diff options
author | Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> | 2018-06-05 07:54:20 +0000 |
---|---|---|
committer | Linaro Code Review <review@review.linaro.org> | 2018-06-05 07:54:20 +0000 |
commit | 70e4517c8db330f8c30a2faaa4c676c471eecc46 (patch) | |
tree | 2fc567d3fde5267a5954443c76741ca02873f2dd /tcwg-base | |
parent | 1e444e7aa0559784d679be8044c29063bccc7174 (diff) | |
parent | a7f862f08787fd60e05dfa156459cb32ab475481 (diff) |
Merge changes Icbfea97a,Ia85d4092,Idd91d3b7,I4263bb1b
* changes:
tcwg-host: New TCWG images for running "host" containers on vanilla machines.
tcwg-base: Adjust handling of "--key file" option
tcwg-base/: Move new-user.sh here from tcwg-build/
tcwg-build: Generalize new-user.sh to handle passwd entries as argument
Diffstat (limited to 'tcwg-base')
-rw-r--r-- | tcwg-base/Dockerfile.in | 1 | ||||
-rwxr-xr-x | tcwg-base/build.sh | 3 | ||||
-rwxr-xr-x | tcwg-base/new-user.sh | 76 | ||||
-rw-r--r-- | tcwg-base/tcwg-build/Dockerfile.in | 7 | ||||
-rwxr-xr-x | tcwg-base/tcwg-build/build.sh | 3 | ||||
-rwxr-xr-x | tcwg-base/tcwg-build/new-user.sh | 55 | ||||
-rw-r--r-- | tcwg-base/tcwg-host/Dockerfile.in | 10 | ||||
-rw-r--r-- | tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov | 1 | ||||
-rwxr-xr-x | tcwg-base/tcwg-host/build.sh | 27 | ||||
l--------- | tcwg-base/tcwg-host/gerrit-branches | 1 | ||||
-rw-r--r-- | tcwg-base/tcwg-host/passwd | 1 | ||||
-rwxr-xr-x | tcwg-base/tcwg-host/start.sh | 59 |
12 files changed, 182 insertions, 62 deletions
diff --git a/tcwg-base/Dockerfile.in b/tcwg-base/Dockerfile.in index 6abf52dd..6c591a6a 100644 --- a/tcwg-base/Dockerfile.in +++ b/tcwg-base/Dockerfile.in @@ -135,6 +135,7 @@ RUN install -D -p -m0755 /usr/share/doc/git/contrib/workdir/git-new-workdir /usr && echo "MaxStartups 256" >> /etc/ssh/sshd_config \ && echo "MaxSessions 256" >> /etc/ssh/sshd_config +COPY new-user.sh /usr/local/bin/ COPY postfix-main.cf.in /etc/postfix/main.cf COPY postfix-sasl_password.in /etc/postfix/sasl_password diff --git a/tcwg-base/build.sh b/tcwg-base/build.sh index 24ede180..6330582b 100755 --- a/tcwg-base/build.sh +++ b/tcwg-base/build.sh @@ -6,7 +6,7 @@ trap cleanup_exit INT TERM EXIT cleanup_exit() { - rm -rf postfix*.in + rm -rf new-user.sh postfix*.in } export LANG=C @@ -17,6 +17,7 @@ name=$(basename ${PWD} | cut -f3- -d '-') image=linaro/ci-${arch}-${name}-ubuntu:${distro} baseimage=$(grep "^FROM" Dockerfile | head -n 1 | cut -d" " -f 2) +cp $top/tcwg-base/new-user.sh ./ cp $top/tcwg-base/postfix*.in . "$top"/tcwg-base/validate-dockerfile.sh Dockerfile diff --git a/tcwg-base/new-user.sh b/tcwg-base/new-user.sh new file mode 100755 index 00000000..d3abe709 --- /dev/null +++ b/tcwg-base/new-user.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +set -euf -o pipefail + +usage () +{ + exit 1 +} + +passwd_ent="" +group="" +key="" +user="" +verbose=false + +while [ $# -gt 0 ]; do + case "$1" in + --passwd) passwd_ent="$2" ;; + --group) group="$2" ;; + --key) key="$2" ;; + --user) user="$2" ;; + --verbose) verbose="$2"; shift ;; + *) echo "ERROR: Wrong option: $1"; usage ;; + esac + shift 2 +done + +if $verbose; then set -x; fi + +if [ x"$group" != x"" ]; then + gid=$(echo "$group" | cut -s -d: -f 2) + group=$(echo "$group" | cut -d: -f 1) + + if [ x"$gid" != x"" ]; then + groupadd -g $gid $group + fi + + group_opt="-g $group" +elif [ x"$passwd_ent" != x"" ]; then + gid=$(echo $passwd_ent | cut -d: -f 4) + group_opt="-g $gid" +else + group_opt="" +fi + +if [ x"$user" = x"" ]; then + user=$(echo "$passwd_ent" | cut -s -d: -f 1,3) +fi + +uid=$(echo "$user" | cut -s -d: -f 2) +user=$(echo "$user" | cut -d: -f 1) + +if [ x"$user" != x"" ]; then + if [ x"$passwd_ent" != x"" ]; then + comment=$(echo $passwd_ent | cut -d: -f 5) + shell=$(echo $passwd_ent | cut -d: -f 7) + fi + + useradd -m $group_opt -G kvm \ + ${uid:+-u $uid} \ + ${comment:+-c "$comment"} \ + ${shell:+-s "$shell"} \ + $user + + sudoers_file=/etc/sudoers.d/$(echo $user | tr "." "-") + echo "$user ALL = NOPASSWD: ALL" > $sudoers_file + chmod 0440 $sudoers_file +fi + +if [ x"$key" != x"" ]; then + key_user=$(echo "$key" | sed -e "s/.*authorized_keys-//") + sudo -i -u $key_user mkdir -p /home/$key_user/.ssh + sudo -i -u $key_user chmod 0700 /home/$key_user/.ssh + cat "$key" | sudo -i -u $key_user tee /home/$key_user/.ssh/authorized_keys > /dev/null + sudo -i -u $key_user chmod 0600 /home/$key_user/.ssh/authorized_keys +fi diff --git a/tcwg-base/tcwg-build/Dockerfile.in b/tcwg-base/tcwg-build/Dockerfile.in index 39ef4f39..937d1384 100644 --- a/tcwg-base/tcwg-build/Dockerfile.in +++ b/tcwg-base/tcwg-build/Dockerfile.in @@ -1,9 +1,8 @@ FROM linaro/ci-#{ARCH}-tcwg-base-ubuntu:#{DISTRO} -COPY new-user.sh /usr/local/bin/ - -RUN new-user.sh --user tcwg-buildslave:11827 --group tcwg-infra:9000 \ - && new-user.sh --user tcwg-benchmark:12326 --group tcwg-infra \ +RUN new-user.sh --group tcwg-infra:9000 \ + && new-user.sh --passwd "tcwg-buildslave:x:11827:9000:TCWG Buildslave::/bin/bash" \ + && new-user.sh --passwd "tcwg-benchmark:x:12326:9000:TCWG Benchmark::/bin/bash" \ && mkdir -p /home/tcwg-buildslave/workspace COPY tcwg-buildslave /home/tcwg-buildslave diff --git a/tcwg-base/tcwg-build/build.sh b/tcwg-base/tcwg-build/build.sh index 99795026..8624b7fd 100755 --- a/tcwg-base/tcwg-build/build.sh +++ b/tcwg-base/tcwg-build/build.sh @@ -6,7 +6,7 @@ trap cleanup_exit INT TERM EXIT cleanup_exit() { - rm -rf new-user.sh tcwg-buildslave tcwg-benchmark + rm -rf tcwg-buildslave tcwg-benchmark } export LANG=C @@ -16,7 +16,6 @@ name=$(basename ${PWD} | cut -f3- -d '-') image=linaro/ci-${arch}-${name}-ubuntu:${distro} top=$(git rev-parse --show-toplevel) -cp $top/tcwg-base/tcwg-build/new-user.sh ./ rsync -a $top/tcwg-base/tcwg-build/tcwg-buildslave/ ./tcwg-buildslave/ rsync -a $top/tcwg-base/tcwg-build/tcwg-benchmark/ ./tcwg-benchmark/ diff --git a/tcwg-base/tcwg-build/new-user.sh b/tcwg-base/tcwg-build/new-user.sh deleted file mode 100755 index d1b18953..00000000 --- a/tcwg-base/tcwg-build/new-user.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -set -euf -o pipefail - -usage () -{ - exit 1 -} - -group="" -key="" -user="" -verbose=false - -while [ $# -gt 0 ]; do - case "$1" in - --group) group="$2" ;; - --key) key="$2" ;; - --user) user="$2" ;; - --verbose) verbose="$2"; shift ;; - *) echo "ERROR: Wrong option: $1"; usage ;; - esac - shift 2 -done - -if $verbose; then set -x; fi - -if [ x"$group" != x"" ]; then - gid=$(echo "$group" | cut -s -d: -f 2) - group=$(echo "$group" | cut -d: -f 1) - - if [ x"$gid" != x"" ]; then - groupadd -g $gid $group - fi - - group_opt="-g $group" -else - group_opt="" -fi - -uid=$(echo "$user" | cut -s -d: -f 2) -user=$(echo "$user" | cut -d: -f 1) - -useradd -m $group_opt -G kvm ${uid:+-u $uid} $user - -sudoers_file=/etc/sudoers.d/$(echo $user | tr "." "-") -echo "$user ALL = NOPASSWD: ALL" > $sudoers_file -chmod 0440 $sudoers_file - -if [ x"$key" != x"" ] ; then - sudo -i -u $user mkdir -p /home/$user/.ssh - sudo -i -u $user chmod 0700 /home/$user/.ssh - cat "$key" | sudo -i -u $user tee /home/$user/.ssh/authorized_keys > /dev/null - sudo -i -u $user chmod 0600 /home/$user/.ssh/authorized_keys -fi diff --git a/tcwg-base/tcwg-host/Dockerfile.in b/tcwg-base/tcwg-host/Dockerfile.in new file mode 100644 index 00000000..e28a08dd --- /dev/null +++ b/tcwg-base/tcwg-host/Dockerfile.in @@ -0,0 +1,10 @@ +FROM linaro/ci-#{ARCH}-tcwg-base-ubuntu:#{DISTRO} + +COPY authorized_keys-* passwd / + +RUN new-user.sh --group primary:10000 \ + && while read line; do new-user.sh --passwd "$line"; done </passwd \ + && for key in /authorized_keys-*; do new-user.sh --key "$key"; done \ + && rm /passwd /authorized_keys-* + +COPY start.sh / diff --git a/tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov b/tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov new file mode 100644 index 00000000..fa17c380 --- /dev/null +++ b/tcwg-base/tcwg-host/authorized_keys-maxim.kuvyrkov @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR1x3iMEd7BSXx6QE3NtfVF8kYUUVoWUKCCC0jxOiLYCY3wf1i7bfQD7YMITEwXMvwQe6thGefBMLRPWr7WdoiUvxdaLYbSB72T4zN5tK/oQhFOHR8cqG68oSZIY89lUzFaGJRMGzSxUvYUWkwUhOIsjOBKFm+/yT4CD4SmUuFwQAadC6/t+jwc1LinYRMqphgfssUk8uzrvB0cqj2UsYrDF0jTVALfyTwWKHBokuZPnUER92v5e70/vAyOzJv13YdsQcwQBa1tBLrJJPpz8uX65bMLXJ6k+9U6bYSeVtRzYtmdDj5BYvdkJTR8diChLRS75roJclYpLEv0U9foCjd maxim.kuvyrkov@linaro.org-20150420 diff --git a/tcwg-base/tcwg-host/build.sh b/tcwg-base/tcwg-host/build.sh new file mode 100755 index 00000000..346e0ccc --- /dev/null +++ b/tcwg-base/tcwg-host/build.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +trap cleanup_exit INT TERM EXIT + +cleanup_exit() +{ + rm -f authorized_keys-* passwd start.sh +} + +export LANG=C +distro=$(basename ${PWD} | cut -f1 -d '-') +arch=$(basename ${PWD} | cut -f2 -d '-') +name=$(basename ${PWD} | cut -f3- -d '-') +image=linaro/ci-${arch}-${name}-ubuntu:${distro} +top=$(git rev-parse --show-toplevel) + +cp $top/tcwg-base/tcwg-host/authorized_keys-* ./ +cp $top/tcwg-base/tcwg-host/passwd ./ +cp $top/tcwg-base/tcwg-host/start.sh ./ + +(cd ..; ./build.sh) +"$top"/tcwg-base/validate-dockerfile.sh Dockerfile +docker pull $image 2>/dev/null || true +docker build --tag=$image . +echo $image > .docker-tag diff --git a/tcwg-base/tcwg-host/gerrit-branches b/tcwg-base/tcwg-host/gerrit-branches new file mode 120000 index 00000000..11f6d349 --- /dev/null +++ b/tcwg-base/tcwg-host/gerrit-branches @@ -0,0 +1 @@ +../gerrit-branches
\ No newline at end of file diff --git a/tcwg-base/tcwg-host/passwd b/tcwg-base/tcwg-host/passwd new file mode 100644 index 00000000..62479561 --- /dev/null +++ b/tcwg-base/tcwg-host/passwd @@ -0,0 +1 @@ +maxim.kuvyrkov:x:10967:10000:Maxim Kuvyrkov:/home/maxim.kuvyrkov:/bin/bash diff --git a/tcwg-base/tcwg-host/start.sh b/tcwg-base/tcwg-host/start.sh new file mode 100755 index 00000000..e730d95a --- /dev/null +++ b/tcwg-base/tcwg-host/start.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +set -e + +usage () +{ + cat <<EOF +$0 [OPTIONS] -- IMAGE + +Options: + --verbose true/false + Whether to run in verbose mode +EOF + exit 1 +} + +verbose=false + +while [ $# -gt 0 ]; do + case $1 in + --verbose) verbose="$2"; shift ;; + --) shift; break ;; + *) echo "ERROR: Wrong option: $1"; usage ;; + esac + shift +done + +image="$1" + +if $verbose; then + set -x +fi + +if [ x"$image" = x"" ]; then + echo "ERROR: image name not provided" + usage +fi + +if groups tcwg-buildslave 2>/dev/null | grep -q docker; then + # If tcwg-buildslave user is present, use it to start the container + # to have [sudo] log record of container startups. + DOCKER="sudo -u tcwg-buildslave docker" +elif [ x"$(id -u)" = x"0" ] || groups 2>/dev/null | grep -q docker; then + # Run docker straight up if $USER is root or in "docker" group. + DOCKER="docker" +else + # Fallback to sudo otherwise. + DOCKER="sudo docker" +fi + +mounts="" +mounts="$mounts -v host-home:/home" +mounts="$mounts -v /var/run/docker.sock:/var/run/docker.sock" +mounts="$mounts -v $(which docker):$(which docker)" + +# Use at most half of all available RAM. +memlimit=$(($(free -g | awk '/^Mem/ { print $2 }') / 2))G + +$DOCKER run -dt -p 2222:22 --name=host --hostname=$(hostname)-dckr $mounts --memory=$memlimit --pids-limit=5000 --restart=unless-stopped $image |