diff --git a/README.md b/README.md index 614f777..da74e0c 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,14 @@ "servers". You can log into these and do most of the things you do an a "real" server or VM. -# Things You Can Learn And Use From This +# Things You Can Learn From This * How to build a `docker` image from a "dockerfile" * How to use `ansible` to create and destroy a `docker` network * How to use `ansible` to create, restart, and destroy `docker` servers * How host and `ssh` keys are managed on a `docker` instance * How to enable `ssh` access to a `docker` instance +* How to share files between `docker` containers or between the host and a container But this is not a "toy" system. What you see here is a public subset of what we use all the time here at the TundraWare Intergalactic HQ. @@ -36,15 +37,14 @@ * Configuring sandbox hostname resolution * Build a `docker` image from a dockerfile -* Use `ansible` to configure and start a `docker` network -* Use `ansible` to start your sandboxes +* Use `ansible` to start a `docker` network and the sandboxes * Login to your running sandboxes # Configuring Sandbox Hostname Resolution Various parts of this repo assume that there are (up to) 10 running -sandboxes whose names are `docksand1` through `docksand10`. For this +sandboxes whose names are `dockersand1` through `dockersand10`. For this to work, you have to configure name resolution to properly associate these names with their equivant IP addresses. @@ -57,10 +57,7 @@ # Building The `docker` Image -# Start The `docker` Network - - -# Create The `docker` Sandboxes +# Start The `docker` Network And Sandboxes # Logging In diff --git a/ansible/inventories/dockersand b/ansible/inventories/dockersand new file mode 100644 index 0000000..8704c62 --- /dev/null +++ b/ansible/inventories/dockersand @@ -0,0 +1,42 @@ +[ds1] +dockersand1 + +[ds2] +dockersand2 + +[ds3] +dockersand3 + +[ds4] +dockersand4 + +[ds5] +dockersand5 + +[ds6] +dockersand6 + +[ds7] +dockersand7 + +[ds8] +dockersand8 + +[ds9] +dockersand9 + +[ds10] +dockersand10 + +[dockersand:children] + +ds1 +ds2 +ds3 +ds4 +ds5 +ds6 +ds7 +ds8 +ds9 +ds10 diff --git a/ansible/inventories/docksand b/ansible/inventories/docksand deleted file mode 100644 index 9050805..0000000 --- a/ansible/inventories/docksand +++ /dev/null @@ -1,42 +0,0 @@ -[ds1] -docksand1 - -[ds2] -docksand2 - -[ds3] -docksand3 - -[ds4] -docksand4 - -[ds5] -docksand5 - -[ds6] -docksand6 - -[ds7] -docksand7 - -[ds8] -docksand8 - -[ds9] -docksand9 - -[ds10] -docksand10 - -[docksand:children] - -ds1 -ds2 -ds3 -ds4 -ds5 -ds6 -ds7 -ds8 -ds9 -ds10 diff --git a/ansible/inventories/group_vars/all b/ansible/inventories/group_vars/all new file mode 100644 index 0000000..c68dfce --- /dev/null +++ b/ansible/inventories/group_vars/all @@ -0,0 +1,16 @@ +# Default credentials - can be overriden by environment-specific definitions + +# Docker Variables + +dockersand_registry: "dockersand:5000" + +# Sandbox Default Startup Variables + +# These have to be here, and not in the dockersan variable file, because +# the sandbox creation playbook actually runs on localhost, not +# against the sandbox inventory. + +dockersand_subnet: "192.168.11.0/24" +dockersand_image: "dockersand-debian" +dockersand_start: "1" +dockersand_end: "10" diff --git a/ansible/inventories/group_vars/dockersand b/ansible/inventories/group_vars/dockersand new file mode 100644 index 0000000..3c97696 --- /dev/null +++ b/ansible/inventories/group_vars/dockersand @@ -0,0 +1,9 @@ +# This where variables are set for use once the sandboxes are up and +# running. These can also be set in: +# +# ansible/roles/dockersand/vars/main.yml + +# Ansible Connection Credentials + +ansible_ssh_user: "test" +ansible_ssh_private_key: "~/.ssh/dockersand_rsa" diff --git a/ansible/playbooks/dockersand/dockersand_build.yml b/ansible/playbooks/dockersand/dockersand_build.yml new file mode 100644 index 0000000..35754c6 --- /dev/null +++ b/ansible/playbooks/dockersand/dockersand_build.yml @@ -0,0 +1,16 @@ +- hosts: localhost + tasks: + - name: Create network for docker sandboxes + command: docker network create --driver bridge --subnet="{{ dockersand_subnet }}" dockersand-net + + - name: Get current domain name + shell: hostname -d + register: domainname + + - name: Create docker sandbox containers + command: docker run -dh "dock{{ item }}.{{ domainname.stdout }}" \ + --name "dockersand{{ item }}" \ + --net=dockersand-net \ + --volume=/shared:/shared \ + "{{ dockersand_registry }}/{{ dockersand_image }}" + with_sequence: start="{{ dockersand_start }}" end="{{ dockersand_end }}" diff --git a/ansible/playbooks/dockersand/dockersand_destroy.yml b/ansible/playbooks/dockersand/dockersand_destroy.yml new file mode 100644 index 0000000..d0f1ee3 --- /dev/null +++ b/ansible/playbooks/dockersand/dockersand_destroy.yml @@ -0,0 +1,14 @@ +- hosts: localhost + tasks: + + - name: Stop running docker sandbox containers + command: docker stop dockersand1 dockersand2 dockersand3 dockersand4 dockersand5 dockersand6 dockersand7 dockersand8 dockersand9 dockersand10 + ignore_errors: True + + - name: Remove sandbox containers + command: docker rm dockersand1 dockersand2 dockersand3 dockersand4 dockersand5 dockersand6 dockersand7 dockersand8 dockersand9 dockersand10 + ignore_errors: True + + - name: Kill the sandbox network + command: docker network rm dockersand-net + ignore_errors: True diff --git a/ansible/playbooks/dockersand/dockersand_rebuild.yml b/ansible/playbooks/dockersand/dockersand_rebuild.yml new file mode 100644 index 0000000..5d542a4 --- /dev/null +++ b/ansible/playbooks/dockersand/dockersand_rebuild.yml @@ -0,0 +1,2 @@ +- import_playbook: dockersand_destroy.yml +- import_playbook: dockersand_build.yml diff --git a/ansible/playbooks/docksand/docksand_build.yml b/ansible/playbooks/docksand/docksand_build.yml deleted file mode 100644 index cb69ff3..0000000 --- a/ansible/playbooks/docksand/docksand_build.yml +++ /dev/null @@ -1,13 +0,0 @@ -- hosts: localhost - tasks: - - name: Get current domain name - shell: hostname -d - register: domainname - - - name: Create docker sandbox containers - command: docker run -dh "dock{{ item }}.{{ domainname.stdout }}" \ - --name "docksand{{ item }}" \ - --net=docksandnet \ - --volume=/shared:/shared \ - "{{ docker_registry }}/{{ sandbox_image }}" - with_sequence: start="{{ docksand_start }}" end="{{ docksand_end }}" diff --git a/ansible/playbooks/docksand/docksand_destroy.yml b/ansible/playbooks/docksand/docksand_destroy.yml deleted file mode 100644 index c3fd6e7..0000000 --- a/ansible/playbooks/docksand/docksand_destroy.yml +++ /dev/null @@ -1,10 +0,0 @@ -- hosts: localhost - tasks: - - - name: Stop running docker sandbox containers - command: docker stop docksand1 docksand2 docksand3 docksand4 docksand5 docksand6 docksand7 docksand8 docksand9 docksand10 - ignore_errors: True - - - name: Remove sandbox containers - command: docker rm docksand1 docksand2 docksand3 docksand4 docksand5 docksand6 docksand7 docksand8 docksand9 docksand10 - ignore_errors: True diff --git a/ansible/playbooks/docksand/docksand_rebuild.yml b/ansible/playbooks/docksand/docksand_rebuild.yml deleted file mode 100644 index f993345..0000000 --- a/ansible/playbooks/docksand/docksand_rebuild.yml +++ /dev/null @@ -1,2 +0,0 @@ -- import_playbook: docksand_destroy.yml -- import_playbook: docksand_build.yml diff --git a/ansible/roles/dockersand/meta/main.yml b/ansible/roles/dockersand/meta/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ansible/roles/dockersand/meta/main.yml diff --git a/ansible/roles/dockersand/tasks/main.yml b/ansible/roles/dockersand/tasks/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ansible/roles/dockersand/tasks/main.yml diff --git a/ansible/roles/dockersand/vars/main.yml b/ansible/roles/dockersand/vars/main.yml new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/ansible/roles/dockersand/vars/main.yml diff --git a/ansible/roles/docsand/meta/main.yml b/ansible/roles/docsand/meta/main.yml deleted file mode 100644 index e69de29..0000000 --- a/ansible/roles/docsand/meta/main.yml +++ /dev/null diff --git a/ansible/roles/docsand/tasks/main.yml b/ansible/roles/docsand/tasks/main.yml deleted file mode 100644 index e69de29..0000000 --- a/ansible/roles/docsand/tasks/main.yml +++ /dev/null diff --git a/ansible/roles/docsand/vars/main.yml b/ansible/roles/docsand/vars/main.yml deleted file mode 100644 index e69de29..0000000 --- a/ansible/roles/docsand/vars/main.yml +++ /dev/null diff --git a/dockerfiles/common/.ssh/config b/dockerfiles/common/.ssh/config index 3c58a27..e03eec5 100644 --- a/dockerfiles/common/.ssh/config +++ b/dockerfiles/common/.ssh/config @@ -1,4 +1,4 @@ -Host dock* +Host dockersand* StrictHostKeyChecking no UserKnownHostsFile /dev/null User test diff --git a/dockerfiles/common/etc/dockersand.hosts b/dockerfiles/common/etc/dockersand.hosts index afde96a..3ac1392 100644 --- a/dockerfiles/common/etc/dockersand.hosts +++ b/dockerfiles/common/etc/dockersand.hosts @@ -1,11 +1,11 @@ -192.168.11.2 docksand1 -192.168.11.3 docksand2 -192.168.11.4 docksand3 -192.168.11.5 docksand4 -192.168.11.6 docksand5 -192.168.11.7 docksand6 -192.168.11.8. docksand7 -192.168.11.9. docksand8 -192.168.11.10 docksand9 -192.168.11.11 docksand10 +192.168.11.2 dockersand1 +192.168.11.3 dockersand2 +192.168.11.4 dockersand3 +192.168.11.5 dockersand4 +192.168.11.6 dockersand5 +192.168.11.7 dockersand6 +192.168.11.8. dockersand7 +192.168.11.9. dockersand8 +192.168.11.10 dockersand9 +192.168.11.11 dockersand10 diff --git a/dockerfiles/dockersand-debian/dockersand-debian.dockerfile b/dockerfiles/dockersand-debian/dockersand-debian.dockerfile new file mode 100644 index 0000000..5c9b48d --- /dev/null +++ b/dockerfiles/dockersand-debian/dockersand-debian.dockerfile @@ -0,0 +1,53 @@ +# Dockerfile Docker Sandbox Debian Image + +FROM debian +MAINTAINER tundra@tundraware.com + +# Update OS and install software + +RUN apt-get -y update +RUN apt-get -y install apt-utils +RUN apt-get -y dist-upgrade +RUN apt-get -y upgrade +RUN apt-get -y install bzip2 curl dnsutils dos2unix emacs-nox ethtool git \ + htop joe less lsof netcat net-tools nfs-common \ + nload openssh-server psmisc python-pip rsync screen \ + socat sudo silversearcher-ag tree unzip vim whois \ + wget zip + +# Add sandboxes to hosts file + +CMD cat common/etc/dockersand.hosts >> /etc/hosts + +# Enable sshd with same keys each time +ADD common/keys/ /etc/ssh/ +RUN mkdir /var/run/sshd + +# Setup and configure user: root + +ADD common/.ssh/ /root/.ssh/ +RUN chmod 700 /root +RUN mkdir /root/tmp +RUN chown -R root:root /root +RUN chmod 700 /root/.ssh +RUN chmod 600 /root/.ssh/authorized_keys +RUN chmod 600 /root/.ssh/*rsa + +# Setup and configure user: test + +RUN useradd -m -p snLOSb4wiVD0k -u 1000 -s /bin/bash test +ADD common/.ssh/ /home/test/.ssh/ +RUN chmod 700 /home/test +RUN mkdir /home/test/tmp +RUN chown -R test:test /home/test +RUN chmod 700 /home/test/.ssh +RUN chmod 600 /home/test/.ssh/authorized_keys +RUN chmod 600 /home/test/.ssh/*rsa + +# Configure sudo + +RUN echo "test ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers + +# Start sshd on instantiation + +ENTRYPOINT /usr/sbin/sshd && sleep inf diff --git a/dockerfiles/ds-debian/ds-debian.dockerfile b/dockerfiles/ds-debian/ds-debian.dockerfile deleted file mode 100644 index a04af80..0000000 --- a/dockerfiles/ds-debian/ds-debian.dockerfile +++ /dev/null @@ -1,53 +0,0 @@ -# Dockerfile Docker Sandbox Debian Image - -FROM debian -MAINTAINER tundra@tundraware.com - -# Update OS and install software - -RUN apt-get -y update -RUN apt-get -y install apt-utils -RUN apt-get -y dist-upgrade -RUN apt-get -y upgrade -RUN apt-get -y install bzip2 curl dnsutils dos2unix emacs-nox ethtool git \ - htop joe less lsof netcat net-tools nfs-common \ - nload openssh-server psmisc python-pip rsync screen \ - socat sudo silversearcher-ag tree unzip vim whois \ - wget zip - -# Add sandboxes to hosts file - -RUN cat common/etc/dockersand.hosts >> /etc/hosts - -# Enable sshd with same keys each time -ADD common/keys/ /etc/ssh/ -RUN mkdir /var/run/sshd - -# Setup and configure user: root - -ADD common/.ssh/ /root/.ssh/ -RUN chmod 700 /root -RUN mkdir /root/tmp -RUN chown -R root:root /root -RUN chmod 700 /root/.ssh -RUN chmod 600 /root/.ssh/authorized_keys -RUN chmod 600 /root/.ssh/*rsa - -# Setup and configure user: test - -RUN useradd -m -p snLOSb4wiVD0k -u 1000 -s /bin/bash test -ADD common/.ssh/ /home/test/.ssh/ -RUN chmod 700 /home/test -RUN mkdir /home/test/tmp -RUN chown -R test:test /home/test -RUN chmod 700 /home/test/.ssh -RUN chmod 600 /home/test/.ssh/authorized_keys -RUN chmod 600 /home/test/.ssh/*rsa - -# Configure sudo - -RUN echo "test ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers - -# Start sshd on instantiation - -ENTRYPOINT /usr/sbin/sshd && sleep inf