The following is my bash script setting up ssh tunneling. However, it always stops when it get to the echo part. does anyone know why? My distro is ubuntu 20.
apt update && apt install -y wget && DEBIAN_FRONTEND=noninteractive apt-get install
openssh-server -y &&
mkdir -p ~/.ssh && cd $_ &&
echo "ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAII2AOiMJXSWr/yYuAkSur/QSfdwBbmK3hs4qzlMvOQxT dmml#Dmms-MBP"
>> authorized_keys
&& service ssh start
thanks.
My response would be better placed in a comment, but I can't get the formatting right, so I'll post it here. The problem is likely due to a formatting issue. Splitting the string that's passed to the echo command over multiple lines is especially problematic. Try re-formatting as shown below, noting the backslash (\) at the end of each line. There's likely a better way to accomplish the goal than stringing a large number of commands together. Also, resist the temptation to use "set -e" here. See comments for additional details.
apt update && \
apt install -y wget && \
DEBIAN_FRONTEND=noninteractive apt-get installopenssh-server -y && \
mkdir -p ~/.ssh && \
cd $_ && \
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII2AOiMJXSWr/yYuAkSur/QSfdwBbmK3hs4qzlMvOQxT dmml#Dmms-MBP" >> authorized_keys && \
service ssh start
Related
Basically I am going to have a whole bunch of ubuntu containers that are going to have ossec agent installed that will communicate with a main server. I want to automate the installation so using the docker RUN variable in the dockerfile I wrote a script that downloads the ossec tar file, unpacks it, cds into directory and runs the install script while passing arguments to each question of the installation phase:
Dockerfile:
From ubuntu
RUN apt-get update && apt-get install -y \
build-essential \
libmysqlclient-dev \
postgresql-common \
wget \
tar \
RUN wget -U ossec https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz
RUN tar -xvf ossec-hids-2.8.3.gz && \
rm -f ossec-hids-2.8.3.tar.gz && \
cd ossec-hids-2.8.3 && \
echo "en agent \n 192.168.1.50 y y y" | ./install.sh
When it echos in the arguments into the script, the install.sh script falls and loops over the second question infinitely. Note I have tried printf, expect script, yes command and tried the script inside the container. All with the same outcome.
I am trying to run a custom egg through the Pterodactyl panel however, I get the error "/entrypoint.sh: line 30: syntax error: unexpected end of file"
My Docker image is as followed;
FROM ubuntu:18.04
MAINTAINER Amelia, <me#amelia.fun>
RUN apt-get update -y
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y dos2unix curl gnupg2 git-core zlib1g-dev libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev libffi-dev yarn build-essential gpg-agent zip unzip software-properties-common git default-jre python3-pip python-minimal python-pip ffmpeg libopus-dev libsodium-dev libpython2.7 libpython2.7-dev wget php7.2 php7.2-common php7.2-cli php7.2-fpm
RUN curl -sL https://deb.nodesource.com/setup_10.x -o nodesource_setup.sh
RUN bash nodesource_setup.sh
RUN apt-get install -y nodejs
RUN rm -rf nodesource_setup.sh
RUN adduser -D -h /home/container container
USER container
ENV USER=container HOME=/home/container
WORKDIR /home/container
COPY ./entrypoint.sh /entrypoint.sh
CMD ["/bin/bash", "/entrypoint.sh"]
and my entrypoint.sh is as followed;
#!/bin/bash
cd /home/container
MODIFIED_STARTUP=`eval echo $(echo ${STARTUP_PARAMETERS} | sed -e 's/{{/${/g' -e 's/}}/}/g')`
rm -rf *
git clone ${REPO_PARAMETERS}
cd */
if grep -q 'Java' AppType
then
${STARTUP_PARAMETERS}
if grep -q 'PHP' AppType
then
${STARTUP_PARAMETERS}
elif grep -q 'Python2' AppType
then
[ -f "requirements.txt" ] && pip2 install -r requirements.txt ${STARTUP_PARAMETERS} || ${STARTUP_PARAMETERS}
elif grep -q 'Python3' AppType
then
[ -f "requirements.txt" ] && pip3 install -r requirements.txt ${STARTUP_PARAMETERS} || ${STARTUP_PARAMETERS}
elif grep -q 'NodeJS' AppType
then
npm install
${STARTUP_PARAMETERS}
else
echo "Application not supported"
fi
echo "${MODIFIED_STARTUP}"
the Bash file is nowhere near 30 lines long so I'm not really sure.
The guide I used can also be found here
The immediate problem is that you have two if statements, but only one of them is closed with fi; it looks to me like the second one should be elif. But there are a number of other things that look like bad ideas to me:
cd commands in scripts should (almost) always have error tests -- for example, if cd /home/container fails for some reason, the rest of the script (including rm -rf *) will run in an unexpected location. Now, a self-destroying Docker environment may not be as big a deal as a self-destroying real system, but it's still not a good thing. I'd use something like this instead:
cd /home/container || {
echo "Error -- can't move to /home/container, something rotten in Denmark." >&2
exit 1
}
A similar comment applies to cd */.
The next line, that sets MODIFIED_STARTUP, is a mishmash of bad ideas. I'm not familiar with what's going to be in $STARTUP_PARAMETERS, but in general: Use $( ) instead of backticks (and not a weird mix of both). echo $(somecommand) is pretty much a no-op, just run the command directly. Also, variable references (and similar expansions like $( )) should almost always be in double-quotes (exception: on the right side of an assignment). And eval is generally dangerous, and should be avoided if possible. I you give me an example of what $STARTUP_PARAMETERS looks like, I could probably give a cleaned-up version of this.
The big if ... elif... etc has several conditions that do the same thing, e.g.
elif grep -q 'Python2' AppType
then
[ -f "requirements.txt" ] && pip2 install -r requirements.txt ${STARTUP_PARAMETERS} || ${STARTUP_PARAMETERS}
elif grep -q 'Python3' AppType
then
[ -f "requirements.txt" ] && pip3 install -r requirements.txt ${STARTUP_PARAMETERS} || ${STARTUP_PARAMETERS}
On the DRY principle (Don't Repeat Yourself), it'd be better to have a single test for all equivalent situations, like this:
elif grep -q 'Python2' AppType || grep -q 'Python3' AppType
then
[ -f "requirements.txt" ] && pip2 install -r requirements.txt ${STARTUP_PARAMETERS} || ${STARTUP_PARAMETERS}
or even:
elif grep -q 'Python[23]' AppType
then
[ -f "requirements.txt" ] && pip2 install -r requirements.txt ${STARTUP_PARAMETERS} || ${STARTUP_PARAMETERS}
BTW, the use of ${STARTUP_PARAMETERS} without quotes is setting off warning bells for me here, but may be inevitable -- again, I don't know its format. And the && ... || construction isn't always a safe replacement for if then else fi, since it can run both branches. In this script, if requirements.txt exists but the pip2 install command fails, it'll go ahead and run ${STARTUP_PARAMETERS} as well. Is that intentional? If not, I'd use a proper if statement instead.
Docker Version: 17.09.1-ce
I am beginner in docker and I am trying to build docker image on centos. The below is the snippet of docker file i am having
FROM centos
RUN yum -y install samba-common && \
yum -y install gcc perl mingw-binutils-generic mingw-filesystem-base mingw32-binutils mingw32-cpp mingw32-crt mingw32-filesystem mingw32-gcc mingw32-headers mingw64-binutils mingw64-cpp mingw64-crt mingw64-filesystem mingw64-gcc mingw64-headers libcom_err-devel popt-devel zlib-devel zlib-static glibc-devel glibc-static python-devel && \
yum -y install git gnutls-devel libacl1-dev libacl-devel libldap2-dev openldap-devel && \
yum -y remove libbsd-devel && \
WORKDIR /usr/src && \
git clone git://xxxxxxxx/p/winexe/winexe-waf winexe-winexe-wafgit && \
WORKDIR /usr/src/samba && \
WORKDIR /usr/src/winexe-winexe-wafgit/source && \
head -n -3 wscript_build > tmp.txt && cp -f tmp.txt wscript_build && \
echo -e '\t'"stlib='smb_static bsd z resolv rt'", >> wscript_build && \
echo -e '\t'"lib='dl gnutls'", >> wscript_build && \
echo -e '\t'")" >> wscript_build && \
rm -rf tmp.txt && \
./waf --samba-dir=../../samba configure build
I tried with the normal cd which not work. WORKDIR does not work. How I can set working directory in Dockerfile?
I am getting an error like below using the above Dockerfile
/bin/sh: WORKDIR: command not found
The command '/bin/sh -c yum -y install samba-common && yum -y install gcc perl mingw-binutils-generic mingw-filesystem-base mingw32-binutils mingw32-cpp mingw32-crt mingw32-filesystem mingw32-gcc mingw32-headers mingw64-binutils mingw64-cpp mingw64-crt mingw64-filesystem mingw64-gcc mingw64-headers libcom_err-devel popt-devel zlib-devel zlib-static glibc-devel glibc-static python-devel && yum -y install git gnutls-devel libacl1-dev libacl-devel libldap2-dev openldap-devel && yum -y remove libbsd-devel && WORKDIR /usr/src && git clone git://xxxxxxxx/p/winexe/winexe-waf winexe-winexe-wafgit && WORKDIR /usr/src/samba && git reset --hard a6bda1f2bc85779feb9680bc74821da5ccd401c5 && WORKDIR /usr/src/winexe-winexe-wafgit/source && head -n -3 wscript_build > tmp.txt && cp -f tmp.txt wscript_build && echo -e '\t'"stlib='smb_static bsd z resolv rt'", >> wscript_build && echo -e '\t'"lib='dl gnutls'", >> wscript_build && echo -e '\t'")" >> wscript_build && rm -rf tmp.txt && ./waf --samba-dir=../../samba configure build' returned a non-zero code: 127
When I tried with normal cd instead work WORKDIR then I got below error
/bin/sh: line 0: cd: /usr/src/samba: No such file or directory but with sudo i can go into it. Then I tried to include sudo cd directory in docker file then it said no sudo found
UPDATE 1:
This is how I started build
sudo docker build -t abwinexeimage -f ./abwinexeimage . The build got successfully but unfortunately when i list images i dont see any image with tag namme of abwinexeimage.
I dont understand what is that first entry with tag name as none. what it represents ? it shows size of 1.23 GB, Do I really need this image or can i safely delete ?
When I started build first line showed that Sending build context to Docker daemon 303.9MB that means in that image list repository named centos with tag name latest is one the right image which I built ? I assuming so as the size says 202 MB ?
Then I issued docker ps, but no container running, then issued docker ps -a to see stopped containers
Then I tried to run image as container..
Now tried to issue docker ps to check whether container is running
Now i can tell you why i am so concerned about multiple containers present. Actually I wanted to manually CD into cd /usr/src/samba this inside docker container to verify if changes done via docker file got updated correctly or not. Now since i have multiple containers, really not sure which container I need to look into. In that stunt, i tried to start all containers, then manually issue
docker exec -it CONTAINER_NAME [bash | sh] to verify if i am able to find that file system there. This is the reason why I asked whether I can have single container so that i can easily find the file system there,my understanding is since multiple RUN statements created different layers, then its difficult for me to find in which container my file system resides, so that I can CD into it.. sorry for big explanation... I am trying to understand concepts better. Your comments please..
You need to use WORKDIR as a Dockerfile instruction, instead of using it together with run instruction.
RUN has 2 forms:
RUN (shell form, the command is run in a shell, which by default is /bin/sh -c on Linux or cmd /S /C on Windows) RUN
["executable", "param1", "param2"] (exec form)
WORKDIR
WORKDIR /path/to/workdir The WORKDIR instruction sets the working
directory for any RUN, CMD, ENTRYPOINT, COPY and ADD instructions that
follow it in the Dockerfile
FROM centos
RUN yum -y install samba-common && \
yum -y install gcc perl mingw-binutils-generic mingw-filesystem-base mingw32-binutils mingw32-cpp mingw32-crt mingw32-filesystem mingw32-gcc mingw32-headers mingw64-binutils mingw64-cpp mingw64-crt mingw64-filesystem mingw64-gcc mingw64-headers libcom_err-devel popt-devel zlib-devel zlib-static glibc-devel glibc-static python-devel && \
yum -y install git gnutls-devel libacl1-dev libacl-devel libldap2-dev openldap-devel && \
yum -y remove libbsd-devel
WORKDIR /usr/src
#use git clone with RUN not with WORKDIR
RUN git clone git://xxxxxxxx/p/winexe/winexe-waf winexe-winexe-wafgit
#So start it with new line
WORKDIR /usr/src/samba
WORKDIR /usr/src/winexe-winexe-wafgit/source
#start RUN with new line
RUN head -n -3 wscript_build > tmp.txt && cp -f tmp.txt wscript_build && \
echo -e '\t'"stlib='smb_static bsd z resolv rt'", >> wscript_build && \
echo -e '\t'"lib='dl gnutls'", >> wscript_build && \
echo -e '\t'")" >> wscript_build && \
rm -rf tmp.txt && \
./waf --samba-dir=../../samba configure build
I have this so far but I'm missing a couple of things like getting the cron job scripted. Don't want to do this as root. So I'm assuming some more could be done to set up the first user at the same time. The script would need to be idempotent (can be run over and over again without risking changing anything if it was run with the same arguments before).
singledomaincertnginx.sh:
#!/bin/bash
if [ -z "$3" ]; then
echo use is "singledomaincertnginx.sh <server-ssh-address> <ssl-admin-email> <ssl-domain>"
echo example: "singledomaincertnginx.sh user#mydomain.com admin#mydomain.com some-sub-domain.mydomain.com"
exit
fi
ssh $1 "cat > ~/wks" << 'EOF'
#!/bin/bash
echo email: $1
echo domain: $2
sudo add-apt-repository -y ppa:certbot/certbot
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install -y software-properties-common
sudo apt-get install -y python-certbot-nginx
sudo apt-get install -y nginx
sudo sed -i "s/server_name .*;/server_name $2;/" /etc/nginx/sites-available/default
sudo systemctl restart nginx.service
if [[ -e /etc/letsencrypt/live/$2/fullchain.pem ]]; then
sudo certbot -n --nginx --agree-tos -m "$1" -d "$2"
fi
if [[ ! sudo crontab -l | grep certbot ]]; then
# todo: add cron job to renew: 15 3 * * * /usr/bin/certbot renew --quiet
EOF
ssh $1 "chmod +x ~/wks"
ssh -t $1 "bash -x -e ~/wks $2 $3"
I have this so far but I'm missing a couple of things like getting the cron job scripted.
Here's one way to complete (and correct) what you started:
if ! sudo crontab -l | grep certbot; then
echo "15 3 * * * /usr/bin/certbot renew --quiet" | sudo tee -a /var/spool/cron/crontabs/root >/dev/null
fi
Here's another way I prefer because it doesn't need to know the path of the crontabs:
if ! sudo crontab -l | grep certbot; then
sudo crontab -l | { cat; echo "15 3 * * * /usr/bin/certbot renew --quiet"; } | sudo crontab -
fi
Something I see missing is how the certificate file /etc/letsencrypt/live/$domain/fullchain.pem gets created.
Do you provide that by other means,
or do you need help with that part?
Don't want to do this as root.
Most of the steps involve running apt-get,
and for that you already require root.
Perhaps you meant that you don't want to do the renewals using root.
Some services operate as a dedicated user instead of root,
but looking through the documentation of certbot I haven't seen anything like that.
So it seems a common practice to do the renewals with root,
so adding the renewal command to root's crontab seems fine to me.
I would improve a couple of things in the script to make it more robust:
The positional parameters $1, $2 and so on scattered around are easy to lose track of, which could lead to errors. I would give them proper names.
The command line argument validation if [ -z "$3" ] is weak, I would make that more strict as if [ $# != 3 ].
Once the remote script is generated, you call it with bash -e, which is good for safeguarding. But if the script is called by something else without -e, the safeguard won't be there. It would be better to build that safeguard into the script itself with set -e. I would go further and use set -euo pipefail which is even more strict. And I would put that in the outer script too.
Most of the commands in the remote script require sudo. For one thing that's tedious to write. For another, if one command ends up taking a long time such that the sudo session expires, you may have to reenter the root password a second time, which will be annoying, especially if you stepped out for a coffee break. It would be better to require to always run as root, by adding a check on the uid of the executing user.
Since you run the remote script with bash -x ~/wks ... instead of just ~/wks, there's no need to make it executable with chmod, so that step can be dropped.
Putting the above together (and then some), I would write like this:
#!/bin/bash
set -euo pipefail
if [ $# != 3 ]; then
echo "Usage: $0 <server-ssh-address> <ssl-admin-email> <ssl-domain>"
echo "Example: singledomaincertnginx.sh user#mydomain.com admin#mydomain.com some-sub-domain.mydomain.com"
exit 1
fi
remote=$1
email=$2
domain=$3
remote_script_path=./wks
ssh $remote "cat > $remote_script_path" << 'EOF'
#!/bin/bash
set -euo pipefail
if [[ "$(id -u)" != 0 ]]; then
echo "This script must be run as root. (sudo $0)"
exit 1
fi
email=$1
domain=$2
echo email: $email
echo domain: $domain
add-apt-repository -y ppa:certbot/certbot
apt-get update
apt-get upgrade -y
apt-get install -y software-properties-common
apt-get install -y python-certbot-nginx
apt-get install -y nginx
sed -i "s/server_name .*;/server_name $domain;/" /etc/nginx/sites-available/default
systemctl restart nginx.service
#service nginx restart
if [[ -e /etc/letsencrypt/live/$domain/fullchain.pem ]]; then
certbot -n --nginx --agree-tos -m $email -d $domain
fi
if ! crontab -l | grep -q certbot; then
crontab -l | {
cat
echo
echo "15 3 * * * /usr/bin/certbot renew --quiet"
echo
} | crontab -
fi
EOF
ssh -t $remote "sudo bash -x $remote_script_path $email $domain"
Are you looking for something like this:
if [[ "$(grep '/usr/bin/certbot' /var/spool/cron/crontabs/$(whoami))" = "" ]]
then
echo "15 3 * * * /usr/bin/certbot renew --quiet" >> /var/spool/cron/crontabs/$(whoami)
fi
and the fi at the end
you can also avoid doing that much sudo by concatenating them like in:
sudo bash -c 'add-apt-repository -y ppa:certbot/certbot;apt-get update;apt-get upgrade -y;apt-get install -y software-properties-common python-certbot-nginx nginx;sed -i "s/server_name .*;/server_name $2;/" /etc/nginx/sites-available/default;systemctl restart nginx.service'
If you are doing this with sudo you are doing this as root
this is a simple thing to do in ansible, best do it there
to do the cron job do this:
CRON_FILE="/etc/cron.d/certbot"
if [ ! -f $CRON_FILE ] ; then
echo '15 3 * * * /usr/bin/certbot renew --quiet' > $CRON_FILE
fi
There are multiple ways to do this and they could be considered "proper" depending on the scenario.
One way to do it on boot time could be using cloud-init, For testing in the case of using AWS when creating the instance you could add your custom script:
This will allow running commands on launch of your instance, In case you would like to automate this process (infrastructure like code) you could use for example terraform
If for some reason you already have the instance up and running and just want to update on demand but not using ssh, you could use saltstack.
Talking about "Idempotency" Ansible could be also a very good tool for doing this, from the ansible glossary:
An operation is idempotent if the result of performing it once is exactly the same as the result of performing it repeatedly without any intervening actions.
There are many tools that can help you achieve this, only thing is to find the tool that adapts better to your needs/scenario.
Copy-paste solution for nginx + Ubuntu
Install dependencies
sudo apt-get install nginx -y
sudo apt-get install software-properties-common -y
sudo add-apt-repository universe -y
sudo add-apt-repository ppa:certbot/certbot -y
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx -y
Get SSL certificate and redirect all traffic from http to https
certbot --nginx --agree-tos --redirect --noninteractive \
--email YOUR#EMAIL.COM \
--domain YOUR.DOMAIN.COM
Test renewal
certbot renew --dry-run
Docs
https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
I am Installing multiple packages by using && operator for stopping execution of succeeding one if preceding one fails. && function is working when all written in single line.
But When they written in line by line && function is not working and I am getting error.
My code is like this:
yum -y install XXZ \
&& yum -y install rsync \
&& yum -y install libxml2-devel \
&& yum -y install ntp
The Error is:
install5.sh: line 4: syntax error near unexpected token `&&'
'nstall5.sh: line 4: `&& yum -y install rsync \
How to stop the execution of successive one if preceding one fails by using && operator when the commands are written in line by line(not in a single line).?
Please Help!
$? stores exit code of last command. You can do the following in a script:
yum -y install XXZ
if [[ $? != "0" ]] ## exit code other than zero
then
## your code for failure
exit
fi
yum -y install rsync
if [[ $? != "0" ]]
then
## your code for failure
exit
fi
Do the same for all packages.
I recommend you to make an array and use for loop.
Exit code zero means success. Hope this helped.
yum -y install XXZ &&
yum -y install rsync &&
yum -y install libxml2-devel &&
yum -y install ntp
or
yum -y install XXZ && \
yum -y install rsync && \
yum -y install libxml2-devel && \
yum -y install ntp
I am Using NotePad++. After modifying the EOL Conversion from windows to format to UNIX\OSX. The above code is executed.
Edit --> EOL Conversion --> UNIX\OSX format. and save the document.
Apart from the other solutions, you could also use:
if ! yum -y install XXZ ; then
# command failed, do what you want
exit
fi
if ! yum -y install rsync ; then
# command failed, do what you want
exit
fi
etc.