From fce7331e5634da1213bdfdf4a7492a44977bdc08 Mon Sep 17 00:00:00 2001 From: Nick Andrew Date: Sun, 16 Nov 2014 23:42:47 +1100 Subject: [PATCH 1/4] Use full path to reprepro-import --- scripts/start.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/start.sh b/scripts/start.sh index 5fb8f26..8dcf580 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -28,13 +28,12 @@ chown -R user /home/user/.ssh # load cron CRONFILE=`mktemp` cat > $CRONFILE <> /var/log/reprepro.log +* * * * * /usr/local/sbin/reprepro-import >> /var/log/reprepro.log EOF crontab -u root $CRONFILE rm -f $CRONFILE # run import once, to create the right directory structure -reprepro-import +/usr/local/sbin/reprepro-import supervisord -n - From 082b56789ed3440c9a8f6c7db1548c4d5eaf0860 Mon Sep 17 00:00:00 2001 From: Nick Andrew Date: Sun, 16 Nov 2014 23:44:19 +1100 Subject: [PATCH 2/4] Set the crontab directly Saves a temporary file when the HERE-document is already a temp file. --- scripts/start.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/scripts/start.sh b/scripts/start.sh index 8dcf580..56b15af 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -25,13 +25,10 @@ for key in /docker/keys/*.pub ; do done chown -R user /home/user/.ssh -# load cron -CRONFILE=`mktemp` -cat > $CRONFILE <> /var/log/reprepro.log EOF -crontab -u root $CRONFILE -rm -f $CRONFILE # run import once, to create the right directory structure /usr/local/sbin/reprepro-import From 25bbb48dcf84aea02e19e691634aa5a577b2e64c Mon Sep 17 00:00:00 2001 From: Nick Andrew Date: Sun, 16 Nov 2014 23:56:50 +1100 Subject: [PATCH 3/4] Move output dir to /repository/debian & expose it We need the output data to be persistent and/or backed-up, and the right way to do this is to expose it to other containers which use the --volumes-from option. The data volume is called /repository rather than /docker to avoid possible conflict with /docker in other using containers. --- Dockerfile | 2 +- configs/nginx-default.conf | 2 +- scripts/reprepro-import.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6ac0223..c400873 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,7 @@ ENV DEBIAN_FRONTEND newt ADD scripts/start.sh /usr/local/sbin/start RUN chmod 755 /usr/local/sbin/start -VOLUME ["/docker/keys", "/docker/incoming"] +VOLUME ["/docker/keys", "/docker/incoming", "/repository"] EXPOSE 80 EXPOSE 22 diff --git a/configs/nginx-default.conf b/configs/nginx-default.conf index efff12e..05deecd 100644 --- a/configs/nginx-default.conf +++ b/configs/nginx-default.conf @@ -2,7 +2,7 @@ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; - root /var/www; + root /repository/debian; index index.html index.htm; # Make site accessible from http://localhost/ diff --git a/scripts/reprepro-import.sh b/scripts/reprepro-import.sh index 77db325..9486525 100644 --- a/scripts/reprepro-import.sh +++ b/scripts/reprepro-import.sh @@ -2,7 +2,7 @@ BASEDIR=/var/lib/reprepro INCOMING=/docker/incoming -OUTDIR=/var/www/debian +OUTDIR=/repository/debian # # Make sure we're in the apt/ directory From 28ba0e13980726960df5b8b6392d71cd25b9cb65 Mon Sep 17 00:00:00 2001 From: Nick Andrew Date: Mon, 17 Nov 2014 01:29:49 +1100 Subject: [PATCH 4/4] Remove sudo access Not required by the application; debugging can be done with 'nsenter' or 'docker-enter' - see https://github.com/jpetazzo/nsenter --- Dockerfile | 7 ++----- scripts/start.sh | 2 +- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index c400873..751fa08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ RUN apt-get update # Install supervisor for managing services -RUN apt-get install -q -y supervisor cron openssh-server pwgen reprepro screen vim-tiny sudo nginx +RUN apt-get install -q -y supervisor cron openssh-server pwgen reprepro screen vim-tiny nginx # Configure cron @@ -31,10 +31,8 @@ RUN echo "daemon off;" >> /etc/nginx/nginx.conf RUN rm -f /etc/nginx/sites-enabled/default ADD configs/nginx-default.conf /etc/nginx/sites-enabled/default -# Setup root & sudo access +# Setup root access RUN echo "root:docker" | chpasswd -RUN echo %sudo ALL=NOPASSWD: ALL >> /etc/sudoers - # Configure supervisor RUN service supervisor stop @@ -54,4 +52,3 @@ VOLUME ["/docker/keys", "/docker/incoming", "/repository"] EXPOSE 80 EXPOSE 22 CMD ["/usr/local/sbin/start"] - diff --git a/scripts/start.sh b/scripts/start.sh index 56b15af..1e6534c 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -8,7 +8,7 @@ # let's create a user to SSH into SSH_USERPASS=`pwgen -c -n -1 8` mkdir /home/user -useradd -G sudo -d /home/user -s /bin/bash user +useradd -d /home/user -s /bin/bash user chown -R user /home/user chown -R user /docker/incoming