diff --git a/scripts/dockerimages/00-base b/scripts/dockerimages/00-base index 470308a2..9833fbed 100644 --- a/scripts/dockerimages/00-base +++ b/scripts/dockerimages/00-base @@ -23,4 +23,4 @@ RUN rm /sbin/poweroff /sbin/reboot /sbin/halt && \ passwd -l root && \ addgroup docker && \ addgroup sudo && \ - echo '%sudo ALL=(ALL) ALL' > /etc/sudoers.d/sudo-group + echo '%sudo ALL=(ALL) ALL' >> /etc/sudoers diff --git a/scripts/dockerimages/06-console b/scripts/dockerimages/06-console index 294f744d..ef006668 100644 --- a/scripts/dockerimages/06-console +++ b/scripts/dockerimages/06-console @@ -1,8 +1,9 @@ FROM base COPY scripts/dockerimages/scripts/console.sh /usr/sbin/ -RUN adduser -g rancher -G sudo -D -h /home/rancher -s /bin/bash rancher && \ +RUN echo 'set bell-style none' > /etc/inputrc && \ + adduser -g rancher -G sudo -D -h /home/rancher -s /bin/bash rancher && \ sed -i 's/\(docker.*\)/\1rancher/g' /etc/group && \ sed -i 's/rancher.*/rancher:rixbL64o6zGmY:16486:0:99999:7:::/g' /etc/shadow && \ - mkdir -p /home/rancher && \ - chmod 2755 /home/rancher + echo '## allow password less for rancher user' >> /etc/sudoers && \ + echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers CMD ["/usr/sbin/console.sh"] diff --git a/scripts/dockerimages/scripts/console.sh b/scripts/dockerimages/scripts/console.sh index 5ac7fc69..c83ffaad 100755 --- a/scripts/dockerimages/scripts/console.sh +++ b/scripts/dockerimages/scripts/console.sh @@ -1,27 +1,37 @@ -#!/bin/sh -# Test +#!/bin/bash +set -e CLOUD_CONFIG_FILE=/var/lib/rancher/cloud-config +setup_ssh() +{ + for i in rsa dsa ecdsa ed25519; do + local output=/etc/ssh/ssh_host_${i}_key + if [ ! -e $output ]; then + local saved="$(rancherctl config get ssh.keys.${i})" + local pub="$(rancherctl config get ssh.keys.${i}-pub)" + + if [[ -n "$saved" && -n "$pub" ]]; then + ( + umask 477 + echo "$saved" > ${output} + echo "$pub" > ${output}.pub + ) + else + ssh-keygen -f $output -N '' -t $i + rancherctl config set -- ssh.keys.${i} "$(<${output})" + rancherctl config set -- ssh.keys.${i}-pub "$(<${output}.pub)" + fi + fi + done +} + + if [ -s $CLOUD_CONFIG_FILE ]; then cloud-init --from-file $CLOUD_CONFIG_FILE fi -for i in rsa dsa ecdsa ed25519; do - OUTPUT=/etc/ssh/ssh_host_${i}_key - if [ ! -e $OUTPUT ]; then - ssh-keygen -f $OUTPUT -N '' -t $i - fi -done - -RANCER_HOME=/home/rancher -if [ ! -d ${RANCER_HOME} ]; then - mkdir -p ${RANCER_HOME} - chown rancher:rancher ${RANCER_HOME} - chmod 2755 ${RANCER_HOME} -fi - -chown root:docker /var/run/docker.sock /var/run/system-docker.sock +setup_ssh cat > /etc/respawn.conf << EOF /sbin/getty 115200 tty1 @@ -33,4 +43,11 @@ cat > /etc/respawn.conf << EOF /usr/sbin/sshd -D EOF +RANCHER_HOME=/home/rancher +if [ ! -d ${RANCHER_HOME} ]; then + mkdir -p ${RANCHER_HOME} + chown rancher:rancher ${RANCHER_HOME} + chmod 2755 ${RANCHER_HOME} +fi + exec respawn -f /etc/respawn.conf diff --git a/scripts/dockerimages/scripts/docker.sh b/scripts/dockerimages/scripts/docker.sh index 21a149fa..518536e5 100755 --- a/scripts/dockerimages/scripts/docker.sh +++ b/scripts/dockerimages/scripts/docker.sh @@ -42,7 +42,7 @@ if [ "$USE_TLS" == "true" ]; then rancherctl config set -- userdocker.tls_server_cert "$TLS_SERVER_CERT" rancherctl config set -- userdocker.tls_server_key "$TLS_SERVER_KEY" - exec docker -d -s overlay --tlsverify --tlscacert=$TLS_PATH/ca.pem --tlscert=$TLS_PATH/server-cert.pem --tlskey=$TLS_PATH/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock + exec docker -d -s overlay --tlsverify --tlscacert=$TLS_PATH/ca.pem --tlscert=$TLS_PATH/server-cert.pem --tlskey=$TLS_PATH/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock -G docker else - exec docker -d -s overlay + exec docker -d -s overlay -G docker fi