-
Notifications
You must be signed in to change notification settings - Fork 3
/
Containerfile
39 lines (30 loc) · 1.49 KB
/
Containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
FROM docker.io/openfoam/openfoam9-paraview56:9
ARG port=2222
USER root
RUN apt-get -y update \
&& apt-get -y install git curl wget openssh-server openssh-client \
&& rm -rf /var/lib/apt/lists/*
# Add priviledge separation directoy to run sshd as root.
RUN mkdir -p /var/run/sshd
# Add capability to run sshd as non-root.
RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/sbin/sshd
# Allow OpenSSH to talk to containers without asking for confirmation
# by disabling StrictHostKeyChecking.
# mpi-operator mounts the .ssh folder from a Secret. For that to work, we need
# to disable UserKnownHostsFile to avoid write permissions.
# Disabling StrictModes avoids directory and files read permission checks.
RUN sed -i "s/[ #]\(.*StrictHostKeyChecking \).*/ \1no/g" /etc/ssh/ssh_config \
&& echo " UserKnownHostsFile /dev/null" >> /etc/ssh/ssh_config \
&& sed -i "s/[ #]\(.*Port \).*/ \1$port/g" /etc/ssh/ssh_config \
&& sed -i "s/#\(StrictModes \).*/\1no/g" /etc/ssh/sshd_config \
&& sed -i "s/#\(Port \).*/\1$port/g" /etc/ssh/sshd_config
#RUN useradd -m mpiuser -g 0 && chmod 775 /home/mpiuser
#RUN usermod -g 0 openfoam && chmod 775 /home/openfoam
WORKDIR /home/openfoam
# Configurations for running sshd as non-root.
COPY --chown=openfoam sshd_config .sshd_config
COPY --chown=openfoam bashrc .bashrc
RUN echo "Port $port" >> /home/openfoam/.sshd_config
RUN echo " UserKnownHostsFile /dev/null" >> /etc/ssh/ssh_config && \
sed -i 's/#\(StrictModes \).*/\1no/g' /etc/ssh/sshd_config
USER openfoam