Setup rancher user and ssh

scripts/dockerimages/00-base

@@ -23,4 +23,4 @@ RUN rm /sbin/poweroff /sbin/reboot /sbin/halt && \
     passwd -l root && \
     addgroup docker && \
     addgroup sudo && \
-    echo '%sudo ALL=(ALL) ALL' > /etc/sudoers.d/sudo-group
+    echo '%sudo ALL=(ALL) ALL' >> /etc/sudoers

scripts/dockerimages/06-console

@@ -1,8 +1,9 @@
 FROM base
 COPY scripts/dockerimages/scripts/console.sh /usr/sbin/
-RUN adduser -g rancher -G sudo -D -h /home/rancher -s /bin/bash rancher && \
+RUN echo 'set bell-style none' > /etc/inputrc && \
+    adduser -g rancher -G sudo -D -h /home/rancher -s /bin/bash rancher && \
     sed -i 's/\(docker.*\)/\1rancher/g' /etc/group && \
     sed -i 's/rancher.*/rancher:rixbL64o6zGmY:16486:0:99999:7:::/g' /etc/shadow && \
-    mkdir -p /home/rancher && \
+    echo '## allow password less for rancher user' >> /etc/sudoers && \
-    chmod 2755 /home/rancher
+    echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
 CMD ["/usr/sbin/console.sh"]

scripts/dockerimages/scripts/console.sh

@@ -1,27 +1,37 @@
-#!/bin/sh
+#!/bin/bash
-# Test
+set -e
 
 CLOUD_CONFIG_FILE=/var/lib/rancher/cloud-config
 
+setup_ssh()
+{
+    for i in rsa dsa ecdsa ed25519; do
+        local output=/etc/ssh/ssh_host_${i}_key
+        if [ ! -e $output ]; then
+            local saved="$(rancherctl config get ssh.keys.${i})"
+            local pub="$(rancherctl config get ssh.keys.${i}-pub)"
+
+            if [[ -n "$saved" && -n "$pub" ]]; then
+                (
+                    umask 477
+                    echo "$saved" > ${output}
+                    echo "$pub" > ${output}.pub
+                )
+            else
+                ssh-keygen -f $output -N '' -t $i
+                rancherctl config set -- ssh.keys.${i} "$(<${output})"
+                rancherctl config set -- ssh.keys.${i}-pub "$(<${output}.pub)"
+            fi
+        fi
+    done
+}
+
+
 if [ -s $CLOUD_CONFIG_FILE ]; then
 	cloud-init --from-file $CLOUD_CONFIG_FILE
 fi
 
-for i in rsa dsa ecdsa ed25519; do
+setup_ssh
-    OUTPUT=/etc/ssh/ssh_host_${i}_key
-    if [ ! -e $OUTPUT ]; then
-        ssh-keygen -f $OUTPUT -N '' -t $i
-    fi
-done
-
-RANCER_HOME=/home/rancher
-if [ ! -d ${RANCER_HOME} ]; then
-    mkdir -p ${RANCER_HOME}
-    chown rancher:rancher ${RANCER_HOME}
-    chmod 2755 ${RANCER_HOME}
-fi
-
-chown root:docker /var/run/docker.sock /var/run/system-docker.sock
 
 cat > /etc/respawn.conf << EOF
 /sbin/getty 115200 tty1
@@ -33,4 +43,11 @@ cat > /etc/respawn.conf << EOF
 /usr/sbin/sshd -D
 EOF
 
+RANCHER_HOME=/home/rancher
+if [ ! -d ${RANCHER_HOME} ]; then
+    mkdir -p ${RANCHER_HOME}
+    chown rancher:rancher ${RANCHER_HOME}
+    chmod 2755 ${RANCHER_HOME}
+fi
+
 exec respawn -f /etc/respawn.conf

scripts/dockerimages/scripts/docker.sh

@@ -42,7 +42,7 @@ if [ "$USE_TLS" == "true" ]; then
     rancherctl config set -- userdocker.tls_server_cert "$TLS_SERVER_CERT"
     rancherctl config set -- userdocker.tls_server_key "$TLS_SERVER_KEY"
 
-    exec docker -d -s overlay --tlsverify --tlscacert=$TLS_PATH/ca.pem --tlscert=$TLS_PATH/server-cert.pem --tlskey=$TLS_PATH/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock
+    exec docker -d -s overlay --tlsverify --tlscacert=$TLS_PATH/ca.pem --tlscert=$TLS_PATH/server-cert.pem --tlskey=$TLS_PATH/server-key.pem -H=0.0.0.0:2376 -H=unix:///var/run/docker.sock -G docker
 else
-    exec docker -d -s overlay
+    exec docker -d -s overlay -G docker
 fi