blob: 07838c6f1fe911de5334afd4e1492eb23165b880 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
FROM linaro/base-arm64-ubuntu:trusty
COPY tcwg-buildslave/.ssh /etc/skel/.ssh
COPY tcwg-buildslave/.ssh /root/.ssh
RUN echo 'deb http://ports.ubuntu.com/ubuntu-ports trusty main universe' > /etc/apt/sources.list \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
libtcnative-1 \
openjdk-7-jdk \
openssh-server \
rsync \
sudo \
wget \
xz-utils \
&& apt-get clean \
&& rm -rf \
/var/lib/apt/lists/* \
/tmp/* \
/var/tmp/*
RUN chmod 0700 /etc/skel/.ssh \
&& groupadd -g 9000 tcwg-infra \
&& useradd -m -g tcwg-infra -u 11827 tcwg-buildslave \
&& rm -rf /etc/skel/.ssh \
&& echo 'tcwg-buildslave ALL = NOPASSWD: ALL' > /etc/sudoers.d/jenkins \
&& chmod 440 /etc/sudoers.d/jenkins \
&& sed -i -e 's:^session *required *pam_loginuid.so:# session required pam_loginuid.so:' /etc/pam.d/sshd \
&& mkdir -p /var/run/sshd \
&& sed -i \
-e "/.*MaxStartups.*/d" \
-e "/.*MaxSesssions.*/d" \
-e "/.*PermitRootLogin.*/d" /etc/ssh/sshd_config \
&& echo "MaxStartups 256" >> /etc/ssh/sshd_config \
&& echo "MaxSessions 256" >> /etc/ssh/sshd_config \
&& echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config
# Unfortunately, VOLUME doesn't support bind-mounts for portability reasons.
# Therefore, the bind-mounts for the following paths are configured in
# the ci.linaro.org's docker plugin.
# Jenkins .jar cache (read-write):
# /home/tcwg-buildslave/.jenkins:/home/tcwg-buildslave/.jenkins:rw
# We use ssh multiplexing, which creates sockets in /tmp. Overlayfs,
# which docker is using can't host sockets, so we use a scratch mount
# for /tmp. This requires that we add --rm option to "docker run"
# invocations (e.g., mark "Remove volumes" checkbox in docker plugin) to
# cleanup host directories used for the scratch mounts.
VOLUME /tmp
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
|