vbatts/host-ctr-scripts
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

initial commit

Browse source 
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
This commit is contained in:
Vincent Batts 2018-10-17 13:34:56 -04:00
commit 1748fdcf26
Signed by: vbatts
GPG key ID: 10937E57733F1362
8 changed files with 188 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
*.rpm

46
Makefile Normal file
View file

@ -0,0 +1,46 @@
pkgname := host-ctr-scripts
specname ?= $(pkgname).spec
pwd := $(shell pwd)
NAME ?= $(shell rpmspec -q --qf "%{name}" $(specname))
VERSION ?= $(shell rpmspec -q --qf "%{version}" $(specname))
RELEASE ?= $(shell rpmspec -q --qf "%{release}" $(specname))
NVR := $(NAME)-$(VERSION)-$(RELEASE)
outdir ?= $(pwd)
default: srpm
all: rpm srpm
name:
@echo $(NVR)
rpm:
rpmbuild \
--define '_sourcedir $(pwd)' \
--define '_specdir $(pwd)' \
--define '_builddir $(pwd)' \
--define '_srcrpmdir $(outdir)' \
--define '_rpmdir $(outdir)' \
-bb ./$(specname)
srpm: $(NVR).src.rpm
$(NVR).src.rpm: $(specname) $(wildcard *.diff)
rpmbuild \
--define '_sourcedir $(pwd)' \
--define '_specdir $(pwd)' \
--define '_builddir $(pwd)' \
--define '_srcrpmdir $(outdir)' \
--define '_rpmdir $(outdir)' \
--nodeps \
-bs ./$(specname)
builddep: $(NVR).src.rpm
dnf builddep -y $<
rebuild: builddep
rpmbuild --rebuild $(NVR).src.rpm
clean:
rm -rf *~ *.rpm noarch

8
README.md Normal file
View file

@ -0,0 +1,8 @@
See https://git.thisco.de/vbatts/bip-box for building the bip container.
For the force-command of the users created with this tool, create the group ctr-only (`groupadd ctr-only`),
and then add `%ctr-only ALL = NOPASSWD: /usr/local/bin/ctr-wrapper.sh` to the sudoers (`visudo`).

41
ctr-create-user.sh Executable file
View file

@ -0,0 +1,41 @@
#!/bin/bash
set -e
user="${1}"
base_dir="/var/lib/machines"
base_subvol="bip.f28.ro"
if [ -z "${user}" ] ; then
echo Please provide the username to create
exit 1
fi
adduser -G ctr-only "${user}"
su - "${user}" -c "ssh-keygen -f ~/.ssh/id_rsa -N ''; echo -n 'command=\"sudo /usr/local/bin/ctr-wrapper.sh\",no-port-forwarding,no-agent-forwarding,no-x11-forwarding ' > ~/.ssh/authorized_keys; cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys; chmod 0600 ~/.ssh/authorized_keys; cat ~/.ssh/id_rsa"
new_subvol="$(echo ${base_subvol} | cut -d . -f 1)"."${user}"
btrfs sub snap "${base_dir}"/"${base_subvol}" "${base_dir}"/"${new_subvol}"
machinectl enable "${new_subvol}"
mkdir -p /etc/systemd/nspawn
cur_port="$(grep '^Port=' /etc/ctr-port.conf | tail -1 | cut -d = -f 2 )"
nex_port="$(expr ${cur_port} + 1)"
cat > /etc/systemd/nspawn/"${new_subvol}".nspawn <<EOF
[Exec]
Boot=yes
[Network]
Private=yes
VirtualEthernet=yes
Port=${nex_port}
[Files]
#BindReadOnly=/etc/resolv.conf
EOF
echo -e "# ${new_subvol}\nPort=${nex_port}" >> /etc/ctr-port.conf
sed -i "s/CHANGE_PORT/${nex_port}/g" "${base_dir}"/"${new_subvol}"/etc/bip.conf
sed -i "s/CHANGE_USER/${user}/g" "${base_dir}"/"${new_subvol}"/etc/bip.conf
machinectl start "${new_subvol}"

19
ctr-delete-user.sh Normal file
View file

@ -0,0 +1,19 @@
#!/bin/bash
set -e
user="${1}"
base_dir="/var/lib/machines"
base_subvol="bip.f28.ro"
if [ -z "${user}" ] ; then
echo Please provide the username to delete
exit 1
fi
new_subvol="$(echo ${base_subvol} | cut -d . -f 1)"."${user}"
userdel -r "${user}"
machinectl poweroff "${new_subvol}"
machinectl disable "${new_subvol}"
btrfs sub d "${base_dir}"/"${new_subvol}"

2
ctr-port.conf Normal file
View file

@ -0,0 +1,2 @@
# bip.vbatts
Port=11238

23
ctr-wrapper.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/sh
# Script: /usr/local/bin/wrapper.sh
case "$SSH_ORIGINAL_COMMAND" in
"reboot")
exec machinectl reboot bip."${SUDO_USER}"
;;
"start")
exec machinectl start bip."${SUDO_USER}"
;;
"poweroff")
exec machinectl poweroff bip."${SUDO_USER}"
;;
"status")
exec machinectl status bip."${SUDO_USER}"
;;
*)
exec machinectl shell bip."${SUDO_USER}"
#echo "Sorry. Only these commands are available to you:"
#echo "ps, vmstat, cupsys stop, cupsys start"
#exit 1
;;
esac

48
host-ctr-scripts.spec Normal file
View file

@ -0,0 +1,48 @@
Name: host-ctr-scripts
Version: 0.1
Release: 1%{?dist}
Summary: scripts for connecting host users straight to a running system container
Group: system
License: BSD
URL: https://git.thisco.de/vbatts/host-ctr-scripts
Source0: ctr-port.conf
Source1: ctr-create-user.sh
Source2: ctr-delete-user.sh
Source3: ctr-wrapper.sh
Requires: bash
Requires: btrfs-progs
Requires: shadow-utils
Requires: util-linux
Requires: systemd-container
BuildArch: noarch
%description
%{summary}.
%prep
%build
%install
%{__mkdir_p} ${RPM_BUILD_ROOT}/etc
%{__mkdir_p} ${RPM_BUILD_ROOT}/usr/local/bin
%{__install} -m 0644 ctr-port.conf ${RPM_BUILD_ROOT}/etc/
%{__install} -m 0755 ctr-wrapper.sh ${RPM_BUILD_ROOT}/usr/local/bin/
%{__install} -m 0755 ctr-create-user.sh ${RPM_BUILD_ROOT}/usr/local/bin/
%{__install} -m 0755 ctr-delete-user.sh ${RPM_BUILD_ROOT}/usr/local/bin/
%files
/etc/ctr-port.conf
/usr/local/bin/ctr-create-user.sh
/usr/local/bin/ctr-delete-user.sh
/usr/local/bin/ctr-wrapper.sh
%changelog