search

jonschipp / ISLET

Isolated, Scalable, & Lightweight Environment for Training
Other
111 stars 18 forks source link

test to see if USER is in docker group before running container #47

Closed jonschipp closed 9 years ago

jonschipp commented 9 years ago

If they're not in the group docker run will fail.

USER="demo"                                       # Linux system user created for ssh'ing to ISLET, give account to trainees
GROUP="islet"                                     # Linux system group for accounts that need to access ISLET
DEBUG="yes"                                       # Enable debugging info to stdout and syslog

islet_login should check if training is in Docker group

ssh -p 2222 training@127.0.0.1 -o UserKnownHostsFile=/dev/null
...
Are you a new or existing user? [new/existing]: new
A temporary account will be created so that you can resume your session.

Choose a username: [a-zA-Z0-9/]: stupid
Your username is stupid
Choose a password: [a-zA-Z0-9{4,}/]: 
Verify your password: 
Your account will expire on Mon 09 Mar 2015 12:35:32 AM UTC
shell: CLIENT=10.0.2.2 SRCPORT=63967 SERVER=10.0.2.15 DSTPORT=22 SSH_TTY=/dev/pts/2 TERM=xterm-256color PPID=3582 TMOUT=60
opt: docker run --name=bro.stupid -t -h bro -c 1 -m 256m  --net none --dns 127.0.0.1 --add-host bro:127.0.0.1   -v /exercises:/exercises:ro  --cap-add SETFCAP --cap-add SETUID --cap-add SETGID --cap-drop AUDIT_WRITE --cap-drop AUDIT_CONTROL --cap-drop MAC_ADMIN --cap-drop MAC_OVERRIDE --cap-add NET_ADMIN --cap-drop SYSLOG --cap-drop SYS_ADMIN --cap-drop SYS_MODULE --cap-drop SYS_PACCT --cap-drop SYS_NICE --cap-drop SYS_RAWIO --cap-drop SYS_RESOURCE --cap-drop SYS_TIME --cap-drop SYS_TTY_CONFIG --cap-drop BLOCK_SUSPEND --cap-drop CHOWN --cap-drop DAC_OVERRIDE --cap-drop DAC_READ_SEARCH --cap-drop FOWNER --cap-drop FSETID --cap-drop IPC_LOCK --cap-drop IPC_OWNER --cap-drop KILL --cap-drop LEASE --cap-drop LINUX_IMMUTABLE --cap-drop NET_BIND_SERVICE --cap-drop NET_BROADCAST --cap-add NET_RAW --cap-drop SYS_BOOT --cap-drop SYS_CHROOT --cap-drop SYS_PTRACE --cap-drop WAKE_ALARM  -i broplatform/brolive sudo -i -u demo PLATFORM=islet 

Enjoy yourself!
Training materials are in /exercises

FATA[0000] Post http:///var/run/docker.sock/v1.17/containers/create?name=bro.stupid: dial unix /var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?
jonschipp commented 9 years ago

Complete https://github.com/jonschipp/ISLET/commit/6df179fcee728e15f18ff9d638784826835ddd38