This Software is part of another and has a very specific usage only meant to be run for 3CS. So do not get confused with the name. it does NOT deploy docker containers. You might find some of its functions useful.
Run Elevated Scripts with from non-root accounts without even the non-root user having R/W/X permission on the script. You can define 1 script file per user on the configuration. run the program on either daemon mode or using systemd. Then user can call -a / --apply to run the script.
We use this to run/change docker-compose without the service-user having access X permission to docker/docker-compose bin.
- Installation
- Built Tools & Environment
- Dependent Packages
- Build Instructions
- Installation
- Usage
- Commands
- Server Usage
- Client Usage
- Daemon
- Configuration
- main.cfg
- user.cfg
This package is built using GNU auto tools. refer to GNU Docs. This program is only supported on LINUX based systems. you may use a cross-build system if you are coming from Windows/Darwin etc.
Depends on Libconfig V1.6+, refer
Clone the repo & CD inti it.
git clone git@github.com:3CSDesign/docker-deploy.git
cd docker-deploy
if the system supports bourne shell (/bin/sh), run
./autogen.sh
if not, manually run the equivalent commands of your build system.
aclocal
autoheader
automake --add-missing --copy
autoconf
Run the configure script
./configure
if something is missing it will fail, try again after installing / fixing the mentioned issues
GNU Make to build the program
make
make install
Check installation by running --version
dedeploy --version
# Docker Deploy 0.0.1
Usage: ddeploy -c file
User Restricted Docker Setup
-h, --help Print help and exit
-V, --version Print version and exit
-c, --config=filename cfg file input
-d, --daemon daemon (default=off)
-t, --test test the cfg files (default=off)
-a, --apply apply - for client (default=off)
By default, the program content will be installed to /etc/docker-deploy. Prepare the .cfg files (more at configuration step). Make sure the correct permissions are given. non-root user should only be able to read the files in /etc/docker-deploy (0755). If the non-root user is given write permission, that will void the whole point of the program. Start the program either using systemd or just run it from the terminal using daemon mode.
For systemd, create a service file -example: /usr/lib/systemd/system/docker-deploy.service
[Unit]
Description=Super simple daemon
[Service]
Type=simple
WorkingDirectory=/etc/docker-deploy/
ExecStart=/usr/local/bin/dedeploy -c main.cfg
User=root
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
Then use systemd to start/stop/reload
systemctl start docker-deploy
systemctl status docker-deploy
systemctl reload docker-deploy
systemctl stop docker-deploy
The Daemon option will make the program run in background -d
|--daemon
dedeploy -c /path/to/config.cfg -d
There is no inbuilt method the kill the program. you will need to kill the PID
Client must be a non-root user, Should not be able to modify the main.cfg and it's included files but read them
Simply run -a
|--apply
. thats all for the client
dedeploy -a
This file is the primary configuration file which will require a few settings to be added even for the program to simply start.
log_file_path
- path for logfilepid_file_path
- PID file path for daemon, will fail if not setdeploy
- root setting for projects variabledeploy
>projects
- actual list definition of the users and their filesdeploy
>projects
>name
- name of the user (whoami)deploy
>projects
>main_file
- The script that requires elevated permissions. user does not need any access to this file. not even read access. daemon will queue and execute the script when when user runs--apply
|-a
deploy
>projects
>lock_file
- a file in the user directory. user need RWX permissions for this.
log_file_path = "deploy.log";
pid_file_path = "deploy.pid";
// Deployment objects
deploy = {
projects = (
{
name = "test";
main_file = "/restricted/test/location/run.sh";
lock_file = "/home/test/.ddeploy.lock";
},
{
name = "test2";
main_file = "/restricted/test2/location/run.sh";
lock_file = "/home/test2/.ddeploy.lock";
},
);
}
log_file_path = "deploy.log";
pid_file_path = "deploy.pid";
// Deployment objects
deploy = {
projects = (
@include "deploy.d/*.cfg"
);
}
The @include "deploy.d/*.cfg"
variable will tell the program to look for all files ending with .cfg inside the directory. This is very handy when using automation tools. we can use a single file per user.
Inside deploy.d/test.cfg
,
{
name = "test";
main_file = "/restricted/test/location/run.sh";
lock_file = "/home/test/.ddeploy.lock";
},
Changes to the config file must be reloaded. for systemd, you need to run systemctl reload docker-deploy. otherwise you will need to restart the program on each config.