From f949cfb339c8fe6d761b77082f87b1e56c70fbd3 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 8 Feb 2024 14:52:59 +0000 Subject: [PATCH 01/21] add ssh support Signed-off-by: vitaliy-guliy --- .../pr-check-build-che-code-image.yaml | 182 +++++++++--------- ...yaml => smoke-test-pr-check.yaml.disabled} | 0 build/dockerfiles/dev.ssh.Dockerfile | 66 +++++++ 3 files changed, 157 insertions(+), 91 deletions(-) rename .github/workflows/{smoke-test-pr-check.yaml => smoke-test-pr-check.yaml.disabled} (100%) create mode 100644 build/dockerfiles/dev.ssh.Dockerfile diff --git a/.github/workflows/pr-check-build-che-code-image.yaml b/.github/workflows/pr-check-build-che-code-image.yaml index 7ebb8470bf2..89d2a4e0308 100644 --- a/.github/workflows/pr-check-build-che-code-image.yaml +++ b/.github/workflows/pr-check-build-che-code-image.yaml @@ -16,96 +16,96 @@ name: Pull Request Check on: [pull_request] jobs: - build: - name: build - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - matrix: - dist: [ 'musl', 'libc' ] - arch: ['amd64'] - steps: - - - name: Checkout che-code source code - uses: actions/checkout@v3 - - - name: Compile che-code - run: | - docker buildx build \ - --platform linux/${{matrix.arch}} \ - --progress=plain \ - -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile \ - -t linux-${{matrix.dist}}-${{matrix.arch}} . - - - name: Upload image - uses: ishworkh/docker-image-artifact-upload@v1 - with: - image: "linux-${{matrix.dist}}-${{matrix.arch}}" - - assemble: - name: assemble - runs-on: ubuntu-22.04 - needs: build - steps: - - - name: Checkout che-code source code - uses: actions/checkout@v3 - - - name: Cleanup docker images - run: | - docker system prune -af - - - name: Download linux-libc-amd64 image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "linux-libc-amd64" - - - name: Download linux-musl-amd64 image - uses: ishworkh/docker-image-artifact-download@v1 - with: - image: "linux-musl-amd64" - - - name: Login to Quay.io - uses: docker/login-action@v2 - with: - registry: quay.io - username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} - password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} - - - name: Display docker images - run: | - docker images - - - name: Assemble che-code - run: | - PR_NUMBER="${{ github.event.number }}" - echo "Pull request $PR_NUMBER" - - IMAGE_NAME="quay.io/che-incubator-pull-requests/che-code:pr-$PR_NUMBER-amd64" - echo "_IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV - - docker buildx build \ - --platform linux/amd64 \ - --progress=plain \ - --push \ - -f build/dockerfiles/assembly.Dockerfile \ - -t ${IMAGE_NAME} . - - - name: Display docker images (final) - run: | - docker images - - - name: 'Comment PR' - uses: actions/github-script@v6 - with: - script: | - const { repo: { owner, repo } } = context; - await github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `Pull Request Che-Code image published:\nšŸ‘‰ [${process.env._IMAGE_NAME}](https://${process.env._IMAGE_NAME})` - }) + # build: + # name: build + # runs-on: ubuntu-22.04 + # strategy: + # fail-fast: false + # matrix: + # dist: [ 'musl', 'libc' ] + # arch: ['amd64'] + # steps: + + # - name: Checkout che-code source code + # uses: actions/checkout@v3 + + # - name: Compile che-code + # run: | + # docker buildx build \ + # --platform linux/${{matrix.arch}} \ + # --progress=plain \ + # -f build/dockerfiles/linux-${{matrix.dist}}.Dockerfile \ + # -t linux-${{matrix.dist}}-${{matrix.arch}} . + + # - name: Upload image + # uses: ishworkh/docker-image-artifact-upload@v1 + # with: + # image: "linux-${{matrix.dist}}-${{matrix.arch}}" + + # assemble: + # name: assemble + # runs-on: ubuntu-22.04 + # needs: build + # steps: + + # - name: Checkout che-code source code + # uses: actions/checkout@v3 + + # - name: Cleanup docker images + # run: | + # docker system prune -af + + # - name: Download linux-libc-amd64 image + # uses: ishworkh/docker-image-artifact-download@v1 + # with: + # image: "linux-libc-amd64" + + # - name: Download linux-musl-amd64 image + # uses: ishworkh/docker-image-artifact-download@v1 + # with: + # image: "linux-musl-amd64" + + # - name: Login to Quay.io + # uses: docker/login-action@v2 + # with: + # registry: quay.io + # username: ${{ secrets.QUAY_PULL_REQUESTS_USERNAME }} + # password: ${{ secrets.QUAY_PULL_REQUESTS_PASSWORD }} + + # - name: Display docker images + # run: | + # docker images + + # - name: Assemble che-code + # run: | + # PR_NUMBER="${{ github.event.number }}" + # echo "Pull request $PR_NUMBER" + + # IMAGE_NAME="quay.io/che-incubator-pull-requests/che-code:pr-$PR_NUMBER-amd64" + # echo "_IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV + + # docker buildx build \ + # --platform linux/amd64 \ + # --progress=plain \ + # --push \ + # -f build/dockerfiles/assembly.Dockerfile \ + # -t ${IMAGE_NAME} . + + # - name: Display docker images (final) + # run: | + # docker images + + # - name: 'Comment PR' + # uses: actions/github-script@v6 + # with: + # script: | + # const { repo: { owner, repo } } = context; + # await github.rest.issues.createComment({ + # issue_number: context.issue.number, + # owner: context.repo.owner, + # repo: context.repo.repo, + # body: `Pull Request Che-Code image published:\nšŸ‘‰ [${process.env._IMAGE_NAME}](https://${process.env._IMAGE_NAME})` + # }) dev: name: dev @@ -135,7 +135,7 @@ jobs: --platform linux/amd64 \ --progress=plain \ --push \ - -f build/dockerfiles/dev.Dockerfile \ + -f build/dockerfiles/dev.ssh.Dockerfile \ -t ${DEV_IMAGE_NAME} . - name: Display docker images diff --git a/.github/workflows/smoke-test-pr-check.yaml b/.github/workflows/smoke-test-pr-check.yaml.disabled similarity index 100% rename from .github/workflows/smoke-test-pr-check.yaml rename to .github/workflows/smoke-test-pr-check.yaml.disabled diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile new file mode 100644 index 00000000000..424e2e98a16 --- /dev/null +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -0,0 +1,66 @@ +# Copyright (c) 2022 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +FROM quay.io/devfile/universal-developer-image:latest + +# USER 0 + +# RUN dnf -y install libsecret libX11-devel libxkbcommon \ +# "https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/libsecret-devel-0.18.6-1.el8.x86_64.rpm" \ +# "https://rpmfind.net/linux/centos/8-stream/AppStream/x86_64/os/Packages/libxkbfile-1.1.0-1.el8.x86_64.rpm" \ +# "https://rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/libxkbfile-devel-1.1.0-1.el8.x86_64.rpm" \ +# "https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/zsh-5.5.1-6.el8_1.2.x86_64.rpm" \ +# util-linux-user && \ +# dnf -y clean all --enablerepo='*' + +# COPY --chmod=664 /build/conf/dev/.p10k.zsh /home/user/.p10k.zsh + +# # zsh support +# RUN wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O - | zsh && \ +# cp $HOME/.oh-my-zsh/templates/zshrc.zsh-template $HOME/.zshrc && \ +# chsh -s $(which zsh) root && \ +# git clone --depth=1 https://github.com/romkatv/powerlevel10k.git $HOME/.oh-my-zsh/custom/themes/powerlevel10k && \ +# git clone --depth=1 https://github.com/zsh-users/zsh-autosuggestions $HOME/.oh-my-zsh/custom/plugins/zsh-autosuggestions && \ +# sed -i 's|\(ZSH_THEME="\).*|\1powerlevel10k/powerlevel10k"|' $HOME/.zshrc && \ +# # Add zsh autosuggestions plug-in +# sed -i 's|plugins=(\(.*\))|plugins=(\1 zsh-autosuggestions)|' $HOME/.zshrc && \ +# echo "[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh" >> $HOME/.zshrc +# ENV ZSH_DISABLE_COMPFIX="true" + +# USER 10001 + +# ENV NODEJS_VERSION=18.18.2 + +# ENV ELECTRON_SKIP_BINARY_DOWNLOAD=1 \ +# PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=0 \ +# PATH=$NVM_DIR/versions/node/v$NODEJS_VERSION/bin:$PATH + +# RUN source $NVM_DIR/nvm.sh && \ +# nvm install v$NODEJS_VERSION && \ +# nvm alias default v$NODEJS_VERSION && \ +# nvm use v$NODEJS_VERSION + +# USER 0 +# RUN npm install --global npm@9.7.2 yarn@v1 node-gyp@9 + +# # Set permissions on /home/user/.cache to allow the user to write +# RUN yarn global add node-gyp@9 +# RUN chgrp -R 0 /home/user/.cache && chmod -R g=u /home/user/.cache + +# USER 10001 + +USER 0 + +RUN dnf -y install libsecret openssh-server && \ + dnf -y clean all --enablerepo='*' + +USER 10001 + +RUN echo "============================================================" && \ + ls -la /home && \ + echo "============================================================" From 9ed6524f9e9591a9fcb69a2f2369e37622011754 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Thu, 8 Feb 2024 14:55:04 +0000 Subject: [PATCH 02/21] add ssh support Signed-off-by: vitaliy-guliy --- build/dockerfiles/dev.ssh.Dockerfile | 46 ---------------------------- 1 file changed, 46 deletions(-) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index 424e2e98a16..a07f612dc38 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -8,52 +8,6 @@ FROM quay.io/devfile/universal-developer-image:latest -# USER 0 - -# RUN dnf -y install libsecret libX11-devel libxkbcommon \ -# "https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/libsecret-devel-0.18.6-1.el8.x86_64.rpm" \ -# "https://rpmfind.net/linux/centos/8-stream/AppStream/x86_64/os/Packages/libxkbfile-1.1.0-1.el8.x86_64.rpm" \ -# "https://rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/libxkbfile-devel-1.1.0-1.el8.x86_64.rpm" \ -# "https://rpmfind.net/linux/centos/8-stream/BaseOS/x86_64/os/Packages/zsh-5.5.1-6.el8_1.2.x86_64.rpm" \ -# util-linux-user && \ -# dnf -y clean all --enablerepo='*' - -# COPY --chmod=664 /build/conf/dev/.p10k.zsh /home/user/.p10k.zsh - -# # zsh support -# RUN wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O - | zsh && \ -# cp $HOME/.oh-my-zsh/templates/zshrc.zsh-template $HOME/.zshrc && \ -# chsh -s $(which zsh) root && \ -# git clone --depth=1 https://github.com/romkatv/powerlevel10k.git $HOME/.oh-my-zsh/custom/themes/powerlevel10k && \ -# git clone --depth=1 https://github.com/zsh-users/zsh-autosuggestions $HOME/.oh-my-zsh/custom/plugins/zsh-autosuggestions && \ -# sed -i 's|\(ZSH_THEME="\).*|\1powerlevel10k/powerlevel10k"|' $HOME/.zshrc && \ -# # Add zsh autosuggestions plug-in -# sed -i 's|plugins=(\(.*\))|plugins=(\1 zsh-autosuggestions)|' $HOME/.zshrc && \ -# echo "[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh" >> $HOME/.zshrc -# ENV ZSH_DISABLE_COMPFIX="true" - -# USER 10001 - -# ENV NODEJS_VERSION=18.18.2 - -# ENV ELECTRON_SKIP_BINARY_DOWNLOAD=1 \ -# PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=0 \ -# PATH=$NVM_DIR/versions/node/v$NODEJS_VERSION/bin:$PATH - -# RUN source $NVM_DIR/nvm.sh && \ -# nvm install v$NODEJS_VERSION && \ -# nvm alias default v$NODEJS_VERSION && \ -# nvm use v$NODEJS_VERSION - -# USER 0 -# RUN npm install --global npm@9.7.2 yarn@v1 node-gyp@9 - -# # Set permissions on /home/user/.cache to allow the user to write -# RUN yarn global add node-gyp@9 -# RUN chgrp -R 0 /home/user/.cache && chmod -R g=u /home/user/.cache - -# USER 10001 - USER 0 RUN dnf -y install libsecret openssh-server && \ From 5f9639d0619accec1f4acce60099d7c8586a2114 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 16:30:56 +0000 Subject: [PATCH 03/21] update dockerfile Signed-off-by: vitaliy-guliy --- build/dockerfiles/dev.ssh.Dockerfile | 86 ++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index a07f612dc38..ec876c54325 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -13,6 +13,92 @@ USER 0 RUN dnf -y install libsecret openssh-server && \ dnf -y clean all --enablerepo='*' +# Follow the sample https://www.golinuxcloud.com/run-sshd-as-non-root-user-without-sudo/ + +# Step 1. Generate SSH Host keys + +RUN mkdir /opt/ssh +RUN echo "test1" > /tmp/test1 + +RUN ssh-keygen -q -N "" -t dsa -f /opt/ssh/ssh_host_dsa_key && \ + ssh-keygen -q -N "" -t rsa -b 4096 -f /opt/ssh/ssh_host_rsa_key && \ + ssh-keygen -q -N "" -t ecdsa -f /opt/ssh/ssh_host_ecdsa_key && \ + ssh-keygen -q -N "" -t ed25519 -f /opt/ssh/ssh_host_ed25519_key + +RUN ls -l /opt/ssh/ + +# Step 2. Configure SSHH as non-root user + +RUN cp /etc/ssh/sshd_config /opt/ssh/ + +# Use a non-privileged port +RUN sed -i 's|#Port 22|Port 2022|' /opt/ssh/sshd_config + +# provide the new path containing these host keys +RUN sed -i 's|HostKey /etc/ssh/ssh_host_rsa_key|HostKey /opt/ssh/ssh_host_rsa_key|' /opt/ssh/sshd_config +RUN sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey /opt/ssh/ssh_host_ecdsa_key|' /opt/ssh/sshd_config +RUN sed -i 's|HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /opt/ssh/ssh_host_ed25519_key|' /opt/ssh/sshd_config + +RUN sed -i 's|#PubkeyAuthentication yes|PubkeyAuthentication yes|' /opt/ssh/sshd_config + +# Enable DEBUG log. You can ignore this but this may help you debug any issue while enabling SSHD for the first time +RUN sed -i 's|#LogLevel INFO|LogLevel DEBUG3|' /opt/ssh/sshd_config + +RUN sed -i 's|#StrictModes yes|StrictModes=no|' /opt/ssh/sshd_config + + +# Provide a path to store PID file which is accessible by normal user for write purpose +RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/sshd_config + + +# Step 3. Confiure SSHD as systemd service + +COPY --chown=0:0 sshd.start / +COPY --chown=0:0 sshd.stop / + + +# Step 4. Fix permissions +# RUN chmod 600 /opt/ssh/* +# RUN chmod 644 /opt/ssh/sshd_config +# RUN chown -R user. /opt/ssh/ + +RUN chmod 644 /opt/ssh/* +RUN chmod 664 /opt/ssh/sshd_config +RUN chown -R user:root /opt/ssh/ + +RUN chmod 774 /opt/ssh + + +# ================================================================================================== + +# Authentication refused: bad ownership or modes for directory /home/user + + +RUN mkdir /user-ssh2 && \ + chown user:user /user-ssh2 && \ + chmod 777 /user-ssh2 + +RUN mkdir /home/user/.ssh +RUN chown user:user /home/user/.ssh + +RUN mkdir /user-ssh && \ + ssh-keygen -q -N "" -t ed25519 -f /user-ssh/id_ed25519 && \ + cp /user-ssh/id_ed25519.pub /user-ssh/authorized_keys + +RUN chown user:root /user-ssh +RUN chown user:root /user-ssh/id_ed25519 +RUN chown user:root /user-ssh/id_ed25519.pub +RUN chown user:root /user-ssh/authorized_keys + +RUN chmod 770 /user-ssh +RUN chmod 644 /user-ssh/id_ed25519 +RUN chmod 644 /user-ssh/id_ed25519.pub +RUN chmod 644 /user-ssh/authorized_keys + +# ================================================================================================== + + + USER 10001 RUN echo "============================================================" && \ From a120b990f444d0de18e8dafb49bca57ce82ce34e Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 16:36:09 +0000 Subject: [PATCH 04/21] add scripts to start and stop the ssh service --- build/dockerfiles/dev.ssh.Dockerfile | 4 ++-- build/sshd.start | 3 +++ build/sshd.stop | 3 +++ 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100755 build/sshd.start create mode 100755 build/sshd.stop diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index ec876c54325..8e479c4c440 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -53,8 +53,8 @@ RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/ss # Step 3. Confiure SSHD as systemd service -COPY --chown=0:0 sshd.start / -COPY --chown=0:0 sshd.stop / +COPY --chown=0:0 /build/sshd.start / +COPY --chown=0:0 /build/sshd.stop / # Step 4. Fix permissions diff --git a/build/sshd.start b/build/sshd.start new file mode 100755 index 00000000000..0d7373ef415 --- /dev/null +++ b/build/sshd.start @@ -0,0 +1,3 @@ +#!/bin/bash + +/usr/sbin/sshd -D -f /opt/ssh/sshd_config -E /tmp/sshd.log diff --git a/build/sshd.stop b/build/sshd.stop new file mode 100755 index 00000000000..8838a498e68 --- /dev/null +++ b/build/sshd.stop @@ -0,0 +1,3 @@ +#!/bin/bash + +/usr/sbin/sshd -t -f /opt/ssh/sshd_config -E /tmp/sshd.log From f5a845241f328b42084f541f5f59760e012fdd93 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 17:21:27 +0000 Subject: [PATCH 05/21] add sample devfiles Signed-off-by: vitaliy-guliy --- devfile.pr-327.simple.yaml | 104 +++++++++++++++++++++++++++++++++++++ devfile.pr-327.yaml | 95 +++++++++++++++++++++++++++++++++ devfile.yaml | 1 + 3 files changed, 200 insertions(+) create mode 100644 devfile.pr-327.simple.yaml create mode 100644 devfile.pr-327.yaml diff --git a/devfile.pr-327.simple.yaml b/devfile.pr-327.simple.yaml new file mode 100644 index 00000000000..5531ee3218b --- /dev/null +++ b/devfile.pr-327.simple.yaml @@ -0,0 +1,104 @@ +# +# Copyright (c) 2022 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +schemaVersion: 2.1.0 +metadata: + name: che-code + +projects: + - name: che-code + git: + remotes: + origin: https://github.com/vitaliy-guliy/recommended-extensions-sample + checkoutFrom: + revision: master + +components: + + - name: dev + container: + image: quay.io/che-incubator-pull-requests/che-code-dev:pr-327-dev-amd64 + memoryLimit: 12Gi + memoryRequest: 512Mi + cpuRequest: 500m + cpuLimit: 3500m + endpoints: + - exposure: public + name: dev + secure: true + protocol: http + targetPort: 8000 + + - name: projects + volume: + size: 7Gi + +commands: + - id: yarn-prepare + exec: + label: Install node dependencies + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + yarn prepare + group: + kind: build + + - id: yarn-build + exec: + label: Compile with Yarn + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + yarn watch + group: + kind: build + isDefault: true + + - id: yarn-run + exec: + label: Run VS Code server on port 8000 + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + yarn server + group: + kind: run + isDefault: true + + - id: podman-compile-libc + exec: + label: Compile che-code in a container using Podman + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + echo "Compile libc mod" + cp -f build/dockerfiles/linux-libc.Dockerfile build/dockerfiles/linux-libc.no-test.Dockerfile + REMOVE_FROM="### Beginning of tests" + REMOVE_TO="### Ending of tests" + sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/d" build/dockerfiles/linux-libc.no-test.Dockerfile + podman build -f build/dockerfiles/linux-libc.no-test.Dockerfile -t linux-libc-amd64 . + group: + kind: run + + - id: podman-assemble-che-code + exec: + label: Build che-code image using Podman + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + echo "Build che-code image" + cp -f build/dockerfiles/assembly.Dockerfile build/dockerfiles/assembly.libc.Dockerfile + REPLACE="FROM linux-musl-amd64 as linux-musl-content" + sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile + REPLACE="COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl" + sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile + podman build -f build/dockerfiles/assembly.libc.Dockerfile -t che-code . + group: + kind: run diff --git a/devfile.pr-327.yaml b/devfile.pr-327.yaml new file mode 100644 index 00000000000..209029d6343 --- /dev/null +++ b/devfile.pr-327.yaml @@ -0,0 +1,95 @@ +# +# Copyright (c) 2022 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# + +schemaVersion: 2.1.0 +metadata: + name: che-code +components: + + - name: dev + container: + image: quay.io/che-incubator-pull-requests/che-code-dev:pr-327-dev-amd64 + memoryLimit: 12Gi + memoryRequest: 512Mi + cpuRequest: 500m + cpuLimit: 3500m + endpoints: + - exposure: public + name: dev + secure: true + protocol: http + targetPort: 8000 + + - name: projects + volume: + size: 7Gi + +commands: + - id: yarn-prepare + exec: + label: Install node dependencies + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + yarn prepare + group: + kind: build + + - id: yarn-build + exec: + label: Compile with Yarn + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + yarn watch + group: + kind: build + isDefault: true + + - id: yarn-run + exec: + label: Run VS Code server on port 8000 + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + yarn server + group: + kind: run + isDefault: true + + - id: podman-compile-libc + exec: + label: Compile che-code in a container using Podman + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + echo "Compile libc mod" + cp -f build/dockerfiles/linux-libc.Dockerfile build/dockerfiles/linux-libc.no-test.Dockerfile + REMOVE_FROM="### Beginning of tests" + REMOVE_TO="### Ending of tests" + sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/d" build/dockerfiles/linux-libc.no-test.Dockerfile + podman build -f build/dockerfiles/linux-libc.no-test.Dockerfile -t linux-libc-amd64 . + group: + kind: run + + - id: podman-assemble-che-code + exec: + label: Build che-code image using Podman + component: dev + workingDir: ${PROJECTS_ROOT}/che-code + commandLine: | + echo "Build che-code image" + cp -f build/dockerfiles/assembly.Dockerfile build/dockerfiles/assembly.libc.Dockerfile + REPLACE="FROM linux-musl-amd64 as linux-musl-content" + sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile + REPLACE="COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl" + sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile + podman build -f build/dockerfiles/assembly.libc.Dockerfile -t che-code . + group: + kind: run diff --git a/devfile.yaml b/devfile.yaml index 14479042904..ccd7c79b7cc 100644 --- a/devfile.yaml +++ b/devfile.yaml @@ -10,6 +10,7 @@ schemaVersion: 2.1.0 metadata: name: che-code + components: - name: dev From 6f5b1aad9176101602bda00ab348c7316301d2e7 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 17:57:38 +0000 Subject: [PATCH 06/21] update devfile --- devfile.pr-327.simple.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devfile.pr-327.simple.yaml b/devfile.pr-327.simple.yaml index 5531ee3218b..c5c0c26c961 100644 --- a/devfile.pr-327.simple.yaml +++ b/devfile.pr-327.simple.yaml @@ -9,10 +9,10 @@ schemaVersion: 2.1.0 metadata: - name: che-code + name: ssh-test projects: - - name: che-code + - name: recommended-extensions-sample git: remotes: origin: https://github.com/vitaliy-guliy/recommended-extensions-sample From 8a5edbda1da8fedee21e36787d816636ff3ec30c Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 19:16:44 +0000 Subject: [PATCH 07/21] configure ssh keys for the user Signed-off-by: vitaliy-guliy --- build/dockerfiles/dev.ssh.Dockerfile | 2 ++ build/scripts/entrypoint.sh | 5 +++++ build/sshd.connect | 6 ++++++ 3 files changed, 13 insertions(+) create mode 100755 build/sshd.connect diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index 8e479c4c440..d10de2d574f 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -40,6 +40,7 @@ RUN sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|HostKey /opt/ssh/ssh_host_ecds RUN sed -i 's|HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /opt/ssh/ssh_host_ed25519_key|' /opt/ssh/sshd_config RUN sed -i 's|#PubkeyAuthentication yes|PubkeyAuthentication yes|' /opt/ssh/sshd_config +RUN sed -i 's|AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile /home/user/ssh/authorized_keys|' /opt/ssh/sshd_config # Enable DEBUG log. You can ignore this but this may help you debug any issue while enabling SSHD for the first time RUN sed -i 's|#LogLevel INFO|LogLevel DEBUG3|' /opt/ssh/sshd_config @@ -55,6 +56,7 @@ RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/ss COPY --chown=0:0 /build/sshd.start / COPY --chown=0:0 /build/sshd.stop / +COPY --chown=0:0 /build/sshd.connect / # Step 4. Fix permissions diff --git a/build/scripts/entrypoint.sh b/build/scripts/entrypoint.sh index 6a632aca214..c21b942e88a 100755 --- a/build/scripts/entrypoint.sh +++ b/build/scripts/entrypoint.sh @@ -39,3 +39,8 @@ if [ -n "$libc" ]; then else /checode-linux-libc/node /checode-linux-libc/out/server-main.js --host "${CODE_HOST}" --port 3100 fi + +# should prepare ssh keys +mkdir -p /home/user/ssh +ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key +cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys diff --git a/build/sshd.connect b/build/sshd.connect new file mode 100755 index 00000000000..412978ef6d7 --- /dev/null +++ b/build/sshd.connect @@ -0,0 +1,6 @@ +#!/bin/bash + +rm -rf /home/user/.ssh +mkdir -p /home/user/.ssh + +ssh -l user -p 2022 -i /home/user/ssh/host_ed25519_key 127.0.0.1 From 4b66e85398f53df73d7f1ced042d5347a86a52e5 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 19:42:05 +0000 Subject: [PATCH 08/21] generate key in the entrypoint --- build/scripts/entrypoint-volume.sh | 6 ++++++ build/scripts/entrypoint.sh | 5 ----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/build/scripts/entrypoint-volume.sh b/build/scripts/entrypoint-volume.sh index 8524d7b70b1..5e13a3c62a7 100755 --- a/build/scripts/entrypoint-volume.sh +++ b/build/scripts/entrypoint-volume.sh @@ -19,6 +19,12 @@ if ! whoami &> /dev/null; then fi fi +# should prepare ssh keys +mkdir -p /home/user/ssh +ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key +cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys + + # list checode ls -la /checode/ diff --git a/build/scripts/entrypoint.sh b/build/scripts/entrypoint.sh index c21b942e88a..6a632aca214 100755 --- a/build/scripts/entrypoint.sh +++ b/build/scripts/entrypoint.sh @@ -39,8 +39,3 @@ if [ -n "$libc" ]; then else /checode-linux-libc/node /checode-linux-libc/out/server-main.js --host "${CODE_HOST}" --port 3100 fi - -# should prepare ssh keys -mkdir -p /home/user/ssh -ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key -cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys From a2e5008c7412687a1ad5d20425a87994c48ee9de Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 20:46:50 +0000 Subject: [PATCH 09/21] cleanup dockerfile Signed-off-by: vitaliy-guliy --- build/dockerfiles/dev.ssh.Dockerfile | 36 ---------------------------- 1 file changed, 36 deletions(-) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index d10de2d574f..ec4e17ce9b2 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -53,54 +53,18 @@ RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/ss # Step 3. Confiure SSHD as systemd service - COPY --chown=0:0 /build/sshd.start / COPY --chown=0:0 /build/sshd.stop / COPY --chown=0:0 /build/sshd.connect / # Step 4. Fix permissions -# RUN chmod 600 /opt/ssh/* -# RUN chmod 644 /opt/ssh/sshd_config -# RUN chown -R user. /opt/ssh/ - RUN chmod 644 /opt/ssh/* RUN chmod 664 /opt/ssh/sshd_config RUN chown -R user:root /opt/ssh/ RUN chmod 774 /opt/ssh - -# ================================================================================================== - -# Authentication refused: bad ownership or modes for directory /home/user - - -RUN mkdir /user-ssh2 && \ - chown user:user /user-ssh2 && \ - chmod 777 /user-ssh2 - -RUN mkdir /home/user/.ssh -RUN chown user:user /home/user/.ssh - -RUN mkdir /user-ssh && \ - ssh-keygen -q -N "" -t ed25519 -f /user-ssh/id_ed25519 && \ - cp /user-ssh/id_ed25519.pub /user-ssh/authorized_keys - -RUN chown user:root /user-ssh -RUN chown user:root /user-ssh/id_ed25519 -RUN chown user:root /user-ssh/id_ed25519.pub -RUN chown user:root /user-ssh/authorized_keys - -RUN chmod 770 /user-ssh -RUN chmod 644 /user-ssh/id_ed25519 -RUN chmod 644 /user-ssh/id_ed25519.pub -RUN chmod 644 /user-ssh/authorized_keys - -# ================================================================================================== - - - USER 10001 RUN echo "============================================================" && \ From 001a1a93ca65635846ccea25cd0d67846cbf3c32 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Fri, 9 Feb 2024 20:57:58 +0000 Subject: [PATCH 10/21] generate ssh key when strating the service Signed-off-by: vitaliy-guliy --- build/scripts/entrypoint-volume.sh | 6 ------ build/sshd.start | 6 ++++++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build/scripts/entrypoint-volume.sh b/build/scripts/entrypoint-volume.sh index 5e13a3c62a7..8524d7b70b1 100755 --- a/build/scripts/entrypoint-volume.sh +++ b/build/scripts/entrypoint-volume.sh @@ -19,12 +19,6 @@ if ! whoami &> /dev/null; then fi fi -# should prepare ssh keys -mkdir -p /home/user/ssh -ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key -cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys - - # list checode ls -la /checode/ diff --git a/build/sshd.start b/build/sshd.start index 0d7373ef415..acc44f1f686 100755 --- a/build/sshd.start +++ b/build/sshd.start @@ -1,3 +1,9 @@ #!/bin/bash +# should prepare ssh keys +rm -rf /home/user/ssh +mkdir -p /home/user/ssh +ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key +cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys + /usr/sbin/sshd -D -f /opt/ssh/sshd_config -E /tmp/sshd.log From c4518855ae032a9950d1765c811d28933d0c997f Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 10:16:25 +0000 Subject: [PATCH 11/21] inherit test image --- build/dockerfiles/dev.ssh.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index ec4e17ce9b2..a72fb4b0534 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -6,7 +6,8 @@ # SPDX-License-Identifier: EPL-2.0 # -FROM quay.io/devfile/universal-developer-image:latest +# FROM quay.io/devfile/universal-developer-image:latest +FROM quay.io/vgulyy/universal-developer-image:sshd USER 0 @@ -18,7 +19,6 @@ RUN dnf -y install libsecret openssh-server && \ # Step 1. Generate SSH Host keys RUN mkdir /opt/ssh -RUN echo "test1" > /tmp/test1 RUN ssh-keygen -q -N "" -t dsa -f /opt/ssh/ssh_host_dsa_key && \ ssh-keygen -q -N "" -t rsa -b 4096 -f /opt/ssh/ssh_host_rsa_key && \ From d2dd4d9e7ad2233aea8637505929da82b524fe24 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 10:51:18 +0000 Subject: [PATCH 12/21] update dockerfile --- build/dockerfiles/dev.ssh.Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index a72fb4b0534..33f45013f24 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -6,8 +6,8 @@ # SPDX-License-Identifier: EPL-2.0 # -# FROM quay.io/devfile/universal-developer-image:latest -FROM quay.io/vgulyy/universal-developer-image:sshd +FROM quay.io/devfile/universal-developer-image:latest +# FROM quay.io/vgulyy/universal-developer-image:sshd USER 0 @@ -51,6 +51,8 @@ RUN sed -i 's|#StrictModes yes|StrictModes=no|' /opt/ssh/sshd_config # Provide a path to store PID file which is accessible by normal user for write purpose RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/sshd_config +RUN echo > /etc/security/access.conf && \ + echo "-:ALL:EXCEPT root user" > /etc/security/access.conf # Step 3. Confiure SSHD as systemd service COPY --chown=0:0 /build/sshd.start / From d3a7ce7cd53f5a5cd7f42d25ddc76b7b2ba27fea Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 11:47:18 +0000 Subject: [PATCH 13/21] update dockerfile --- build/dockerfiles/dev.ssh.Dockerfile | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index 33f45013f24..035c9098c19 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -7,7 +7,6 @@ # FROM quay.io/devfile/universal-developer-image:latest -# FROM quay.io/vgulyy/universal-developer-image:sshd USER 0 @@ -52,7 +51,7 @@ RUN sed -i 's|#StrictModes yes|StrictModes=no|' /opt/ssh/sshd_config RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/sshd_config RUN echo > /etc/security/access.conf && \ - echo "-:ALL:EXCEPT root user" > /etc/security/access.conf + echo "-:ALL:EXCEPT root user" >> /etc/security/access.conf # Step 3. Confiure SSHD as systemd service COPY --chown=0:0 /build/sshd.start / @@ -68,7 +67,3 @@ RUN chown -R user:root /opt/ssh/ RUN chmod 774 /opt/ssh USER 10001 - -RUN echo "============================================================" && \ - ls -la /home && \ - echo "============================================================" From b6ca8984aedc52b7b28a9df2d4d817329e3f1485 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 16:35:27 +0000 Subject: [PATCH 14/21] cleanup scripts --- build/dockerfiles/dev.ssh.Dockerfile | 7 +++---- build/sshd.start | 4 ++++ build/sshd.stop | 3 --- 3 files changed, 7 insertions(+), 7 deletions(-) delete mode 100755 build/sshd.stop diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index 035c9098c19..fa0a6931ba2 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -50,12 +50,9 @@ RUN sed -i 's|#StrictModes yes|StrictModes=no|' /opt/ssh/sshd_config # Provide a path to store PID file which is accessible by normal user for write purpose RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/sshd_config -RUN echo > /etc/security/access.conf && \ - echo "-:ALL:EXCEPT root user" >> /etc/security/access.conf -# Step 3. Confiure SSHD as systemd service +# Add script to start and stop the service COPY --chown=0:0 /build/sshd.start / -COPY --chown=0:0 /build/sshd.stop / COPY --chown=0:0 /build/sshd.connect / @@ -66,4 +63,6 @@ RUN chown -R user:root /opt/ssh/ RUN chmod 774 /opt/ssh +EXPOSE 2022 + USER 10001 diff --git a/build/sshd.start b/build/sshd.start index acc44f1f686..8069718ae1c 100755 --- a/build/sshd.start +++ b/build/sshd.start @@ -6,4 +6,8 @@ mkdir -p /home/user/ssh ssh-keygen -q -N "" -t ed25519 -f /home/user/ssh/host_ed25519_key cp /home/user/ssh/host_ed25519_key.pub /home/user/ssh/authorized_keys +# start /usr/sbin/sshd -D -f /opt/ssh/sshd_config -E /tmp/sshd.log + +# stop +# /usr/sbin/sshd -t -f /opt/ssh/sshd_config -E /tmp/sshd.log diff --git a/build/sshd.stop b/build/sshd.stop deleted file mode 100755 index 8838a498e68..00000000000 --- a/build/sshd.stop +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -/usr/sbin/sshd -t -f /opt/ssh/sshd_config -E /tmp/sshd.log From dda84cf13d9aeea95b1f7ceea959e2856773f1f2 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 16:44:02 +0000 Subject: [PATCH 15/21] export ssh port --- devfile.pr-327.simple.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/devfile.pr-327.simple.yaml b/devfile.pr-327.simple.yaml index c5c0c26c961..d1fba3a604e 100644 --- a/devfile.pr-327.simple.yaml +++ b/devfile.pr-327.simple.yaml @@ -35,6 +35,11 @@ components: protocol: http targetPort: 8000 + - exposure: public + name: sshd + protocol: tcp + targetPort: 2022 + - name: projects volume: size: 7Gi From 40bf9a4ed74112bc87c180b91cf95215c2c37f19 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 17:11:03 +0000 Subject: [PATCH 16/21] shange exposed port type --- devfile.pr-327.simple.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/devfile.pr-327.simple.yaml b/devfile.pr-327.simple.yaml index d1fba3a604e..7f1c3852721 100644 --- a/devfile.pr-327.simple.yaml +++ b/devfile.pr-327.simple.yaml @@ -37,7 +37,6 @@ components: - exposure: public name: sshd - protocol: tcp targetPort: 2022 - name: projects From 2dd15a0dd8cc8d3c8495d0bd9b36f021991966b4 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 18:18:23 +0000 Subject: [PATCH 17/21] create minimal rule for sshd --- build/dockerfiles/dev.ssh.Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index fa0a6931ba2..2d6b30a3f1a 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -50,6 +50,8 @@ RUN sed -i 's|#StrictModes yes|StrictModes=no|' /opt/ssh/sshd_config # Provide a path to store PID file which is accessible by normal user for write purpose RUN sed -i 's|#PidFile /var/run/sshd.pid|PidFile /opt/ssh/sshd.pid|' /opt/ssh/sshd_config +RUN echo "account include base-account" > /etc/pam.d/sshd.pam + # Add script to start and stop the service COPY --chown=0:0 /build/sshd.start / From 347e13c3608b45f99feb412feb007bc87ed95b45 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 18:53:42 +0000 Subject: [PATCH 18/21] add ubuntu image --- devfile.pr-327.simple.yaml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/devfile.pr-327.simple.yaml b/devfile.pr-327.simple.yaml index 7f1c3852721..ffe2478c414 100644 --- a/devfile.pr-327.simple.yaml +++ b/devfile.pr-327.simple.yaml @@ -24,7 +24,7 @@ components: - name: dev container: image: quay.io/che-incubator-pull-requests/che-code-dev:pr-327-dev-amd64 - memoryLimit: 12Gi + memoryLimit: 8Gi memoryRequest: 512Mi cpuRequest: 500m cpuLimit: 3500m @@ -37,6 +37,19 @@ components: - exposure: public name: sshd + targetPort: 22 + + - name: ubuntu + container: + image: quay.io/vgulyy/ssh-ubuntu:test + memoryLimit: 2Gi + memoryRequest: 512Mi + cpuRequest: 500m + cpuLimit: 3500m + + endpoints: + - exposure: public + name: sshdd targetPort: 2022 - name: projects From 27813d68a13b65f325fd9a6b084c535a3170a99c Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 19:00:29 +0000 Subject: [PATCH 19/21] update devfile --- devfile.pr-327.simple.yaml | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/devfile.pr-327.simple.yaml b/devfile.pr-327.simple.yaml index ffe2478c414..9926d899555 100644 --- a/devfile.pr-327.simple.yaml +++ b/devfile.pr-327.simple.yaml @@ -37,20 +37,8 @@ components: - exposure: public name: sshd - targetPort: 22 - - - name: ubuntu - container: - image: quay.io/vgulyy/ssh-ubuntu:test - memoryLimit: 2Gi - memoryRequest: 512Mi - cpuRequest: 500m - cpuLimit: 3500m - - endpoints: - - exposure: public - name: sshdd targetPort: 2022 + protocol: tcp - name: projects volume: From 7c3267c7c3ed752ae9070834bbbf1c28d6910fc9 Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Mon, 12 Feb 2024 21:22:23 +0000 Subject: [PATCH 20/21] add dropbear --- build/dockerfiles/dev.ssh.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/dockerfiles/dev.ssh.Dockerfile b/build/dockerfiles/dev.ssh.Dockerfile index 2d6b30a3f1a..31edfd23e66 100644 --- a/build/dockerfiles/dev.ssh.Dockerfile +++ b/build/dockerfiles/dev.ssh.Dockerfile @@ -10,7 +10,7 @@ FROM quay.io/devfile/universal-developer-image:latest USER 0 -RUN dnf -y install libsecret openssh-server && \ +RUN dnf -y install libsecret openssh-server dropbear && \ dnf -y clean all --enablerepo='*' # Follow the sample https://www.golinuxcloud.com/run-sshd-as-non-root-user-without-sudo/ From a59d2015304c73606494212c2d115b467ce9234e Mon Sep 17 00:00:00 2001 From: vitaliy-guliy Date: Tue, 13 Feb 2024 08:14:14 +0000 Subject: [PATCH 21/21] update devfiles --- devfile.pr-327.simple.yaml | 109 ------------------------------------- devfile.pr-327.yaml | 82 ++++++---------------------- 2 files changed, 16 insertions(+), 175 deletions(-) delete mode 100644 devfile.pr-327.simple.yaml diff --git a/devfile.pr-327.simple.yaml b/devfile.pr-327.simple.yaml deleted file mode 100644 index 9926d899555..00000000000 --- a/devfile.pr-327.simple.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# -# Copyright (c) 2022 Red Hat, Inc. -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -schemaVersion: 2.1.0 -metadata: - name: ssh-test - -projects: - - name: recommended-extensions-sample - git: - remotes: - origin: https://github.com/vitaliy-guliy/recommended-extensions-sample - checkoutFrom: - revision: master - -components: - - - name: dev - container: - image: quay.io/che-incubator-pull-requests/che-code-dev:pr-327-dev-amd64 - memoryLimit: 8Gi - memoryRequest: 512Mi - cpuRequest: 500m - cpuLimit: 3500m - endpoints: - - exposure: public - name: dev - secure: true - protocol: http - targetPort: 8000 - - - exposure: public - name: sshd - targetPort: 2022 - protocol: tcp - - - name: projects - volume: - size: 7Gi - -commands: - - id: yarn-prepare - exec: - label: Install node dependencies - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - yarn prepare - group: - kind: build - - - id: yarn-build - exec: - label: Compile with Yarn - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - yarn watch - group: - kind: build - isDefault: true - - - id: yarn-run - exec: - label: Run VS Code server on port 8000 - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - yarn server - group: - kind: run - isDefault: true - - - id: podman-compile-libc - exec: - label: Compile che-code in a container using Podman - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - echo "Compile libc mod" - cp -f build/dockerfiles/linux-libc.Dockerfile build/dockerfiles/linux-libc.no-test.Dockerfile - REMOVE_FROM="### Beginning of tests" - REMOVE_TO="### Ending of tests" - sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/d" build/dockerfiles/linux-libc.no-test.Dockerfile - podman build -f build/dockerfiles/linux-libc.no-test.Dockerfile -t linux-libc-amd64 . - group: - kind: run - - - id: podman-assemble-che-code - exec: - label: Build che-code image using Podman - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - echo "Build che-code image" - cp -f build/dockerfiles/assembly.Dockerfile build/dockerfiles/assembly.libc.Dockerfile - REPLACE="FROM linux-musl-amd64 as linux-musl-content" - sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile - REPLACE="COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl" - sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile - podman build -f build/dockerfiles/assembly.libc.Dockerfile -t che-code . - group: - kind: run diff --git a/devfile.pr-327.yaml b/devfile.pr-327.yaml index 209029d6343..d2685211c43 100644 --- a/devfile.pr-327.yaml +++ b/devfile.pr-327.yaml @@ -9,13 +9,22 @@ schemaVersion: 2.1.0 metadata: - name: che-code + name: ssh-test + +projects: + - name: recommended-extensions-sample + git: + remotes: + origin: https://github.com/vitaliy-guliy/recommended-extensions-sample + checkoutFrom: + revision: master + components: - name: dev container: image: quay.io/che-incubator-pull-requests/che-code-dev:pr-327-dev-amd64 - memoryLimit: 12Gi + memoryLimit: 8Gi memoryRequest: 512Mi cpuRequest: 500m cpuLimit: 3500m @@ -26,70 +35,11 @@ components: protocol: http targetPort: 8000 + - exposure: public + name: sshd + targetPort: 2022 + protocol: tcp + - name: projects volume: size: 7Gi - -commands: - - id: yarn-prepare - exec: - label: Install node dependencies - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - yarn prepare - group: - kind: build - - - id: yarn-build - exec: - label: Compile with Yarn - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - yarn watch - group: - kind: build - isDefault: true - - - id: yarn-run - exec: - label: Run VS Code server on port 8000 - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - yarn server - group: - kind: run - isDefault: true - - - id: podman-compile-libc - exec: - label: Compile che-code in a container using Podman - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - echo "Compile libc mod" - cp -f build/dockerfiles/linux-libc.Dockerfile build/dockerfiles/linux-libc.no-test.Dockerfile - REMOVE_FROM="### Beginning of tests" - REMOVE_TO="### Ending of tests" - sed -i "/${REMOVE_FROM}/,/${REMOVE_TO}/d" build/dockerfiles/linux-libc.no-test.Dockerfile - podman build -f build/dockerfiles/linux-libc.no-test.Dockerfile -t linux-libc-amd64 . - group: - kind: run - - - id: podman-assemble-che-code - exec: - label: Build che-code image using Podman - component: dev - workingDir: ${PROJECTS_ROOT}/che-code - commandLine: | - echo "Build che-code image" - cp -f build/dockerfiles/assembly.Dockerfile build/dockerfiles/assembly.libc.Dockerfile - REPLACE="FROM linux-musl-amd64 as linux-musl-content" - sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile - REPLACE="COPY --from=linux-musl-content --chown=0:0 /checode-linux-musl /mnt/rootfs/checode-linux-musl" - sed -i -r -e "s|${REPLACE}||" build/dockerfiles/assembly.libc.Dockerfile - podman build -f build/dockerfiles/assembly.libc.Dockerfile -t che-code . - group: - kind: run