diff --git a/Dockerfile b/Dockerfile index 308a4b2..fac5ee3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,9 +19,10 @@ RUN rc-update add krb5kdc default RUN rc-update add krb5kadmind default RUN rc-update add nfs default +COPY ./common.sh . COPY ./entrypoint.sh . COPY ./init.sh . -RUN chmod +x ./entrypoint.sh && chmod +x ./init.sh +RUN chmod +x ./entrypoint.sh && chmod +x ./init.sh && chmod +x ./common.sh RUN ls diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index 1dc104e..030c058 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -12,9 +12,10 @@ RUN if [ -n "${DEBUG}" ]; then \ apt-get install iproute2 iputils-ping net-tools; \ fi +COPY ./common.sh . COPY ./entrypoint-ubuntu.sh . COPY ./init.sh . -RUN chmod +x ./entrypoint-ubuntu.sh && chmod +x ./init.sh +RUN chmod +x ./entrypoint-ubuntu.sh && chmod +x ./init.sh && chmod +x ./common.sh RUN ls diff --git a/common.sh b/common.sh new file mode 100644 index 0000000..cf8d480 --- /dev/null +++ b/common.sh @@ -0,0 +1,94 @@ +#!/bin/bash + +cat > /etc/krb5.conf << EOL +[logging] + default = SYSLOG:DEBUG + kdc = SYSLOG:DEBUG + admin_server = SYSLOG:DEBUG + +[libdefaults] + dns_lookup_realm = false + ticket_lifetime = 24h + renew_lifetime = 7d + forwardable = true + rdns = false + default_realm = ${NFS_KRB_REALM} + +[realms] + ${NFS_KRB_REALM} = { + kdc = localhost + admin_server = localhost + } +EOL + +cat > /etc/idmapd.conf << EOC +[General] +Domain = ${NFS_KRB_REALM} +Verbosity = 5 +EOC + +cat > /etc/nfs.conf << EOC +[general] +pipefs-directory=/run/rpc_pipefs + +[exports] + +[exportfs] +debug=1 + +[gssd] +verbosity=5 +rpc-verbosity=5 +keytab-file=/etc/krb5.keytab + +[exportd] +debug="all" + +[mountd] +debug="all" +manage-gids=y +port=892 + +[nfsdcld] +debug=1 + +[nfsdcltrack] +debug=1 + +[nfsd] +debug=1 +# threads=8 +# host= +# grace-time=90 +# lease-time=90 +udp=y +tcp=y +vers3=y +vers4=y +vers4.0=y +vers4.1=y +vers4.2=y +EOC + +touch /var/lib/krb5kdc/kadm5.acl + +kdb5_util -r "${NFS_KRB_REALM}" create -s << EOL +${NFS_KRB_PWD} +${NFS_KRB_PWD} +EOL + +DOMAIN=$(echo "$NFS_KRB_REALM" | tr '[:upper:]' '[:lower:]') +echo "${DOMAIN}" > /etc/hostname + +# setup logging + +rpcdebug -m nfsd -s all +rpcdebug -m nfs -s all +rpcdebug -m rpc -s all + +kadmin.local << EOS +addprinc ${NFS_KRB_PRINC}@${NFS_KRB_REALM} +${NFS_KRB_PWD} +${NFS_KRB_PWD} +ktadd -norandkey ${NFS_KRB_PRINC}@${NFS_KRB_REALM} +EOS \ No newline at end of file diff --git a/entrypoint-ubuntu.sh b/entrypoint-ubuntu.sh index b9dd29e..c7aaa83 100644 --- a/entrypoint-ubuntu.sh +++ b/entrypoint-ubuntu.sh @@ -35,73 +35,12 @@ EOE chmod 777 "${SHARED_DIRECTORY}" fi -cat > /etc/krb5.conf << EOL -[logging] - default = SYSLOG:DEBUG - kdc = SYSLOG:DEBUG - admin_server = SYSLOG:DEBUG - -[libdefaults] - dns_lookup_realm = false - ticket_lifetime = 24h - renew_lifetime = 7d - forwardable = true - rdns = false - default_realm = ${NFS_KRB_REALM} - -[realms] - ${NFS_KRB_REALM} = { - kdc = localhost - admin_server = localhost - } -EOL cat > /etc/idmapd.conf << EOC [General] Domain = $DOMAIN Verbosity = 5 EOC -cat > /etc/nfs.conf << EOC -[general] -pipefs-directory=/run/rpc_pipefs - -[exportfs] -debug=1 - -[gssd] -verbosity=5 -rpc-verbosity=5 -keytab-file=/etc/krb5.keytab - -[exportd] -debug="all" - -[mountd] -debug="all" -manage-gids=y -port=892 - -[nfsdcld] -debug=1 - -[nfsdcltrack] -debug=1 - -[nfsd] -debug=1 -# threads=8 -# host= -# grace-time=90 -# lease-time=90 -udp=y -tcp=y -vers3=y -vers4=y -vers4.0=y -vers4.1=y -vers4.2=y -EOC - cat > /etc/default/nfs-common << EOC NEED_STATD=y @@ -114,32 +53,10 @@ EOC echo NEED_SVCGSSD=y > /etc/default/nfs-kernel-server - -touch /var/lib/krb5kdc/kadm5.acl +./common.sh exportfs -rvaf - -kdb5_util -r "${NFS_KRB_REALM}" create -s << EOL -${NFS_KRB_PWD} -${NFS_KRB_PWD} -EOL - -echo "${DOMAIN}" > /etc/hostname - -# setup logging - -syslogd -rpcdebug -m nfsd -s all -rpcdebug -m nfs -s all -rpcdebug -m rpc -s all -kadmin.local << EOS -addprinc ${NFS_KRB_PRINC}@${NFS_KRB_REALM} -${NFS_KRB_PWD} -${NFS_KRB_PWD} -ktadd -norandkey ${NFS_KRB_PRINC}@${NFS_KRB_REALM} -EOS - export OPTS_RPC_MOUNTD='--debug all -t 8 -N 3' echo "OPTS_RPC_MOUNTD=\"${OPTS_RPC_MOUNTD}\"" >> /etc/conf.d/nfs service nfs restart diff --git a/entrypoint.sh b/entrypoint.sh index 9068a1b..4013f18 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -21,6 +21,7 @@ UID=${NFS_UID:-0} apk add --no-cache --update alpine-conf setup-timezone -z "${SRV_TZ:-${DEFALUT_TIMEZONE}}" apk del alpine-conf + cat > /etc/chrony/chrony.conf << 'EOF' pool 0.pool.ntp.org iburst pool 1.pool.ntp.org iburst @@ -40,101 +41,15 @@ EOE chmod 777 "${SHARED_DIRECTORY}" fi -cat > /etc/krb5.conf << EOL -[logging] - default = SYSLOG:DEBUG - kdc = SYSLOG:DEBUG - admin_server = SYSLOG:DEBUG +# setup logging +syslogd -[libdefaults] - dns_lookup_realm = false - ticket_lifetime = 24h - renew_lifetime = 7d - forwardable = true - rdns = false - default_realm = ${NFS_KRB_REALM} - -[realms] - ${NFS_KRB_REALM} = { - kdc = localhost - admin_server = localhost - } -EOL - -cat > /etc/idmapd.conf << EOC -[General] -Domain = ${NFS_KRB_REALM} -Verbosity = 5 -EOC - -cat > /etc/nfs.conf << EOC -[general] -pipefs-directory=/run/rpc_pipefs - -[exports] - -[exportfs] -debug=1 - -[gssd] -verbosity=5 -rpc-verbosity=5 -keytab-file=/etc/krb5.keytab - -[exportd] -debug="all" - -[mountd] -debug="all" -manage-gids=y -port=892 - -[nfsdcld] -debug=1 - -[nfsdcltrack] -debug=1 - -[nfsd] -debug=1 -# threads=8 -# host= -# grace-time=90 -# lease-time=90 -udp=y -tcp=y -vers3=y -vers4=y -vers4.0=y -vers4.1=y -vers4.2=y -EOC - -touch /var/lib/krb5kdc/kadm5.acl +./common.sh exportfs -rvaf - -kdb5_util -r "${NFS_KRB_REALM}" create -s << EOL -${NFS_KRB_PWD} -${NFS_KRB_PWD} - -EOL - echo "${NFS_KRB_REALM}" > /etc/hostname -# setup logging - -syslogd -rpcdebug -m nfsd -s all -rpcdebug -m nfs -s all -rpcdebug -m rpc -s all -kadmin.local << EOS -addprinc ${NFS_KRB_PRINC}@${NFS_KRB_REALM} -${NFS_KRB_PWD} -${NFS_KRB_PWD} -ktadd -norandkey ${NFS_KRB_PRINC}@${NFS_KRB_REALM} -EOS export OPTS_RPC_MOUNTD='--debug all -t 8 -N 3' cat >> /etc/conf.d/nfs < /var/log/rpc-gssd.log & rpc.svcgssd -vf &> /var/log/gssd.log & - cat /etc/krb5.conf while true; do