From 45c57234d7737bea6d6447503dd29869d8bffa11 Mon Sep 17 00:00:00 2001 From: Paul Becotte Date: Thu, 2 Apr 2015 11:36:39 -0400 Subject: [PATCH 1/7] Add instructions for enabling sshd on the fly without permanently enabling it in the dockerfile to the README --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 2c838fb..2293801 100644 --- a/README.md +++ b/README.md @@ -386,6 +386,19 @@ Baseimage-docker disables the SSH server by default. Add the following to your D # init system will auto-generate one during boot. RUN /etc/my_init.d/00_regen_ssh_host_keys.sh +Alternatively, to enable sshd only for a single instance of your container, create a folder with a [startup script](#running_startup_scripts). The contents of that should be + + ### In myfolder/enable_ssh.sh (make sure this file is chmod +x): + #!/bin/sh + rm -f /etc/service/sshd/down + ssh-keygen -P "" -t dsa -f /etc/ssh/ssh_host_dsa_key + +Then, you can start your container with + + docker run -d -v `pwd`/myfolder:/etc/my_init.d my/dockerimage + +This will initialize sshd on container boot. You can then access it with the insecure key as below, or using the methods to add a secure key. Further, you can publish the port to your machine with -p 22:2222 allowing you to ssh to localhost:2222 instead of looking up the ip address. + #### About SSH keys From 17eadef537f609ecab292ea133eb0a1235db567f Mon Sep 17 00:00:00 2001 From: Alexander Buddenbrock Date: Tue, 17 Mar 2015 20:35:16 +0100 Subject: [PATCH 2/7] Use COPY instead of ADD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While COPY and ADD are essentially interchangeable here, it is still considered good practice to use COPY whenever possible. From the docker docks on best practices: "Although ADD and COPY are functionally similar, generally speaking, COPY is preferred. That’s because it’s more transparent than ADD. [...] For other items (files, directories) that do not require ADD’s tar auto-extraction capability, you should always use COPY." Additionally, ADD commands were not cached prior to 0.7.3 (which was released on 2013-01-02). --- README.md | 6 +++--- README_ZH_cn_.md | 6 +++--- README_zh_tw.md | 6 +++--- image/Dockerfile | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 8b376a2..9f70f82 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ In `memcached.sh` (make sure this file is chmod +x): In `Dockerfile`: RUN mkdir /etc/service/memcached - ADD memcached.sh /etc/service/memcached/run + COPY memcached.sh /etc/service/memcached/run Note that the shell script must run the daemon **without letting it daemonize/fork it**. Usually, daemons provide a command line flag or a config file option for that. @@ -191,7 +191,7 @@ In `logtime.sh` (make sure this file is chmod +x): In `Dockerfile`: RUN mkdir -p /etc/my_init.d - ADD logtime.sh /etc/my_init.d/logtime.sh + COPY logtime.sh /etc/my_init.d/logtime.sh ### Environment variables @@ -456,7 +456,7 @@ Instructions for logging in the container is the same as in section [Using the i Edit your Dockerfile to install an SSH public key: ## Install an SSH of your choice. - ADD your_key.pub /tmp/your_key.pub + COPY your_key.pub /tmp/your_key.pub RUN cat /tmp/your_key.pub >> /root/.ssh/authorized_keys && rm -f /tmp/your_key.pub Then rebuild your image. Once you have that, start a container based on that image: diff --git a/README_ZH_cn_.md b/README_ZH_cn_.md index cca0dbe..736775f 100644 --- a/README_ZH_cn_.md +++ b/README_ZH_cn_.md @@ -156,7 +156,7 @@ The image is called `phusion/baseimage`, and is available on the Docker registry ### 在Dockerfile中: RUN mkdir /etc/service/memcached - ADD memcached.sh /etc/service/memcached/run + COPY memcached.sh /etc/service/memcached/run 注意脚本必须运行在后台的,**不能让他们进程进行daemonize/fork**.通常,后台进程会提供一个标志位或者配置文件. @@ -178,7 +178,7 @@ baseimage-docker的初始化脚本 `/sbin/my_init`,在启动的时候进程运 ### 在 Dockerfile中: RUN mkdir -p /etc/my_init.d - ADD logtime.sh /etc/my_init.d/logtime.sh + COPY logtime.sh /etc/my_init.d/logtime.sh @@ -487,7 +487,7 @@ Baseimage-docker提供了一个灵活的方式运行只要一闪而过的命令, 编辑你的dockerfile,来安装ssh public key: ## 安装你自己的public key. - ADD your_key.pub /tmp/your_key.pub + COPY your_key.pub /tmp/your_key.pub RUN cat /tmp/your_key.pub >> /root/.ssh/authorized_keys && rm -f /tmp/your_key.pub 重新创建你的镜像.一旦你创建成功,启动基于这个镜像的容器. diff --git a/README_zh_tw.md b/README_zh_tw.md index 1a8da2f..56690db 100644 --- a/README_zh_tw.md +++ b/README_zh_tw.md @@ -156,7 +156,7 @@ The image is called `phusion/baseimage`, and is available on the Docker registry ### 在Dockerfile中: RUN mkdir /etc/service/memcached - ADD memcached.sh /etc/service/memcached/run + COPY memcached.sh /etc/service/memcached/run 注意腳本必須運行在後臺的,**不能讓他們行程進行daemonize/fork**.通常,後臺行程會提供一個標誌位或者配置文件. @@ -178,7 +178,7 @@ baseimage-docker的初始化腳本 `/sbin/my_init`,在啓動的時候行程運 ### 在 Dockerfile中: RUN mkdir -p /etc/my_init.d - ADD logtime.sh /etc/my_init.d/logtime.sh + COPY logtime.sh /etc/my_init.d/logtime.sh @@ -487,7 +487,7 @@ Baseimage-docker提供了一個靈活的方式運行只要一閃而過的命令, 編輯你的dockerfile,來安裝ssh public key: ## 安裝你自己的public key. - ADD your_key.pub /tmp/your_key.pub + COPY your_key.pub /tmp/your_key.pub RUN cat /tmp/your_key.pub >> /root/.ssh/authorized_keys && rm -f /tmp/your_key.pub 重新創建你的鏡像.一旦你創建成功,啓動基於這個鏡像的容器. diff --git a/image/Dockerfile b/image/Dockerfile index 0de204c..4815943 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,7 +1,7 @@ FROM ubuntu:14.04 MAINTAINER Phusion -ADD . /bd_build +COPY . /bd_build RUN /bd_build/prepare.sh && \ /bd_build/system_services.sh && \ From ecdbe62eca161dd3c33b8886f36161729734f20e Mon Sep 17 00:00:00 2001 From: Andreas Elvers Date: Wed, 24 Aug 2016 15:44:16 +0200 Subject: [PATCH 3/7] Removing -f option of `docker tag` since this option is gone in docker 1.12.0. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4a07334..65b6528 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ test: env NAME=$(NAME) VERSION=$(VERSION) ./test/runner.sh tag_latest: - docker tag -f $(NAME):$(VERSION) $(NAME):latest + docker tag $(NAME):$(VERSION) $(NAME):latest release: test tag_latest @if ! docker images $(NAME) | awk '{ print $$2 }' | grep -q -F $(VERSION); then echo "$(NAME) version $(VERSION) is not yet built. Please run 'make build'"; false; fi From d3eceae5ef4312115620daba2aa47b93e07e626a Mon Sep 17 00:00:00 2001 From: zhouhaibing089 Date: Mon, 12 Sep 2016 10:47:34 +0800 Subject: [PATCH 4/7] override the logrotate.conf without `su root syslog` --- image/services/syslog-ng/logrotate.conf | 36 +++++++++++++++++++++++++ image/services/syslog-ng/syslog-ng.sh | 1 + 2 files changed, 37 insertions(+) create mode 100644 image/services/syslog-ng/logrotate.conf diff --git a/image/services/syslog-ng/logrotate.conf b/image/services/syslog-ng/logrotate.conf new file mode 100644 index 0000000..cb2e78c --- /dev/null +++ b/image/services/syslog-ng/logrotate.conf @@ -0,0 +1,36 @@ +# see "man logrotate" for details +# rotate log files weekly +weekly + +# use the syslog group by default, since this is the owning group +# of /var/log/syslog. +# su root syslog + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# uncomment this if you want your log files compressed +#compress + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# no packages own wtmp, or btmp -- we'll rotate them here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + rotate 1 +} + +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 1 +} + +# system-specific logs may be configured here diff --git a/image/services/syslog-ng/syslog-ng.sh b/image/services/syslog-ng/syslog-ng.sh index f655756..2b0be4a 100755 --- a/image/services/syslog-ng/syslog-ng.sh +++ b/image/services/syslog-ng/syslog-ng.sh @@ -21,4 +21,5 @@ cp $SYSLOG_NG_BUILD_PATH/syslog-forwarder.runit /etc/service/syslog-forwarder/ru ## Install logrotate. $minimal_apt_get_install logrotate +cp $SYSLOG_NG_BUILD_PATH/logrotate.conf /etc/logrotate.conf cp $SYSLOG_NG_BUILD_PATH/logrotate_syslogng /etc/logrotate.d/syslog-ng From bb3fef5377e3a4a99215eeef0f74c0156faed00d Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Tue, 6 Sep 2016 13:04:03 +0200 Subject: [PATCH 5/7] Expose the locales in Dockerfile While the locales are generated with locale-gen, this does not enforce the en_US.UTF-8 locale inside the container. See the following links for more information: - https://github.com/docker/docker/issues/2424 - http://jaredmarkell.com/docker-and-locales/ --- image/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/image/Dockerfile b/image/Dockerfile index d543b36..e1a1fa4 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -9,4 +9,8 @@ RUN /bd_build/prepare.sh && \ /bd_build/fix_pam_bug.sh && \ /bd_build/cleanup.sh +ENV LANG en_US.UTF-8 +ENV LANGUAGE en_US:en +ENV LC_ALL en_US.UTF-8 + CMD ["/sbin/my_init"] From ac1211b0ed74ccffc76c934fc2403838acd42dae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Tue, 15 Nov 2016 16:41:47 +0100 Subject: [PATCH 6/7] Provided a fix for cron not working out of the box. --- image/services/cron/cron.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/image/services/cron/cron.sh b/image/services/cron/cron.sh index 7d884b9..bc1935e 100755 --- a/image/services/cron/cron.sh +++ b/image/services/cron/cron.sh @@ -7,6 +7,8 @@ $minimal_apt_get_install cron mkdir /etc/service/cron chmod 600 /etc/crontab cp /bd_build/services/cron/cron.runit /etc/service/cron/run +# Fix cron issues in 0.9.19, see also #345: https://github.com/phusion/baseimage-docker/issues/345 +sed -i 's/^\s*session\s\+required\s\+pam_loginuid.so/# &/' /etc/pam.d/cron ## Remove useless cron entries. # Checks for lost+found and scans for mtab. From 9920d9d834bb7ccfcf38faec68665a5f3a01a403 Mon Sep 17 00:00:00 2001 From: Jens Diemer Date: Tue, 29 Nov 2016 12:05:34 +0100 Subject: [PATCH 7/7] RUN chmod +x /etc/service/memcached/run is needed. otherwise i get the error: ``` fatal: unable to start ./run: access denied ``` --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 09a6fab..cc49d3f 100644 --- a/README.md +++ b/README.md @@ -170,6 +170,7 @@ In `Dockerfile`: RUN mkdir /etc/service/memcached ADD memcached.sh /etc/service/memcached/run + RUN chmod +x /etc/service/memcached/run Note that the shell script must run the daemon **without letting it daemonize/fork it**. Usually, daemons provide a command line flag or a config file option for that.