Skip to content

Instantly share code, notes, and snippets.

@aslakknutsen

aslakknutsen/Dockerfile

Last active Mar 25, 2020
Embed
What would you like to do?
# Copyright 2018 Datawire. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FROM registry.access.redhat.com/ubi8/python-36:1
# when there is a proxy, build this file like this:
# V=0.101; docker build -f Dockerfile.ocp -t registry.corp.example.com/telepresence/telepresence-k8s:$V --build-arg http_proxy="http://proxy.corp.example.com:8080" --build-arg https_proxy="http://proxy.corp.example.com:8080" --build-arg no_proxy=".example.com" . ; docker push registry.corp.example.com/telepresence/telepresence-k8s:$V
WORKDIR ${APP_ROOT}
USER root
COPY requirements.txt ${APP_ROOT}
# Install required python3 modules
RUN pip3 install --no-cache-dir incremental && \
pip3 install --no-cache-dir -r requirements.txt && \
yum -y remove gcc && \
yum clean all && \
rm -rf /var/cache/yum
COPY forwarder.py ${APP_ROOT}
COPY socks.py ${APP_ROOT}
COPY . ${APP_ROOT}
RUN cp ${APP_ROOT}/run-ocp.sh ${APP_ROOT}/run.sh
RUN chown -R 1001:0 ${APP_ROOT} && \
fix-permissions ${APP_ROOT} -P && \
rpm-file-permissions
EXPOSE 8022
USER 1001:0
CMD ${APP_ROOT}/run.sh
package main
import (
"context"
"fmt"
"io"
"log"
"os/exec"
"github.com/gliderlabs/ssh"
gossh "golang.org/x/crypto/ssh"
)
func main() {
srv := CreateServer()
srv.ListenAndServe()
}
// CreateServer returns a non started ssh service instance
func CreateServer() *ssh.Server {
forwardHandler := &ssh.ForwardedTCPHandler{}
srv := &ssh.Server{
Handler: func(sess ssh.Session) {
if sess.RawCommand() != "" {
ExecSession(sess)
return
}
//sess.Exit(-1) // exit kills the whole session and we can't do forward requests
},
RequestHandlers: map[string]ssh.RequestHandler{
"tcpip-forward": forwardHandler.HandleSSHRequest,
"cancel-tcpip-forward": forwardHandler.HandleSSHRequest,
"keepalive@openssh.com": func(ctx ssh.Context, srv *ssh.Server, req *gossh.Request) (bool, []byte) {
return true, []byte("alive!")
},
},
ChannelHandlers: map[string]ssh.ChannelHandler{
"session": ssh.DefaultSessionHandler,
"direct-tcpip": ssh.DirectTCPIPHandler,
},
LocalPortForwardingCallback: func(ctx ssh.Context, destinationHost string, destinationPort uint32) bool {
log.Println("local attempt to bind", destinationHost, destinationPort, "granted")
return true
},
ReversePortForwardingCallback: func(ctx ssh.Context, bindHost string, bindPort uint32) bool {
log.Println("reverse attempt to bind", bindHost, bindPort, "granted")
return true
},
}
srv.Addr = ":8022"
return srv
}
// ExecSession executes a single command
func ExecSession(sess ssh.Session) {
ctx, cancel := context.WithCancel(context.Background())
args := []string{"-c"}
args = append(args, sess.RawCommand())
cmd := exec.CommandContext(ctx, "/usr/bin/sh", args...)
defer cancel()
in, err := cmd.StdinPipe()
if err != nil {
fmt.Println(err)
}
defer in.Close()
cmd.Stdout = sess
cmd.Stderr = sess
err = cmd.Start()
if err != nil {
fmt.Println(err)
}
go func() {
io.Copy(in, sess)
}()
cmd.Wait()
sess.Exit(cmd.ProcessState.ExitCode())
sess.Close()
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment