launch ssh server in docker (#99)

* launch ssh server in docker * fix: ci
UNDP-Data · Dec 19, 2024 · 3789b52 · 3789b52
1 parent fc0bde3
commit 3789b52
Show file tree

Hide file tree

Showing 9 changed files with 121 additions and 11 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -7,3 +7,5 @@ docker-compose.yaml
 Dockerfile
 Pipfile
 Pipfile.lock
+.env.example
+.env
diff --git a/.env.example b/.env.example
@@ -1,4 +1,5 @@
 AZURE_STORAGE_CONNECTION_STRING=
 AZURE_STORAGE_CONTAINER=
 AZ_ROOT_FILE_PATH=
-LOCAL_DOWNLOAD_PATH=
+LOCAL_DOWNLOAD_PATH=
+SSH_USERS=
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -59,7 +59,7 @@ jobs:
         run: |
           # Change owner of workspace to ubuntu user
           sudo chown -R 1000:1000 ${{ github.workspace }}
-          docker run --rm -v ${{ github.workspace }}:/app -w /app  ${{ steps.image_tag.outputs.TAG }} make test
+          docker run --rm -v ${{ github.workspace }}:/app -w /app --entrypoint /bin/bash ${{ steps.image_tag.outputs.TAG }} -c "make test"
 
   deploy-acr:
     name: Build and deploy to Azure Container Registry

diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,38 @@
 # Use the GDAL image as the base
 FROM ghcr.io/osgeo/gdal:ubuntu-full-3.10.0
 
+ARG GROUPNAME="cbsurge"
+
 # Install necessary tools and Python packages
 RUN apt-get update && \
-    apt-get install -y python3-pip pipenv gcc cmake libgeos-dev && \
+    apt-get install -y python3-pip pipenv gcc cmake libgeos-dev openssh-server && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
 # install azure-cli
 RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
 
+RUN mkdir /var/run/sshd && \
+    echo 'PermitRootLogin no' >> /etc/ssh/sshd_config && \
+    echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config
+
 WORKDIR /app
 
 COPY . .
+
+# Create a group and set permissions for /app
+RUN groupadd ${GROUPNAME} && \
+    usermod -aG ${GROUPNAME} root && \
+    mkdir -p /app && \
+    chown -R :${GROUPNAME} /app && \
+    chmod -R g+rwx /app
+
+RUN chmod +x /app/create_user.sh
+RUN chmod +x /app/entrypoint.sh
+
+# install package
 RUN pipenv --python 3 && pipenv run pip install -e .
 
-CMD [ "pipenv", "run", "rapida", "--help"]
+EXPOSE 22
+
+ENTRYPOINT ["/app/entrypoint.sh"]
diff --git a/Makefile b/Makefile
@@ -13,7 +13,7 @@ shell:
 	@echo "------------------------------------------------------------------"
 	@echo "Shelling in dev mode"
 	@echo "------------------------------------------------------------------"
-	docker compose -f docker-compose.yaml run cbsurge /bin/bash
+	docker compose -f docker-compose.yaml run --entrypoint /bin/bash cbsurge
 
 
 test:
@@ -30,6 +30,13 @@ build:
 	@echo "------------------------------------------------------------------"
 	docker compose -f docker-compose.yaml build
 
+up:
+	@echo
+	@echo "------------------------------------------------------------------"
+	@echo "Launch docker containers"
+	@echo "------------------------------------------------------------------"
+	docker compose -f docker-compose.yaml up
+
 down:
 	@echo
 	@echo "------------------------------------------------------------------"

diff --git a/README.md b/README.md
@@ -72,19 +72,50 @@ before running the above command, please use `devcontainer` or `make shell` to e
 
 ## Using docker
 
-- build docker-image
+### build docker-image
 
 ```shell
 make build
 ```
 
-- destroy docker container
+### Launch SSH server
+
+- set users
+
+```
+cp .env.example .env
+vi .env
+```
+
+SSH_USERS can have multiple users (username:password) for SSH login
+
+```shell
+SSH_USERS=docker:docker user:user
+```
+
+- launch docker container
+
+```shell
+make up
+```
+
+The below command is connecting to `localhost` with user `docker` through port `2222`.
+
+```shell
+ssh docker@localhost -p 2222
+
+# make sure installing the package first
+cd /app
+pipenv run pip install -e .
+```
+
+### destroy docker container
 
 ```shell
 make down
 ```
 
-- enter to Docker container
+### enter to Docker container
 
 ```shell
 make shell

diff --git a/create_user.sh b/create_user.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+USERNAME=$1
+PASSWORD=$2
+GROUPNAME=cbsurge
+
+# skip if user already exists
+if id "$USERNAME" &>/dev/null; then
+    echo "User $USERNAME already exists."
+else
+    # create new user
+    useradd -m -s /bin/bash "$USERNAME"
+    echo "$USERNAME:$PASSWORD" | chpasswd
+    echo "User $USERNAME created."
+
+    # Add the user to the group
+    usermod -aG $GROUPNAME "$USERNAME"
+    echo "User $USERNAME added to $GROUPNAME group."
+
+    # Grant sudo access (optional)
+    usermod -aG sudo "$USERNAME"
+    echo "User $USERNAME granted sudo privileges."
+fi
+
+# Set ownership of /app folder to the user
+chown -R "$USERNAME:$USERNAME" /app
+echo "Ownership of /app granted to $USERNAME."
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -4,9 +4,14 @@ services:
     build:
       context: .
       dockerfile: ./Dockerfile
-    # default command to show help menu
-    command: "pipenv run python -m cbsurge.cli --help"
     volumes:
+      - ./create_user.sh:/app/create_user.sh
+      - ./entrypoint.sh:/app/entrypoint.sh
       - ./Makefile:/app/Makefile
       - ./cbsurge:/app/cbsurge # mount app folder to container
-      - ./tests:/app/tests
+      - ./tests:/app/tests
+    entrypoint: "/app/entrypoint.sh"
+    ports:
+      - 2222:22
+    environment:
+      - SSH_USERS=${SSH_USERS:-''}
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Create multiple users from environment variable SSH_USERS
+# Format: SSH_USERS="user1:password1 user2:password2 user3:password3"
+if [ ! -z "$SSH_USERS" ]; then
+    for user_info in $SSH_USERS; do
+        IFS=':' read -r username password <<< "$user_info"
+        if [ ! -z "$username" ] && [ ! -z "$password" ]; then
+            /app/create_user.sh "$username" "$password"
+        else
+            echo "Invalid user format: $user_info"
+        fi
+    done
+fi
+
+# launch ssh server
+/usr/sbin/sshd -D