From 0f657a38204e3e653e77826ba31ad50b4f5df2fc Mon Sep 17 00:00:00 2001 From: syardumi Date: Thu, 19 Nov 2015 16:41:23 -0500 Subject: [PATCH 01/13] Add SSH during build --- 9.4/Dockerfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 9de3523a6c..2c7dbca3ab 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -36,6 +36,18 @@ RUN apt-get update \ postgresql-contrib-$PG_MAJOR=$PG_VERSION \ && rm -rf /var/lib/apt/lists/* +#SSH +RUN apt-get -y install openssh-server +RUN mkdir /var/run/sshd +RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config + +#keys +RUN mkdir -p /root/.ssh +RUN chmod 700 /root/.ssh +RUN chown root:root /root/.ssh +#cp /provision/keys/insecure_key.pub /root/.ssh/authorized_keys +RUN chmod 600 /root/.ssh/authorized_keys + RUN mkdir -p /var/run/postgresql && chown -R postgres /var/run/postgresql ENV PATH /usr/lib/postgresql/$PG_MAJOR/bin:$PATH From 30426773fc6abf012de8882b2cfebf3fe2c92cb5 Mon Sep 17 00:00:00 2001 From: syardumi Date: Thu, 19 Nov 2015 16:42:01 -0500 Subject: [PATCH 02/13] Add SSH during build --- Dockerfile.template | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Dockerfile.template b/Dockerfile.template index f891d7a82b..2b1f479f48 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -35,6 +35,18 @@ RUN apt-get update \ postgresql-$PG_MAJOR=$PG_VERSION \ postgresql-contrib-$PG_MAJOR=$PG_VERSION \ && rm -rf /var/lib/apt/lists/* + +#SSH +RUN apt-get -y install openssh-server +RUN mkdir /var/run/sshd +RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config + +#keys +RUN mkdir -p /root/.ssh +RUN chmod 700 /root/.ssh +RUN chown root:root /root/.ssh +#cp /provision/keys/insecure_key.pub /root/.ssh/authorized_keys +RUN chmod 600 /root/.ssh/authorized_keys RUN mkdir -p /var/run/postgresql && chown -R postgres /var/run/postgresql From 117cf34a7f213dff9566b1708d8938c9b3a0aa7b Mon Sep 17 00:00:00 2001 From: Steven Yardumian Date: Thu, 19 Nov 2015 16:44:07 -0500 Subject: [PATCH 03/13] Add insecure SSH key for dev use --- insecure_key | 27 +++++++++++++++++++++++++++ insecure_key.pub | 1 + 2 files changed, 28 insertions(+) create mode 100644 insecure_key create mode 100644 insecure_key.pub diff --git a/insecure_key b/insecure_key new file mode 100644 index 0000000000..144439247c --- /dev/null +++ b/insecure_key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAsE0f5rsE5RJV5eo+EsUCePusgJwLWL5xd1iAYelQOl3I8qbX +vtLOKdRotOLI1v22+2WXxw463gBrBdUq7+DNP+QC1MXgYVpOeLFTeY5N4h3dkF20 +w4aGHXheBeQcfL3EkF+w4WTAMFLMt12sx178j0Z4JVSYOk/t0KyBtZcg1UN6xt2K +M9CSIDjY98REFLhSV9YAIurHP3efOfeH6QTun/udc/Ztu47dk9NJpjbMrjOARwQg +BIg5BWGixbdAoLy3m9Es+nHO9lAmF9iUOdnEE6GkQpKJNkIdI/3QB0fiRZurk4J7 ++z5nYmtnqKZIbmUAp0ip5zOzxCmq/SVpGBC5DwIDAQABAoIBAGj502gArf50N3+K +ReHJOxqsyN9fiwYRh+CHaxJh6WqHk3Kg09AFF8sidiJW8z3Int78dC6Lk5PC7fbw +IfvpgG1tqB3noR52tkj5VXoIuOlN3TLsCQlvnYYIuPuLA0dne5Z31AuxgRqFAu6g +MZQZRAtP65RW1bnLBBD/1tA4p80zvvPvYrmuHmswbFqj4rZXTeocaCACl1hCzV8C +Izl0yIjb62lnxskbRMN1OOcsIkmO6h5niNoPe4FlQeFnmDfSAV077b43khKfaXeG +8of6Z1pjZCNe2iyQ6YRREzajF1FZMKZrOitvKq5EDj02Uoqm89+3C+TZiDjxFAA3 +A35rOhECgYEA1Zh/adc5qvBuqDIiXFIHcELUn+KdgMBsBp7QyuZcYNB7xJwBPIvd +uFbwBK40ZBzIbWv/Rxn3xoff6AjCV+D6cC9uZRCdo3Aeeb8yFZ+iRj2xZjZRcISI +7YEZSPlYhLUg3jkQtTn1C4LoTD23ml6a+muqTpeJiiUGmYfhHiYtHDcCgYEA0005 +jHytNQxOeVxOat8x7zMlxUaqygepRGZvvuH5q9op0igVT04a2ES211Th5Jdd9+rJ +E0q40l5ut1Dd/X1jNqQHIMcBSGha25fvKXAdFZ1YUSjN8ppPMRxgtZTdKUAMQyG5 +t/bDbKUP61D587fpXZ4MgW1EqzI936n6aCDmzekCgYATr3JOtt9Budb4+WXhTE4T +MpWWBrStYQ6TrZ9gk8p/wbcmb5pNkjZk/t4wED4T2/M84m8shmAnk+423FfM8Zcj +L7vk5JsirPqiDdT32TaDcrwex3LKA+z6tqM17oUR9f+Je4jmqujCntX58NYzC/UM +j0+q3px2duMc00EUHkCaEQKBgFxNG5p2y+KkYZM58zdUECgBG7q1R93AwvwSEzY6 +2Cltv18CC2z9HVTjj0s41QRZ6r5lXTiEJ4AdqBeDx7T3lONFe6ehxrmufCH4mIxt +YQcUGIQ7Ytta9MTrNIOdZ46hX7njfZESxgMrh2yvjsAb0mEGrUfMR3bRF54gTjY2 +SRwhAoGAM7RVkfQhoEyfr30OlaGLZH/4WJi99sLX+3dmjjHWDju8UBzwtz0PkEZy +qnUnsyOWTj8qfSV4KURu0I+MA4vbsulSSUwkGNEGuFMfwB0Tyrl2Ex8641lqenFX +LFIdZbP/N7ACb87KBQ9r+swiNcKMjkdJCaPQX8jBXGxQJafEXT0= +-----END RSA PRIVATE KEY----- diff --git a/insecure_key.pub b/insecure_key.pub new file mode 100644 index 0000000000..a6e8da3337 --- /dev/null +++ b/insecure_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwTR/muwTlElXl6j4SxQJ4+6yAnAtYvnF3WIBh6VA6Xcjypte+0s4p1Gi04sjW/bb7ZZfHDjreAGsF1Srv4M0/5ALUxeBhWk54sVN5jk3iHd2QXbTDhoYdeF4F5Bx8vcSQX7DhZMAwUsy3XazHXvyPRnglVJg6T+3QrIG1lyDVQ3rG3Yoz0JIgONj3xEQUuFJX1gAi6sc/d58594fpBO6f+51z9m27jt2T00mmNsyuM4BHBCAEiDkFYaLFt0CgvLeb0Sz6cc72UCYX2JQ52cQToaRCkok2Qh0j/dAHR+JFm6uTgnv7Pmdia2eopkhuZQCnSKnnM7PEKar9JWkYELkP root@eef0d47c1810 \ No newline at end of file From db1cf307a044945e8e3aa5145fdd22f3d10e8ab0 Mon Sep 17 00:00:00 2001 From: syardumi Date: Thu, 19 Nov 2015 16:44:59 -0500 Subject: [PATCH 04/13] Open port 22 --- Dockerfile.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.template b/Dockerfile.template index 2b1f479f48..c7737f07e8 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -58,5 +58,5 @@ COPY docker-entrypoint.sh / ENTRYPOINT ["/docker-entrypoint.sh"] -EXPOSE 5432 +EXPOSE 22 5432 CMD ["postgres"] From 90bd1e194c5da185a406c3437d5018a86b27863f Mon Sep 17 00:00:00 2001 From: syardumi Date: Thu, 19 Nov 2015 16:45:12 -0500 Subject: [PATCH 05/13] Open port 22 --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 2c7dbca3ab..5bbff48734 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -58,5 +58,5 @@ COPY docker-entrypoint.sh / ENTRYPOINT ["/docker-entrypoint.sh"] -EXPOSE 5432 +EXPOSE 22 5432 CMD ["postgres"] From 14d176f2d6b75cf49b1079568d5e747ff1ad2455 Mon Sep 17 00:00:00 2001 From: syardumi Date: Thu, 19 Nov 2015 16:50:01 -0500 Subject: [PATCH 06/13] Set up the authorized key --- Dockerfile.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.template b/Dockerfile.template index c7737f07e8..1c4b5a6ad5 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -45,7 +45,7 @@ RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/s RUN mkdir -p /root/.ssh RUN chmod 700 /root/.ssh RUN chown root:root /root/.ssh -#cp /provision/keys/insecure_key.pub /root/.ssh/authorized_keys +RUN wget -O /root/.ssh/authorized_keys "https://github.com/syardumi/postgres/blob/master/insecure_key.pub" RUN chmod 600 /root/.ssh/authorized_keys RUN mkdir -p /var/run/postgresql && chown -R postgres /var/run/postgresql From c46e5f6589965bd29b8eb39cab40e38feac0a6cf Mon Sep 17 00:00:00 2001 From: syardumi Date: Thu, 19 Nov 2015 16:50:17 -0500 Subject: [PATCH 07/13] Set up the authorized key --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 5bbff48734..d68df0de4e 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -45,7 +45,7 @@ RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/s RUN mkdir -p /root/.ssh RUN chmod 700 /root/.ssh RUN chown root:root /root/.ssh -#cp /provision/keys/insecure_key.pub /root/.ssh/authorized_keys +RUN wget -O /root/.ssh/authorized_keys "https://github.com/syardumi/postgres/blob/master/insecure_key.pub" RUN chmod 600 /root/.ssh/authorized_keys RUN mkdir -p /var/run/postgresql && chown -R postgres /var/run/postgresql From baee7c53e7bcb7a882c85086ab0ee0bfab82cd4f Mon Sep 17 00:00:00 2001 From: syardumi Date: Fri, 20 Nov 2015 08:34:04 -0500 Subject: [PATCH 08/13] add the source responsible for getting openssh server --- Dockerfile.template | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile.template b/Dockerfile.template index 1c4b5a6ad5..7c4b3afd04 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -37,6 +37,7 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* #SSH +RUN echo "deb http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list RUN apt-get -y install openssh-server RUN mkdir /var/run/sshd RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config From 8f1d2fe384919c44206dc710cdf27e94110398e0 Mon Sep 17 00:00:00 2001 From: syardumi Date: Fri, 20 Nov 2015 08:34:18 -0500 Subject: [PATCH 09/13] add the source responsible for getting openssh server --- 9.4/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index d68df0de4e..689ea0f2d1 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -37,6 +37,7 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* #SSH +RUN echo "deb http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list RUN apt-get -y install openssh-server RUN mkdir /var/run/sshd RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config From 3d3bd3191cf9a0257c5cc950c904ecd19da6282f Mon Sep 17 00:00:00 2001 From: syardumi Date: Fri, 20 Nov 2015 09:21:35 -0500 Subject: [PATCH 10/13] SSH should already be installed --- 9.4/Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 689ea0f2d1..69e5d130b9 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -37,9 +37,6 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* #SSH -RUN echo "deb http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list -RUN apt-get -y install openssh-server -RUN mkdir /var/run/sshd RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config #keys From e6ba2fe4b24717a831286bafe436cd2e53e2729c Mon Sep 17 00:00:00 2001 From: syardumi Date: Fri, 20 Nov 2015 09:44:13 -0500 Subject: [PATCH 11/13] SSH not installed; add sources back and update --- Dockerfile.template | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile.template b/Dockerfile.template index 7c4b3afd04..c6de678765 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -38,6 +38,8 @@ RUN apt-get update \ #SSH RUN echo "deb http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list +RUN echo "deb-src http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list +RUN apt-get update RUN apt-get -y install openssh-server RUN mkdir /var/run/sshd RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config From e0dc8ca29f1805e1049dadbcfb0cb6e3fea9f308 Mon Sep 17 00:00:00 2001 From: syardumi Date: Fri, 20 Nov 2015 09:44:29 -0500 Subject: [PATCH 12/13] SSH not installed; add sources back and update --- 9.4/Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index 69e5d130b9..a5a67602ea 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -37,6 +37,11 @@ RUN apt-get update \ && rm -rf /var/lib/apt/lists/* #SSH +RUN echo "deb http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list +RUN echo "deb-src http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list +RUN apt-get update +RUN apt-get -y install openssh-server +RUN mkdir /var/run/sshd RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config #keys From 554c13e0e9f854fe721ef6d8a085579daed7e2ca Mon Sep 17 00:00:00 2001 From: syardumi Date: Fri, 20 Nov 2015 10:13:21 -0500 Subject: [PATCH 13/13] Install wget --- 9.4/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/9.4/Dockerfile b/9.4/Dockerfile index a5a67602ea..92ebda2f22 100644 --- a/9.4/Dockerfile +++ b/9.4/Dockerfile @@ -40,7 +40,7 @@ RUN apt-get update \ RUN echo "deb http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list RUN echo "deb-src http://ftp.us.debian.org/debian jessie main" | tee -a /etc/apt/sources.list RUN apt-get update -RUN apt-get -y install openssh-server +RUN apt-get -y install openssh-server wget RUN mkdir /var/run/sshd RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config