-
Notifications
You must be signed in to change notification settings - Fork 1
/
entrypoint.sh
executable file
·82 lines (69 loc) · 2.04 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/sh
set -e
get_forkbomb_protection() {
# Amazon linux does not support pids limit
[ -n "uname -r | grep amzn" ] && echo '--kernel-memory=40m' || echo '--pids-limit=10'
}
wait_docker() {
until docker info > /dev/null 2>&1; do
echo 'docker is down... waiting'
sleep 0.5
done
echo 'docker is up'
}
# set pid limit against forkboms
echo "setting forkbomb protection type"
PID_LIMIT=$(get_forkbomb_protection)
# docker login settings
LOGIN_URL=${LOGIN_URL:-'docker.io'}
LOGIN_USERNAME=$LOGIN_USERNAME
LOGIN_PASSWORD=$LOGIN_PASSWORD
# user settings
USERNAME=${USERNAME:-'user'}
PASSWORD=${PASSWORD:-'pass'}
IMAGE=${IMAGE:-'alpine:3.7'}
# execution settings
TIMEOUT_MESSAGE=${TIMEOUT_MESSAGE:-'connection timed out'}
TIMEOUT=$TIMEOUT
COMMAND="TIMEOUT=$TIMEOUT TIMEOUT_MESSAGE='$TIMEOUT_MESSAGE' /user-entrypoint.sh -it --rm $PID_LIMIT $IMAGE"
echo "command entrypoint is '$COMMAND'"
# add user
echo "adding user $USERNAME"
adduser -D \
-G docker \
-h /home/${USERNAME} \
-s /bin/sh \
${USERNAME}
echo "${USERNAME}:${PASSWORD}" | chpasswd
echo "writing entry message"
echo "$ENTRY_MESSAGE" >> "/home/${USERNAME}/message"
# make `docker run` the default command for that user
echo "configuring sshd"
echo "
Match User $USERNAME
ForceCommand $COMMAND
" >> /etc/ssh/sshd_config
# create SSH keys
echo "creating ssh keys"
ssh-keygen -A
# start docker engine and wait for it to start
echo "starting docker engine"
/usr/local/bin/dockerd-entrypoint.sh &
echo "waiting for docker daemon to start"
wait_docker
if [ -S /mnt/docker.sock ]; then
echo "loading $IMAGE locally"
docker -H unix:///mnt/docker.sock save $IMAGE -o /tmp/image.tar.gz
docker load -i /tmp/image.tar.gz
rm /tmp/image.tar.gz
else
if [ -n "$LOGIN_USERNAME" ]; then
echo "logging in to $LOGIN_URL as user $LOGIN_USERNAME"
echo $LOGIN_PASSWORD | docker login -u $LOGIN_USERNAME --password-stdin $LOGIN_URL
fi
echo "pulling $IMAGE"
docker pull $IMAGE
fi
# start SSH server
echo "starting sshd"
/usr/sbin/sshd -D