ssh proxy and move script service into container

unifi-utilities · Sep 18, 2020 · b0c2f0d · b0c2f0d
1 parent ee47942
commit b0c2f0d
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 13 deletions.
diff --git a/on-boot-script/README.md b/on-boot-script/README.md
@@ -24,11 +24,14 @@
 
 * [build.sh](build.sh) can be used to build the package by yourself.
     * Be sure to have at least "buildah" installed for the default container based build.
+
     * The following command builds everything that is needed and even deploys and install udm-boot onto your device (you need a working ssh key based auth to your udm!):
+
       ```bash
         export UDM_HOST=<MY UDM IP>
 	./build.sh && ./build.sh deploy && ./build.sh install
       ```
+
     * Overview
         * [dpkg-build-files](dpkg-build-files)
           contains the most scripts and all sources that debuild uses to build the package if you want to build it yourself
@@ -37,6 +40,7 @@
           for maintainability it's split in three depending files.
         * [packages/](packages)
           the required build debian package will be put here
+
     * Built on Ubuntu-20.04 on Windows 10/WSL2
 
 
@@ -48,7 +52,7 @@
     unifi-os shell
     ```
 
-2. Download [udm-boot_1.0.2_all.deb](packages/udm-boot_1.0.2_all.deb) and install it and go back to the UDM
+2. Download [udm-boot_1.1.0_all.deb](packages/udm-boot_1.1.0_all.deb) and install it and go back to the UDM
 
     ```bash
     curl -L https://raw.githubusercontent.com/boostchicken/udm-utilities/master/on-boot-script/packages/udm-boot_1.1.0_all.deb -o udm-boot_1.1.0_all.deb
@@ -100,6 +104,10 @@
 
 ## Version History
 
+### 1.1.0
+
+* move everything into udm-boot container
+
 ### 1.0.2
 
 * Some build improvements and more clean installation

diff --git a/on-boot-script/TODO.md b/on-boot-script/TODO.md
@@ -1,8 +1,4 @@
 # ToDo
 
-* provide a ssh proxy for udm-boot to break out the container.
-  reuse existing from unifi-os ssh_proxy or a customer one. if we reuse it, we need a way to reload the port on unifi-os restart (would require to mount the dir /var/run/ instead of the file /var/run/ssh_proxy_port
-* move udm-boot-services service into the udm-boot container (minimize udm-boot footprint in the unifi-os).
-  requires the ssh proxy solved
 * find a more clean way to preserve services? currently mounting the whole /etc/systemd/system dir.
 * if we will provide cockpit in this package, put it in a container and include at least cockpit-podman package
diff --git a/on-boot-script/dpkg-build-files/debian/install b/on-boot-script/dpkg-build-files/debian/install
@@ -3,4 +3,3 @@ host/install.sh usr/share/udm-boot/host/
 host/uninstall.sh usr/share/udm-boot/host/
 host/udm-boot_arm64.tar usr/share/udm-boot/host/
 udm-boot.service lib/systemd/system/
-udm-boot-script.service lib/systemd/system/
diff --git a/on-boot-script/dpkg-build-files/debian/postinst b/on-boot-script/dpkg-build-files/debian/postinst
@@ -27,11 +27,9 @@ case "$1" in
        /sbin/ssh-proxy '/mnt/data/udm-boot/install.sh'
 
        # enable and start udm-boot
-       echo "Enable udm-boot services"
+       echo "Enable udm-boot service"
        deb-systemd-invoke enable udm-boot.service
-       deb-systemd-invoke enable udm-boot-script.service
        deb-systemd-invoke start udm-boot.service
-       deb-systemd-invoke start udm-boot-script.service
 
        echo ""
        echo ""

diff --git a/on-boot-script/dpkg-build-files/host/install.sh b/on-boot-script/dpkg-build-files/host/install.sh
@@ -27,10 +27,12 @@ podman tag $iid udm-boot
 	--network host \
 	--hostname udm-boot \
 	--name udm-boot \
-	--volume "/sys/fs/cgroup:/sys/fs/cgroup:ro" \
-	--volume "/etc/localtime:/etc/localtime:ro" \
-	--volume "/mnt/data/udm-boot/data/var/lib/containers:/var/lib/containers:rw" \
-	--volume "/mnt/data/udm-boot/data/etc/systemd/system:/etc/systemd/system:rw" \
+	--mount "type=bind,source=/sys/fs/cgroup,target=/sys/fs/cgroup,ro=true" \
+	--mount "type=bind,source=/etc/localtime,target=/etc/localtime,ro=true" \
+	--mount "type=bind,source=/mnt/data/ssh/id_rsa,target=/root/.ssh/id_rsa,ro=true" \
+	--mount "type=bind,source=/var/run,target=/mnt/host_var_run,ro=true" \
+	--mount "type=bind,source=/mnt/data/udm-boot/data/var/lib/containers,target=/var/lib/containers,rw=true" \
+	--mount "type=bind,source=/mnt/data/udm-boot/data/etc/systemd/system,target=/etc/systemd/system,rw=true" \
 	udm-boot
 
 # cleanup and move legacy udm-boot files

diff --git a/on-boot-script/images/Dockerfile.udm-boot b/on-boot-script/images/Dockerfile.udm-boot
@@ -5,6 +5,7 @@ RUN set -ex \
     && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
         procps \
         net-tools \
+        openssh-client \
         vim \
         cockpit \
     && systemctl enable cockpit.socket \
@@ -14,6 +15,16 @@ RUN set -ex \
 
 RUN /bin/bash -c 'echo -e "udm-boot\nudm-boot" |(passwd root)'
 
+# setup ssh proxy
+COPY ssh-proxy /sbin/
+RUN set -ex \
+    && chmod +x /sbin/ssh-proxy
+
+# setup init style script service
+COPY udm-boot-script.service /lib/systemd/system/
+RUN set -ex \
+    && /bin/systemctl enable udm-boot-script.service
+
 VOLUME ["/var/lib/containers", "/etc/systemd/system", "/etc/cni/net.d"]
 
 # cockpit

diff --git a/on-boot-script/images/ssh-proxy b/on-boot-script/images/ssh-proxy
@@ -0,0 +1,2 @@
+#!/bin/sh
+ssh -p "$(cat /mnt/host_var_run/ssh_proxy_port)" -o StrictHostKeyChecking=no -q root@localhost -- "$@"
diff --git a/.../dpkg-build-files/udm-boot-script.service → ...oot-script/images/udm-boot-script.service b/.../dpkg-build-files/udm-boot-script.service → ...oot-script/images/udm-boot-script.service
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/sh
		ssh -p "$(cat /mnt/host_var_run/ssh_proxy_port)" -o StrictHostKeyChecking=no -q root@localhost -- "$@"