rancher/os
1
0
Fork 1
mirror of https://github.com/rancher/os.git synced 2025-08-17 14:28:16 +00:00
Code Issues Releases Wiki Activity

Generate sshd_config by go template

Browse Source
This commit is contained in:
niusmallnan 2019-02-05 14:05:18 +08:00 committed by niusmallnan
parent a297f83177
commit cb1e6cc1d1
3 changed files with 34 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
cmd/control/console_init.go
View File

@ -7,9 +7,10 @@ import (
"os" "os"
"os/exec" "os/exec"
"path" "path"
"regexp" "strconv"
"strings" "strings"
"syscall" "syscall"
"text/template"
"github.com/rancher/os/cmd/cloudinitexecute" "github.com/rancher/os/cmd/cloudinitexecute"
"github.com/rancher/os/config" "github.com/rancher/os/config"
@ -318,37 +319,26 @@ func writeRespawn(user string, sshd, recovery bool) error {
} }
func modifySshdConfig(cfg *config.CloudConfig) error { func modifySshdConfig(cfg *config.CloudConfig) error {
sshdConfig, err := ioutil.ReadFile("/etc/ssh/sshd_config") os.Remove("/etc/ssh/sshd_config")
sshdTpl, err := template.ParseFiles("/etc/ssh/sshd_config.tpl")
if err != nil { if err != nil {
return err return err
} }
sshdConfigString := string(sshdConfig) f, err := os.OpenFile("/etc/ssh/sshd_config", os.O_WRONLY|os.O_CREATE, 0644)
if err != nil {
modifiedLines := []string{ return err
"UseDNS no",
"PermitRootLogin no",
"ServerKeyBits 2048",
"AllowGroups docker",
} }
defer f.Close()
config := map[string]string{}
if cfg.Rancher.SSH.Port > 0 && cfg.Rancher.SSH.Port < 65355 { if cfg.Rancher.SSH.Port > 0 && cfg.Rancher.SSH.Port < 65355 {
modifiedLines = append(modifiedLines, fmt.Sprintf("Port %d", cfg.Rancher.SSH.Port)) config["Port"] = strconv.Itoa(cfg.Rancher.SSH.Port)
} }
if cfg.Rancher.SSH.ListenAddress != "" { if cfg.Rancher.SSH.ListenAddress != "" {
modifiedLines = append(modifiedLines, fmt.Sprintf("ListenAddress %s", cfg.Rancher.SSH.ListenAddress)) config["ListenAddress"] = cfg.Rancher.SSH.ListenAddress
} }
for _, item := range modifiedLines { return sshdTpl.Execute(f, config)
match, err := regexp.Match("^"+item, sshdConfig)
if err != nil {
return err
}
if !match {
sshdConfigString += fmt.Sprintf("%s\n", item)
}
}
return ioutil.WriteFile("/etc/ssh/sshd_config", []byte(sshdConfigString), 0644)
} }
func setupSSH(cfg *config.CloudConfig) error { func setupSSH(cfg *config.CloudConfig) error {

9
images/02-console/Dockerfile
View File

@ -1,10 +1,13 @@
FROM rancher/os-base FROM rancher/os-base
COPY build/lsb-release /etc/ COPY build/lsb-release /etc/
COPY build/sshd_config.append.tpl /etc/ssh/
COPY prompt.sh /etc/profile.d/
RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \ RUN sed -i 's/rancher:!/rancher:*/g' /etc/shadow && \
sed -i 's/docker:!/docker:*/g' /etc/shadow && \ sed -i 's/docker:!/docker:*/g' /etc/shadow && \
sed -i 's/#ClientAliveInterval 0/ClientAliveInterval 180/g' /etc/ssh/sshd_config && \
echo '## allow password less for rancher user' >> /etc/sudoers && \ echo '## allow password less for rancher user' >> /etc/sudoers && \
echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \ echo 'rancher ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \
echo '## allow password less for docker user' >> /etc/sudoers && \ echo '## allow password less for docker user' >> /etc/sudoers && \
echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers echo 'docker ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers && \
COPY prompt.sh /etc/profile.d/ cat /etc/ssh/sshd_config > /etc/ssh/sshd_config.tpl && \
cat /etc/ssh/sshd_config.append.tpl >> /etc/ssh/sshd_config.tpl && \
rm -f /etc/ssh/sshd_config.append.tpl /etc/ssh/sshd_config

16
images/02-console/prebuild.sh
View File

@ -13,3 +13,19 @@ DISTRIB_ID=${DISTRIB_ID}
DISTRIB_RELEASE=${VERSION} DISTRIB_RELEASE=${VERSION}
DISTRIB_DESCRIPTION="${DISTRIB_ID} ${VERSION}" DISTRIB_DESCRIPTION="${DISTRIB_ID} ${VERSION}"
EOF EOF
cat > ./build/sshd_config.append.tpl << EOF
{{- if .Port}}
Port {{.Port}}
{{- end}}
{{- if .ListenAddress}}
ListenAddress {{.ListenAddress}}
{{- end}}
ClientAliveInterval 180
UseDNS no
PermitRootLogin no
AllowGroups docker
EOF