Public | Automated Build

Last pushed: a year ago
Short Description
Simple SSHD with Carina and Docker tooling
Full Description

carina-sshd

Simple SSHD container with Docker client and Rackspace Carina tools (and other stuff).

This container has a single user "user" (other than root), with a password of your choosing. Only "user" should be able to ssh into it.

The container can be set to accept password logins and/or key logins.

Why this?

This image is meant to be used for a ssh login into Rackspace Carina, but actually can be used anywhere else. Carina has no VM (unlike AWS or Digital Ocean), and this is a good thing - that's CaaS after all.

This image is a convenience for managing any Docker host (including Carina).

What is installed?

  • Docker version manager (dvm)
  • Several docker clients (1.9, 1,10 and 1.11)
  • Carina CLI
  • SSHD (from base image)

Environment variables

These variables can be set on "docker run":

  • PUBLICKEY: you can set this to the content of a public key that will be pushed into "authorized_keys" for the user "user".
  • KEYONLY: if "true" user will only be able to login with a key.
  • USERPWD: password that will be set for user "user".

These variables can be fed from ssh client (more on that later):

  • CARINA_USERNAME
  • CARINA_APIKEY

How to use (crude way)

This will run the sshd container on port 8022, accepting password "senha" for user "user". The host docker socket will be mounted and useable by "user".

docker run --name sshd -d \
    -p 8022:22 \
    -e "USERPWD=senha" \
    -e "KEYONLY=false" \
    -v /var/run/docker.sock:/var/run/docker.sock \
    bacen/carina-sshd

To test the connection:

ssh user@yourhost -p 8022

Please remind that "yourhost" is your Carina cluster IP address.

How to use (fancy way)

This will run the sshd container on port 8022, accepting only key-based logins for user "user". The public key contents were drawn from your local "id_rsa.pub", but you can pick any other, of course. The host docker socket will be mounted and useable by "user".

PUBLICKEY=`cat ~/.ssh/id_rsa.pub`
docker run --name sshd -d \
    -p 8022:22 \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -e "PUBLICKEY=$PUBLICKEY" \
    -e "KEYONLY=true" \
    bacen/carina-sshd:latest

To test the connection with the defautl private key (~/.ssh/id_rsa):

ssh user@yourhost -p 8022

Or, if you want to use another private key:

ssh user@yourhost -p 8022 -i ~/.ssh/anotherkey

How to use (even more fancy)

You can run the container the fancy way (above) and configure your own ssh client to provide several settings and the Carina environment variables. You must insert this into your local "~/.ssh/config" (please use the cluster's IP address):

# Carina host
Host myserver.carina
    HostName xxx.xxx.xxx.xxx
    Port 8022
    User user
    SendEnv CARINA_USERNAME
    SendEnv CARINA_APIKEY
#    IdentityFile ~/.ssh/anotherkey

With these settings you can connect safer and simpler:

ssh myserver.carina

...and test your Docker/Carina thingies:

docker ps
carina list

Docker default behaviour is to use the socket mount, wich points to the current cluster (duh). Carina and DVM are there to help you switch control to any other cluster:

eval "$(carina env mycluster)"
dvm use
docker ps

Please remind that CARINA_USERNAME and CARINA_APIKEY must be set in your local shell in order to ssh pick them from the command-line.

Docker Pull Command
Owner
bacen
Source Repository

Comments (0)