Skip to content

set up ssh for web-dev and db-dev container and integrate with ansible #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Jun 20, 2024
Merged

set up ssh for web-dev and db-dev container and integrate with ansible #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
42d3630
remove 000-default.conf since it's for index-dev-env
amandayclee Jun 18, 2024
add69e7
start apache2 in the background in startupservice.sh
amandayclee Jun 18, 2024
6f2c278
add db/Docker to create sysadmin and set up ssh access
amandayclee Jun 19, 2024
46de9af
add python3 installation in web-container
amandayclee Jun 19, 2024
739ad69
add env user: sysadmin for db-dev service in docker-compose.yml to sp…
amandayclee Jun 19, 2024
082f62c
add README.md back in sysadmin-ssh-keys folder
amandayclee Jun 20, 2024
b4c9aec
adjust spacing for startupservice.sh and put apache2 config file back
amandayclee Jun 20, 2024
8bf415c
update docker-compose volumes
Shafiya-Heena Jun 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion ansible/etc-ansible-config/ansible.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
[defaults]
inventory = /etc/ansible/hosts
remote_user = sysadmin
host_key_checking = False
host_key_checking = True
retry_files_enabled = False
private_key_file = /home/sysadmin/.ssh/id_rsa

[web:vars]
ansible_python_interpreter=/usr/bin/python3
35 changes: 35 additions & 0 deletions db/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# https://docs.docker.com/engine/reference/builder/

# https://hub.docker.com/_/mariadb
FROM mariadb

# Resynchronize the package index files from their sources
RUN apt-get update

# Install packages for ssh
RUN apt-get install -y \
openssh-client \
openssh-server

# Clean up packages: Saves space by removing unnecessary package files and lists
RUN apt-get clean
RUN rm -rf /var/lib/apt/lists/*

# Create sysadmin user and add to sudoers
RUN useradd -m -s /bin/bash sysadmin && \
echo "sysadmin:sysadmin" | chpasswd && \
usermod -aG sudo sysadmin

# Ensure SSH directory exists with correct permissions
RUN mkdir -p /home/sysadmin/.ssh && \
chown sysadmin:sysadmin /home/sysadmin/.ssh && \
chmod 700 /home/sysadmin/.ssh

# Create privilege separation directory for SSH
RUN mkdir -p /run/sshd

# Expose SSH port
EXPOSE 22

# Start SSH service
CMD ["/usr/sbin/sshd", "-D"]
17 changes: 11 additions & 6 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ services:
networks:
- dev-backend
environment:
USER: sysadmin
MYSQL_ROOT_PASSWORD: root
PMA_HOST: db-dev
PMA_PORT: 3306
Expand All @@ -56,28 +57,32 @@ services:
- '22002:22'
restart: on-failure
volumes:
- ./web/config-web/etc-apache2-sites-available:/etc/apache2/sites-available:ro
- ../cc-legal-tools-data:/var/www/git/cc-legal-tools-data:ro
- ../chooser:/var/www/git/chooser:ro
- ../faq:/var/www/git/faq:ro
- ../mp:/var/www/git/mp:ro
- wp-data:/var/www/dev
- ./sysadmin-ssh-keys/rsa_sysadmin:/home/sysadmin/.ssh/id_rsa:ro
- ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/id_rsa.pub:ro
- ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/authorized_keys:ro

db-dev:
container_name: db-dev
build:
context: .
dockerfile: db/Dockerfile
environment:
USER: sysadmin
MYSQL_DATABASE: wordpress
MYSQL_ROOT_PASSWORD: root
MYSQL_USER: root
image: mariadb
networks:
- dev-backend
restart: on-failure
ports:
- "3306:3306"
- "22003:22"
volumes:
- db-data:/var/lib/mysql
- ./sysadmin-ssh-keys/rsa_sysadmin:/home/sysadmin/.ssh/id_rsa:ro
- ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/id_rsa.pub:ro
- ./sysadmin-ssh-keys/rsa_sysadmin.pub:/home/sysadmin/.ssh/authorized_keys:ro

volumes:
db-data:
Expand Down
3 changes: 1 addition & 2 deletions sysadmin-ssh-keys/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
This directory contains the SSH keys used for the sysadmin user.

This directory contains the SSH keys used for the sysadmin user.
1 change: 1 addition & 0 deletions web/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ RUN apt-get install -y \
php8.2-mysql \
php8.2-pdo \
php8.2-xml \
python3 \
sudo \
unzip \
vim \
Expand Down
82 changes: 1 addition & 81 deletions web/config-web/etc-apache2-sites-available/000-default.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,86 +33,6 @@ ServerName localhost:8080
Require all denied
</DirectoryMatch>

###########################################################################
# CC Legal Tools
# Directory Aliases
Alias /status /var/www/git/cc-legal-tools-data/docs/status
Alias /rdf /var/www/git/cc-legal-tools-data/docs/rdf
Alias /publicdomain /var/www/git/cc-legal-tools-data/docs/publicdomain
Alias /licenses /var/www/git/cc-legal-tools-data/docs/licenses
Alias /cc-legal-tools /var/www/git/cc-legal-tools-data/docs/cc-legal-tools
# File Aliases
Alias /schema.rdf /var/www/git/cc-legal-tools-data/docs/rdf/schema.rdf
Alias /ns.html /var/www/git/cc-legal-tools-data/docs/rdf/ns.html
Alias /ns /var/www/git/cc-legal-tools-data/docs/rdf/ns.html
<Directory /var/www/git/cc-legal-tools-data/docs>
# Disable .htaccess (for security and performance)
AllowOverride None
# Also serve HTML files without .html extension
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule !.*\.html$ %{REQUEST_FILENAME}.html [L]
# Redirect .../index.php to .../
RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
# Deny access to PHP files (content should be only static files)
RewriteRule .*\.php$ "-" [F,L]
# Correct mimetype for .../rdf files
RewriteRule (.*/rdf$) $1 [T=application/rdf+xml]
# Enable CORS (cross-origin resource sharing)
Header set Access-Control-Allow-Origin "*"
</Directory>
Include /var/www/git/cc-legal-tools-data/config/language-redirects
RedirectPermanent /licenses/work-html-popup /choose
RedirectPermanent /licenses/publicdomain/ /publicdomain/
RedirectPermanent /licenses/mark/1.0 /publicdomain/mark/1.0
RedirectPermanent /licences /licenses

###########################################################################
# Chooser
# Alias /choose /var/www/git/chooser/docs
# <Directory /var/www/git/chooser/docs>
# # Disable .htaccess (for security and performance)
# AllowOverride None
# # Redirect .../index.php to .../
# RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
# # Deny access to PHP files (content should be only static files)
# RewriteRule .*\.php "-" [F,L]
# </Directory>
RedirectPermanent /choose/zero /choose
RedirectPermanent /chooser /choose
RedirectTemp /choose https://chooser-beta.creativecommons.org

###########################################################################
# FAQ
Alias /faq /var/www/git/faq/faq
<Directory /var/www/git/faq/faq>
# Disable .htaccess (for security and performance)
AllowOverride None
# Redirect .../index.php to .../
RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
# Deny access to PHP files (content should be only static files)
RewriteRule .*\.php "-" [F,L]
</Directory>

###########################################################################
# Platform Toolkit
Alias /platform/toolkit /var/www/git/mp/docs
<Directory /var/www/git/mp/docs>
# Disable .htaccess (for security and performance)
AllowOverride None
# Redirect .../index.php to .../
RewriteCond %{REQUEST_FILENAME} "index\.php$" [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*/)index\.php$ $1 [L,NC,R=301]
# Deny access to PHP files (content should be only static files)
RewriteRule .*\.php "-" [F,L]
</Directory>

###########################################################################
# WordPress/Default
DocumentRoot /var/www/dev
Expand Down Expand Up @@ -151,4 +71,4 @@ ServerName localhost:8080

</VirtualHost>

# vim: ft=apache ts=4 sw=4 sts=4 sr et
# vim: ft=apache ts=4 sw=4 sts=4 sr et
7 changes: 4 additions & 3 deletions web/config-web/startupservice.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,9 @@ E1="$(printf "\e[1m")" # bold

/sbin/apache2ctl -v
echo "${E1}Starting webserver: http://127.0.0.1:8080${E0}"
# Start Apache in the foreground
/sbin/apache2ctl -D FOREGROUND -k start

# Start Apache in the background
/sbin/apache2ctl -k start

# Start SSH service
#/usr/sbin/sshd
/usr/sbin/sshd -D