTUP \ # && echo "echo \\\$SERVER[\\\"sockets\\\"] == \\\"0.0.0.0:\$HTTPS_PORT {}\\\" >> /etc/lighttpd/lighttpd.conf" >>$STARTUP \ && echo python /lib/python2.7/site-packages/remoteinstaller-1.0-py2.7.egg/remoteinstaller/server/server.py \ - -H \$API_LISTEN_ADDR -P \$API_PORT -S \$HOST_ADDR \ - -C \$SERVER_CERT -K \$SERVER_KEY -c \$CLIENT_CERT -k \$CLIENT_KEY -A \$CA_CERT -d \ + -H \$API_LISTEN_ADDR -P \$API_PORT -S \$HOST_ADDR -T \$HTTPS_PORT \ + -C \$SERVER_CERT -K \$SERVER_KEY -c \$CLIENT_CERT -k \$CLIENT_KEY -A \$CA_CERT -d \& \ >>$STARTUP \ && echo 'while [ false ]; do sleep 5 ;done' >>$STARTUP \ && chmod +x $STARTUP diff --git a/scripts/start.sh b/scripts/start.sh index 1e3a6fe..d19af58 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -22,6 +22,7 @@ BASE_DIR="" CONT_NAME="remote-installer" EXT_IP="" HTTPS_PORT="443" +SSH_PORT="22222" IMG_NAME="remote-installer" ROOT_PW="root" @@ -37,15 +38,17 @@ help() echo -e "$(basename $0) [-h -a -c -i -r -s ] -b -e " echo -e " -h display this help" echo -e " -a rest API port, default $API_PORT" - echo -e " -c container name, default $CONT_NAME" echo -e " -b base directory, which contains images, certificates, etc." + echo -e " -c container name, default $CONT_NAME" + echo -e " -d use docker bridged networking, default host" echo -e " -e external ip address of the docker" - echo -e " -i secure https port, default $IMG_NAME" + echo -e " -i image name, default $IMG_NAME" + echo -e " -l login port for ssh, default $SSH_NAME" echo -e " -p root password, default $ROOT_PW" echo -e " -s secure https port, default $HTTPS_PORT" } -while getopts "ha:b:e:s:c:p:i:" arg; do +while getopts "ha:b:de:l:s:c:p:i:" arg; do case $arg in h) help @@ -72,6 +75,12 @@ while getopts "ha:b:e:s:c:p:i:" arg; do p) ROOT_PW="$OPTARG" ;; + l) + SSH_PORT="$OPTARG" + ;; + d) + DOCKER_BRIDGE="YES" + ;; *) error "Unknow argument!" showhelp ;; @@ -81,14 +90,34 @@ done [ -n "$EXT_IP" ] || error "No external IP defined!" showhelp [ -n "$BASE_DIR" ] || error "No base directory defined!" showhelp -cont_id="$(docker run --detach --rm --privileged \ - --env API_PORT="$API_PORT" \ - --env HOST_ADDR="$EXT_IP" \ - --env HTTPS_PORT="$HTTPS_PORT" \ - --env PW="$ROOT_PW" \ - --volume "$BASE_DIR":/opt/remoteinstaller --publish "$HTTPS_PORT":"$HTTPS_PORT" -p 2049:2049 -p "$API_PORT":"$API_PORT" --name "$CONT_NAME" "$IMG_NAME")" \ - || error "failed to start container" +DOCKER_ENV="--env API_PORT=$API_PORT \ + --env HOST_ADDR=$EXT_IP \ + --env HTTPS_PORT=$HTTPS_PORT \ + --env PW=$ROOT_PW \ + --env SSH_PORT=$SSH_PORT " + + +if [ -n "$DOCKER_BRIDGE" ] +then + echo -e "Start container with bridged networking..." + cont_id="$(docker run --detach --rm --privileged \ + $DOCKER_ENV \ + --network=bridge \ + --volume "$BASE_DIR":/opt/remoteinstaller \ + --publish "$HTTPS_PORT":"$HTTPS_PORT" --publish 2049:2049 --publish "$API_PORT":"$API_PORT" \ + --name "$CONT_NAME" "$IMG_NAME")" \ + || error "failed to start container" + echo -e "IP : $(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$cont_id")" +else + echo -e "Start container with host networking..." + cont_id="$(docker run --detach --rm --privileged \ + $DOCKER_ENV \ + --network=host \ + --volume "$BASE_DIR":/opt/remoteinstaller \ + --name "$CONT_NAME" "$IMG_NAME")" \ + || error "failed to start container" +fi echo -e "Container successfully started" echo -e "ID : $cont_id" -echo -e "IP : $(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' "$cont_id")" +echo -e "Using ssh port : $SSH_PORT" -- 2.16.6