Simple SSHD container with Docker client and Rackspace Carina tools (and other stuff).
This container has a single user "user" (other than root), with a password of your choosing. Only "user" should be able to ssh into it.
The container can be set to accept password logins and/or key logins.
This image is meant to be used for a ssh login into Rackspace Carina, but actually can be used anywhere else. Carina has no VM (unlike AWS or Digital Ocean), and this is a good thing - that's CaaS after all.
This image is a convenience for managing any Docker host (including Carina).
What is installed?
- Docker version manager (dvm)
- Several docker clients (1.9, 1,10 and 1.11)
- Carina CLI
- SSHD (from base image)
These variables can be set on "docker run":
- PUBLICKEY: you can set this to the content of a public key that will be pushed into "authorized_keys" for the user "user".
- KEYONLY: if "true" user will only be able to login with a key.
- USERPWD: password that will be set for user "user".
These variables can be fed from ssh client (more on that later):
How to use (crude way)
This will run the sshd container on port 8022, accepting password "senha" for user "user". The host docker socket will be mounted and useable by "user".
docker run --name sshd -d \ -p 8022:22 \ -e "USERPWD=senha" \ -e "KEYONLY=false" \ -v /var/run/docker.sock:/var/run/docker.sock \ bacen/carina-sshd
To test the connection:
ssh user@yourhost -p 8022
Please remind that "yourhost" is your Carina cluster IP address.
How to use (fancy way)
This will run the sshd container on port 8022, accepting only key-based logins for user "user". The public key contents were drawn from your local "id_rsa.pub", but you can pick any other, of course. The host docker socket will be mounted and useable by "user".
PUBLICKEY=`cat ~/.ssh/id_rsa.pub` docker run --name sshd -d \ -p 8022:22 \ -v /var/run/docker.sock:/var/run/docker.sock \ -e "PUBLICKEY=$PUBLICKEY" \ -e "KEYONLY=true" \ bacen/carina-sshd:latest
To test the connection with the defautl private key (~/.ssh/id_rsa):
ssh user@yourhost -p 8022
Or, if you want to use another private key:
ssh user@yourhost -p 8022 -i ~/.ssh/anotherkey
How to use (even more fancy)
You can run the container the fancy way (above) and configure your own ssh client to provide several settings and the Carina environment variables. You must insert this into your local "~/.ssh/config" (please use the cluster's IP address):
# Carina host Host myserver.carina HostName xxx.xxx.xxx.xxx Port 8022 User user SendEnv CARINA_USERNAME SendEnv CARINA_APIKEY # IdentityFile ~/.ssh/anotherkey
With these settings you can connect safer and simpler:
...and test your Docker/Carina thingies:
docker ps carina list
Docker default behaviour is to use the socket mount, wich points to the current cluster (duh). Carina and DVM are there to help you switch control to any other cluster:
eval "$(carina env mycluster)" dvm use docker ps
Please remind that CARINA_USERNAME and CARINA_APIKEY must be set in your local shell in order to ssh pick them from the command-line.