radial / imagebase-spoke Goto Github PK

View Code? Open in Web Editor NEW

2.0 2.0 1.0 251 KB

Base Dockerfile for Spoke containers. Supervisor and SSH built-in for your apps.

Home Page: https://index.docker.io/u/radial/spoke-base

Shell 100.00%

imagebase-spoke's People

Contributors

Stargazers

Watchers

Forkers

szaydel

imagebase-spoke's Issues

Split image into dev and production flavors

Lean and mean for production, no ssh.

ssh and perhaps some other things for dev/testing.

Log output format inconsistencies

setup logic in entrypoint scripts dump messages into supervisor logs as a hack to have them display in fig/docker logs/log streaming apps. The date/message formatting is not the same and something needs to change here so that log output can be properly sanitized to allow for proper log handling services later. Perhaps move setup messages to it's own log? leave stdoutt and stderr completely for the apps output through supervisord?

Detect when using `--net host` option for log/runtime naming scheme

Right now, both logging and runtime socket/pic files are kept in the same volume container, but separated by the dynamic $HOSTNAME variable. Using --net host makes that the same across all containers on the same host and therefore must be detected and changed accordingly so that multiple containers can use the option. Eventually, another method of inserting the unique container name will be used and we can resume normally with the scheme.

Exlude git repo from chowning

yup.

sshd login fails on some containers

copying from #1

I think it's a configuration thing somewhere in supervisor itself or in sshd.ini. Logging into container from somewhere else just cuts off and fails.

○ ssh -vvv -p 22229 root@localhost
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/brian/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22229.
debug1: Connection established.
debug1: identity file /home/brian/.ssh/id_rsa type -1
debug1: identity file /home/brian/.ssh/id_rsa-cert type -1
debug1: identity file /home/brian/.ssh/id_dsa type -1
debug1: identity file /home/brian/.ssh/id_dsa-cert type -1
debug1: identity file /home/brian/.ssh/id_ecdsa type -1
debug1: identity file /home/brian/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/brian/.ssh/id_ed25519 type -1
debug1: identity file /home/brian/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [localhost]:22229
debug3: load_hostkeys: loading entries for host "[localhost]:22229" from file "/home/brian/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/brian/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 78:53:c9:77:04:c3:82:bc:c0:bd:90:15:91:a6:c7:10
debug3: put_host_port: [127.0.0.1]:22229
debug3: put_host_port: [localhost]:22229
debug3: load_hostkeys: loading entries for host "[localhost]:22229" from file "/home/brian/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/brian/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug1: Host '[localhost]:22229' is known and matches the ECDSA host key.
debug1: Found key in /home/brian/.ssh/known_hosts:8
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: [email protected] (0x7f80e30a6580),
debug2: key: /home/brian/.ssh/id_rsa ((nil)),
debug2: key: /home/brian/.ssh/id_dsa ((nil)),
debug2: key: /home/brian/.ssh/id_ecdsa ((nil)),
debug2: key: /home/brian/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: [email protected]
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug2: input_userauth_pk_ok: fp 7b:e7:12:02:66:0f:d4:00:69:1c:fa:1c:e2:fc:83:50
debug3: sign_and_send_pubkey: RSA 7b:e7:12:02:66:0f:d4:00:69:1c:fa:1c:e2:fc:83:50
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:22229).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env ARCHFLAGS
debug3: Ignored env CLICOLOR
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env COLORTERM
debug3: Ignored env COMPIZ_BIN_PATH
debug3: Ignored env COMPIZ_CONFIG_PROFILE
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env DISPLAY
debug3: Ignored env DOTFILES
debug3: Ignored env EDITOR
debug3: Ignored env GDMSESSION
debug3: Ignored env GDM_LANG
debug3: Ignored env GEM_HOME
debug3: Ignored env GEM_PATH
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE_PID
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GNOME_KEYRING_PID
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env GREP_COLOR
debug3: Ignored env GREP_OPTIONS
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env GTK_MODULES
debug3: Ignored env HOME
debug3: Ignored env IM_CONFIG_PHASE
debug3: Ignored env INSTANCE
debug3: Ignored env IRBRC
debug3: Ignored env JOB
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env LANGUAGE
debug1: Sending env LC_COLLATE = C
debug2: channel 0: request env confirm 0
debug3: Ignored env LESS
debug3: Ignored env LOGNAME
debug3: Ignored env LS_COLORS
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env MY_RUBY_HOME
debug3: Ignored env OLDPWD
debug3: Ignored env ORBIT_SOCKETDIR
debug3: Ignored env PAGER
debug3: Ignored env PATH
debug3: Ignored env PR_BLACK
debug3: Ignored env PR_BLUE
debug3: Ignored env PR_BOLD_BLACK
debug3: Ignored env PR_BOLD_BLUE
debug3: Ignored env PR_BOLD_GREEN
debug3: Ignored env PR_BOLD_RED
debug3: Ignored env PR_BOLD_WHITE
debug3: Ignored env PR_BOLD_YELLOW
debug3: Ignored env PR_GREEN
debug3: Ignored env PR_RED
debug3: Ignored env PR_WHITE
debug3: Ignored env PR_YELLOW
debug3: Ignored env PWD
debug3: Ignored env PYTHONPATH
debug3: Ignored env QT4_IM_MODULE
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env SELINUX_INIT
debug3: Ignored env SESSION
debug3: Ignored env SESSIONTYPE
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env SHELL
debug3: Ignored env SHLVL
debug3: Ignored env SPROMPT
debug3: Ignored env SSH_AGENT_LAUNCHER
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env TERM
debug3: Ignored env TERMINATOR_UUID
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env TMUX
debug3: Ignored env TMUX_PANE
debug3: Ignored env UPSTART_SESSION
debug3: Ignored env USER
debug3: Ignored env WINDOWID
debug3: Ignored env XAUTHORITY
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env XDG_GREETER_DATA_DIR
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env XDG_SEAT
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env XDG_VTNR
debug3: Ignored env XMODIFIERS
debug3: Ignored env _
debug3: Ignored env _ORIGINAL_GEM_PATH
debug3: Ignored env rvm_bin_path
debug3: Ignored env rvm_path
debug3: Ignored env rvm_prefix
debug3: Ignored env rvm_version
debug3: Ignored env _system_type
debug3: Ignored env _system_name
debug3: Ignored env _system_version
debug3: Ignored env _system_arch
debug3: Ignored env rvm_stored_umask
debug3: Ignored env rvm_user_install_flag
debug3: Ignored env rvm_loaded_flag
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-27-generic x86_64)

* Documentation:  https://help.ubuntu.com/
Last login: Fri Jun  6 12:55:20 2014 from 172.17.42.1
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

Connection to localhost closed.
Transferred: sent 5108, received 3144 bytes, in 0.0 seconds
Bytes per second: sent 202137.0, received 124416.4
debug1: Exit status 254

Investigating shell invocation next.

Allow for alternate port use for supervisor/ssh when using `--net host` option

Use env vars in all spoke containers to specify alternate ports when using --net host so it doesn't conflict with the host.

Split setup logic from run logic in spokes

Right now, everything regarding setup/prep is run in same entrypoint script as the final binary. It would be nice if either the spoke-entrypoint.sh or the supervisor subprocess files could run setup logic (which usually needs root) separate from the final binary (which could be any user). Right now every individual spoke subprocess .ini file runs entrypoint as root, and privileges need to be dropped within the script to actually run as a different user. This seems a bit too generalized and hackish. I would like either:

figure out how to have supervisor run setup logic THEN start the binary using separate subprocesses, each with appropriate users (supervisor hates proper serialization though!)
move install scripts to a drop-in /setup.d directory for root to just run in spoke-entrypoint.sh so that binary can be free to be properly run in supervisor subprocess
1. this would bring install logs outside of supervisor. This could solve the format inconsistencies however in #7 between the nicely formated supervisor output and the setup output which is hacked to go into supervisor. maybe setup messages should go to it's own logfile once and for all and save stdoutt/stderr for pure application output which would be always formatted properly.

Configure supervisor socket for `--volumes-from` access for signal passing

--volumes-from to the location of the socket is a better method for typical start/restart actions to do unto a container. Seems like a good alternate to nsenter, which should be saved for only the most complex needs (debugging).

source

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.