Preliminary definitions of scripts to help initial setup of environment to start Hive development

6569a833 · Bartek Wrona · 6569a833 · 6569a833 · 6569a833 · 6569a833
Commit 6569a833 authored 2 years ago by Bartek Wrona
--- a/Dockerfile.builder
+++ b/Dockerfile.builder
+# docker build --target=hive-builder -t ${REGISTRY}hive-builder:ubuntu20.04-4  -f Dockerfile.builder .
+
+ARG CI_REGISTRY_IMAGE=registry.gitlab.syncad.com/hive/hive/
+ARG CI_IMAGE_TAG=:ubuntu20.04-5
+
+FROM ${CI_REGISTRY_IMAGE}ci-base-image$CI_IMAGE_TAG AS hive-builder
+
+ARG DEFAULT_USER=hived
+ENV DEFAULT_USER=${DEFAULT_USER}
+
+USER ${DEFAULT_USER}
+
+ADD --chown=${DEFAULT_USER} --chmod=644 authorized_keys /home/${DEFAULT_USER}/.ssh/authorized_keys
+ADD --chown=hived --chmod=644 authorized_keys /home/hived/.ssh/authorized_keys
+ADD sshd_config .
+
+RUN sudo apt update && \
+    sudo apt install -y rsync gdb  &&\
+    sudo -n rm -f /etc/service/sshd/down
+
+# Regenerate SSH host keys. baseimage-docker does not contain any, so you
+# have to do that yourself. You may also comment out this instruction; the
+# init system will auto-generate one during boot.
+RUN sudo -n /etc/my_init.d/00_regen_ssh_host_keys.sh
+
+RUN sudo -n cp sshd_config /etc/ssh/sshd_config
+
+VOLUME /home/${DEFAULT_USER}/workspace
+
+EXPOSE 22
+
+STOPSIGNAL SIGINT 
+
+CMD [ "/usr/bin/sudo", "-n", "/usr/sbin/sshd", "-D", "-e" ]
+
--- a/authorized_keys
+++ b/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDROSl1grqAYyJep00G1bUlAq4kbAcoFJCyBcuKfU+qiePBQYeysJjCDLnE2Z5kvjHtBR9NbS7yJtZjlT0X1XUOcE4WmvYFV2gzyjzocc2xkJgGRUnfweHJqBDcseDCDl43uU8jUmI/stkM/cobyzr6pqtPATGauEr9PAyoet8NfV0Ss2SHqWkIbSm1EpYkrXXPfmmyQxCKHbxw1DGEZUJ+A+Rzlsa8YHoJMIKVieHG/Osd4Xis2EqvcRL+sI01zjr9wPAKX1DETn8AjD9LnaRhzk8tKkHlxPniNnkUqWIDgzb/tfKdjILmzxOInmkXnHrO60BbebABx2EWg5nWlb7/USyIcHooL3A8jFwx1Yuhl/RfOOON719CLqNASTDslhKHPGbVel+WXFBBWxVRX9cn6g6ok1jcXXHRBpCyHaw00K5WvmEuf0I3JETlXz0rzy3IYPGtYW6oyjSkAc1RF6XZsx8G5oEt9ek594N0gTvWLwwBffEAu5siZ4nqwhsLpbErPBRUtPTSqHmfGHKtkNDVoUs/9mDOC8cNIigWi3g7fJ4ycLkf1IFEqEz2vGfrUMusA2CNcn/uuSl9BOxywHvwboQ4z9WkQaWlAqtQZr7UfgR9eU19sn6jpimIR9sWsrBNaOJHEvMuHdfMlN16/KgNhqB9g47F2hk3ccwSLKpirw== wrona@syncad.com
--- a/build_image.sh
+++ b/build_image.sh
+export DOCKER_BUILDKIT=1
+ 
+docker build --target=hive-builder -t registry.gitlab.syncad.com/hive/hive/hive-builder:ubuntu20.04-5  -f Dockerfile.builder .
+
+docker build --target=hive-builder --build-arg CI_REGISTRY_IMAGE=registry.gitlab.syncad.com/hive/haf/ --build-arg CI_IMAGE_TAG=:ubuntu20.04-6 --build-arg DEFAULT_USER=haf_admin -t registry.gitlab.syncad.com/hive/haf/haf-builder:ubuntu20.04-6  -f Dockerfile.builder .
--- a/run_image.sh
+++ b/run_image.sh
+docker run --rm --init --pid=host -e UID=$(id -u) -e GID=$(id -g) --name hive-builder -itd -v /mnt/ssd/hive:/home/hived/workspace -p 2022:22  registry.gitlab.syncad.com/hive/hive/hive-builder:ubuntu20.04-5
+
--- a/sshd_config
+++ b/sshd_config
+#	$OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.
+
+UseDNS no
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# Disable legacy (protocol version 1) support in the server for new
+# installations. In future the default will change to require explicit
+# activation of protocol 1
+Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh_host_rsa_key
+#HostKey /etc/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+SyslogFacility AUTHPRIV
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+#AuthorizedKeysFile	.ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here! Also,
+# remember to set the UsePAM setting to 'no'.
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# SACL options
+# The default for the SACLSupport option is now "no", as this option has been
+# depreciated in favor of SACL enforcement in the PAM configuration (/etc/pam.d/sshd).
+#SACLSupport no
+
+# Change to no to disable s/key passwords
+# Disabled for passenger-docker. We only allow key authentication.
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+# Also, PAM will deny null passwords by default.  If you need to allow
+# null passwords, add the "	nullok" option to the end of the
+# securityserver.so line in /etc/pam.d/sshd.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	ForceCommand cvs server