ExternalVendorCode/balena-supervisor
1
0
Fork 0
mirror of https://github.com/balena-os/balena-supervisor.git synced 2024-12-20 06:07:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

dind: add dropbear and prevent passwordless login by default

Browse Source
This commit is contained in:
Kostas Lekkas 2016-05-08 18:59:19 +03:00
parent ab1ed3e681
commit e45e7cf9b2
4 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile
View File

@ -14,6 +14,8 @@ PUBNUB_SUBSCRIBE_KEY = sub-c-bananas
PUBNUB_PUBLISH_KEY = pub-c-bananas
MIXPANEL_TOKEN = bananasbananas
PASSWORDLESS_DROPBEAR = false
ifdef BASE_DISTRO
$(info BASE_DISTRO SPECIFIED. START BUILDING ALPINE SUPERVISOR)
IMAGE = "resin/$(ARCH)-supervisor:$(SUPERVISOR_VERSION)-alpine"
@ -55,6 +57,7 @@ clean:
-rm Dockerfile
supervisor-dind:
sed -i 's/\(ENV PASSWORDLESS_DROPBEAR\).*/\1 ${PASSWORDLESS_DROPBEAR}/' tools/dind/Dockerfile
cd tools/dind && docker build --no-cache=$(DISABLE_CACHE) -t resin/resin-supervisor-dind:$(SUPERVISOR_VERSION) .
run-supervisor: supervisor-dind stop-supervisor

8
README.md
View File

@ -95,6 +95,14 @@ make ARCH=amd64 PRELOADED_IMAGE=true \
```
This will make the docker-in-docker instance pull the image specified in apps.json before running the supervisor.
### Enabling passwordless dropbear access
If you want to enable passwordless dropbear login (e.g. while testing `resin sync`) you can set the `PASSWORDLESS_DROPBEAR` option to `true`, like:
```bash
make PASSWORDLESS_DROPBEAR=true ARCH=amd64 SUPERVISOR_IMAGE=username/resin-supervisor:master run-supervisor
```
### View the containers logs
```bash
docker exec -it resin_supervisor_1 journalctl -f

9
tools/dind/Dockerfile
View File

@ -7,22 +7,31 @@ RUN apt-get update \
&& apt-get install -y \
ifupdown \
rsync \
dropbear \
&& rm -rf /var/lib/apt/lists/*
ENV DOCKER_VERSION 1.10.3
ENV RELEASE_NAME jessie
# Change to 'true' to allow blank password dropbear logins on dind HostOS
ENV PASSWORDLESS_DROPBEAR false
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D \
&& echo deb https://apt.dockerproject.org/repo debian-${RELEASE_NAME} main > /etc/apt/sources.list.d/docker.list \
&& apt-get update || true \
&& apt-get --force-yes install docker-engine=${DOCKER_VERSION}-0~${RELEASE_NAME} \
&& rm -rf /var/lib/apt/lists/*
RUN passwd -d root
# Change os release to a resin-sync compatible one
RUN sed -i 's/\(PRETTY_NAME=\).*/\1"ResinOS 1.2.1+dind"/' /etc/os-release
COPY config/openvpn/ /etc/openvpn/
COPY config/dropbear/config /etc/default/dropbear
COPY config/services/ /etc/systemd/system/
COPY resin-vars vpn-init /usr/src/app/
RUN if [ "$PASSWORDLESS_DROPBEAR" = "true" ]; then sed -i 's/\(DROPBEAR_EXTRA_ARGS=\).*/\1"-B"/' /etc/default/dropbear; fi
RUN systemctl enable resin-supervisor-dind

2
tools/dind/config/dropbear/config Normal file
View File

@ -0,0 +1,2 @@
DROPBEAR_EXTRA_ARGS="-s -w -g"
DROPBEAR_PORT="22222"