testing

Prevent running 'vagrant ssh' as root
Resolve possible issues with 'vagrant ssh' when executed as root
2024-03-05 00:00:53 -05:00 · 2024-03-04 23:42:40 -05:00 · 2023-12-09 13:16:46 -05:00 · 2023-12-09 13:04:07 -05:00
3 changed files with 35 additions and 57 deletions
--- a/dev/dockerbox.yml
+++ b/dev/dockerbox.yml
@@ -5,10 +5,9 @@
    - host_vars/dockerbox.yml
  roles:
    - base
-    - proxy
-    - mariadb
    - docker
-    # - nextcloud
-    # - jenkins
-    # - prometheus
-    # - nginx
+    - traefik
+    - nextcloud
+    - jenkins
+    - prometheus
+    - nginx
--- a/dev/host_vars/dockerbox.yml
+++ b/dev/host_vars/dockerbox.yml
@@ -2,54 +2,29 @@
 allow_reboot: false
 manage_network: false

-# Import my GPG key for git signature verification
-root_gpgkeys:
-  - name: kris@lamoureux.io
-    id: FBF673CEEC030F8AECA814E73EDA9C3441EDA925
-
-# proxy
-proxy:
-  servers:
-    # This exposes over 0.0.0.0:443 instead of 127.0.0.1:8443
-    #- domain: traefik.local.krislamo.org
-    #  proxy_pass: https://127.0.0.1:8443
-    - domain: cloud.local.krislamo.org
-      proxy_pass: http://127.0.0.1:8000
-
 # docker
-docker_official: true # docker's apt repos
 docker_users:
  - vagrant

-docker_compose_env_nolog: false # dev only setting
-docker_compose_deploy:
-  # Traefik
-  - name: traefik
-    url: https://github.com/krislamo/traefik
-    version: e03268af4cf942c47cba66c2112628dbcad1b756
-    path: docker-compose.web.yml
-    enabled: true
-    accept_newhostkey: true
-    trusted_keys:
-      - FBF673CEEC030F8AECA814E73EDA9C3441EDA925
-    env:
-      ENABLE: true
-  # Nextcloud
-  - name: nextcloud
-    url: https://git.krislamo.org/kris/nextcloud
-    version: a2e38cec703839211e11dc8347b4cdd62fa6f24d
-    enabled: true
-    env:
-      DATA: ./data
+# traefik
+traefik_version: latest
+traefik_dashboard: true
+traefik_domain: traefik.local.krislamo.org
+traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
+traefik_web_entry: 0.0.0.0:80
+traefik_websecure_entry: 0.0.0.0:443
+#traefik_acme_email: realemail@example.com # Let's Encrypt settings
+#traefik_production: true
+#traefik_http_only: true # if behind reverse-proxy

 # nextcloud
-#nextcloud_version: stable
-#nextcloud_admin: admin
-#nextcloud_pass: password
-#nextcloud_domain: cloud.local.krislamo.org
+nextcloud_version: stable
+nextcloud_admin: admin
+nextcloud_pass: password
+nextcloud_domain: cloud.local.krislamo.org

-#nextcloud_dbversion: latest
-#nextcloud_dbpass: password
+nextcloud_dbversion: latest
+nextcloud_dbpass: password

 # jenkins
 jenkins_version: lts
--- a/forward-ssh.sh
+++ b/forward-ssh.sh
@@ -22,13 +22,12 @@

 # Root check
 if [ "$EUID" -ne 0 ]; then
-  echo "[ERROR]: Please run script as root"
+  echo "[ERROR]: Please run this script as root"
  exit 1
 fi

 # Clean environment
 unset PRIVATE_KEY
-unset HOST_IP
 unset MATCH_PATTERN
 unset PKILL_ANSWER

@@ -41,8 +40,8 @@ function ssh_connect {
      printf "[INFO]: Starting new vagrant SSH tunnel on PID "
      sudo -u "$USER" ssh -fNT -i "$PRIVATE_KEY" \
        -L 22:localhost:22 \
-        -L 80:localhost:80 \
-        -L 443:localhost:443 \
+        -L 80:"$HOST_IP":80 \
+        -L 443:"$HOST_IP":443 \
        -L 8443:localhost:8443 \
        -o UserKnownHostsFile=/dev/null \
        -o StrictHostKeyChecking=no \
@@ -51,7 +50,7 @@ function ssh_connect {
      pgrep -f "$MATCH_PATTERN"
      ;;
    *)
-      echo "[INFO]: Delined to start a new vagrant SSH tunnel"
+      echo "[INFO]: Declined to start a new vagrant SSH tunnel"
      exit 0
      ;;
  esac
@@ -64,7 +63,7 @@ PRIVATE_KEY="$(find .vagrant -name "private_key" 2>/dev/null | sort)"
 if [ "$(echo "$PRIVATE_KEY" | wc -l)" -gt 1 ]; then
  while IFS= read -r KEYFILE; do
    if ! ssh-keygen -l -f "$KEYFILE" &>/dev/null; then
-      echo "[ERROR]: The SSH key '$KEYFILE' is not valid. Is your virtual machines running?"
+      echo "[ERROR]: The SSH key '$KEYFILE' is not valid. Are your virtual machines running?"
      exit 1
    fi
    echo "[CHECK]: Valid key at $KEYFILE"
@@ -78,12 +77,17 @@ else
 fi

 # Grab first IP or use whatever HOST_IP_FIELD is set to and check that the guest is up
-HOST_IP="$(vagrant ssh -c "hostname -I | cut -d' ' -f${HOST_IP_FIELD:-1}" "${1:-default}" 2>/dev/null)"
 if [ -z "$HOST_IP" ]; then
+  HOST_IP="$(sudo -u "$SUDO_USER" vagrant ssh -c "hostname -I | cut -d' ' -f${HOST_IP_FIELD:-1}" "${1:-default}" 2>/dev/null)"
+
+  if [ -z "$HOST_IP" ]; then
    echo "[ERROR]: Failed to find ${1:-default}'s IP"
    exit 1
+  fi
+  HOST_IP="${HOST_IP::-1}" # trim
+else
+  echo "[INFO]: HOST_IP configured by the shell environment"
 fi
-HOST_IP="${HOST_IP::-1}" # trim

 if ! ping -c 1 "$HOST_IP" &>/dev/null; then
  echo "[ERROR]: Cannot ping the host IP '$HOST_IP'"
Author	SHA1	Message	Date
Kris Lamoureux	d8eba3b7be	testing	2024-03-05 00:00:53 -05:00
Kris Lamoureux	01e8e22c01	Prevent running 'vagrant ssh' as root Resolve possible issues with 'vagrant ssh' when executed as root	2024-03-04 23:42:40 -05:00
Kris Lamoureux	a31bf233dc	Slight message tweaks in forward-ssh.sh script	2023-12-09 13:16:46 -05:00
Kris Lamoureux	60fafed9cd	Update forward-ssh.sh script for Swarm support - Address limitations in Swarm with loopback binding - Ensure compatibility with localhost DNS wildcard A record - Enable port forwarding on 80 and 443 using VM IP for Swarm compatibility - Retain 8443:localhost:8443 for non-Swarm setups	2023-12-09 13:04:07 -05:00