Setup rancher user and ssh

2025-09-02 07:15:41 +00:00 · 2015-02-21 00:34:57 -07:00
parent d77e8f42f0
commit 0a6f902f69
4 changed files with 41 additions and 23 deletions
--- a/scripts/dockerimages/scripts/console.sh
+++ b/scripts/dockerimages/scripts/console.sh
@@ -1,27 +1,37 @@
-#!/bin/sh
-# Test
+#!/bin/bash
+set -e

 CLOUD_CONFIG_FILE=/var/lib/rancher/cloud-config

+setup_ssh()
+{
+    for i in rsa dsa ecdsa ed25519; do
+        local output=/etc/ssh/ssh_host_${i}_key
+        if [ ! -e $output ]; then
+            local saved="$(rancherctl config get ssh.keys.${i})"
+            local pub="$(rancherctl config get ssh.keys.${i}-pub)"
+
+            if [[ -n "$saved" && -n "$pub" ]]; then
+                (
+                    umask 477
+                    echo "$saved" > ${output}
+                    echo "$pub" > ${output}.pub
+                )
+            else
+                ssh-keygen -f $output -N '' -t $i
+                rancherctl config set -- ssh.keys.${i} "$(<${output})"
+                rancherctl config set -- ssh.keys.${i}-pub "$(<${output}.pub)"
+            fi
+        fi
+    done
+}
+
+
 if [ -s $CLOUD_CONFIG_FILE ]; then
 	cloud-init --from-file $CLOUD_CONFIG_FILE
 fi

-for i in rsa dsa ecdsa ed25519; do
-    OUTPUT=/etc/ssh/ssh_host_${i}_key
-    if [ ! -e $OUTPUT ]; then
-        ssh-keygen -f $OUTPUT -N '' -t $i
-    fi
-done
-
-RANCER_HOME=/home/rancher
-if [ ! -d ${RANCER_HOME} ]; then
-    mkdir -p ${RANCER_HOME}
-    chown rancher:rancher ${RANCER_HOME}
-    chmod 2755 ${RANCER_HOME}
-fi
-
-chown root:docker /var/run/docker.sock /var/run/system-docker.sock
+setup_ssh

 cat > /etc/respawn.conf << EOF
 /sbin/getty 115200 tty1
@@ -33,4 +43,11 @@ cat > /etc/respawn.conf << EOF
 /usr/sbin/sshd -D
 EOF

+RANCHER_HOME=/home/rancher
+if [ ! -d ${RANCHER_HOME} ]; then
+    mkdir -p ${RANCHER_HOME}
+    chown rancher:rancher ${RANCHER_HOME}
+    chmod 2755 ${RANCHER_HOME}
+fi
+
 exec respawn -f /etc/respawn.conf
--- a/scripts/dockerimages/scripts/docker.sh
+++ b/scripts/dockerimages/scripts/docker.sh
@@ -42,7 +42,7 @@ if [ "$USE_TLS" == "true" ]; then
    rancherctl config set -- userdocker.tls_server_cert "$TLS_SERVER_CERT"
    rancherctl config set -- userdocker.tls_server_key "$TLS_SERVER_KEY"

-    exec docker -d -s overlay --tlsverify --tlscacert=$TLS_PATH/ca.pem --tlscert=$TLS_PATH/server-cert.pem --tlskey=$TLS_PATH/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock
+    exec docker -d -s overlay --tlsverify --tlscacert=$TLS_PATH/ca.pem --tlscert=$TLS_PATH/server-cert.pem --tlskey=$TLS_PATH/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock -G docker
 else
-    exec docker -d -s overlay
+    exec docker -d -s overlay -G docker
 fi