A SSH container for AWS, with ansible for runtime configuration.
It runs SSH and has the docker client installed. If you volume map /var/run/docker.sock on the host to /var/run/docker.sock in the container, you can SSH into the container and poke the daemon running on the host to debug problems with other containers.
If you run this in AWS using ECS, be sure to also map /var/log/ecs in the host to /var/log/ecs in the container to see what Amazon's cluster control agent is doing.
The image expects the following files to exist in `/etc/ssh' on the container's filesystem:
The container will not run unless those files have been added.
In addition, if following files are located in
/data on the container's filesystem,
then the container will run:
ansible-playbook -i inv playbook.yml -c local
None of these files are included in the images, so you must ensure that they are added at container runtime, either by
mounting a volume, or using the functionality of the included
expand.sh script, which is already set as the ENTRYPOINT.
This script is a wrapper, run before the CMD. It can create files in the container by extracting data from other environmental variables, and/or pulling and unpacking tar archives from S3.
Operation is determined by the setting the following environmental variables. If neither are set, the script merely just runs the main CMD.
The value of
EXPAND_FILES must be a space-delimited list of key-value pairs, each separated by an equals sign. For each pair,
the key is the name of a referenced environmental variable, and the value is the path to a new file, whose contents will be the
current value of the referenced variable. All parent directories in the path will be created if they do not exist, and if the
referenced environmental variable is not set, that particular key-value pair will be ignored. You can also append
[|owner] to the path to set the numerical file permissions, and/or the file owner. Since newlines are not
allowed in environmental variables, the script will replace any ascii SUB character (
\x1a) in the the value of the
referenced environmental variable with a newline in the created file.
So, as an example, suppose the following are set for the container:
EXPAND_FILES= ISSUE=/etc/issue SPECIFIC=/home/foo/.bashrc[0644|foo] FORGOT=/data/my_file ISSUE=Linux, running in Docker! SPECIFIC=cd ~
The wrapper script will then, when the container is started, overwrite /etc/issue with "Linux, runnning in Docker!", create /home/foo/.bashrc with contents "cd ~" (no newline at the end) and permissions 644 and the owner user 'foo', and do nothing for /data/my_file, since FORGOT was not set.
The value of
EXPAND_S3_TARS must be a space-delimited list of key-value pairs, each separated by a pipe (|). The key is the
location of a tar archive in S3, in the format
bucket/path. The value is is the directory in which the archive should be
extracted. This target directory will be created if it does not already exist.
EXPAND_S3_TARS requires two other environmental variables to be set in order to work. They are:
So, for example, suppose the following are set for the container:
EXPAND_S3_TARS= DXCmEdg4gb/data.tar|/data yBO8IJ/homes/foo/special.tar|/home/foo/my_dir EXPAND_S3_KEY=PHGCNQMRTHQMDROKAEA2 EXPAND_S3_SECRET=25FLQSI2P0BBLBOVUIST0W0NBM0ZG17MJV3AQVMH
The wrapper script will use the provided key and secret to grab s3://DXCmEdg4gb/data.tar and s3://yBO8IJ/homes/foo/special.tar, unpacking them into /data and /home/foo/my_dir, respectively.
You can pass in these environmental variables using docker's
--env-file switch; see
ENV-FILE.example for an example
of what this file might look like.