-
Notifications
You must be signed in to change notification settings - Fork 3
/
startup.sh
executable file
·74 lines (55 loc) · 2.08 KB
/
startup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#! /bin/bash
# avoid repeating file actions when restarting container:
if ! grep -q ^ocrd: /etc/passwd; then
cat /authorized_keys >>/.ssh/authorized_keys
cat /id_rsa >>/.ssh/id_rsa
# Add ocrd controller as global and known_hosts if env exist
if [ -n "$CONTROLLER" ]; then
CONTROLLER_HOST=${CONTROLLER%:*}
CONTROLLER_PORT=${CONTROLLER#*:}
# wait for OCR-D Controller container
wait-for-it.sh -t 120 -h $CONTROLLER_HOST -p ${CONTROLLER_PORT:-22}
CONTROLLER_IP=$(nslookup $CONTROLLER_HOST | grep 'Address\:' | awk 'NR==2 {print $2}')
if test -e /etc/ssh/ssh_known_hosts; then
ssh-keygen -R $CONTROLLER_HOST -f /etc/ssh/ssh_known_hosts
ssh-keygen -R $CONTROLLER_IP -f /etc/ssh/ssh_known_hosts
fi
ssh-keyscan -H -p ${CONTROLLER_PORT:-22} $CONTROLLER_HOST,$CONTROLLER_IP >>/etc/ssh/ssh_known_hosts
# tilde syntax for HOME dir in ssh_config does not work for root for some reason
cat <<EOF >> /etc/ssh/ssh_config
IdentityFile /.ssh/id_rsa
IdentityFile /.ssh/id_dsa
IdentityFile /.ssh/id_ecdsa
IdentityFile /.ssh/id_ed25519
EOF
fi
# turn off the login banner
> /.hushlogin
set | fgrep -ve BASH >/.ssh/environment
# /.ssh/rc autorun script when account is accessed by ssh
echo "cd /data" >>/.ssh/rc
# create user specific umask
echo "umask $UMASK" >>/.ssh/rc
# removes read/write/execute permissions from group and others, but preserves whatever permissions the owner had
chmod go-rwx /.ssh/*
# set owner and group
chown -R $UID:$GID /.ssh
# set login information for SSH user
echo ocrd:x:$UID:$GID:SSH user:/:/bin/bash >>/etc/passwd
# save password informations
echo ocrd:*:19020:0:99999:7::: >>/etc/shadow
# Replace imklog to prevent starting problems of rsyslog
/bin/sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
# rsyslog upd reception on port 514
/bin/sed -i '/imudp/s/^#//' /etc/rsyslog.conf
fi
# start syslog
service rsyslog start
# start ssh as daemon and send output to standard error
#/usr/sbin/sshd -D -e
service ssh start
# start REST webservice
socat -d -ly TCP-LISTEN:4004,reuseaddr,fork,pf=ip4 exec:sampo.sh &
sleep 2
# connect syslog to container stdout
tail -f /var/log/syslog