I’m trying to refine a CentOs-based dockerfile that will run as a server, and which needs to create a correctly configured .ssh directory for the server account so that server both can be connected to and can connect out securely.
I’m sure the right answer is to keep the .ssh directory external somehow, since (a) it is data that may be customized per instance, and (b) that customization wants to persist through container restarts. (There are probably other subdirectories of the home directory that want to be mounts/volumes – error logs, run history, that sort of thing – so they too persist.) But I haven’t gotten that far yet; currently I’m trying to mount the whole user directory as a volume.
My Dockerfile is trying to create the user and the user directory (RUN useradd), to COPY an initial template .ssh directory into the user directory, and to set the protections (RUN chmod) appropriately, I know we have the --chown option on COPY, but I don’t think the complementary --chmod option has been added yet.
But apparently I’m getting messed up by filesystem layering during docker build. I can see a chmod or chown taking place, if I do an ls in the same RUN as the chmod … but when I start the container, those changes have not been applied; apparently they went into a temporary filesystem which did not get merged back into the image. (Right?)
Setting up a server’s .ssh configuration directory can’t be an uncommon task for Dockerfiles … but my attempts to websearch for working examples have been finding lots of confusion and very few answers. I’m SURE there is a Best Practice solution…
I hate to have to resort to begging, but if someone could point me to illustrations of How To Do It Right (ideally with discussion of why my attempts have been unsuccessful, so I can better understand why the various “obvious” attempts have been failing), I would greatly appreciate it.
“Rule given to student pilots: If lost, climb and confess.”