Commit 156481a9 authored by Michał 'rysiek' Woźniak's avatar Michał 'rysiek' Woźniak
Browse files

initial import

parents
#
# crond Dockerfile
#
# Pull base image.
FROM debian:jessie
# Install cron.
RUN DEBIAN_FRONTEND=noninteractive \
apt-get update && \
apt-get install -y --no-install-recommends cron
# install additional stuff needed for our cron scripts
RUN DEBIAN_FRONTEND=noninteractive \
apt-get install -y --no-install-recommends openssh-client curl
# we need to make sure that /etc/cron.* cronjobs are not run as root
# it's not required for the operation (after all, all the cronjobs are to be
# doing is either some http requests, or some stuff against a database)
#
# first, create the cron user (and group, and home directory)
RUN groupadd cron && useradd -g cron -s /bin/bash cron && passwd -d cron && mkdir /home/cron && chown cron:cron /home/cron
# secondly, remove the unnecessary cron.daily scripts
#
# then, change the user to 'cron' for cron.(hourly|daily|weekly|monthly),
# conveniently configured in /etc/crontab
# also, make sure that the owner and permissions are ok
#
# finally, make sure that this sed script runs every few minutes on all /etc/cron.d files
RUN rm -rf /etc/cron.*/* \
&& sed -i -r -e 's/^(([/0-9*,-]+\s+){5}|@(reboot|yearly|annually|monthly|weekly|daily|midnight|hourly)\s+)root\s+(.*)$/\1\tcron\t\4\n/' /etc/crontab \
&& echo "*/15 * * * * root sed -i -r -e 's/^(([/0-9*,-]+\s+){5}|@(reboot|yearly|annually|monthly|weekly|daily|midnight|hourly)\s+)root\s+(.*)/\\\1\\\tcron\\\t\\\4/' /etc/cron.d/*" >> /etc/crontab \
&& echo "*/15 * * * * root /bin/chown root:root /etc/cron.d/* && /bin/chmod u=rw,go= /etc/cron.d/*" >> /etc/crontab \
&& echo "*/15 * * * * root sed -i -r -e '$ s/^(.+)$/\\\1\\\n/' /etc/cron.d/*" >> /etc/crontab
# yeah, we kind of need that
ADD run.sh /run.sh
RUN chmod +x /run.sh
# cron volumes
VOLUME ["/etc/cron.d", "/etc/cron.daily", "/etc/cron.hourly", "/etc/cron.monthly", "/etc/cron.weekly"]
# well
WORKDIR /etc
# command and entrypoint
CMD ["/run.sh"]
\ No newline at end of file
# `crond` in docker
#!/bin/bash
set -e
# users' home directory
HOMEDIR="/home/cron"
KEYSDIR="/var/pubkeys"
# we're not running the sshd, so no SSH_KEYS/authprized_keys needed
# host keys are also unneeded
# also, the user should get created in the dockerfile, so no need for doing this here either
# create the .ssh folder if it does not exist
echo "+-- .ssh dir..."
[ ! -e "$HOMEDIR/.ssh/" ] && mkdir -p "${HOMEDIR}/.ssh"
# do we have the keys? if not, create...
echo "+-- id_rsa..."
if [ ! -e "${HOMEDIR}/.ssh/id_rsa" ]; then
echo " +-- creating..."
# ...with an empty password, of course
ssh-keygen -t rsa -q -N "" -f "${HOMEDIR}/.ssh/id_rsa"
fi
# fix permissions, just in case
echo "+-- .ssh dir permissions..."
chmod -R u=rwX,go= "${HOMEDIR}/.ssh"
chown -R cron:cron "${HOMEDIR}/.ssh"
# make sure that our key is in the shared keys directory,
# and is accessible to all that need it
echo "+-- copying pubkey to ${KEYSDIR}/cron.pub"
cp "${HOMEDIR}/.ssh/id_rsa.pub" "${KEYSDIR}/cron.pub"
echo "+-- pubkey permissions..."
chown root:root "${KEYSDIR}/cron.pub"
chmod a=r "${KEYSDIR}/cron.pub"
# FIXME can we run cron as an unprivileged user?
echo "+-- cron lola cron!"
exec /usr/sbin/cron -f -L 15
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment