-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
178 changed files
with
37,909 additions
and
2,153 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
FROM alpine | ||
LABEL maintainer="Marc Mettke <[email protected]>" | ||
|
||
ENV SYSTEM https://github.com/mettke/ssh-key-authority.git | ||
ADD entrypoint.sh /entrypoint.sh | ||
ADD healthcheck.sh /healthcheck.sh | ||
ADD cron /var/spool/cron/crontabs/root | ||
|
||
RUN mkdir -p /var/log/keys/ /run/php/ /ska/ && \ | ||
adduser --system --disabled-password keys-sync && \ | ||
apk add openssh \ | ||
php7 \ | ||
php7-fpm \ | ||
php7-json \ | ||
php7-ldap \ | ||
php7-mbstring \ | ||
php7-mysqli \ | ||
php7-pcntl \ | ||
php7-posix \ | ||
rsync \ | ||
ssmtp \ | ||
sudo && \ | ||
sed -i -e '/listen =/ s/= .*/= 0.0.0.0:9000/' /etc/php7/php-fpm.d/www.conf && \ | ||
sed -i -e '/;pid =/ s/.*/pid = \/var\/run\/php-fpm.pid/' /etc/php7/php-fpm.conf && \ | ||
echo "" >> /etc/php7/php-fpm.conf && \ | ||
chmod +x /entrypoint.sh /healthcheck.sh && \ | ||
ln -sf /dev/stderr /var/log/php7/error.log | ||
RUN apk add git && \ | ||
git clone ${SYSTEM} /ska && \ | ||
apk del git && \ | ||
chown -R keys-sync:nogroup /ska/config | ||
|
||
EXPOSE 9000 | ||
VOLUME /ska/config | ||
VOLUME /public_html | ||
|
||
ENTRYPOINT "/entrypoint.sh" | ||
HEALTHCHECK CMD /healcheck.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
0 1 * * * /ska/scripts/cron.php | ||
*/1 * * * * /bin/ash -c "PID=$(cat /var/run/keys-sync.pid) && [ -n ${PID} -a -d /proc/${PID} ] || /ska/scripts/syncd.php --user keys-sync" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
#!/usr/bin/env ash | ||
if [ `whoami` == 'keys-sync' ]; then | ||
if [ ! -r /ska/config/config.ini ]; then | ||
echo "config.ini not found or incorrect permissions." | ||
echo "Permissions must be $(id -u keys-sync):$(id -g keys-sync) with at least 400" | ||
exit 1 | ||
fi | ||
if [ ! -r /ska/config/keys-sync ]; then | ||
echo "private key not found or incorrect permissions." | ||
echo "Permissions must be $(id -u keys-sync):$(id -g keys-sync) with 400" | ||
exit 1 | ||
fi | ||
if [ ! -r /ska/config/keys-sync.pub ]; then | ||
echo "public key not found or incorrect permissions." | ||
echo "Permissions must be $(id -u keys-sync):$(id -g keys-sync) with at least 400" | ||
exit 1 | ||
fi | ||
if ! grep "^timeout_util = BusyBox$" /ska/config/config.ini > /dev/null; then | ||
echo "timeout_util must be set to BusyBox." | ||
echo "Change it to: timeout_util = BusyBox" | ||
exit 1 | ||
fi | ||
elif [ $(id -u) = 0 ]; then | ||
if ! sudo -u keys-sync /entrypoint.sh; then | ||
exit 1 | ||
fi | ||
rsync -a --delete /ska/public_html/ /public_html/ | ||
echo "Waiting for database..." | ||
for i in $(seq 1 10); do | ||
if /ska/scripts/apply_migrations.php; then | ||
echo "Success" | ||
break | ||
fi | ||
echo "Trying again in 1 sec" | ||
sleep 1 | ||
done | ||
|
||
/usr/sbin/crond | ||
/ska/scripts/syncd.php --user keys-sync | ||
/usr/sbin/php-fpm7 -F | ||
else | ||
echo "Must be executed with root" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/usr/bin/env ash | ||
for PID_FILE in /var/run/crond.pid /var/run/keys-sync.pid /var/run/php-fpm.pid; do | ||
PID=$(cat ${PID_FILE}) | ||
if ! [ -n "${PID}" -a -d "/proc/${PID}" ]; then | ||
exit 1 | ||
fi | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
db/ | ||
public_html/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# Example: httpd + ldap | ||
|
||
This Example shows how to use ska with httpd and ldap using docker. | ||
|
||
## Prepare setup | ||
|
||
1. Start system using `docker-compose up -d` | ||
1. Visit http://localhost | ||
1. Login using one of the following credentials: | ||
|
||
|Username|Password|Type| | ||
|---|---|---| | ||
|rainbow|password|admin| | ||
|proceme|password|user| | ||
|
||
If something goes wrong, check the log using: | ||
``` | ||
docker logs -f httpd-ldap_ska_1 | ||
``` | ||
|
||
## Using ska | ||
|
||
1. Login using the admin account `rainbow`. | ||
1. Add the server `test.example.com` at http://localhost/servers#add | ||
1. Ska should be able to connet to the system and update its authorized_keys file. You can verify this by checking whether there is an `Synced successfully` next to the server. |
Oops, something went wrong.