It is possible to run sshd on OpenShift, if other options don't work - we
do it as part of the Telepresence remote debugging tool we built for
OpenShift and Kubernetes (https://telepresence.io).
Here's a shortened (and untested) Dockerfile:
-----
FROM alpine:3.5
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
RUN apk add --no-cache openssh && \
ssh-keygen -A && \
echo -e "ClientAliveInterval 1\nGatewayPorts yes\nPermitEmptyPasswords
yes\nPort 8022\nClientAliveCountMax 10\nPermitRootLogin yes\n" >>
/etc/ssh/sshd_config
# Set the permissions necessary to run as a non-root user
RUN chmod -R g+r /etc/ssh && \
chmod g+w /etc/passwd && \
chmod -R g+w /usr/src/app
COPY run.sh /usr/src/app
RUN chmod +x /usr/src/app/run.sh
# Running as root will now fail due with a permissions error, so default to
some
# other UID
USER 1000
CMD /usr/src/app/run.sh
----
And here's run.sh:
#!/usr/bin/env sh
set -e
USER_ID="$(id -u)"
GROUP_ID="$(id -g)"
# This is a terrible hack to allow SSH login to a runtime-specified UID
echo "telepresence::${USER_ID}:${GROUP_ID}:Telepresence
User:/usr/src/app:/bin/ash" >> /etc/passwd
exec /usr/sbin/sshd -e
---
You can now ssh to the machine via telepresence@yourhost, with no password.
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
