Refs #72026 - Add support for multiple authorized ssh keys
This commit is contained in:
Alin Voinea
parent
e9ae9dea8c
commit
7da81a28a1
@ -7,7 +7,7 @@ A simple rsync server/client Docker image to easily rsync data within Docker vol
|
|||||||
Get files from remote server within a `docker volume`:
|
Get files from remote server within a `docker volume`:
|
||||||
|
|
||||||
$ docker run --rm -v blobstorage:/data/ eeacms/rsync \
|
$ docker run --rm -v blobstorage:/data/ eeacms/rsync \
|
||||||
rsync -avz user@remote.server.domain.or.ip:/var/local/blobs/ /data/
|
rsync -avzx --numeric-ids user@remote.server.domain.or.ip:/var/local/blobs/ /data/
|
||||||
|
|
||||||
Get files from `remote server` to a `data container`:
|
Get files from `remote server` to a `data container`:
|
||||||
|
|
||||||
@ -23,7 +23,7 @@ Start client to pack and sync every night:
|
|||||||
|
|
||||||
$ docker run --name=rsync_client -v client_vol_to_sync:/data \
|
$ docker run --name=rsync_client -v client_vol_to_sync:/data \
|
||||||
-e CRON_TASK_1="0 1 * * * /data/pack-db.sh" \
|
-e CRON_TASK_1="0 1 * * * /data/pack-db.sh" \
|
||||||
-e CRON_TASK_2="0 3 * * * rsync -e 'ssh -p 2222 -o StrictHostKeyChecking=no' -avz root@foo.bar.com:/data/ /data/" \
|
-e CRON_TASK_2="0 3 * * * rsync -e 'ssh -p 2222' -aqx --numeric-ids root@foo.bar.com:/data/ /data/" \
|
||||||
eeacms/rsync client
|
eeacms/rsync client
|
||||||
|
|
||||||
Copy the client SSH public key printed found in console
|
Copy the client SSH public key printed found in console
|
||||||
@ -33,7 +33,8 @@ Copy the client SSH public key printed found in console
|
|||||||
Start server on `foo.bar.com`
|
Start server on `foo.bar.com`
|
||||||
|
|
||||||
# docker run --name=rsync_server -d -p 2222:22 -v server_vol_to_sync:/data \
|
# docker run --name=rsync_server -d -p 2222:22 -v server_vol_to_sync:/data \
|
||||||
-e SSH_AUTH_KEY="<SSH KEY FROM rsync_client>" \
|
-e SSH_AUTH_KEY_1="<SSH KEY FROM rsync_client>" \
|
||||||
|
-e SSH_AUTH_KEY_n="<SSH KEY FROM rsync_client_n>" \
|
||||||
eeacms/rsync server
|
eeacms/rsync server
|
||||||
|
|
||||||
### Verify that it works
|
### Verify that it works
|
||||||
@ -46,5 +47,5 @@ Add `test` file on server:
|
|||||||
Bring the `file` on client:
|
Bring the `file` on client:
|
||||||
|
|
||||||
$ docker exec -it rsync_client sh
|
$ docker exec -it rsync_client sh
|
||||||
$ rsync -e 'ssh -p 2222 -o StrictHostKeyChecking=no' -avz root@foo.bar.com:/data/ /data/
|
$ rsync -e 'ssh -p 2222' -avz root@foo.bar.com:/data/ /data/
|
||||||
$ ls -l /data/
|
$ ls -l /data/
|
||||||
|
|||||||
@ -4,16 +4,23 @@
|
|||||||
# INIT
|
# INIT
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
# Provide SSH AUTHORIZED KEY via environment variable
|
mkdir -p /root/.ssh
|
||||||
if [ ! -z "$SSH_AUTH_KEY" ]; then
|
> /root/.ssh/authorized_keys
|
||||||
mkdir -p /root/.ssh
|
chmod go-rwx /root/.ssh/authorized_keys
|
||||||
echo "$SSH_AUTH_KEY" > /root/.ssh/authorized_keys
|
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
|
||||||
chmod go-rwx /root/.ssh/authorized_keys
|
|
||||||
sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Provide CRON_TASK via environment variable
|
# Provide SSH_AUTHORIZED_KEY_* via environment variable
|
||||||
echo '' > /etc/crontabs/root
|
for item in `env`; do
|
||||||
|
case "$item" in
|
||||||
|
SSH_AUTHORIZED_KEY*)
|
||||||
|
ENVVAR=`echo $item | cut -d \= -f 1`
|
||||||
|
printenv $ENVVAR >> /root/.ssh/authorized_keys
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# Provide CRON_TASK_* via environment variable
|
||||||
|
> /etc/crontabs/root
|
||||||
for item in `env`; do
|
for item in `env`; do
|
||||||
case "$item" in
|
case "$item" in
|
||||||
CRON_TASK*)
|
CRON_TASK*)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user