forked from aztfmod/rover
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
253 lines (222 loc) · 7.74 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
FROM centos:7 as rover_version
ARG versionRover
RUN echo ${versionRover} > version.txt
# There is no latest git package for centos 7. So building it from source using docker multi-stage builds
# also speed-up sub-sequent builds
###########################################################
# base tools and dependencies
###########################################################
FROM centos:7 as base
RUN yum makecache fast && \
yum -y install \
libtirpc \
python3 \
python3-libs \
python3-pip \
python3-setuptools \
unzip \
bzip2 \
make \
openssh-clients \
openssl \
man \
which && \
yum -y update
###########################################################
# Getting latest version of terraform-docs
###########################################################
FROM golang:1.13 as terraform-docs
ARG versionTerraformDocs
ENV versionTerraformDocs=${versionTerraformDocs}
RUN GO111MODULE="on" go get github.com/terraform-docs/terraform-docs@${versionTerraformDocs}
###########################################################
# Getting latest version of tfsec
###########################################################
FROM golang:1.13 as tfsec
# to force the docker cache to invalidate when there is a new version
RUN env GO111MODULE=on go get -u github.com/tfsec/tfsec/cmd/tfsec
###########################################################
# CAF rover image
###########################################################
FROM base
# Arguments set during docker-compose build -b --build from .env file
ARG versionTerraform
ARG versionAzureCli
ARG versionKubectl
ARG versionTflint
ARG versionGit
ARG versionJq
ARG versionDockerCompose
ARG versionTfsec
ARG versionAnsible
ARG versionPacker
ARG USERNAME=vscode
ARG USER_UID=1000
ARG USER_GID=${USER_UID}
ARG SSH_PASSWD
ENV SSH_PASSWD=${SSH_PASSWD} \
USERNAME=${USERNAME} \
versionTerraform=${versionTerraform} \
versionAzureCli=${versionAzureCli} \
versionKubectl=${versionKubectl} \
versionTflint=${versionTflint} \
versionJq=${versionJq} \
versionGit=${versionGit} \
versionDockerCompose=${versionDockerCompose} \
versionTfsec=${versionTfsec} \
versionAnsible=${versionAnsible} \
versionPacker=${versionPacker} \
TF_DATA_DIR="/home/${USERNAME}/.terraform.cache" \
TF_PLUGIN_CACHE_DIR="/home/${USERNAME}/.terraform.cache/plugin-cache"
RUN yum -y install \
make \
zlib-devel \
curl-devel \
gettext \
bzip2 \
gcc \
unzip \
sudo \
openssh-server && \
#
# Install git from source code
#
echo "Installing git ${versionGit}..." && \
curl -sSL -o /tmp/git.tar.gz https://www.kernel.org/pub/software/scm/git/git-${versionGit}.tar.gz && \
tar xvf /tmp/git.tar.gz -C /tmp && \
cd /tmp/git-${versionGit} && \
./configure --exec-prefix="/usr" && \
make -j && \
make install && \
#
# Install Docker CE CLI.
#
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \
yum -y install docker-ce-cli && \
touch /var/run/docker.sock && \
chmod 666 /var/run/docker.sock && \
#
# Create USERNAME
#
echo "Creating ${USERNAME} user..." && \
useradd --uid $USER_UID -m -G docker ${USERNAME} && \
#
# Install Terraform
#
echo "Installing terraform ${versionTerraform}..." && \
curl -sSL -o /tmp/terraform.zip https://releases.hashicorp.com/terraform/${versionTerraform}/terraform_${versionTerraform}_linux_amd64.zip 2>&1 && \
unzip -d /usr/bin /tmp/terraform.zip && \
chmod +x /usr/bin/terraform && \
mkdir -p /home/${USERNAME}/.terraform.cache/plugin-cache && \
#
# Install Packer
#
echo "Installing Packer ${versionPacker}..." && \
curl -sSL -o /tmp/packer.zip https://releases.hashicorp.com/packer/${versionPacker}/packer_${versionPacker}_linux_amd64.zip 2>&1 && \
unzip -d /usr/local/bin /tmp/packer.zip && \
chmod +x /usr/local/bin/packer && \
#
# Install Docker-Compose - required to rebuild the rover from the rover ;)
#
echo "Installing docker-compose ${versionDockerCompose}..." && \
curl -L -o /usr/bin/docker-compose "https://github.com/docker/compose/releases/download/${versionDockerCompose}/docker-compose-Linux-x86_64" && \
chmod +x /usr/bin/docker-compose && \
#
# Install Azure-cli
#
echo "Installing azure-cli ${versionAzureCli}..." && \
rpm --import https://packages.microsoft.com/keys/microsoft.asc && \
sh -c 'echo -e "[azure-cli] \n\
name=Azure CLI \n\
baseurl=https://packages.microsoft.com/yumrepos/azure-cli \n\
enabled=1 \n\
gpgcheck=1 \n\
gpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/azure-cli.repo' && \
cat /etc/yum.repos.d/azure-cli.repo && \
yum -y install azure-cli-${versionAzureCli} && \
#
# Install kubectl
#
echo "Installing kubectl ${versionKubectl}..." && \
curl -sSL -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/${versionKubectl}/bin/linux/amd64/kubectl && \
chmod +x /usr/bin/kubectl && \
#
# Install Helm
#
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash && \
#
# Install jq
#
echo "Installing jq ${versionJq}..." && \
curl -L -o /usr/bin/jq https://github.com/stedolan/jq/releases/download/jq-${versionJq}/jq-linux64 && \
chmod +x /usr/bin/jq && \
#
# Install tflint
#
echo "Installing tflint ..." && \
curl -sSL -o /tmp/tflint.zip https://github.com/terraform-linters/tflint/releases/download/${versionTflint}/tflint_linux_amd64.zip && \
unzip -d /usr/bin /tmp/tflint.zip && \
chmod +x /usr/bin/tflint && \
#
# Install Ansible
#
echo "Installing Ansible ${versionAnsible}..." && \
pip3 install ansible==${versionAnsible} && \
#
# Install pre-commit
#
echo "Installing pre-commit ..." && \
pip3 install pre-commit && \
#
# Install yq
#
echo "Installing yq ..." && \
pip3 install yq && \
#
# Clean-up
rm -f /tmp/*.zip && rm -f /tmp/*.gz && \
rm -rfd /tmp/git-${versionGit} && \
#
# Create USERNAME home folder structure
#
mkdir -p /tf/caf \
/tf/rover \
/home/${USERNAME}/.ansible \
/home/${USERNAME}/.azure \
/home/${USERNAME}/.gnupg \
/home/${USERNAME}/.packer.d \
/home/${USERNAME}/.ssh \
/home/${USERNAME}/.ssh-localhost \
/home/${USERNAME}/.terraform.cache \
/home/${USERNAME}/.terraform.cache/tfstates \
/home/${USERNAME}/.vscode-server \
/home/${USERNAME}/.vscode-server-insiders && \
chown -R ${USER_UID}:${USER_GID} /home/${USERNAME} /tf/rover /tf/caf && \
chmod 777 -R /home/${USERNAME} /tf/caf /tf/rover && \
chmod 700 /home/${USERNAME}/.ssh && \
echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/${USERNAME} && \
chmod 0440 /etc/sudoers.d/${USERNAME}
# Add Community terraform providers
COPY --from=tfsec /go/bin/tfsec /bin/
COPY --from=terraform-docs /go/bin/terraform-docs /bin/
WORKDIR /tf/rover
COPY ./scripts/rover.sh .
COPY ./scripts/functions.sh .
COPY ./scripts/banner.sh .
COPY ./scripts/clone.sh .
COPY ./scripts/sshd.sh .
COPY --from=rover_version version.txt /tf/rover/version.txt
#
# Switch to ${USERNAME} context
#
USER ${USERNAME}
COPY ./scripts/sshd_config /home/${USERNAME}/.ssh/sshd_config
RUN echo "alias rover=/tf/rover/rover.sh" >> /home/${USERNAME}/.bashrc && \
echo "alias t=/usr/bin/terraform" >> /home/${USERNAME}/.bashrc && \
# chmod +x /tf/rover/sshd.sh && \
#
# ssh server for Azure ACI
#
ssh-keygen -q -N "" -t ecdsa -b 521 -f /home/${USERNAME}/.ssh/ssh_host_ecdsa_key
EXPOSE 22
CMD ["/tf/rover/sshd.sh"]