Dockerizing an SSH Daemon Service using my own key - vagrant

I am building an image based on ubuntu14.04, try to enable ssh on the container. I am following the tutorial: https://docs.docker.com/examples/running_ssh_service/
But this tutorial only shows how to ssh using password, I want to use my own key to ssh into container instead of password. So I can do something like this in the vagrantfile (Docker as a provider, and using ansible to provision):
config.ssh.username = "root"
config.ssh.private_key_path = "~/.ssh/my_key"

I had this problem also.
Unfortunately I don't have a simple answer, but use a standard ShutIt library for this:
https://github.com/ianmiell/shutit/blob/master/library/ssh_key/ssh_key.py
which copies ssh keys to the host as it's building.
It doesn't show up in the image history either, so you don't need to flatten images; and you can remove it (default, but configurable) at the end of the build using the ssh_key module's finalize hook.
allows me to combine this with other modules as I need it. For example, it's depended on by the ansible module, for example:
https://github.com/ianmiell/shutit/blob/master/library/ansible/ansible.py#L64
and the library/puppet.py and library/hadoop/hadoop.py:
If you need help with it contact me directly.

Is there a reason you need to ssh?
Be aware of the very significant reasons for not doing it:
http://blog.docker.com/2014/06/why-you-dont-need-to-run-sshd-in-docker/
You can also as of docker v1.3 just inject new processes into running containers..
e.g. if you can ssh onto the host, then
docker exec -it myContainer /bin/bash
will attach a terminal to your running container...
But you can look at one I cooked up earlier... https://registry.hub.docker.com/u/afolarin/ubuntu_ssh/

Related

Launching a Singularity Container Remotely using Visual Studio Code

I am aware that you can launch docker containers remotely in VSCode. Is it possible to do the same with singularity containers?
Update: the solution to this was published in the same issue (https://github.com/microsoft/vscode-remote-release/issues/3066#issuecomment-1019500216) as before by user oschulz:
As promised, here are some instructions on how to use Singularity with VS-Code Remote SSH via SSH RemoteCommand. The procedure described below makes VS-Code run it’s remote server component inside a Singularity container instance (other runtimes like Shifter work too).
Acknowledgement: Credit for a lot of this goes to #gipert, who refined my original approach (using a custom SSH script) when support for RemoteCommand became available in VS-Code recently
Step 1
Use VS-Code >= v1.64 (includes support for the SSH RemoteCommand setting). Install the Pre-Release version of the Remote SSH extension
Important: In the VS-Code settings, set "remote.SSH.enableRemoteCommand": true.
Step 2
In your "$HOME/.ssh/config", add something like
Host myimage1~*
RemoteCommand singularity shell /path/to/image1.sif
RequestTTY yes
Host myimage2~*
RemoteCommand singularity shell /path/to/image2.sif
RequestTTY yes
Host somehost myimage1~somehost myimage2~somehost
HostName some.host.somewhere
User your_username_
Host otherhost myimage1~otherhost myimage2~otherhost
HostName some.otherhost.somewhere
User your_username_
Test whether this works using ssh myimage1~somehost. This should drop you into an SSH session inside of an instance of the "/path/to/image1.sif" container image on some.host.somewhere.
Connecting to the remote host with VS-Code: F1 > "Connect to Host" > "myimage1~somehost” should now get you a remote VS-Code session running in the container image as well. The same for "myimage2~somehost", "myimage1~otherhost" and "myimage2~otherhost".
Step 3
However, since VS-code reuses remote server instance, that's not sufficient to run multiple container images on the same host at the same time. To get separate (per container) VS-Code server instances the same host, add something like this to your VS-Code preferences:
"remote.SSH.serverInstallPath": {
"myimage1~somehost": "~/.vscode-container/myimage1",
"myimage1~otherhost": "~/.vscode-container/myimage1",
"myimage2~somehost": "~/.vscode-container/myimage2",
"myimage2~otherhost": "~/.vscode-container/myimage2"
}
Request to the VS-Code dev team
Could "remote.SSH.serverInstallPath" be controlled via an environment variable? This would allow us to eliminate all these cumbersome "remote.SSH.serverInstallPath" preferences. The environment variable could be set by a container startup script on the remote side (like the one below) automatically, depending on the selected container image.
Other Container runtimes
To use a different container runtime than Singularity (e.g. Shifter, Charliecloud, etc.), simply replace singularity shell /path/to/image1.sif by the appropriate command for your runtime.
On some systems (e.g. with Shifter at NERSC) you may also need to override $XDG_RUNTIME_DIR, since it's default location may not be writable from within a container instance. In such cases, it's best to use a custom container run-script like
#!/bin/sh
export XDG_RUNTIME_DIR="${TMPDIR:-/tmp}/`whoami`/run"
exec shifter --image="$1"
So in your SSH config, use
RemoteCommand /my/homedir/.local/bin/run_container image_name
I maintain a little container start-script called cenv that handles $XDG_RUNTIME_DIR (and quite a bit more, including some default bind-mounts) automatically for both Singularity and Shifter (contributions welcome).
Tips and tricks
If things don't work, try "Kill server on remote" from VS-Code and reconnect.
You can also try starting over from scratch with brute force: Close the VS-Code remote connection. Then, from an external terminal, kill the remote VS-Code server instance:
$ ssh somehost
$ kill -9 -1
(Will kill all processes you own on the remote host.)
Remove the ~/.vscode-server directory.
Old:
I believe this is still not supported. Refer to this issue: https://github.com/microsoft/vscode-remote-release/issues/3066, and there are also some ideas for potential workarounds in the same link.

Using Jenkins to SSH into EC2 Ubuntu instance and run shell scripts

I have installed Jenkins on my local, I have created my own EC2 instance, I can ssh into my instance and run some shell scripts to shut down my Wildfly server installed on my instance.
This is what I do when I do it manually on my Mac.
open my mac terminal, type
ssh -i /Users/xxx/tools/xxxx.pem ubuntu#10.206.xxx.xx
It will login to my Instance, and then I type:
cd /srv/wildfly-10.1.0.Final/bin
sudo -s
source /etc/profile
./jboss-cli.sh --connect command=:shutdown
The screen will output
{"outcome" => "success"}
Now, I want to using Jenkins, when I click build button, it will ssh into that instance and run these shell scripts for me. The output is expected the same as I run it after I ssh into the instance.
My question is: what steps should I follow, after I login to my Jenkins local environment: localhost:8080
Create a New Item, which one? Is there some plugin I can use? Where to put my shell scripts, will it run successfully?
A guide would be helpful, thanks a lot!
Additon:
when I try to login: using my ssh command, I get this error:
Pseudo-terminal will not be allocated because stdin is not a terminal.
Host key verification failed.
Too many questions to answer in one post. but this should get you started.
ssh from jenkins to your ec2 should be password less, should you need to set the keys in jenkins. use the credential manager and create one, by pasting the private key
https://www.cloudbees.com/blog/using-ssh-jenkins
Refer remote command execution over ssh for the rest of the task.
you will find how to do this in tons.. but this should give you an idea. https://www.cyberciti.biz/faq/unix-linux-execute-command-using-ssh/
For the question on job type, at this point just go with the freestyle .. And later, you may plan for fancy stuff.
You need to add the PEM file details in place where it asks for Private Key

Docker stuck on "Waiting for SSH to be available..."

I'm using a docker with Windows and Hyper-v to create containers. I've added a docker machine vmachine to my docker configuration. First time the machine is created, it gets an IP (although I cannot manage nginx to access it - ERR_CONNECTION_REFUSED) and finishes the bootup.
When I turn off the machine and then try to boot it, i get stuck in this message
Waiting for SSH to be available...
And it doesn't evolve from there. The machine is booted, however, I get an IPv6 when I input the command docker-machine ip vmachine like - fe80::215:5dff:fe21:10b insted of a IPv4
What am I doing wrong?
Problem here is by default docker uses DockerNAT network switch. You should create a new external network switch instead. This issue is covered here and here. You can create an external network switch using the below command
docker-machine create -d hyperv --hyperv-virtual-switch external-switch tempbox1
or you can create one through the UI
Be sure to reboot the device after creating the external switch.
I had a similar issue and non of the solutions worked. Turns out that according to this answer, docker launches SSH with Unix specific elements. This is said to have been fixed in the releases that followed, but I still encountered the 'Waiting for SSH' issue. I resolved this by simply using GIT bash to run all docker related SSH commands.
Use the switch --native-ssh
for example docker-machine --native-ssh .... Get more details from here
docker-machine.exe -debug create --driver hyperv --hyperv-virtual-switch "External Virtual Switch" --hyperv-cpu-count "1" --hyperv-memory "1024" --hyperv-disk-size "20000" mydockervm
make sure to have additional VirtualSwitch configure , with external network driver selected , Uninstall virtualbox
Use the debug switch to see the exact error , for me it was not able to allocate memory.
Here's what's solved it for me.
Turns out Windows 10 starting version 1709 has a built in SSH client at C:\Windows\System32\OpenSSH. Here's an article discussing it.
Looks like docker is using that SSH implementation and it's not compatible. I didn't look for a proper way to remove the built-in SSH implementatino in Windows 10, and simply renamed the folder. That was enough to fix it for me.
After doing what is mentioned in the above suggestions and if you are running docker on a windows machine try to login using cli. This has worked for me.
If you are using Command Promt Docker will stuck at Waiting for SSH to be available..., So change to use GIT BASH as #Dave Howson said it will work.
If you're using oracle VM you must ensure first that your new cloud vm is running.
Before:
After:

Easiest way to connect with PuTTY to an existing docker container

Often I come across this situation:
I have an existing docker container, running a certain service, usually set up from a Dockerfile from Github, etc., usually based on Ubuntu
I am able to run commands inside this container (with docker exec or by setting an entrypoint), including sh
Interactive commands like vi, nano, aptitude or mc don't work, because of the buggy terminal of Docker Toolbox - with errors ranging from defective arrow keys over garbled characters to plain crashes.
Now the question:
Can I run anything inside my container to connect to a machine with a proper terminal? For example I could SSH into the docker host, so maybe I can run something there that the container can connect to?
I tried mosh, but it seems the mosh client does not run a shell by itself, but instead tries to forward to sshd, which the container doesn't have.
Docker is used to create light weight containers that can run a service with as minimal resources as possible. In addition, docker does not limit what code, apps or utilities you would want to run. That being said, if you are trying to connect to the container as you would to other linux servers, via ssh, you would need to be sure that the docker instance contains and is running an ssh server such as openssh-server and that you expose the port, normally port 22, when you execute the 'docker run' command.

How to run multiple Docker Containers in different terminals using Docker compose or with Shell?

I have to pull docker image from Docker Hub and start running multiple peers as containers.
now, I am manually opening terminal and executing my docker run command on downloaded image but I am planning to automate this process like if I/user want 2 peers to run then I should be able to provide IP Address and Port information to Docker run command and start these peers in different terminals without manual step.
After executing these commands I should be able to store these IP address and port numbers in a JSON file further transactions.
Could you please help me!!! Thanks!!
Got quick solution for the above problem.. Below is the command I have applied docker run -d IMAGE NAME /bin/bash above command runs the container in background process. Also, I am taking network credentials by applying docker inspect <Container Id>

Resources