diff --git a/.env b/.env new file mode 100644 index 0000000..81e38e6 --- /dev/null +++ b/.env @@ -0,0 +1 @@ +NETWORK_SUBNET=192.168.100.0/24 \ No newline at end of file diff --git a/compose/client-entrypoint.sh b/compose/client-entrypoint.sh deleted file mode 100755 index b035d92..0000000 --- a/compose/client-entrypoint.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -function test_conn() { - cqlsh $1 -e 'quit'; - while [ $? -ne 0 ]; - do echo "cqlsh not ready on $1"; - sleep 30; - cqlsh $1 -e 'quit'; - done -} - -function select_all() { - echo `cqlsh $1 -e 'SELECT * FROM system.local;'` -} - -echo "Updating packages" -apt update - -echo "Installing network utils" -apt -y install iproute2 net-tools iputils-ping - -echo "Installing Python 3" -apt -y install python3 python3-pip - -echo "Installing cqlsh" -pip install -U cqlsh - -echo "Testing cqlsh" -test_conn zdm-proxy-automation_proxy_1 - -echo "Running SELECT statement" -select_all zdm-proxy-automation_proxy_1 - -echo "Ready" -tail -F /dev/null # keeps container running \ No newline at end of file diff --git a/compose/jumphost-entrypoint.sh b/compose/jumphost-entrypoint.sh deleted file mode 100755 index 7278ab0..0000000 --- a/compose/jumphost-entrypoint.sh +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/bash - -export PATH="/root/.local/bin/:$PATH" -export DEBIAN_FRONTEND=noninteractive -export TZ=America/New_York - -function test_conn() { - gosu ubuntu ssh -q "ubuntu@$1" exit - while [ $? -ne 0 ]; - do echo "ssh not ready on $1"; - sleep 5; - gosu ubuntu ssh -q "ubuntu@$1" exit; - done -} - -function scan_key() { - ssh-keyscan "$1" >> /home/ubuntu/.ssh/known_hosts - while [ $? -ne 0 ]; - do sleep 5; - echo "rescanning keys on $1"; - ssh-keyscan "$1" >> /home/ubuntu/.ssh/known_hosts; - done -} - -function get_ip() { - dig +short "$1" -} - -# Skip setup step if ubuntu user already exists -if ! id "ubuntu" &>/dev/null; then - echo "Updating packages" - apt update - - echo "Installing network utils" - apt -y install iproute2 net-tools iputils-ping dnsutils gettext-base - - echo "Installing OpenSSH" - apt -y install openssh-server - - echo "Installing gosu" - apt -y install gosu - - echo "Creating ubuntu user" - useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1001 ubuntu - - echo "Starting SSH server" - /etc/init.d/ssh start - - echo "Generating SSH key pair" - gosu ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa - cp -rf /home/ubuntu/.ssh/id_rsa.pub /run/keys/ - cat /home/ubuntu/.ssh/id_rsa.pub >> /home/ubuntu/.ssh/authorized_keys - - echo "Adding proxy servers to SSH known_hosts" - gosu ubuntu touch /home/ubuntu/.ssh/known_hosts - - scan_key zdm-proxy-automation_jumphost_1 - scan_key zdm-proxy-automation_proxy_1 - scan_key zdm-proxy-automation_proxy_2 - scan_key zdm-proxy-automation_proxy_3 - - test_conn zdm-proxy-automation_proxy_1 - test_conn zdm-proxy-automation_proxy_2 - test_conn zdm-proxy-automation_proxy_3 - - # remove shared keys once applied to remote servers - rm /run/keys/*.pub - - echo "Installing Python 3" - apt -y install python3 python3-pip - - echo "Installing Ansible" - python3 -m pip install ansible -fi - -echo "Starting SSH server" -/etc/init.d/ssh start - -test_conn zdm-proxy-automation_proxy_1 -test_conn zdm-proxy-automation_proxy_2 -test_conn zdm-proxy-automation_proxy_3 - -export PROXY_IP_1=$(get_ip zdm-proxy-automation_proxy_1) -export PROXY_IP_2=$(get_ip zdm-proxy-automation_proxy_2) -export PROXY_IP_3=$(get_ip zdm-proxy-automation_proxy_3) -export JUMPHOST_IP=$(get_ip zdm-proxy-automation_jumphost_1) - -cd /opt/zdm-proxy-automation || return - -echo "Setting up Inventory file" -envsubst < compose/zdm_ansible_inventory > ansible/zdm_ansible_inventory - -echo "Overwriting ansible.cfg" -printf "[ssh_connection]\nssh_args = -o StrictHostKeyChecking=no\n" > ansible/ansible.cfg - -cd ansible || return - -gosu ubuntu ansible-playbook deploy_zdm_proxy.yml -i zdm_ansible_inventory \ - -e "origin_cassandra_username=foo" \ - -e "origin_cassandra_password=foo" \ - -e "target_cassandra_username=foo" \ - -e "target_cassandra_password=foo" \ - -e "origin_cassandra_contact_points=zdm-proxy-automation_origin_1" \ - -e "origin_cassandra_port=9042" \ - -e "target_cassandra_contact_points=zdm-proxy-automation_target_1" \ - -e "target_cassandra_port=9042" \ - -e "proxy_query_address=0.0.0.0" - -echo "Ready" -tail -F /dev/null # keeps container running \ No newline at end of file diff --git a/compose/proxy-entrypoint.sh b/compose/proxy-entrypoint.sh deleted file mode 100755 index b7150d1..0000000 --- a/compose/proxy-entrypoint.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -# Skip setup step if ubuntu user already exists -if ! id "ubuntu" &>/dev/null; then - echo "Updating packages" - apt update - - echo "Installing OpenSSH" - export DEBIAN_FRONTEND=noninteractive - export TZ=America/New_York - apt -y install openssh-server - - echo "Installing gosu" - apt -y install gosu sudo - - echo "Installing iproute2" - apt -y install iproute2 - - echo "Creating ubuntu user" - useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1001 ubuntu - - echo "Set up passwordless sudo for Ansible" - echo "ubuntu ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers - - echo "Disable password auth" - sed -i s/^#PasswordAuthentication\ yes/PasswordAuthentication\ no/ /etc/ssh/sshd_config - - echo "Installing SSH public key" - gosu ubuntu mkdir -p /home/ubuntu/.ssh/ - gosu ubuntu touch /home/ubuntu/.ssh/authorized_keys - # wait for key pair to be created in the jumphost - while [ ! -f /run/keys/*.pub ]; do echo "SSH key not ready" && sleep 5; done - cat /run/keys/*.pub > /home/ubuntu/.ssh/authorized_keys - - echo "Creating shared assets folder" - mkdir -p /home/ubuntu/shared_assets -fi - -echo "Starting SSH server" -/etc/init.d/ssh start - -echo "Starting Docker daemon" -dockerd &> /var/log/dockerd & - -echo "Ready" -tail -F /dev/null # keeps container running \ No newline at end of file diff --git a/compose/zdm_ansible_inventory b/compose/zdm_ansible_inventory deleted file mode 100644 index 9af9b5e..0000000 --- a/compose/zdm_ansible_inventory +++ /dev/null @@ -1,7 +0,0 @@ -[proxies] -$PROXY_IP_1 ansible_connection=ssh ansible_user=ubuntu -$PROXY_IP_2 ansible_connection=ssh ansible_user=ubuntu -$PROXY_IP_3 ansible_connection=ssh ansible_user=ubuntu - -[monitoring] -$JUMPHOST_IP ansible_connection=ssh ansible_user=ubuntu \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 29a4125..3455ac1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,56 +7,60 @@ networks: ipam: driver: default config: - - subnet: 192.168.100.0/24 + - subnet: $NETWORK_SUBNET services: origin: image: cassandra:3.11 restart: unless-stopped + environment: + - CASSANDRA_CLUSTER_NAME='origin_cluster' + - CASSANDRA_NUM_TOKENS=32 + - CASSANDRA_DC=datacenter1 + - CASSANDRA_ENDPOINT_SNITCH=GossipingPropertyFileSnitch networks: proxy: target: image: cassandra:4.0 restart: unless-stopped + environment: + - CASSANDRA_CLUSTER_NAME='target_cluster' + - CASSANDRA_DC=datacenter1 + - CASSANDRA_ENDPOINT_SNITCH=GossipingPropertyFileSnitch networks: proxy: proxy: - image: thesoul/ubuntu-dind:docker-20.10.12 + build: ./docker-compose/services/proxy restart: unless-stopped tty: true privileged: true volumes: - - .:/opt/zdm-proxy-automation - - ./compose/keys:/run/keys - entrypoint: - - /opt/zdm-proxy-automation/compose/proxy-entrypoint.sh + - ./docker-compose/services/proxy/proxy-entrypoint.sh:/usr/bin/proxy-entrypoint.sh + - ./docker-compose/share:/run/zdm-proxy-automation/ networks: proxy: - deploy: - mode: replicated - replicas: 3 jumphost: - image: ubuntu:20.04 + build: ./docker-compose/services/jumphost restart: unless-stopped tty: true + environment: + - CIDR_IP_SUBNET=$NETWORK_SUBNET volumes: - - .:/opt/zdm-proxy-automation - - ./compose/keys:/run/keys - entrypoint: - - /opt/zdm-proxy-automation/compose/jumphost-entrypoint.sh + - ./docker-compose/services/jumphost/jumphost-entrypoint.sh:/usr/bin/jumphost-entrypoint.sh + - ./docker-compose/share:/run/zdm-proxy-automation/ + - ./ansible/:/opt/zdm-proxy-automation/ansible/ networks: proxy: client: - image: ubuntu:20.04 + build: ./docker-compose/services/client restart: unless-stopped tty: true volumes: - - .:/opt/zdm-proxy-automation - entrypoint: - - /opt/zdm-proxy-automation/compose/client-entrypoint.sh + - ./docker-compose/services/client/client-entrypoint.sh:/usr/bin/client-entrypoint.sh + - ./docker-compose/share:/run/zdm-proxy-automation/ networks: proxy: \ No newline at end of file diff --git a/docker-compose/services/client/Dockerfile b/docker-compose/services/client/Dockerfile new file mode 100644 index 0000000..a1f3537 --- /dev/null +++ b/docker-compose/services/client/Dockerfile @@ -0,0 +1,23 @@ +FROM ubuntu:20.04 + +ENV ZDM_PROXY_RUN /run/zdm-proxy-automation +ENV HOSTS_FILE ${ZDM_PROXY_RUN}/hostsfile + +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get -y install \ + iproute2 \ + net-tools \ + iputils-ping \ + python3 \ + python3-pip \ + tzdata + +RUN python3 -m pip install -U cqlsh + +# Fix timezone in client +RUN ln -fs /usr/share/zoneinfo/Australia/Sydney /etc/localtime && \ + dpkg-reconfigure -f noninteractive tzdata + +ENTRYPOINT ["client-entrypoint.sh"] +CMD [""] \ No newline at end of file diff --git a/docker-compose/services/client/client-entrypoint.sh b/docker-compose/services/client/client-entrypoint.sh new file mode 100755 index 0000000..05f7e90 --- /dev/null +++ b/docker-compose/services/client/client-entrypoint.sh @@ -0,0 +1,144 @@ +#!/bin/bash + +INSERT_DML="INSERT INTO test_keyspace.test_table (id, window_day, read_minute, value)" + +function get_host_info() { + host_var_name=$1 + + echo "Getting info for entry '$host_var_name'" + while [ ! -f ${HOSTS_FILE} ] + do + echo "Waitng for $HOSTS_FILE to be created, trying again in 20s" + sleep 20 + done + + get_host_info_result=$(grep "$host_var_name" $HOSTS_FILE) + while [ "$get_host_info_result" = "" ] + do + echo "no '$host_var_name' entry found in hostsfile, trying again in 20s" + sleep 20 + get_host_info_result=$(grep "$host_var_name" $HOSTS_FILE) + done +} + +function test_conn() { + cqlsh $1 -e 'quit;' + while [ $? -ne 0 ] + do echo "cqlsh not ready on $1" + sleep 30 + cqlsh $1 -e 'quit;' + done +} + +function get_window_day() { + date +%Y%m%d +} + +function get_read_minute() { + date +%H%M +} + +function execute_cql_statement() { + # 1 - executing host + # 2 - CQL statement + cqlsh $1 -e "$2" 2>/dev/null +} + +function create_schema_origin() { + create_schema "$cassandra_origin_host" "datacenter1" +} + +function create_schema_target() { + create_schema "$cassandra_target_host" "replication_factor" +} + +function create_schema() { + # 1 - executing host + # 2 - datacenter replication + local cqlsh_statement=$(cat << HEREDOC_CQL +CREATE KEYSPACE IF NOT EXISTS test_keyspace + WITH REPLICATION = { 'class' : 'NetworkTopologyStrategy', '$2' : 1 }; +CREATE TABLE IF NOT EXISTS test_keyspace.test_table( + id int, + window_day int, + read_minute int, + value text, + PRIMARY KEY ((id, window_day), read_minute) + ); +HEREDOC_CQL +) + execute_cql_statement $1 "$cqlsh_statement" +} + +function insert_historical_data() { + # 1 - executing host + local window_day=$(get_window_day) + local cqlsh_statement=$(cat << HEREDOC_CQL +$INSERT_DML VALUES (1, $window_day, 0000, '$RANDOM'); +$INSERT_DML VALUES (1, $window_day, 0001, '$RANDOM'); +$INSERT_DML VALUES (1, $window_day, 0002, '$RANDOM'); +$INSERT_DML VALUES (1, $window_day, 0003, '$RANDOM'); +$INSERT_DML VALUES (1, $window_day, 0004, '$RANDOM'); +$INSERT_DML VALUES (1, $window_day, 0005, '$RANDOM'); +HEREDOC_CQL +) + execute_cql_statement $1 "$cqlsh_statement" +} + +function insert_live_data() { + # 1 - executing host + local window_day=$(get_window_day) + local read_minute=$(get_read_minute) + local data_value=$RANDOM + echo "Inserting data: window_day=$window_day read_minute=$read_minute value=$data_value" + execute_cql_statement $1 "$INSERT_DML VALUES (1, $window_day, $read_minute, '$data_value');" +} + +function select_data() { + # 1 - executing host + local window_day=$(get_window_day) + echo "Reading data from $1: window_day=$window_day" + execute_cql_statement $1 "SELECT * FROM test_keyspace.test_table WHERE id=1 AND window_day=$window_day;" +} + +for var_name in "CASSANDRA_ORIGIN" "CASSANDRA_TARGET" "PROXY_1" +do + get_host_info_result="" + get_host_info $var_name + + host_var_name="$(tr '[:upper:]' '[:lower:]' <<<$var_name)_host" + + eval $host_var_name=$(cut -d':' -f2 <<<"$get_host_info_result") +done + +echo "Testing cqlsh to $proxy_1_host" +test_conn $proxy_1_host + +echo "Creating schema on $cassandra_origin_host" +create_schema_origin + +echo "Creating schema on $cassandra_target_host" +create_schema_target + +echo "Adding historical data to $cassandra_origin_host" +insert_historical_data $cassandra_origin_host +select_data $cassandra_origin_host + +sleep 10 + +echo +echo +echo "===== Running proxy test =====" +while true +do + echo + insert_live_data $proxy_1_host + select_data $proxy_1_host + select_data $cassandra_origin_host + select_data $cassandra_target_host + echo "==============================" + sleep 60 +done + +echo "Ready" +tail -F /dev/null # keeps container running \ No newline at end of file diff --git a/docker-compose/services/jumphost/Dockerfile b/docker-compose/services/jumphost/Dockerfile new file mode 100644 index 0000000..fae12c6 --- /dev/null +++ b/docker-compose/services/jumphost/Dockerfile @@ -0,0 +1,49 @@ +FROM ubuntu:20.04 + +ENV USER_NAME ubuntu +ENV USER_HOME /home/${USER_NAME} +ENV ZDM_PROXY_RUN /run/zdm-proxy-automation +ENV ZDM_PROXY_OPT /opt/zdm-proxy-automation +ENV KEY_DROP_DIR ${ZDM_PROXY_RUN}/key_drop +ENV HOSTS_FILE ${ZDM_PROXY_RUN}/hostsfile +ENV ZDM_ANSIBLE_INVENTORY_FILE ${ZDM_PROXY_OPT}/ansible/zdm_ansible_inventory + +RUN apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get -y install \ + iproute2 \ + net-tools \ + iputils-ping \ + nmap \ + dnsutils \ + gettext-base \ + openssh-server \ + gosu \ + python3 \ + python3-pip + +RUN python3 -m pip install ansible + +RUN useradd \ + -rm \ + -d ${USER_HOME} \ + -s /bin/bash \ + -g root \ + -G sudo \ + -u 1001 \ + ${USER_NAME} && \ + gosu ${USER_NAME} mkdir -p ${USER_HOME}/.ssh/ && \ + chown ${USER_NAME}:root ${USER_HOME}/.ssh/ && \ + chmod 700 ${USER_HOME}/.ssh/ && \ + gosu ${USER_NAME} touch ${USER_HOME}/.ssh/known_hosts + +RUN mkdir -p ${ZDM_PROXY_OPT} + +ENV CIDR_IP_SUBNET "" +ENV PROXY_IP_1 "" +ENV PROXY_IP_2 "" +ENV PROXY_IP_3 "" +ENV JUMPHOST_IP "" + +ENTRYPOINT ["jumphost-entrypoint.sh"] +CMD [""] \ No newline at end of file diff --git a/docker-compose/services/jumphost/jumphost-entrypoint.sh b/docker-compose/services/jumphost/jumphost-entrypoint.sh new file mode 100755 index 0000000..9caef10 --- /dev/null +++ b/docker-compose/services/jumphost/jumphost-entrypoint.sh @@ -0,0 +1,146 @@ +#!/bin/bash + +export PATH="/root/.local/bin/:$PATH" + +function get_host_info() { + host_search_name=$1 + + echo "Searching for '$host_search_name' hosts" + cidr_ip_subnet=${CIDR_IP_SUBNET} + if [ -z "$cidr_ip_subnet" ] + then + echo "getting subnet from eth0" + cidr_ip_subnet=$(ip addr show | grep "inet" | grep "eth0" | tr -s ' ' | cut -d' ' -f3) + fi + # formats each entry in the array as: : + get_host_info_results=( \ + $(nmap -sn $cidr_ip_subnet | \ + grep "proxy" | \ + cut -d' ' -f5,6 | \ + sed 's,\.proxy\ (\([0-9\.]*\)),:\1,' | \ + grep -e "${host_search_name}_[0-9]")) + + while [ ${#get_host_info_results[*]} -eq 0 ] + do + echo "no '$host_search_name' hosts found, trying again in 20s" + sleep 20 + get_host_info_results=( \ + $(nmap -sn $cidr_ip_subnet | \ + grep "proxy" | \ + cut -d' ' -f5,6 | \ + sed 's,\.proxy\ (\([0-9\.]*\)),:\1,' | \ + grep -e "${host_search_name}_[0-9]")) + done + echo "Found '$host_search_name' hosts:" + for host_info in ${get_host_info_results[*]} + do + echo " - ${host_info//:*/}: ${host_info//*:/}" + done +} + +function test_conn() { + echo "testing SSH connection on $1" + gosu ${USER_NAME} ssh -q "${USER_NAME}@$1" exit + while [ $? -ne 0 ] + do + echo "SSH not ready on $1, trying again in 20s" + sleep 20 + gosu ${USER_NAME} ssh -q "${USER_NAME}@$1" exit + done +} + +function scan_key() { + echo "scanning keys on $1" + ssh-keyscan "$1" >> ${USER_HOME}/.ssh/known_hosts + while [ $? -ne 0 ]; + do + echo "unable to find keys on $1, trying again in 20s" + sleep 20 + echo "rescanning keys on $1"; + ssh-keyscan "$1" >> ${USER_HOME}/.ssh/known_hosts + done +} + +function get_ip() { + dig +short "$1" +} + +echo "Creating hosts file" +echo -n > ${HOSTS_FILE} + +get_host_info_results=() +get_host_info "proxy" +proxy_host_info=(${get_host_info_results[*]}) + +get_host_info_results=() +get_host_info "origin" +origin_host_info=${get_host_info_results[0]} + +get_host_info_results=() +get_host_info "target" +target_host_info=${get_host_info_results[0]} + +for host_info in ${proxy_host_info[*]} +do + host_name=${host_info//:*/} + host_number=$(rev <<<${host_name} | cut -d'_' -f1) + echo "PROXY_${host_number}:${host_info}" >> ${HOSTS_FILE} +done +echo "CASSANDRA_ORIGIN:${origin_host_info}" >> ${HOSTS_FILE} +echo "CASSANDRA_TARGET:${target_host_info}" >> ${HOSTS_FILE} + +echo "Starting SSH server" +/etc/init.d/ssh start + +echo "Generating SSH key pair" +gosu ${USER_NAME} ssh-keygen -q -t rsa -N '' -f ${USER_HOME}/.ssh/id_rsa +mkdir -p ${KEY_DROP_DIR} && \ + cp -f ${USER_HOME}/.ssh/id_rsa.pub ${KEY_DROP_DIR}/ +cat ${USER_HOME}/.ssh/id_rsa.pub >> ${USER_HOME}/.ssh/authorized_keys + +scan_key jumphost +for host_info in ${proxy_host_info[*]} +do + scan_key ${host_info//:*/} +done + +for host_info in ${proxy_host_info[*]} +do + test_conn ${host_info//:*/} +done + +echo "Creating Inventory file" +echo -n > ${ZDM_ANSIBLE_INVENTORY_FILE} +{ + echo "[proxies]" + for host_info in ${proxy_host_info[*]} + do + echo "${host_info//*:/} ansible_connection=ssh ansible_user=${USER_NAME}" + done + echo + echo "[monitoring]" + echo "$(hostname -i) ansible_connection=ssh ansible_user=${USER_NAME}" +} >> ${ZDM_ANSIBLE_INVENTORY_FILE} + +# remove shared keys once applied to remote servers +rm -fr ${KEY_DROP_DIR}/ + +echo "Overwriting ansible.cfg" +gosu ${USER_NAME} cp ${ZDM_PROXY_OPT}/ansible/ansible.cfg ${ZDM_PROXY_OPT}/ansible/ansible.cfg.bak +echo "[ssh_connection]\nssh_args = -o StrictHostKeyChecking=no\n" > ${ZDM_PROXY_OPT}/ansible/ansible.cfg + +cd ${ZDM_PROXY_OPT}/ansible || exit 1 + +gosu ${USER_NAME} ansible-playbook deploy_zdm_proxy.yml -i zdm_ansible_inventory \ + -e "origin_cassandra_username=foo" \ + -e "origin_cassandra_password=foo" \ + -e "target_cassandra_username=foo" \ + -e "target_cassandra_password=foo" \ + -e "origin_cassandra_contact_points=${origin_host_info//:*/}" \ + -e "origin_cassandra_port=9042" \ + -e "target_cassandra_contact_points=${target_host_info//:*/}" \ + -e "target_cassandra_port=9042" \ + -e "forward_reads_to_target=false" + +echo "Ready" +tail -F /dev/null # keeps container running \ No newline at end of file diff --git a/docker-compose/services/proxy/Dockerfile b/docker-compose/services/proxy/Dockerfile new file mode 100644 index 0000000..701c29e --- /dev/null +++ b/docker-compose/services/proxy/Dockerfile @@ -0,0 +1,34 @@ +FROM thesoul/ubuntu-dind:docker-20.10.12 + +ENV USER_NAME ubuntu +ENV USER_HOME /home/${USER_NAME} +ENV ZDM_PROXY_RUN /run/zdm-proxy-automation +ENV KEY_DROP_DIR ${ZDM_PROXY_RUN}/key_drop + +RUN apt-get update && \ + apt-get -y install \ + openssh-server \ + gosu \ + sudo \ + iproute2 + +RUN useradd \ + -rm \ + -d ${USER_HOME} \ + -s /bin/bash \ + -g root \ + -G sudo \ + -u 1001 \ + ${USER_NAME} && \ + echo "${USER_NAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \ + sed -i 's,^#\(PasswordAuthentication\)\ yes,\1\ no,' /etc/ssh/sshd_config && \ + gosu ${USER_NAME} mkdir -p ${USER_HOME}/.ssh/ && \ + chown ${USER_NAME}:root ${USER_HOME}/.ssh/ && \ + chmod 700 ${USER_HOME}/.ssh/ && \ + gosu ${USER_NAME} touch ${USER_HOME}/.ssh/authorized_keys && \ + gosu ${USER_NAME} mkdir -p ${USER_HOME}/shared_assets + +EXPOSE 9042 + +ENTRYPOINT ["proxy-entrypoint.sh"] +CMD [""] \ No newline at end of file diff --git a/docker-compose/services/proxy/proxy-entrypoint.sh b/docker-compose/services/proxy/proxy-entrypoint.sh new file mode 100755 index 0000000..2da40b6 --- /dev/null +++ b/docker-compose/services/proxy/proxy-entrypoint.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +echo "checking if SSH key is ready" +while [ $(find ${KEY_DROP_DIR} -mindepth 1 -maxdepth 1 -type f -iname "*.pub" | wc -l) -eq 0 ] +do + echo "SSH key not ready on $1, trying again in 20s" + sleep 20 +done + +cat ${KEY_DROP_DIR}/*.pub > ${USER_HOME}/.ssh/authorized_keys + +echo "Starting SSH server" +/etc/init.d/ssh start + +echo "Starting Docker daemon" +dockerd &> /var/log/dockerd & + +echo "Ready" +tail -F /dev/null # keeps container running \ No newline at end of file diff --git a/docker-compose/share/.keepdir b/docker-compose/share/.keepdir new file mode 100644 index 0000000..e69de29