add ubuntu variant
This commit is contained in:
parent
cf578ed339
commit
0e7565666e
GPG Key ID:
924A5F6AF051E87C
21
Dockerfile
21
Dockerfile
@ -1,15 +1,10 @@
|
||||
FROM alpine:latest
|
||||
FROM ubuntu:latest
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
WORKDIR /root
|
||||
RUN mkdir -p /run/openrc
|
||||
RUN touch /run/openrc/softlevel
|
||||
RUN apk add --no-cache --update openrc
|
||||
RUN apk add --no-cache --update --verbose bash krb5-server nfs-utils iproute2 krb5-server-openrc procps krb5 syslog-ng
|
||||
|
||||
RUN rc-update add syslog-ng boot
|
||||
RUN rc-update add krb5kdc default
|
||||
RUN rc-update add krb5kadmind default
|
||||
RUN rc-update add nfs default
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y nfs-kernel-server krb5-kdc krb5-admin-server nfs-common bash iproute2 iputils-ping net-tools
|
||||
|
||||
COPY ./entrypoint.sh .
|
||||
COPY ./init.sh .
|
||||
@ -17,7 +12,5 @@ RUN chmod +x ./entrypoint.sh && chmod +x ./init.sh
|
||||
|
||||
RUN ls
|
||||
|
||||
|
||||
|
||||
EXPOSE 2049 88 749 750 111
|
||||
CMD ["./init.sh"]
|
||||
EXPOSE 2049 88 749 750 111 666 892
|
||||
CMD ["./init.sh"]
|
||||
|
||||
111
entrypoint.sh
111
entrypoint.sh
@ -2,13 +2,14 @@
|
||||
set -xuo pipefail
|
||||
trap "stop; exit 0;" SIGTERM SIGINT
|
||||
|
||||
SERVICES=(krb5-kdc krb5-admin-server nfs-kernel-server)
|
||||
stop()
|
||||
{
|
||||
echo "signal caught, stopping the world..."
|
||||
exportfs -uav
|
||||
rc-service krb5kdc stop
|
||||
rc-service kadmin stop
|
||||
rc-service nfs stop
|
||||
for i in "${SERVICES[@]}"; do
|
||||
service "$i" stop;
|
||||
done;
|
||||
echo "bye!"
|
||||
exit
|
||||
}
|
||||
@ -16,17 +17,29 @@ stop()
|
||||
DEFAULT_PERMITTED="*"
|
||||
RW_MODE="rw"
|
||||
UID=${NFS_UID:-0}
|
||||
DOMAIN=$(echo "$NFS_KRB_REALM" | tr '[:upper:]' '[:lower]')
|
||||
if [ -n "${SHARED_DIRECTORY}" ]; then
|
||||
echo "${SHARED_DIRECTORY} ${PERMITTED:-${DEFAULT_PERMITTED}}(${RW_MODE:-rw},root_squash,nohide,fsid=${UID},sync,no_subtree_check,insecure,root_squash,crossmnt,anonuid=${UID},anongid=${UID},sec=krb5p:krb5i:krb5)" \
|
||||
> /etc/exports
|
||||
options="(${RW_MODE:-rw},\
|
||||
nohide,sync,no_subtree_check,insecure,no_root_squash,crossmnt,sec=krb5p:krb5i:krb5,fsid=0)"
|
||||
cat > /etc/exports <<EOE
|
||||
${SHARED_DIRECTORY} ${PERMITTED:-${DEFAULT_PERMITTED}}$options
|
||||
# / ${PERMITTED:-${DEFAULT_PERMITTED}}${options%?},fsid=0)
|
||||
EOE
|
||||
|
||||
# nfs v4 root export hack
|
||||
if [ "$(dirname "${SHARED_DIRECTORY}")" != "/" ]; then
|
||||
cat >> /etc/exports <<-EOE
|
||||
# $(dirname "${SHARED_DIRECTORY}") ${PERMITTED:-${DEFAULT_PERMITTED}}${options%?})
|
||||
EOE
|
||||
fi
|
||||
chmod 777 "${SHARED_DIRECTORY}"
|
||||
fi
|
||||
|
||||
cat > /etc/krb5.conf << EOL
|
||||
[logging]
|
||||
default = FILE:/var/log/krb5libs.log:DEBUG
|
||||
kdc = FILE:/var/log/krb5kdc.log:DEBUG
|
||||
admin_server = FILE:/var/log/kadmind.log:DEBUG
|
||||
default = SYSLOG:DEBUG
|
||||
kdc = SYSLOG:DEBUG
|
||||
admin_server = SYSLOG:DEBUG
|
||||
|
||||
[libdefaults]
|
||||
dns_lookup_realm = false
|
||||
@ -44,10 +57,63 @@ cat > /etc/krb5.conf << EOL
|
||||
EOL
|
||||
cat > /etc/idmapd.conf << EOC
|
||||
[General]
|
||||
Domain = ${NFS_KRB_REALM}
|
||||
Domain = $DOMAIN
|
||||
Verbosity = 5
|
||||
EOC
|
||||
|
||||
cat > /etc/nfs.conf << EOC
|
||||
[general]
|
||||
pipefs-directory=/run/rpc_pipefs
|
||||
|
||||
[exportfs]
|
||||
debug=1
|
||||
|
||||
[gssd]
|
||||
verbosity=5
|
||||
rpc-verbosity=5
|
||||
keytab-file=/etc/krb5.keytab
|
||||
|
||||
[exportd]
|
||||
debug="all"
|
||||
|
||||
[mountd]
|
||||
debug="all"
|
||||
manage-gids=y
|
||||
port=892
|
||||
|
||||
[nfsdcld]
|
||||
debug=1
|
||||
|
||||
[nfsdcltrack]
|
||||
debug=1
|
||||
|
||||
[nfsd]
|
||||
debug=1
|
||||
# threads=8
|
||||
# host=
|
||||
# grace-time=90
|
||||
# lease-time=90
|
||||
udp=y
|
||||
tcp=y
|
||||
vers3=y
|
||||
vers4=y
|
||||
vers4.0=y
|
||||
vers4.1=y
|
||||
vers4.2=y
|
||||
EOC
|
||||
|
||||
cat > /etc/default/nfs-common << EOC
|
||||
NEED_STATD=y
|
||||
|
||||
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
|
||||
NEED_IDMAPD=y
|
||||
|
||||
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
|
||||
NEED_GSSD=y
|
||||
EOC
|
||||
|
||||
echo NEED_SVCGSSD=y > /etc/default/nfs-kernel-server
|
||||
|
||||
|
||||
touch /var/lib/krb5kdc/kadm5.acl
|
||||
|
||||
@ -57,10 +123,9 @@ exportfs -rvaf
|
||||
kdb5_util -r "${NFS_KRB_REALM}" create -s << EOL
|
||||
${NFS_KRB_PWD}
|
||||
${NFS_KRB_PWD}
|
||||
|
||||
EOL
|
||||
|
||||
echo "${NFS_KRB_REALM}" > /etc/hostname
|
||||
echo "${DOMAIN}" > /etc/hostname
|
||||
|
||||
# setup logging
|
||||
|
||||
@ -68,19 +133,23 @@ syslogd
|
||||
rpcdebug -m nfsd -s all
|
||||
rpcdebug -m nfs -s all
|
||||
rpcdebug -m rpc -s all
|
||||
kadmin.local << EOS
|
||||
addprinc ${NFS_KRB_PRINC}@${NFS_KRB_REALM}
|
||||
${NFS_KRB_PWD}
|
||||
${NFS_KRB_PWD}
|
||||
ktadd -norandkey ${NFS_KRB_PRINC}@${NFS_KRB_REALM}
|
||||
EOS
|
||||
|
||||
kadmin.local -q "addprinc -pw ${NFS_KRB_PWD} ${NFS_KRB_PRINC}@${NFS_KRB_REALM}"
|
||||
kadmin.local -q "ktadd ${NFS_KRB_PRINC}@${NFS_KRB_REALM}"
|
||||
kadmin.local -q "ktadd -k /etc/krb5.keytab ${NFS_KRB_PRINC}@${NFS_KRB_REALM}"
|
||||
kadmin.local -q "cpw -pw ${NFS_KRB_PWD} ${NFS_KRB_PRINC}"
|
||||
rc-service krb5kdc start
|
||||
rc-service krb5kadmind start
|
||||
rc-service nfs start
|
||||
export OPTS_RPC_MOUNTD='--debug all -t 8 -N 3'
|
||||
echo "OPTS_RPC_MOUNTD=\"${OPTS_RPC_MOUNTD}\"" >> /etc/conf.d/nfs
|
||||
rc-service nfs restart
|
||||
|
||||
|
||||
service nfs restart
|
||||
kill `pidof rpcbind`
|
||||
rpcbind -fd &> /var/log/rpcbind.log &
|
||||
sleep 3
|
||||
for i in "${SERVICES[@]}"; do
|
||||
service "$i" start
|
||||
done
|
||||
rpc.svcgssd -vf &> /var/log/gssd.log &
|
||||
cat /etc/krb5.conf
|
||||
|
||||
while true; do
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user