OpenShift sftp container 활용하기
페이지 정보
작성자 꿈꾸는여행자 작성일 20-11-30 14:30 조회 10,049 댓글 0본문
Community에서 제공하는 SFTP Container 테스트 현황을 아래와 같이 공유 합니다.
Test 결과 External IP를 사용한 형태는 안되니 참고 하시기 바랍니다.
1) Test 1
분석
Install an SFTP server on OpenShift
https://medium.com/grensesnittet/install-an-sftp-server-on-openshift-818ea30a4319
< Test History
설계
Installation overview
Container source from docker hub or GitHub.
Config map for the users:
/etc/sftp/users.conf
Config map for ssh keys and config:
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/sshd_config
NodePort allowing external traffic to port 30022 -> internal port 22
A Persistent Volume (PV) storage for the user's upload directory:
/home/user/upload
실행
Project
< Use swa-test Project
oc new-project int-sftp --display-name="Internal sftp server"
oc project int-sftp
Prepare Image
< On Bastion
docker pull atmoz/sftp:alpine-3.7
docker images | grep atmoz
docker tag docker.io/atmoz/sftp:alpine-3.7 \
dpaasbas1v.example-openshift.com:5000/linuxdata/atmoz-sftp:alpine-3.7
docker push dpaasbas1v.example-openshift.com:5000/linuxdata/atmoz-sftp:alpine-3.7
< On Master Node
oc import-image atmoz-sftp:alpine-3.7 -n openshift --confirm \
--from dpaasbas1v.example-openshift.com:5000/linuxdata/atmoz-sftp:alpine-3.7 \
--insecure=true
New application
< Create App
oc new-app atmoz/sftp:alpine-3.7
oc new-app https://github.com/atmoz/sftp#alpine-3.7
oc new-app -n swa-test atmoz-sftp:alpine-3.7
mkdir: can't create directory '/var/run/sftp': Permission denied
< 해당 로그 발생 안함
oc adm policy add-scc-to-user anyuid -z default -n swa-test
scc “anyuid” added to: [“system:serviceaccount:swa-test:default”]
oc edit scc anyuid -n swa-test
users:
- system:serviceaccount:swa-test:default
[entrypoint] FATAL: No users provided!
> 아래 configmap 정보 추가
SFTP users config map
Webconsole > Resources > Config Maps
Create Config Map
Name : sftp-etc-sftp
Key : users.conf
Value
foo:123:1001:100:upload
bar:abc:1002:100:upload
baz:xyz:1003:100:upload
Create
Webconsole > Resources > Config Maps > Select Config Map
Edit YAML
\r 내용 삭제
Mount the sftp config map
Webconsole > Deployments > Select Deployments
< atmoz-sftp
> Configuration > Add Config Files
Add Config Files to atmoz-sftp
Source : sftp-etc-sftp
Mount Path : /etc/sftp
Add
자동 Deploy 및 ssh key 생성됨
ssh_host_ed25519_key
ssh_host_ed25519_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
sshd_config
SSH config map
Check file list
cat /etc/ssh/ssh_host_ed25519_key
cat /etc/ssh/ssh_host_ed25519_key.pub
cat /etc/ssh/ssh_host_rsa_key
cat /etc/ssh/ssh_host_rsa_key.pub
cat /etc/ssh/sshd_config
< 다음 명령어를 통해 생성도 가능
ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
Webconsole > Resources > Config Maps
Create Config Map
Name : sftp-etc-ssh
Key : ssh_host_ed25519_key
Value
<-- File Content -->
Add Item
Key : ssh_host_ed25519_key.pub
Value
<-- File Content -->
Add Item
Key : ssh_host_rsa_key
Value
<-- File Content -->
Add Item
Key : ssh_host_rsa_key.pub
Value
<-- File Content -->
Add Item
Key : sshd_config
Value
<-- File Content -->
Create
Mount ssh config map
Webconsole > Deployments > Select Deployments
< atmoz-sftp
> Configuration > Add Config Files
Add Config Files to atmoz-sftp
Source : sftp-etc-ssh
Mount Path : /etc/ssh
Add
Change to defaultMode: 384 setting for sftp-stc-ssh
384 decimal = 600 octal = user +rw
(See http://permissions-calculator.org/)
Webconsole > Deployments > Select Deployments
< atmoz-sftp
> Edit YAML
- configMap:
defaultMode: 384
name: sftp-etc-ssh
Test the SSH config map
Check Pod Log
[entrypoint] Parsing user data: “foo:123:1001:100:upload”
Creating mailbox file: No such file or directory
[entrypoint] Creating directory: /home/foo/upload
[entrypoint] Parsing user data: “bar:abc:1002:100:upload”
Creating mailbox file: No such file or directory
[entrypoint] Creating directory: /home/bar/upload
[entrypoint] Parsing user data: “baz:xyz:1003:100:upload”
Creating mailbox file: No such file or directory
[entrypoint] Creating directory: /home/baz/upload
[entrypoint] Executing sshd
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
Expose service port
< External IP Test
Test the service port
< On jenkins
cd /tmp/
sftp -P 22 bar@100.30.222.75
< Input password / abc
put release.version
< 성공
2) Test 2
설계
nodPort 사용
실행
Check Service
oc get service -n swa-test atmoz-sftp --export -o yaml \
> service-swa-test-atmoz-sftp.yml
oc edit service -n swa-test atmoz
oc get svc --all-namespaces -o yaml | grep nodePort
oc get pod -n swa-test -o wide | grep atmoz-sftp
Expose service port
< External IP Test
Webconsole > Applications > Services > Select Service
< atmoz-sftp
> Edit YAML
nodeport range
30000-32767
...
spec:
...
ports:
- name: 22-tcp
nodePort: 30022
port: 22
protocol: TCP
targetPort: 22
type: NodePort
...
Test the service port
< On Infra Node
cd /tmp/
sftp -P 30022 bar@dpaaswkr1v.example-openshift.com
sftp -P 22 bar@100.30.222.75
< Input password / abc
put release.version
< 성공
Ref
atmoz sftp
https://github.com/atmoz/sftp
Using a NodePort to Get Traffic into the Cluster
https://docs.openshift.com/container-platform/3.11/dev_guide/expose_service/expose_internal_ip_nodeport.html
Test 결과 External IP를 사용한 형태는 안되니 참고 하시기 바랍니다.
1) Test 1
분석
Install an SFTP server on OpenShift
https://medium.com/grensesnittet/install-an-sftp-server-on-openshift-818ea30a4319
< Test History
설계
Installation overview
Container source from docker hub or GitHub.
Config map for the users:
/etc/sftp/users.conf
Config map for ssh keys and config:
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_rsa_key.pub
/etc/ssh/sshd_config
NodePort allowing external traffic to port 30022 -> internal port 22
A Persistent Volume (PV) storage for the user's upload directory:
/home/user/upload
실행
Project
< Use swa-test Project
oc new-project int-sftp --display-name="Internal sftp server"
oc project int-sftp
Prepare Image
< On Bastion
docker pull atmoz/sftp:alpine-3.7
docker images | grep atmoz
docker tag docker.io/atmoz/sftp:alpine-3.7 \
dpaasbas1v.example-openshift.com:5000/linuxdata/atmoz-sftp:alpine-3.7
docker push dpaasbas1v.example-openshift.com:5000/linuxdata/atmoz-sftp:alpine-3.7
< On Master Node
oc import-image atmoz-sftp:alpine-3.7 -n openshift --confirm \
--from dpaasbas1v.example-openshift.com:5000/linuxdata/atmoz-sftp:alpine-3.7 \
--insecure=true
New application
< Create App
oc new-app atmoz/sftp:alpine-3.7
oc new-app https://github.com/atmoz/sftp#alpine-3.7
oc new-app -n swa-test atmoz-sftp:alpine-3.7
mkdir: can't create directory '/var/run/sftp': Permission denied
< 해당 로그 발생 안함
oc adm policy add-scc-to-user anyuid -z default -n swa-test
scc “anyuid” added to: [“system:serviceaccount:swa-test:default”]
oc edit scc anyuid -n swa-test
users:
- system:serviceaccount:swa-test:default
[entrypoint] FATAL: No users provided!
> 아래 configmap 정보 추가
SFTP users config map
Webconsole > Resources > Config Maps
Create Config Map
Name : sftp-etc-sftp
Key : users.conf
Value
foo:123:1001:100:upload
bar:abc:1002:100:upload
baz:xyz:1003:100:upload
Create
Webconsole > Resources > Config Maps > Select Config Map
Edit YAML
\r 내용 삭제
Mount the sftp config map
Webconsole > Deployments > Select Deployments
< atmoz-sftp
> Configuration > Add Config Files
Add Config Files to atmoz-sftp
Source : sftp-etc-sftp
Mount Path : /etc/sftp
Add
자동 Deploy 및 ssh key 생성됨
ssh_host_ed25519_key
ssh_host_ed25519_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
sshd_config
SSH config map
Check file list
cat /etc/ssh/ssh_host_ed25519_key
cat /etc/ssh/ssh_host_ed25519_key.pub
cat /etc/ssh/ssh_host_rsa_key
cat /etc/ssh/ssh_host_rsa_key.pub
cat /etc/ssh/sshd_config
< 다음 명령어를 통해 생성도 가능
ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
Webconsole > Resources > Config Maps
Create Config Map
Name : sftp-etc-ssh
Key : ssh_host_ed25519_key
Value
<-- File Content -->
Add Item
Key : ssh_host_ed25519_key.pub
Value
<-- File Content -->
Add Item
Key : ssh_host_rsa_key
Value
<-- File Content -->
Add Item
Key : ssh_host_rsa_key.pub
Value
<-- File Content -->
Add Item
Key : sshd_config
Value
<-- File Content -->
Create
Mount ssh config map
Webconsole > Deployments > Select Deployments
< atmoz-sftp
> Configuration > Add Config Files
Add Config Files to atmoz-sftp
Source : sftp-etc-ssh
Mount Path : /etc/ssh
Add
Change to defaultMode: 384 setting for sftp-stc-ssh
384 decimal = 600 octal = user +rw
(See http://permissions-calculator.org/)
Webconsole > Deployments > Select Deployments
< atmoz-sftp
> Edit YAML
- configMap:
defaultMode: 384
name: sftp-etc-ssh
Test the SSH config map
Check Pod Log
[entrypoint] Parsing user data: “foo:123:1001:100:upload”
Creating mailbox file: No such file or directory
[entrypoint] Creating directory: /home/foo/upload
[entrypoint] Parsing user data: “bar:abc:1002:100:upload”
Creating mailbox file: No such file or directory
[entrypoint] Creating directory: /home/bar/upload
[entrypoint] Parsing user data: “baz:xyz:1003:100:upload”
Creating mailbox file: No such file or directory
[entrypoint] Creating directory: /home/baz/upload
[entrypoint] Executing sshd
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
Expose service port
< External IP Test
Test the service port
< On jenkins
cd /tmp/
sftp -P 22 bar@100.30.222.75
< Input password / abc
put release.version
< 성공
2) Test 2
설계
nodPort 사용
실행
Check Service
oc get service -n swa-test atmoz-sftp --export -o yaml \
> service-swa-test-atmoz-sftp.yml
oc edit service -n swa-test atmoz
oc get svc --all-namespaces -o yaml | grep nodePort
oc get pod -n swa-test -o wide | grep atmoz-sftp
Expose service port
< External IP Test
Webconsole > Applications > Services > Select Service
< atmoz-sftp
> Edit YAML
nodeport range
30000-32767
...
spec:
...
ports:
- name: 22-tcp
nodePort: 30022
port: 22
protocol: TCP
targetPort: 22
type: NodePort
...
Test the service port
< On Infra Node
cd /tmp/
sftp -P 30022 bar@dpaaswkr1v.example-openshift.com
sftp -P 22 bar@100.30.222.75
< Input password / abc
put release.version
< 성공
Ref
atmoz sftp
https://github.com/atmoz/sftp
Using a NodePort to Get Traffic into the Cluster
https://docs.openshift.com/container-platform/3.11/dev_guide/expose_service/expose_internal_ip_nodeport.html
댓글목록 0
등록된 댓글이 없습니다.