rework credential strategy and cleanup
This commit is contained in:
+28
-9
@@ -29,6 +29,13 @@ RUN make
|
||||
# Stage 2: Runtime stage - Create minimal application container
|
||||
FROM ubuntu:latest
|
||||
|
||||
# Build arguments for configurable credentials and paths
|
||||
ARG SSH_USERNAME=piscaladmin
|
||||
ARG SSH_PASSWORD=piscaladmin
|
||||
ARG SSH_GROUP=piscaladmin
|
||||
ARG STORAGE_PATH=/home/piscaladmin/LeafWeb_storage
|
||||
ARG PISCAL_EXECUTABLE=/srv/piscal
|
||||
|
||||
# Install runtime dependencies only
|
||||
RUN set -xe \
|
||||
&& apt-get update \
|
||||
@@ -42,11 +49,11 @@ RUN set -xe \
|
||||
&& apt-get autoclean -y \
|
||||
&& apt-get autoremove -y
|
||||
|
||||
# Configure SSH server
|
||||
# Configure SSH server with parameterized credentials
|
||||
RUN set -xe \
|
||||
&& groupadd launcher \
|
||||
&& useradd -g launcher -G sudo -m -s /bin/bash launcher \
|
||||
&& echo 'launcher:launcher' | chpasswd
|
||||
&& groupadd ${SSH_GROUP} \
|
||||
&& useradd -g ${SSH_GROUP} -G sudo -m -s /bin/bash ${SSH_USERNAME} \
|
||||
&& echo "${SSH_USERNAME}:${SSH_PASSWORD}" | chpasswd
|
||||
|
||||
RUN set -xe \
|
||||
&& sed -i -e 's/#PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config \
|
||||
@@ -54,22 +61,34 @@ RUN set -xe \
|
||||
&& sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
|
||||
|
||||
RUN set -xe \
|
||||
&& chown -R launcher:launcher /home/launcher
|
||||
&& chown -R ${SSH_USERNAME}:${SSH_GROUP} /home/${SSH_USERNAME}
|
||||
|
||||
# Fix for SSHD - "Missing privilege separation directory: /run/sshd"
|
||||
RUN set -xe \
|
||||
&& mkdir /run/sshd
|
||||
|
||||
# Create storage directory structure with proper ownership
|
||||
RUN set -xe \
|
||||
&& mkdir -p ${STORAGE_PATH}/input \
|
||||
&& mkdir -p ${STORAGE_PATH}/output \
|
||||
&& chown -R ${SSH_USERNAME}:${SSH_GROUP} ${STORAGE_PATH}
|
||||
|
||||
# Copy compiled executable from builder stage
|
||||
COPY --from=builder /build/leafres/testrun/piscal /srv/piscal
|
||||
|
||||
# Copy piscal-manager scripts
|
||||
COPY piscal-manager /srv
|
||||
# Copy piscal-manager scripts (excluding .cfg, we'll generate it)
|
||||
COPY piscal-manager/*.sh /srv/
|
||||
COPY piscal-manager/README.txt /srv/
|
||||
|
||||
# Fix Windows line endings (CRLF -> LF) for scripts and config files, and make scripts executable
|
||||
# Generate piscal_launcher.cfg with build-time parameters
|
||||
RUN set -xe \
|
||||
&& echo "piscal_executable=\"${PISCAL_EXECUTABLE}\"" > /srv/piscal_launcher.cfg \
|
||||
&& echo "storage_directory=\"${STORAGE_PATH}\"" >> /srv/piscal_launcher.cfg \
|
||||
&& chown ${SSH_USERNAME}:${SSH_GROUP} /srv/piscal_launcher.cfg
|
||||
|
||||
# Fix Windows line endings (CRLF -> LF) for scripts and make scripts executable
|
||||
RUN set -xe \
|
||||
&& find /srv -name "*.sh" -type f -exec sed -i 's/\r$//' {} \; \
|
||||
&& find /srv -name "*.cfg" -type f -exec sed -i 's/\r$//' {} \; \
|
||||
&& chmod +x /srv/*.sh || true
|
||||
|
||||
WORKDIR /srv
|
||||
|
||||
Reference in New Issue
Block a user