Docker Community Forums

Share and learn in the Docker community.

How to use SSHPASS comand while comminting a container?

docker
build

(Sivadevdocker) #1

Hello,

I’m trying to use sshpass comand while commiting a container
Firstly, is it possible?

I try this comand line but of course it doesn’t work:
docker commit --change='CMD ["sshpass", "-p", "password", "ssh", "-o", "StrictHostKeyChanging=no", "-l", "root", "IPAddress", "cp", "/etc/puppet/manifest/site.pp", "/etc/puppet/manifests/site.pp.docker"]' -c 'CMD ["/bin/bash"]' Idcontainer newimage

I tried to modify a text file (using echo) but just for a test now, I’m just trying to copy a file on an other machine.

Can you please tell how to make it work?

thanks


(Nathan Le Claire) #2

What exactly are you trying to accomplish?


(Sivadevdocker) #3

I have to mechanise the installation of a software (using puppet) for the future clients.
So first, I created a container from an image where puppet is installed then I try to commit this last one with additionals comands.
These comands are sshpass to interact with the puppetmaster located on an other host. On this host I have to modify the site.pp file (add node of the puppet agent) and make a copy of a file in the etc/puppet/hiera folder.
The second command is puppet agent -t to deploy the software after site.pp was configured.


(David Maze) #4

The usual way to do this is to write a Dockerfile that actually does the installation, then do it with docker build.

If you are successful with this, docker history will have the hostname, ssh username, and password of the target account (and given that the username appears to be root that’s especially bad). (This seems to be in general an open problem with docker build and similar processes: either you need some sort of two-stage build process, or it’s easy to accidentally reveal your private credentials inside built images.)

I’ve never tried to use Packer to build Docker images (I do use it successfully to build Amazon AMIs) but it has a native Puppet mode which might be a good intermediate step, if you really can’t use the Docker-native build command to do your installation.