From c56430d8c4857cb579ccae57bee076b5f208aebb Mon Sep 17 00:00:00 2001 From: Dominic Breuker Date: Sun, 18 Feb 2018 14:03:59 +0100 Subject: [PATCH] build proper dockerized example --- .dockerignore | 3 +++ Makefile | 29 +++++++++++++++++++++------ docker/Dockerfile | 15 -------------- docker/Dockerfile.development | 20 ++++++++++++++++++ docker/Dockerfile.example | 25 +++++++++++++++++++++++ docker/entrypoint-development.sh | 13 ++++++++++++ docker/entrypoint-example.sh | 13 ++++++++++++ docker/etc/cron.d/changepwds | 1 + docker/etc/cron.d/myjob | 1 - docker/etc/cron.d/print | 1 - docker/root/scripts/password_reset.py | 12 +++++++++++ docker/scripts/print_stuff.py | 9 --------- docker/var/spool/cron/crontabs/root | 1 + 13 files changed, 111 insertions(+), 32 deletions(-) create mode 100644 .dockerignore delete mode 100644 docker/Dockerfile create mode 100644 docker/Dockerfile.development create mode 100644 docker/Dockerfile.example create mode 100644 docker/entrypoint-development.sh create mode 100644 docker/entrypoint-example.sh create mode 100644 docker/etc/cron.d/changepwds delete mode 100644 docker/etc/cron.d/myjob delete mode 100644 docker/etc/cron.d/print create mode 100644 docker/root/scripts/password_reset.py delete mode 100644 docker/scripts/print_stuff.py create mode 100644 docker/var/spool/cron/crontabs/root diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..cc09622 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +.git +.gitignore +images/ diff --git a/Makefile b/Makefile index 6ecc96c..3b5cc50 100644 --- a/Makefile +++ b/Makefile @@ -1,24 +1,41 @@ -DEV_IMAGE = local/pspy-dev:latest PROJECT_DIR = $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) -build-dev: - docker build -f docker/Dockerfile -t $(DEV_IMAGE) . +DEV_IMAGE = local/pspy-development:latest +DEV_DOCKERFILE = $(PROJECT_DIR)/docker/Dockerfile.development + +dev-build: + docker build -f $(DEV_DOCKERFILE) -t $(DEV_IMAGE) . dev: - docker run -it --rm -v $(PROJECT_DIR):/go/src/github.com/dominicbreuker/pspy $(DEV_IMAGE) + docker run -it \ + --rm \ + -v $(PROJECT_DIR):/go/src/github.com/dominicbreuker/pspy \ + -w "/go/src/github.com/dominicbreuker/pspy" \ + $(DEV_IMAGE) + +EXAMPLE_IMAGE = local/pspy-example:latest +EXAMPLE_DOCKERFILE = $(PROJECT_DIR)/docker/Dockerfile.example + +example: + docker build -t $(EXAMPLE_IMAGE) -f $(EXAMPLE_DOCKERFILE) . + docker run -it --rm $(EXAMPLE_IMAGE) + +BUILD_IMAGE = golang:1.10-alpine release: docker run -it \ --rm \ -v $(PROJECT_DIR):/go/src/github.com/dominicbreuker/pspy \ + -w "/go/src/github.com/dominicbreuker" \ --env CGO_ENABLED=0 \ --env GOOS=linux \ --env GOARCH=386 \ - $(DEV_IMAGE) go build -a -ldflags '-extldflags "-static"' -o pspy/bin/pspy32 pspy/main.go + $(BUILD_IMAGE) go build -a -ldflags '-extldflags "-static"' -o pspy/bin/pspy32 pspy/main.go docker run -it \ --rm \ -v $(PROJECT_DIR):/go/src/github.com/dominicbreuker/pspy \ + -w "/go/src/github.com/dominicbreuker" \ --env CGO_ENABLED=0 \ --env GOOS=linux \ --env GOARCH=amd64 \ - $(DEV_IMAGE) go build -a -ldflags '-extldflags "-static"' -o pspy/bin/pspy64 pspy/main.go + $(BUILD_IMAGE) go build -a -ldflags '-extldflags "-static"' -o pspy/bin/pspy64 pspy/main.go diff --git a/docker/Dockerfile b/docker/Dockerfile deleted file mode 100644 index e91a0e4..0000000 --- a/docker/Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -FROM golang:1.9-stretch - -RUN apt-get update && apt-get -y install cron sudo -COPY docker/etc/cron.d /etc/cron.d -COPY docker/scripts /scripts - -RUN useradd -ms /bin/bash myuser && \ - adduser myuser sudo && \ - echo 'myuser ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers -USER myuser - - -WORKDIR /go/src/github.com/dominicbreuker - - diff --git a/docker/Dockerfile.development b/docker/Dockerfile.development new file mode 100644 index 0000000..f39d22a --- /dev/null +++ b/docker/Dockerfile.development @@ -0,0 +1,20 @@ +FROM golang:1.10-stretch + +RUN apt-get update && apt-get -y install cron python3 sudo procps + +# install root cronjob +COPY docker/var/spool/cron/crontabs /var/spool/cron/crontabs +RUN chmod 600 /var/spool/cron/crontabs/root +COPY docker/root/scripts /root/scripts + +# set up unpriviledged user +# allows passwordless sudo to start cron as root on startup +RUN useradd -ms /bin/bash myuser && \ + adduser myuser sudo && \ + echo 'myuser ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER myuser + +# drop into bash shell +COPY docker/entrypoint-development.sh /entrypoint.sh +RUN sudo chmod +x /entrypoint.sh +CMD ["/entrypoint.sh"] diff --git a/docker/Dockerfile.example b/docker/Dockerfile.example new file mode 100644 index 0000000..508ec22 --- /dev/null +++ b/docker/Dockerfile.example @@ -0,0 +1,25 @@ +FROM debian:stretch + +RUN apt-get update && apt-get -y install cron python3 sudo procps + +# install root cronjob +COPY docker/var/spool/cron/crontabs /var/spool/cron/crontabs +RUN chmod 600 /var/spool/cron/crontabs/root +COPY docker/root/scripts /root/scripts + +# install pspy +COPY bin/pspy64 /usr/bin/pspy + +# set up unpriviledged user +# allows passwordless sudo to start cron as root on startup +RUN useradd -ms /bin/bash myuser && \ + adduser myuser sudo && \ + echo 'myuser ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +USER myuser + +# deploy startup script +COPY docker/entrypoint-example.sh /entrypoint.sh +RUN sudo chmod +x /entrypoint.sh +CMD ["/entrypoint.sh"] + + diff --git a/docker/entrypoint-development.sh b/docker/entrypoint-development.sh new file mode 100644 index 0000000..08bf82f --- /dev/null +++ b/docker/entrypoint-development.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +sudo cron -f & +sleep 1 +sudo ps | grep cron 1>/dev/null +echo "[+] cron started" + +echo "[+] Running as user `id`" + +echo "[+] Dropping into shell..." +exec /bin/bash diff --git a/docker/entrypoint-example.sh b/docker/entrypoint-example.sh new file mode 100644 index 0000000..349bddb --- /dev/null +++ b/docker/entrypoint-example.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +sudo cron -f & +sleep 1 +sudo ps | grep cron 1>/dev/null +echo "[+] cron started" + +echo "[+] Running as user `id`" + +echo "[+] Starting pspy now..." +pspy 2>/dev/null diff --git a/docker/etc/cron.d/changepwds b/docker/etc/cron.d/changepwds new file mode 100644 index 0000000..9b5b15d --- /dev/null +++ b/docker/etc/cron.d/changepwds @@ -0,0 +1 @@ +* * * * * root python /root/scripts/password_reset.py diff --git a/docker/etc/cron.d/myjob b/docker/etc/cron.d/myjob deleted file mode 100644 index a718b9b..0000000 --- a/docker/etc/cron.d/myjob +++ /dev/null @@ -1 +0,0 @@ -* * * * * root echo 'this is some text' >> /tmp/myjob.log diff --git a/docker/etc/cron.d/print b/docker/etc/cron.d/print deleted file mode 100644 index 2682ce3..0000000 --- a/docker/etc/cron.d/print +++ /dev/null @@ -1 +0,0 @@ -* * * * * root python /scripts/print_stuff.py >> /tmp/print.log diff --git a/docker/root/scripts/password_reset.py b/docker/root/scripts/password_reset.py new file mode 100644 index 0000000..b2d9d45 --- /dev/null +++ b/docker/root/scripts/password_reset.py @@ -0,0 +1,12 @@ +#!/usr/bin/python +import string +import random +from subprocess import call + +new_password = ''.join(random.SystemRandom() + .choice(string.ascii_uppercase + string.digits) + for _ in range(16)) + +call("/bin/echo -e \"{}\\n{}\" | passwd myuser" + .format(new_password, new_password), shell=True) + diff --git a/docker/scripts/print_stuff.py b/docker/scripts/print_stuff.py deleted file mode 100644 index 38d1440..0000000 --- a/docker/scripts/print_stuff.py +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/python - -user = "myusername" -password = "thepw" - -for i in range(100): - print("a"*i) - -print("done") diff --git a/docker/var/spool/cron/crontabs/root b/docker/var/spool/cron/crontabs/root new file mode 100644 index 0000000..c475dab --- /dev/null +++ b/docker/var/spool/cron/crontabs/root @@ -0,0 +1 @@ +* * * * * python3 /root/scripts/password_reset.py