Skip to content

Instantly share code, notes, and snippets.

@malex984

malex984/.ssh_config

Last active December 6, 2016 04:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save malex984/59d2b62c5098eb1005100f9249719505 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save malex984/59d2b62c5098eb1005100f9249719505 to your computer and use it in GitHub Desktop.
Download ZIP
Configuration in YAML
Raw
.ssh_config
Host *
ForwardX11=no
StrictHostKeyChecking=no
BatchMode=yes
PasswordAuthentication=no
UserKnownHostsFile=/dev/null
LogLevel=quiet
ConnectionAttempts=3
ConnectTimeout=10
ControlMaster=no
ControlPath=none
IdentitiesOnly=yes
Compression yes
Host supernova.mfo.de
HostName supernova.mfo.de
Port=22
IdentityFile=~/.ssh/supernova.id_rsa
User=user1
# vb-gui-test-a
Host 192.168.99.109
HostName 192.168.99.109
Port=22
IdentityFile=~/.ssh/vb-gui-test-a.id_rsa
User=user2
# vb-hb-test-1
Host 192.168.99.100
HostName 192.168.99.100
Port=22
IdentityFile=~/.ssh/vb-hb-test-1.id_rsa
User=user3
Raw
docker-compose.yml
networks: {}
services:
hb_test:
command:
- python2.7
- /usr/local/bin/heartbeat2.py
entrypoint:
- /sbin/my_init
- --skip-runit
- --skip-startup-files
- --
environment:
ALSA_CARD: null
APP_ID: hb_test
CFG_DIR: /DOCKAPP
CUPS_SERVER: null
CUSTOMIZATION: null
HB_HOST: null
HB_INIT_TIMEOUT: null
HB_PORT: ${HB_PORT}
HB_URL: ${HB_URL}
LANGUAGE: null
MOUSE_CURSOR: null
image: malex984/dockapp:omd_agent
labels:
description: HB test in python
is_top_app: '1'
network_mode: host
privileged: false
restart: on-failure:5
stdin_open: false
tty: false
volumes:
- ${HILBERT_STATION_CONFIG}:/DOCKAPP:rw
- /etc/localtime:/etc/localtime:ro
- /tmp:/tmp:rw
working_dir: /DOCKAPP
omd_agent:
command:
- omd_agent_entrypoint.sh
entrypoint:
- /sbin/my_init
- --skip-runit
- --skip-startup-files
- --
environment:
ALSA_CARD: null
CFG_DIR: /DOCKAPP
CUPS_SERVER: null
CUSTOMIZATION: null
HB_HOST: null
HB_PORT: ${HB_PORT}
HB_URL: ${HB_URL}
LANGUAGE: null
MOUSE_CURSOR: null
NO_PROXY: ${NO_PROXY}
image: imaginary.mfo.de:5000/malex984/omd_agent
labels:
description: Docker CLI + Compose
is_top_app: '0'
network_mode: host
ports:
- ${HB_PORT}
- '6556'
privileged: false
restart: on-failure:5
stdin_open: false
tty: false
volumes:
- ${NO_PROXY}:${NO_PROXY}:rw
- ${HILBERT_STATION_CONFIG}:/DOCKAPP:rw
- /etc/localtime:/etc/localtime:ro
- /tmp:/tmp:rw
working_dir: /DOCKAPP
omd_anew:
command:
- omd_entrypoint.sh
entrypoint:
- /sbin/my_init
- --skip-runit
- --skip-startup-files
- --
environment:
ALSA_CARD: null
CFG_DIR: /DOCKAPP
CUPS_SERVER: null
CUSTOMIZATION: null
LANGUAGE: null
MOUSE_CURSOR: null
image: malex984/dockapp:omd
labels:
description: Base for dockapp services
is_top_app: '0'
network_mode: host
ports:
- '5000'
- '514'
- '5667'
- '80'
privileged: false
restart: on-failure:5
stdin_open: false
tty: false
volumes:
- ${HILBERT_STATION_CONFIG}:/DOCKAPP:rw
- omd_data:/OMD:rw
- /etc/localtime:/etc/localtime:ro
- /tmp:/tmp:rw
working_dir: /DOCKAPP
omd_persistent:
command:
- omd_entrypoint.sh
entrypoint:
- /sbin/my_init
- --skip-runit
- --skip-startup-files
- --
environment:
ALSA_CARD: null
CFG_DIR: /DOCKAPP
CUPS_SERVER: null
CUSTOMIZATION: null
LANGUAGE: null
MOUSE_CURSOR: null
image: malex984/dockapp:omd
labels:
description: Base for dockapp services
is_top_app: '0'
network_mode: host
ports:
- '5000'
- '514'
- '5667'
- '80'
privileged: false
restart: on-failure:5
stdin_open: false
tty: false
volumes:
- ${HILBERT_STATION_CONFIG}:/DOCKAPP:rw
- omd_data:/OMD:rw
- /etc/localtime:/etc/localtime:ro
- omd_data:/omd/sites:rw
- /tmp:/tmp:rw
working_dir: /DOCKAPP
ptmx:
cap_add:
- ALL
- NET_ADMIN
- SYS_ADMIN
command:
- ./ptmx.sh
entrypoint:
- /bin/sh
environment:
ALSA_CARD: null
CFG_DIR: /DOCKAPP
CUPS_SERVER: null
CUSTOMIZATION: null
LANGUAGE: null
MOUSE_CURSOR: null
NO_PROXY: ${NO_PROXY}
image: busybox
labels:
description: Docker CLI + Compose
is_top_app: '0'
network_mode: host
privileged: false
restart: on-failure:5
stdin_open: false
tty: false
volumes:
- ${NO_PROXY}:${NO_PROXY}:rw
- ${HILBERT_STATION_CONFIG}:/DOCKAPP:rw
- /dev:/dev:rw
- /etc/localtime:/etc/localtime:ro
- /run/systemd:/run/systemd:rw
- /run/udev:/run/udev:rw
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /tmp:/tmp:rw
- /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw
working_dir: /DOCKAPP
qr_handler:
cap_add:
- ALL
- NET_ADMIN
- SYS_ADMIN
command:
- qrhandler.sh
entrypoint:
- /sbin/my_init
- --skip-runit
- --skip-startup-files
- --
environment:
ALSA_CARD: null
CFG_DIR: /DOCKAPP
CUPS_SERVER: null
CUSTOMIZATION: null
DISPLAY: '${DISPLAY}'
LANGUAGE: null
MOUSE_CURSOR: null
NO_PROXY: ${NO_PROXY}
PULSE_COOKIE: /run/pulse/cookie
PULSE_SERVER: /run/pulse/native
QR_DEVICE_ID: null
QT_X11_NO_MITSHM: '1'
XAUTHORITY: ${XAUTH}
XLIB_SKIP_ARGB_VISUALS: '1'
qr_uploadlocs: null
qrs_screenshot_message: null
image: malex984/dockapp:qrhandler
labels:
description: Docker CLI + Compose
is_top_app: '0'
network_mode: host
privileged: false
restart: on-failure:5
stdin_open: false
tty: false
volumes:
- ${NO_PROXY}:${NO_PROXY}:rw
- ${HILBERT_STATION_CONFIG}:/DOCKAPP:rw
- /dev:/dev:rw
- /etc/localtime:/etc/localtime:ro
- ${PULSE_COOKIE}:/run/pulse/cookie:rw
- ${PULSE_SOCKET}:/run/pulse/native:rw
- /run/systemd:/run/systemd:rw
- /run/udev:/run/udev:rw
- supernova:/supernova:rw
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- /tmp:/tmp:rw
- /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw
working_dir: /DOCKAPP
registry:
image: registry:2
labels:
description: Docker Private Registry
is_top_app: '0'
ports:
- 5000:5000
restart: on-failure:5
volumes:
- ${HILBERT_REGISTRY_DATA}:/var/lib/registry:rw
# TODO: mng!?
version: '2.0'
volumes:
omd_data:
driver: local
supernova:
driver: local
Raw
HilbertCLIHelp.txt
$$$$$$$$$$$$$$$$$$$$$$$$ hilbert -h ##################################
usage: hilbert [-h] [-p] [-V] [-v | -q] [-H] subcommand
Hilbert - server tool: loads configuration and does something using it
positional arguments:
subcommand :
app_change change station's top application
cfg_deploy deploy station's local configuration to corresponding host
cfg_query query some part of configuraton. possibly dump it to a file
cfg_verify verify the correctness of Hilbert Configuration .YAML file
list_applications list application IDs
list_groups list (named) group IDs
list_profiles list profile IDs
list_services list service IDs
list_stations list station IDs
start poweron a station
stop shutdown a station
optional arguments:
-h, --help show this help message and exit
-p, --pedantic turn on pedantic mode
-V, --version show hilbert's version and exit
-v, --verbose increase verbosity
-q, --quiet decrease verbosity
-H, --helpall show detailed help and exit
$$$$$$$$$$$$$$$$$$$$$$$$ hilbert -H ##################################
usage: hilbert app_change [-h]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
StationID ApplicationID
positional arguments:
StationID specify the station
ApplicationID new top Application
optional arguments:
-h, --help show hilbert app_change's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert cfg_deploy [-h]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
StationID
positional arguments:
StationID specify the station
optional arguments:
-h, --help show hilbert cfg_deploy's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert cfg_query [-h] [-o OBJECT] [-od OUTPUTDUMP]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
optional arguments:
-h, --help show hilbert cfg_query's help message
-o OBJECT, --object OBJECT
specify the object in the config (default: 'all')
-od OUTPUTDUMP, --outputdump OUTPUTDUMP
specify output dump file
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert cfg_verify [-h] [configfile]
positional arguments:
configfile input .YAML file, default: 'Hilbert.yml'
optional arguments:
-h, --help show hilbert cfg_verify's help message
usage: hilbert list_applications [-h]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
optional arguments:
-h, --help show hilbert list_applications's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert list_groups [-h]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
optional arguments:
-h, --help show hilbert list_groups's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert list_profiles [-h]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
optional arguments:
-h, --help show hilbert list_profiles's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert list_services [-h]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
optional arguments:
-h, --help show hilbert list_services's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert list_stations [-h]
[--configfile CONFIGFILE | --configdump CONFIGDUMP]
optional arguments:
-h, --help show hilbert list_stations's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert start [-h] [--configfile CONFIGFILE | --configdump CONFIGDUMP]
StationID
positional arguments:
StationID station to power-on via network
optional arguments:
-h, --help show hilbert start's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
usage: hilbert stop [-h] [--configfile CONFIGFILE | --configdump CONFIGDUMP]
StationID
positional arguments:
StationID specify the station
optional arguments:
-h, --help show hilbert stop's help message
--configfile CONFIGFILE
specify input .YAML file (default: 'Hilbert.yml')
--configdump CONFIGDUMP
specify input dump file
Raw
HilbertStationCLI.txt
usage: hilbert-station [-h] [-p] [-V] [-v | -q] subcommand
Hilbert - client part for Linux systems
positional arguments:
subcommand:
app_change <app_id> Change the currently running top application to specified one
start Start Hilbert on the system
stop Stop Hilbert on the system and shutdown it
prepare [<new_cfg>] Update after installing a new local configuration (post-deployment action)
dm_start <vm_name> Start a VM using docker-machine
optional arguments:
-h show this help message and exit
-V show version info and exit
-p turn on pedantic mode
-v increase verbosity
-q decrease verbosity
Raw
mini_sample.yml
Version: 0.6.0 # 0.MAJOR.MINOR, later: MAJOR.MINOR
Services: # file: docker-compose.yml,
omd_agent: { type: compose, ref: omd_agent, auto_detections: 'export HB_URL=${HILBERT_HEARTBEAT_URL}' }
omd: { type: compose, ref: omd_anew, auto_detections: 'export OMD=${HILBERT_OMD_PATH}' }
# ptmx, registry, mng, qr_handler
Profiles:
standalone:
services: []
description: Generic Networking, without SSH & Docker & OMD agent.
name: standalone
supported_types: []
server:
services: [ omd_agent, omd ] # , ptmx, registry, mng
description: Only for Server Station
name: server
supported_types: [ compose ]
simple:
services: [ omd_agent ] # ptmx,
description: Any Linux station without QR Scanner
name: simple
supported_types: [ compose ]
qr:
services: [ omd_agent ] # ptmx, qr_handler
description: Linux stations with QR Scanner
name: Tracking
supported_types: [ compose ]
Stations:
station_defaults: # fake station: only used to share default settings
name: hidden default station
description: Not a real station - Just hidden default settings
profile: standalone
omd_tag: standalone
address: Problematic.SSH.Alias
hidden: true # hide on Dashboard
client_settings:
hilbert_autostart: true # Station starts Hilbert upon booting
hilbert_autostart_delay: 20 # … with this delay in [sec]
HILBERT_PREFERRED_LANGUAGE: de
HILBERT_HEARTBEAT_URL: http://127.0.0.1:8888
HILBERT_CUPS_SERVER: printer1.public.supernova:631
HILBERT_HIDE_MOUSE_CURSOR: 1
HILBERT_ALSA_CARD: 1
HILBERT_CUSTOMIZATIONS: nv,alsa
testhost1:
profile: standalone
omd_tag: standalone
hidden: false
description: Some STANDALONE Station
name: Test 1
address: test1.host.dns.name
poweron_settings: { type: WOL, mac: '11:22:33:44:55:66', auto_turnon: true }
supernova:
extends: station_defaults
hidden: true #
description: 'Server Station: Supernova'
name: Supernova Server
address: supernova.mfo.de
profile: server
omd_tag: agent
client_settings:
hilbert_autostart_delay: 0 # no delay before starting Hilbert here
HILBERT_SERVER_CONFIG_PATH: '${HOME}/.config/hilbert-server/' # where to keep sync'ed content
HILBERT_OMD_PATH: '${HOME}/.config/hilbert-omd/' # persistent storage for OMD
HILBERT_REGISTRY_DATA_PATH: '${HOME}/.config/hilbert-registry-data/' # persistent storage for docker registry
vb_hb_test_a:
extends: station_defaults
hidden: false
address: 192.168.99.109 # No static DNS host name for VMs
description: 'Testing Virtual Station: A'
name: 'Virtual Station: Test A'
omd_tag: agent
profile: simple
poweron_settings: { type: DockerMachine, auto_turnon: true, vm_host_address: supernova.mfo.de, vm_name: vb-hb-test-a }
client_settings:
hilbert_autostart_delay: 10 # 10 sec. delay before starting here Hilbert-CLI-Station
hilbert_station_default_application: hb_test_a
Groups:
mygroup: { simple, exclude: [qr] }
Applications:
hb_test:
type: compose
ref: hb_test # file: docker-compose.yml # default - may be omitted
auto_detections: 'export HB_URL=${HILBERT_HEARTBEAT_URL}'
name: HB-Test
description: Random HB testing
compatibleStations: { mygroup }
Raw
sshagent_within_docker.sh
#!/bin/bash
#AFAIR we already required password-less ssh for all stations and the server from the server host. Therefore no need to touch `~/.ssh/` (e.g. for adding something into ~/.ssh/authorized_keys).
#We can just use `ssh -G <SERVER_ADDRESS>` to find out all ssh options for accessing the server.
#Note: station's `<ADDRESS>` will be put into some local config under `~/.config/hilbert-cli-station/`.
# Instead of mounting the corresponding private key into docker container - we may use `ssh-agent` to securely forward the host's identities into any docker container by **mounting the socket** specified by `$SSH_AUTH_SOCK`... Additionally, the container will need to know the rest of server's ssh options (port/user/hostname) - which can be forwarded e.g. via environment variables.
# Currently it also tries to deal with the host's OpenSSH configuration almost like option 2 **but** for a single proxy access we may also specify `SSH_IDENTITYFILE/SSH_USER/SSH_PORT/SSH_HOSTNAME` as local settings for the management service.
ADDRESS="$1"
if [ -z "${ADDRESS}" ]; then
echo "Usage: $0 <ssh_alias>"
exit 1
fi
ssh -G "${ADDRESS}" > /dev/null
if [ $? -ne 0 ]; then
echo "Wrong ssh alias: '$ADDRESS'"
exit 2
else
#! Get ssh connection details for the given ssh alias from ssh itself:
for f in identityfile user port hostname ; do
eval "export SSH_${f^^}=\$( ssh -G '${ADDRESS}' | grep -i '^$f ' | sed 's@^$f @@ig')"
done
export SSH_IDENTITYFILE=$(readlink -f `echo "${SSH_IDENTITYFILE}" | sed "s@~@${HOME}@"`)
echo "ssh_identityfile: ${SSH_IDENTITYFILE}"
echo "ssh_user: ${SSH_USER}"
echo "ssh_hostname: ${SSH_HOSTNAME}"
echo "ssh_port: ${SSH_PORT}"
export SSH_OPTS="\
-o ForwardX11=no -o StrictHostKeyChecking=no -o BatchMode=yes -o PasswordAuthentication=no -o UserKnownHostsFile=/dev/null \
-o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o Compression=yes -o ForwardAgent=no \
-o ControlMaster=auto -o ControlPath=/root/.ssh/%r@%h:%p -o ControlPersist=10m \
-o User=${SSH_USER} -o HostName=${SSH_HOSTNAME} -o Port=${SSH_PORT}"
export SSH="ssh -F /dev/null ${SSH_OPTS}"
export SCP="scp -F /dev/null ${SSH_OPTS}"
# echo "[${SSH}]"
fi
SSH_ENV="$HOME/.ssh/environment"
function start_agent {
echo "Initialising new SSH agent..."
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
echo succeeded
chmod 600 "${SSH_ENV}"
. "${SSH_ENV}" > /dev/null
/usr/bin/ssh-add;
}
#! if NO ssh agent was pre-configured...
if [ -z "${SSH_AGENT_PID}" ]; then
#! but previously started are available...
if [ -f "${SSH_ENV}" ]; then
#! then we try reading them...
. "${SSH_ENV}"
#! and check whether that agent is still running?
ps -ef | grep "${SSH_AGENT_PID}" | grep ssh-agent$ > /dev/null || {
#! Otherwise we start ssh agent anew
start_agent;
}
else
#! Otherwise we start ssh agent anew
start_agent;
fi
fi
#! Now there should be ssh agent configured one way or another:
echo "SSH_AGENT_PID=${SSH_AGENT_PID}"
ps -ef | grep "${SSH_AGENT_PID}" | grep ssh-agent
echo "SSH_AUTH_SOCK=${SSH_AUTH_SOCK}"
ls -lha "${SSH_AUTH_SOCK}"
#! Previous identities:
ssh-add -l # ssh-add -L
#! Add the necessary identity to ssh agent
ssh-add "${SSH_IDENTITYFILE}"
#! should be listed by the following:
ssh-add -l
export DSOCK="/root/.ssh/ssh-agent.sock"
docker run --rm -it --volume $(readlink -f $SSH_AUTH_SOCK):${DSOCK} --env SSH_AUTH_SOCK="${DSOCK}" malex984/dockapp:base -- /bin/bash -c "hostname; ssh-add -l; ${SSH} -v -v -v ${ADDRESS}; ls -laR /root/.ssh/"
#! TODO: on exit:
# ssh-add -d "${SSH_IDENTITYFILE}" #! remove ?
# ssh-add -D #! remove all identities
# ssh-agent -k #! kill the agent...
@malex984
Copy link
Author

malex984 commented Oct 7, 2016
edited
Loading

I used http://yaml-online-parser.appspot.com/ to verify all_flat.yml and to output it in other formats: JSON & Python

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment