Created
April 20, 2014 10:17
-
-
Save davidpelaez/11110501 to your computer and use it in GitHub Desktop.
My notes to understandig the Geard code at the time of writing https://github.com/openshift/geard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| To Install | |
| ========= | |
| Based on contrib/bootstrap-dev-vm: | |
| - Dependencies first | |
| - Then build | |
| - Link the unit | |
| - Then enable the unit | |
| In the end you have a geard-githost under `docker ps`. | |
| Installing container | |
| ========== | |
| gear install pmorie/sti-html-app sample-unit -p 8080:0 --start --isolate | |
| Using the port 0 means it'll chose a port to assign on the host. This for instance creates an app on port 4000 that is eabled by default. | |
| -- isolate means that the containers command will be run as a container user created right at the moment of starting the container. It's like inserting a middleware that changes th CMD to be run as the container user. | |
| Adding keys | |
| ====== | |
| gear add-keys sti1 --key-file=key.pub | |
| geard/contrib/ssh ▶ ln -s /var/lib/containers/access/containers/ssh/ /var/lib/gears/access/gears/ssh | |
| ln -s /var/lib/containers/access/git/ /var/lib/gears/access/git | |
| mapping one to one of git: | |
| "Volumes": { | |
| "/host_etc": "/etc", | |
| "/var/lib/containers/git": "/var/lib/containers/git" | |
| }, | |
| This works: | |
| gear auth-keys-command ctr-fmock | |
| Gear creates a user for each container | |
| This works too: | |
| gear add-keys sample-unit --key-file="/root/key.pub" | |
| This: | |
| gear auth-keys-command ctr-sample-unit | |
| creates ~ctr-sample-unit/.ssh/authorized_keys | |
| Prints to stdout: | |
| gear-auth-keys-command ctr-sample-unit | |
| The command swtich --git will run as the current user /usr/bin/git-shell that exists inside ccoleman/geard-githost | |
| Using the flag --git-ro would make it readonly. | |
| Adding keys to those users home automatically remains the mistery. | |
| add-keys calls addSshKeys function. It then | |
| This should work: gear add-keys git-my-sample-repo --write --key-file="/root/key.pub" | |
| CURL to add ssh key to container: | |
| curl -X PUT "http://localhost:43273/keys" -H "Content-Type: application/json" -d '{ | |
| "Keys": [ | |
| { | |
| "Type": "authorized_keys", | |
| "Value": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==" | |
| } | |
| ], | |
| "Permissions": [{"With": "sample-unit","Type":"container"}] | |
| }' | |
| Workign for GIT repo! | |
| curl -X PUT "http://localhost:43273/keys" -H "Content-Type: application/json" -d '{ | |
| "Keys": [ | |
| { | |
| "Type": "authorized_keys", | |
| "Value": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==" | |
| } | |
| ], | |
| "Permissions": [{"With": {"Id":"repo2","Write":true},"Type":"repository"}] | |
| }' | |
| The secret is that the type of resource if identifies in the fomrat: | |
| [repo|ctr]:://[<host>/]id | |
| gear add-keys repo://127.0.0.1/my-sample-repo --write --key-file="/root/key.pub" | |
| Also works: | |
| gear add-keys repo://my-sample-repo --write --key-file="/root/key.pub" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment