ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-09-06 13:04:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

enh: provide a separated Dockerfile for the sandbox, squashing the layers

Browse source 
Also fix #24
This commit is contained in:
Stéphane Lesimple 2020-11-05 15:27:24 +00:00
parent 46ed719861
commit 0481cf2909
No known key found for this signature in database
GPG key ID: 4B4A3289E9D35658
3 changed files with 37 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/dockerhub.yml vendored
View file

@ -1,6 +1,8 @@
name: dockerhub publish
on:
release:
types: published
repository_dispatch:
types: dockerhub
@ -26,7 +28,7 @@ jobs:
uses: docker/build-push-action@v2
with:
push: true
file: docker/Dockerfile.debian10
file: docker/Dockerfile.sandbox
tags: ovhcom/the-bastion:sandbox-latest
-
name: Image digest

31
docker/Dockerfile.sandbox Normal file
View file

@ -0,0 +1,31 @@
FROM debian:buster
LABEL maintainer="stephane.lesimple+bastion@ovhcloud.com"
# first, copy everything we need
COPY . /opt/bastion
# then do a big RUN to squash layers (--squash is still experimental, we can't use it yet)
RUN \
# ensure the OS is up to date
apt update -y && DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y && \
# install packages (-i), including dev ones (-d) and syslog-ng (-s) \
/opt/bastion/bin/admin/packages-check.sh -i -d -s && \
# download and install the ttyrec deb package (-d) \
/opt/bastion/bin/admin/install-ttyrec.sh -d && \
# cleanup packages cache to save space \
rm -rf /var/cache/apt && \
# handle locales \
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen && \
# disable /dev/kmsg handling by syslog-ng and explicitely enable /dev/log \
sed -i -re 's=system\(\);=unix-stream("/dev/log");=' /etc/syslog-ng/syslog-ng.conf && \
# accountUidMax & ttyrecGroupIdOffset change: fixes https://github.com/ovh/the-bastion/issues/24 \
sed -i -re 's/^"accountUidMax":.+/"accountUidMax": 9999,/;s/^"ttyrecGroupIdOffset":.+/"ttyrecGroupIdOffset": 10000,/' /opt/bastion/etc/bastion/bastion.conf.dist && \
# install the software \
/opt/bastion/bin/admin/install --new-install --no-wait
# We'll expose our port 22
EXPOSE 22/tcp
# start at entrypoint
ENTRYPOINT /opt/bastion/docker/entrypoint.sh --sandbox

3
docker/entrypoint.sh
View file

@ -8,6 +8,9 @@ else
test -x /etc/rc.d/sshd && /etc/rc.d/sshd onestart
fi
if [ "$1" = "--sandbox" ]; then
"The Bastion sandbox container is running, you can now connect to its port 22 (probably remapped to another port on the host)"
fi
while : ; do
sleep 3600
done