Updated the Dockerfile to install and configure openssh-server and op…

…enssl, and modified the Makefile to build and run the container with services.
Azure · Jun 26, 2024 · 66a82fa · 66a82fa
1 parent d37d3f9
commit 66a82fa
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 13 deletions.
diff --git a/Dockerfile.aro-multistage b/Dockerfile.aro-multistage
@@ -1,5 +1,4 @@
 # Uses a multi-stage container build to build the RP.
-#
 ARG REGISTRY
 FROM ${REGISTRY}/ubi8/go-toolset:1.20.12-5 AS builder
 
@@ -9,11 +8,36 @@ RUN mkdir -p /app
 WORKDIR /app
 
 COPY . /app
+
+# Update Go modules and vendor them
+RUN go mod tidy
+RUN go mod vendor
+
+# Build the project
 RUN make aro RELEASE=${IS_OFFICIAL_RELEASE} -o generate && make validate-fips && make e2e.test
 
 FROM ${REGISTRY}/ubi8/ubi-minimal
-RUN microdnf update && microdnf clean all
+
+# Install OpenSSH and OpenSSL
+RUN microdnf update && \
+    microdnf install -y openssh-server openssl && \
+    microdnf clean all
+
+# Configure SSH
+RUN mkdir /var/run/sshd && \
+    echo 'root:password' | chpasswd && \
+    sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
+    sed -i 's/UsePAM yes/UsePAM no/' /etc/ssh/sshd_config && \
+    echo 'Port 2222' >> /etc/ssh/sshd_config && \
+    chmod 0755 /var/run/sshd
+
+# Generate SSH host keys
+RUN ssh-keygen -A
+
 COPY --from=builder /app/aro /app/e2e.test /usr/local/bin/
-ENTRYPOINT ["aro"]
+
 EXPOSE 2222/tcp 8080/tcp 8443/tcp 8444/tcp
+
+ENTRYPOINT ["aro"]
+CMD ["/usr/sbin/sshd", "-D"]
 USER 1000
diff --git a/Makefile b/Makefile
@@ -86,12 +86,18 @@ acr-login:
 	echo "ACR Password: $$password"; \
 	docker login arointsvc.azurecr.io --username $$username --password $$password
 
+# Target to build the Docker image with SSH
+.PHONY: build-aro-rp-with-ssh
+build-aro-rp-with-ssh:
+	@podman build -t $$ARO_IMAGE --build-arg REGISTRY=registry.access.redhat.com -f Dockerfile.aro-multistage .
+
+
 # Target to run the local RP
 .PHONY: runlocal-rp
-runlocal-rp: deploy-database acr-login
+runlocal-rp: deploy-database acr-login build-aro-rp-with-ssh
 	@set -a; source secrets/env; set +a; \
 	if [ ! -f $(PWD)/aks.kubeconfig ]; then echo "aks.kubeconfig not found"; exit 1; fi; \
-	podman run --rm -p 8443:8443 \
+	podman run --rm -p 8443:8443 --network host \
 		--name aro-rp \
 		-w /app \
 		-e RP_MODE="development" \
@@ -140,6 +146,7 @@ runlocal-rp: deploy-database acr-login
 		-v $(PWD)/secrets:/app/secrets:z \
 		$$ARO_IMAGE rp
 		go run -ldflags "-X github.com/Azure/ARO-RP/pkg/util/version.GitCommit=$(VERSION)" ./cmd/aro rp >aro.log 2>&1 &
+
 
 # Function to run VPN
 .PHONY: run-vpn

diff --git a/setup_resources.sh b/setup_resources.sh
@@ -8,7 +8,7 @@ validate_rp_running() {
     ELAPSED=0
     while true; do
         sleep 5
-        http_code=$(curl -k -s -o /dev/null -w '%{http_code}' http://localhost:8443/healthz/ready || true)
+        http_code=$(curl -k -s -o /dev/null -w '%{http_code}' https://localhost:8443/healthz/ready || true)
         case $http_code in
         "200")
             echo "########## ✅ ARO RP Running ##########"
@@ -148,10 +148,3 @@ echo "    az aro list-credentials --name $CLUSTER_NAME --resource-group $RESOURC
 
 # Validate RP running
 validate_rp_running
-
-# Set up port forwarding from 443 to 8443
-echo "Setting up port forwarding from 443 to 8443..."
-sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
-sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 8443
-
-echo "Port forwarding setup complete."