Compare commits

..

7 Commits

Author SHA1 Message Date
Deon George
5bf8664e2a Added cron labels, fixed SSHD 2017-04-19 21:55:33 +10:00
Deon George
0009e461d1 Add lamp to apache group; Add VOLUME for ssh 2017-01-25 22:35:10 +11:00
Deon George
a7c60d11ed Disabled gitlib runner built for improved container caching 2016-08-23 11:24:03 +10:00
Deon George
45dca773b7 Updated permission for 10-default files 2016-08-23 09:57:54 +10:00
Deon George
0ccfe0a1a7 Updated permissions on COPY files 2016-08-23 09:47:32 +10:00
Deon George
82f0b2d452 Updated gitlab runner php is 5.4 2016-08-11 12:31:27 +10:00
Deon George
8db8d4fb7f Enabled runner to run on php55, php56 and php70 2016-08-11 12:21:57 +10:00
7 changed files with 25 additions and 251 deletions

View File

@ -1 +1,2 @@
.git/
image*bz2

View File

@ -1,45 +0,0 @@
image: docker:latest
stages:
- test
- build
variables:
VERSION: php70
DOCKER_IMAGE: leenooks/lamps
DOCKER_REGISTRY: registry.leenooks.net
DOCKER_HOST: tcp://${DOCKER_REGISTRY}-leenooks-ci-docker:2375
services:
- ${DOCKER_REGISTRY}/leenooks/ci-docker:dind
before_script:
- docker info
- docker version
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN ${DOCKER_REGISTRY}
test:
stage: test
script:
- cat /etc/hosts
- env|sort
- docker build -t ${DOCKER_IMAGE}:${VERSION} .
- docker images
only:
- debug
build:
stage: build
script:
- chmod 600 .my.cnf sshd_config
- chmod 500 init
- chmod 644 sshd
- docker build -t ${DOCKER_IMAGE}:${VERSION} .
- docker tag ${DOCKER_IMAGE}:${VERSION} ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION}
- docker push ${DOCKER_REGISTRY}/${DOCKER_IMAGE}:${VERSION}
tags:
- docker
only:
- php55
- php56
- php70

5
10-default.conf Normal file
View File

@ -0,0 +1,5 @@
<Directory /var/www/sites>
AllowOverride AuthConfig FileInfo Indexes Limit Options
Options FollowSymLinks
Require all denied
</Directory>

View File

@ -1,12 +1,14 @@
# NAME leenooks/lamps
# VERSION php70
# VERSION php54
FROM registry.leenooks.net/leenooks/base:7.TE
FROM registry.leenooks.net/leenooks/base:7
RUN yum -y install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm && yum clean all && rm -rf /var/tmp/*
RUN yum -y install epel-release && yum clean all
RUN yum -y install tsmpipe && yum clean all
# EPEL & Leenooks packages
RUN yum -y install --enabler remi-php70 \
RUN yum -y install \
httpd \
mariadb-server \
php \
@ -17,12 +19,10 @@ RUN yum -y install --enabler remi-php70 \
php-pdo \
php-xml \
php-composer-installers.noarch \
php-opcache \
m4 \
opendkim \
sendmail \
sendmail-cf \
cyrus-sasl-plain \
awstats \
ln-http \
ln-awstats \
@ -32,22 +32,20 @@ RUN yum -y install --enabler remi-php70 \
&& yum clean all
COPY .my.cnf /root/
COPY sshd /etc/sysconfig/sshd
COPY sshd_config /etc/ssh/
COPY 10-default.conf /etc/httpd/conf.d/
RUN ln -f /etc/.ln/httpd/conf.d/awstats.conf /etc/httpd/conf.d/awstats.conf && ln -f /etc/.ln/opendkim.conf /etc/opendkim.conf
RUN useradd -c "Hosting Admin User" -G apache -d /etc/leenooks/user -M lamp
RUN useradd -rc "Composer" -m composer -s /sbin/nologin && su composer -s /bin/bash -lc "composer global require laravel/installer && composer require --dev --no-update xethron/migrations-generator:dev-l5 && composer require --dev --no-update way/generators:dev-feature/laravel-five-stable && composer config repositories.repo-name git git@github.com:jamisonvalenta/Laravel-4-Generators.git"
RUN useradd -c "Hosting Admin User" -m lamp -G apache
EXPOSE 22 80
COPY init /sbin/
# Starting
ENTRYPOINT [ "/sbin/init" ]
VOLUME [ "/etc/ssh" ]
EXPOSE 80 443
LABEL cron.hourly root:/usr/sbin/awstats.sh
LABEL cron.daily root:/usr/bin/tdp.mysql.sh -s information_schema:performance_schema
#VOLUME [ "/etc/leenooks","/var/lib/mysql","/var/www/html" ]
VOLUME [ "/etc/leenooks" ]
RUN rmdir /var/lib/mysql; ln -sf /etc/leenooks/database /var/lib/mysql; mv /var/www/html /var/www/html.old; ln -sf /etc/leenooks/html /var/www/html; ln -sf /etc/leenooks/tsm/dsm.sys /opt/tivoli/tsm/client/api/bin64/dsm.sys; ln -sf /etc/leenooks/tsm/dsm.opt /opt/tivoli/tsm/client/api/bin64/dsm.opt;
# Starting
COPY init /sbin/
ENTRYPOINT [ "/sbin/init" ]
CMD [ "start" ]
RUN useradd -rc "Composer" -m composer -s /sbin/nologin && su composer -s /bin/bash -lc "composer global require laravel/installer && composer require --dev --no-update xethron/migrations-generator:dev-l5 && composer require --dev --no-update way/generators:dev-feature/laravel-five-stable && composer config repositories.repo-name git git@github.com:jamisonvalenta/Laravel-4-Generators.git"

17
init
View File

@ -16,16 +16,9 @@ function stop {
[ "$NO_HTTP" != "TRUE" ] && rm -f /var/run/httpd/authdigest_shm.$(cat /var/run/httpd/httpd.pid) && kill $(cat /var/run/httpd/httpd.pid)
}
function firststart {
if [ -x /usr/local/sbin/firststart.sh ]; then
/usr/local/sbin/firststart.sh
[ $? -eq 0 ] && rm /usr/local/sbin/firststart.sh
fi
}
trap 'stop' SIGTERM
if [ -z "$1" ]; then
if [ "$1" == "start" ]; then
if [ "$NO_MAIL" != "TRUE" ]; then
if [ -z `hostname --domain` ]; then
echo "You must start this container with --hostname= specifying a domain name"
@ -36,7 +29,6 @@ if [ -z "$1" ]; then
[ ! -f /etc/opendkim/keys/default.private ] && /usr/sbin/opendkim-default-keygen
[ -x /usr/sbin/opendkim ] && /usr/sbin/opendkim -x /etc/opendkim.conf -P /var/run/opendkim.pid -f &
echo "Starting Sendmail..."
[ -f /etc/mail/authinfo ] && /usr/sbin/saslauthd -m /run/saslauthd -a pam
cd /etc/mail && make && m4 sendmail.mc > sendmail.cf && /usr/sbin/sendmail -q1h -bD &
else
echo "! NOT starting MAIL"
@ -44,7 +36,6 @@ if [ -z "$1" ]; then
if [ "$NO_SSH" != "TRUE" ]; then
echo "Starting SSHD..."
[ ! -d /etc/leenooks/ssh ] && mkdir /etc/leenooks/ssh && chmod 750 /etc/leenoks/ssh
getent passwd lamp || useradd -c "Hosting Admin User" -m lamp
[ -x /usr/sbin/sshd-keygen ] && /usr/sbin/sshd-keygen
[ -x /usr/sbin/sshd ] && /usr/sbin/sshd -D &
@ -63,19 +54,17 @@ if [ -z "$1" ]; then
if [ "$NO_HTTP" != "TRUE" ]; then
if [ -d /etc/awstats ]; then
find /etc/awstats/ -type l | xargs -n 5 rm -f
[ -e /etc/leenooks/awstats/awstats*conf ] && find /etc/leenooks/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \;
[ -e /var/www/sites/*/awstats/awstats*conf ] && find /var/www/sites/*/awstats/awstats*conf -type f -exec ln -sf {} /etc/awstats/ \;
fi
echo "Starting HTTP..."
find /etc/httpd/conf.d/ -type l | xargs -n 5 rm -f
[ -d /etc/leenooks/httpd ] && find /etc/leenooks/httpd -type f -exec ln -sf {} /etc/httpd/conf.d/ \;
find /etc/httpd/sites.d -type f -exec ln -sf {} /etc/httpd/conf.d/ \;
[ -x /usr/sbin/httpd ] && /usr/sbin/httpd -DFOREGROUND &
else
echo "! NOT starting HTTP"
fi
firststart
wait
else
exec $@
fi

21
sshd
View File

@ -1,21 +0,0 @@
# Configuration file for the sshd service.
# The server keys are automatically generated if they are missing.
# To change the automatic creation uncomment and change the appropriate
# line. Accepted key types are: DSA RSA ECDSA ED25519.
# The default is "RSA ECDSA ED25519"
# AUTOCREATE_SERVER_KEYS=""
# AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
# Do not change this option unless you have hardware random
# generator and you REALLY know what you are doing
SSH_USE_STRONG_RNG=0
# SSH_USE_STRONG_RNG=1
# Override Defaults
RSA_KEY=/etc/leenooks/ssh/ssh_host_rsa_key
ECDSA_KEY=/etc/leenooks/ssh/ssh_host_ecdsa_key
AUTOCREATE_SERVER_KEYS="RSA ECDSA"

View File

@ -1,153 +0,0 @@
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/leenooks/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/leenooks/ssh/ssh_host_ecdsa_key
#HostKey /etc/leenooks/ssh/ssh_host_ed25519_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Ciphers and keying
#RekeyLimit default none
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#GSSAPIEnablek5users no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several
# problems.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox # Default for new installations.
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server