radial / imagebase-spoke Goto Github PK
View Code? Open in Web Editor NEWBase Dockerfile for Spoke containers. Supervisor and SSH built-in for your apps.
Home Page: https://index.docker.io/u/radial/spoke-base
Base Dockerfile for Spoke containers. Supervisor and SSH built-in for your apps.
Home Page: https://index.docker.io/u/radial/spoke-base
Lean and mean for production, no ssh.
ssh and perhaps some other things for dev/testing.
setup logic in entrypoint scripts dump messages into supervisor logs as a hack to have them display in fig/docker logs/log streaming apps. The date/message formatting is not the same and something needs to change here so that log output can be properly sanitized to allow for proper log handling services later. Perhaps move setup messages to it's own log? leave stdoutt and stderr completely for the apps output through supervisord?
Right now, both logging and runtime socket/pic files are kept in the same volume container, but separated by the dynamic $HOSTNAME variable. Using --net host
makes that the same across all containers on the same host and therefore must be detected and changed accordingly so that multiple containers can use the option. Eventually, another method of inserting the unique container name will be used and we can resume normally with the scheme.
yup.
copying from #1
I think it's a configuration thing somewhere in supervisor itself or in sshd.ini. Logging into container from somewhere else just cuts off and fails.
โ ssh -vvv -p 22229 root@localhost
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/brian/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22229.
debug1: Connection established.
debug1: identity file /home/brian/.ssh/id_rsa type -1
debug1: identity file /home/brian/.ssh/id_rsa-cert type -1
debug1: identity file /home/brian/.ssh/id_dsa type -1
debug1: identity file /home/brian/.ssh/id_dsa-cert type -1
debug1: identity file /home/brian/.ssh/id_ecdsa type -1
debug1: identity file /home/brian/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/brian/.ssh/id_ed25519 type -1
debug1: identity file /home/brian/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug3: put_host_port: [localhost]:22229
debug3: load_hostkeys: loading entries for host "[localhost]:22229" from file "/home/brian/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/brian/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit: none,[email protected],zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,[email protected],[email protected],[email protected],aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,[email protected]
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-md5,hmac-sha1,[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit: none,[email protected]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: setup [email protected]
debug1: kex: server->client aes128-ctr [email protected] none
debug2: mac_setup: setup [email protected]
debug1: kex: client->server aes128-ctr [email protected] none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 78:53:c9:77:04:c3:82:bc:c0:bd:90:15:91:a6:c7:10
debug3: put_host_port: [127.0.0.1]:22229
debug3: put_host_port: [localhost]:22229
debug3: load_hostkeys: loading entries for host "[localhost]:22229" from file "/home/brian/.ssh/known_hosts"
debug3: load_hostkeys: found key type ECDSA in file /home/brian/.ssh/known_hosts:8
debug3: load_hostkeys: loaded 1 keys
debug1: Host '[localhost]:22229' is known and matches the ECDSA host key.
debug1: Found key in /home/brian/.ssh/known_hosts:8
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: [email protected] (0x7f80e30a6580),
debug2: key: /home/brian/.ssh/id_rsa ((nil)),
debug2: key: /home/brian/.ssh/id_dsa ((nil)),
debug2: key: /home/brian/.ssh/id_ecdsa ((nil)),
debug2: key: /home/brian/.ssh/id_ed25519 ((nil)),
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: [email protected]
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug2: input_userauth_pk_ok: fp 7b:e7:12:02:66:0f:d4:00:69:1c:fa:1c:e2:fc:83:50
debug3: sign_and_send_pubkey: RSA 7b:e7:12:02:66:0f:d4:00:69:1c:fa:1c:e2:fc:83:50
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:22229).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug3: Ignored env ARCHFLAGS
debug3: Ignored env CLICOLOR
debug3: Ignored env CLUTTER_IM_MODULE
debug3: Ignored env COLORTERM
debug3: Ignored env COMPIZ_BIN_PATH
debug3: Ignored env COMPIZ_CONFIG_PROFILE
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env DEFAULTS_PATH
debug3: Ignored env DESKTOP_SESSION
debug3: Ignored env DISPLAY
debug3: Ignored env DOTFILES
debug3: Ignored env EDITOR
debug3: Ignored env GDMSESSION
debug3: Ignored env GDM_LANG
debug3: Ignored env GEM_HOME
debug3: Ignored env GEM_PATH
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE
debug3: Ignored env GIO_LAUNCHED_DESKTOP_FILE_PID
debug3: Ignored env GNOME_DESKTOP_SESSION_ID
debug3: Ignored env GNOME_KEYRING_CONTROL
debug3: Ignored env GNOME_KEYRING_PID
debug3: Ignored env GPG_AGENT_INFO
debug3: Ignored env GREP_COLOR
debug3: Ignored env GREP_OPTIONS
debug3: Ignored env GTK_IM_MODULE
debug3: Ignored env GTK_MODULES
debug3: Ignored env HOME
debug3: Ignored env IM_CONFIG_PHASE
debug3: Ignored env INSTANCE
debug3: Ignored env IRBRC
debug3: Ignored env JOB
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug3: Ignored env LANGUAGE
debug1: Sending env LC_COLLATE = C
debug2: channel 0: request env confirm 0
debug3: Ignored env LESS
debug3: Ignored env LOGNAME
debug3: Ignored env LS_COLORS
debug3: Ignored env MANDATORY_PATH
debug3: Ignored env MY_RUBY_HOME
debug3: Ignored env OLDPWD
debug3: Ignored env ORBIT_SOCKETDIR
debug3: Ignored env PAGER
debug3: Ignored env PATH
debug3: Ignored env PR_BLACK
debug3: Ignored env PR_BLUE
debug3: Ignored env PR_BOLD_BLACK
debug3: Ignored env PR_BOLD_BLUE
debug3: Ignored env PR_BOLD_GREEN
debug3: Ignored env PR_BOLD_RED
debug3: Ignored env PR_BOLD_WHITE
debug3: Ignored env PR_BOLD_YELLOW
debug3: Ignored env PR_GREEN
debug3: Ignored env PR_RED
debug3: Ignored env PR_WHITE
debug3: Ignored env PR_YELLOW
debug3: Ignored env PWD
debug3: Ignored env PYTHONPATH
debug3: Ignored env QT4_IM_MODULE
debug3: Ignored env QT_IM_MODULE
debug3: Ignored env QT_QPA_PLATFORMTHEME
debug3: Ignored env SELINUX_INIT
debug3: Ignored env SESSION
debug3: Ignored env SESSIONTYPE
debug3: Ignored env SESSION_MANAGER
debug3: Ignored env SHELL
debug3: Ignored env SHLVL
debug3: Ignored env SPROMPT
debug3: Ignored env SSH_AGENT_LAUNCHER
debug3: Ignored env SSH_AGENT_PID
debug3: Ignored env SSH_AUTH_SOCK
debug3: Ignored env TERM
debug3: Ignored env TERMINATOR_UUID
debug3: Ignored env TEXTDOMAIN
debug3: Ignored env TEXTDOMAINDIR
debug3: Ignored env TMUX
debug3: Ignored env TMUX_PANE
debug3: Ignored env UPSTART_SESSION
debug3: Ignored env USER
debug3: Ignored env WINDOWID
debug3: Ignored env XAUTHORITY
debug3: Ignored env XDG_CONFIG_DIRS
debug3: Ignored env XDG_CURRENT_DESKTOP
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env XDG_GREETER_DATA_DIR
debug3: Ignored env XDG_MENU_PREFIX
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env XDG_SEAT
debug3: Ignored env XDG_SEAT_PATH
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_SESSION_PATH
debug3: Ignored env XDG_VTNR
debug3: Ignored env XMODIFIERS
debug3: Ignored env _
debug3: Ignored env _ORIGINAL_GEM_PATH
debug3: Ignored env rvm_bin_path
debug3: Ignored env rvm_path
debug3: Ignored env rvm_prefix
debug3: Ignored env rvm_version
debug3: Ignored env _system_type
debug3: Ignored env _system_name
debug3: Ignored env _system_version
debug3: Ignored env _system_arch
debug3: Ignored env rvm_stored_umask
debug3: Ignored env rvm_user_install_flag
debug3: Ignored env rvm_loaded_flag
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-27-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Fri Jun 6 12:55:20 2014 from 172.17.42.1
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)
Connection to localhost closed.
Transferred: sent 5108, received 3144 bytes, in 0.0 seconds
Bytes per second: sent 202137.0, received 124416.4
debug1: Exit status 254
Investigating shell invocation next.
Use env vars in all spoke containers to specify alternate ports when using --net host
so it doesn't conflict with the host.
Right now, everything regarding setup/prep is run in same entrypoint script as the final binary. It would be nice if either the spoke-entrypoint.sh or the supervisor subprocess files could run setup logic (which usually needs root) separate from the final binary (which could be any user). Right now every individual spoke subprocess .ini file runs entrypoint as root, and privileges need to be dropped within the script to actually run as a different user. This seems a bit too generalized and hackish. I would like either:
/setup.d
directory for root to just run in spoke-entrypoint.sh so that binary can be free to be properly run in supervisor subprocess
--volumes-from
to the location of the socket is a better method for typical start/restart actions to do unto a container. Seems like a good alternate to nsenter, which should be saved for only the most complex needs (debugging).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.