split ssh server setting into a seperate Dockerfile

qingfengxia · qingfengxia · commit 8a300aa670de · 2020-11-04T21:29:52.000Z
diff --git a/docker/Dockerfile_ppp_openmc b/docker/Dockerfile_ppp_openmc
@@ -4,8 +4,7 @@
 # Changelog:  1) merge commands to improve performance
 #             2) add gmsh, ppp, occ_faceter, freecad
 #             3) both X11 and jupyter web interface should be supported
-#             4) ssh server
-#             5) base image can be selected from ubuntu:bionic (18.04), ubuntu:focal (20.04), jupyter/minimal-notebook
+#             4) base image can be selected from ubuntu:bionic (18.04), ubuntu:focal (20.04), jupyter/minimal-notebook
 ######################################
 #
 # build with the following command
@@ -26,8 +25,6 @@ FROM jupyter/minimal-notebook
 
 # only last CMD is working, if multiple CMD exists, interactive mode also suppress this CMD
 # jupyter can create a terminal, just like ssh
-# uncomment this CMD if the base image is not jupyter, assuming ssh server installation section is kept
-#CMD ["/usr/sbin/sshd","-D"]
 
 
 LABEL name="ppp_openmc" \
@@ -171,7 +168,7 @@ RUN cd /opt/openmc/ && python setup.py install && \
         cd .. && rm -rf build
 
 ## some python package is needed for openmc
-RUN pip install neutronics_material_maker --user
+RUN pip install neutronics_material_maker
 
 # Oct 2020, openmc must be installed to /opt/openmc, to install this parametric-plasma-source
 RUN pip install git+https://github.com/open-radiation-sources/parametric-plasma-source.git
@@ -182,26 +179,6 @@ ENV LD_LIBRARY_PATH=$HOME/MOAB/lib:$HOME/DAGMC/lib
 ENV PATH=$PATH:$HOME/MOAB/bin:/opt/openmc/bin:$HOME/DAGMC/bin
 
 
-####################  
-install ssh server 
-####################
-RUN apt install  openssh-server  nano  -y
-
-# to enable X11 forwarding via ssh
-RUN echo "ForwardX11 yes" >> /etc/ssh/ssh_config &&  echo "ForwardX11Trusted no" >> /etc/ssh/ssh_config 
-
-# use UID 1001, as 1000 has been used by another user
-RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1001 test 
-
-# set password for the user test as "test"
-RUN  echo 'test:test' | chpasswd
-RUN service ssh start
-
-# expose port, the default
-EXPOSE 22
-##################
-
-
 ##############  
 ## install gmsh and pygmsh 
 ##############
@@ -262,6 +239,10 @@ ENV OPENMC_CROSS_SECTIONS=$MAT_DIR/cross_sections.xml
 # for jupyter to work:  switch to USER $NB_USER
 USER $NB_USER
 
+# for ssh login user to have path setup
+RUN echo "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$HOME/MOAB/lib:$HOME/DAGMC/lib" >> $HOME/.bashrc
+RUN echo "export PATH=$PATH:$HOME/MOAB/bin:/opt/openmc/bin:$HOME/DAGMC/bin"  >> $HOME/.bashrc
+
 RUN git clone -b develop https://github.com/ukaea/openmc_workshop
 # currently there is some bug stop install parametric_plasma_source 
 #RUN cd openmc_workshop && pip install -r requirements.txt
diff --git a/docker/Dockerfile_ssh b/docker/Dockerfile_ssh
@@ -0,0 +1,65 @@
+# this layer add ssh, X11 forwarding, sudo capacity
+# it can be based on any image, to add ssh access feature
+#       mkdir .ssh
+#       ssh-keygen -b 1024 -t rsa -f .ssh/ssh_host_key_rsa
+# build with the following command (in the folder where pubkey has been generated)
+#       sudo docker build -f Dockerfile_ssh -t  ppp_openmc_ssh . --no-cache
+
+# To test ssh X11Forwarding
+# 1) client must have been tested to be working with X11 forwarding with other remote ssh server
+#    debug connection by -v option  `ssh -vv -Y -p 2222 jovyan@10.215.131.63`
+# 2) user root is not usually allowed to do X11 forwarding, 
+#
+# if can not open DISPLAY, check if -X or -Y option has been set in ssh client command
+# 
+# error "X11 forwarding request failed on channel 0"
+# solved by adding `X11UseLocalhost no`  `X11Forwarding yes`  to  /etc/ssh/sshd_config
+############################################################################
+
+FROM qingfengxia/ppp_openmc
+
+USER root
+
+####################  
+# install ssh server 
+####################
+RUN apt-get install  openssh-server  nano  -y
+
+################# ssh user ####################
+
+
+# change password, add to sudo group
+RUN  echo 'jovyan:test' | chpasswd  && usermod -aG sudo $NB_USER
+
+# Allow members of group sudo to execute any command
+# TAB key causes some trouble,  use more spaces before "ALL=" seems working
+RUN echo "%sudo    ALL=(ALL:ALL) ALL" >> /etc/sudoers
+# if above still not working add this user to /etc/sudoers
+#RUN echo "$NB_USER	        ALL=(ALL:ALL) ALL" >> /etc/sudoers
+
+############### host key setup #################
+# https://nickjanetakis.com/blog/docker-tip-56-volume-mounting-ssh-keys-into-a-docker-container
+# copy the ssh key from host, so to fix the host public key when rebuilding the image
+
+COPY .ssh /root/.ssh
+RUN  chmod 700 /root/.ssh && \
+     chmod 644 /root/.ssh/ssh_host_key_rsa.pub && \
+     chmod 600 /root/.ssh/ssh_host_key_rsa
+
+RUN  cp /root/.ssh/ssh_host_key_rsa.pub  /etc/ssh/ && \
+        cp /root/.ssh/ssh_host_key_rsa /etc/ssh/
+       
+# sshd_config has been modified by adding those lines
+# to enable X11 forwarding via ssh, by default has been enabled
+RUN echo "X11Forwarding yes" >> /etc/ssh/sshd_config  && echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
+RUN echo "HostKey /etc/ssh/ssh_host_key_rsa" >> /etc/ssh/sshd_config
+
+# expose port, the default port
+EXPOSE 22
+##################
+
+
+CMD ["/usr/sbin/sshd", "-D"]
+
+
+USER $NB_USER
diff --git a/wiki/BuildOnLinux.md b/wiki/BuildOnLinux.md
@@ -170,19 +170,7 @@ yum install opencascade-draw, opencascade-foundation,  opencascade-modeling,  op
 
 #### Option 2: Download the opencascade source code and compile from source.
 
- if not in package repository
-
-```bash
-###### dependencies needed to build OpenCASCADE from source ##########
-# for OpenCASCADE, openGL is needed
-yum install tbb tbb-devel freetype freetype-devel freeimage freeimage-devel -y \
-        && yum install libXmu-devel libXi-devel glew-devel SDL2-devel SDL2_image-devel glm-devel -y
-# install those below if draw module is enabled for building OpenCASCADE
-yum install tk tcl tk-devel tcl-devel -y
-
-# package name distinguish capital letter, while debian name is just  libxmu
-yum install  openmpi-devel boost-devel -y
-```
+ Compile opencascade if not available in package repository, e.g. centos 7/8,  see the "Dockerfile_centos" file for updated instructions.
 
 To get the latest source code from [OCCT official website](https://www.opencascade.com/), you need register (free of charge). Registered user may setup public ssh key and get readonly access to the occt repo
 `git clone -b V7_4_0p1 gitolite@git.dev.opencascade.org:occt occt`
@@ -200,7 +188,7 @@ tar -xzf occt.tar.gz
 cd occt-*
 mkdir build
 cd build
-cmake .. 
+cmake .. -DUSE_TBB=ON -DBUILD_MODULE_Draw=OFF
 make -j$(nproc)
 sudo make install
 # by default install to the prefix: /usr/local/
