Initialization script for SSHFS


Cory Jett
 

I am looking for a way to push an application (ruby/node/java) and have a script run prior to the application starting that will setup SSHFS and move some of the content onto the share before the application starts. I was able to get the sample wordpress application working which includes this script that does exactly that but it is written in Python https://github.com/dmikusa-pivotal/cf-ex-wordpress/blob/master/.extensions/wordpress/extension.py. ideally, I would have a generic shell script that would run and set up SSHFS on deployment.

I attempted to accomplish this using a shell script in .profile.d but havent been able to get it working. If I get into a container and run the shell script it works fine. This is the script (which follows the same pattern as the wordpress python script, just in bash):


#!/bin/bash
mv $HOME/app/.ssh $HOME/
chmod 644 $HOME/.ssh/*
chmod 600 $HOME/.ssh/sshfs_rsa
mv $HOME/app/main.rb /tmp/
mkdir -p $HOME/app/SSHFS/
sshfs root(a)192.168.1.15:/root/ssh_target/ $HOME/app/SSHFS -o IdentityFile=$HOME/.ssh/sshfs_rsa -o StrictHostKeyChecking=yes -o UserKnownHostsFile=$HOME/.ssh/known_hosts -o idmap=user -o cache=yes -o kernel_cache -o compression=no -o large_read
mv /tmp/main.rb $HOME/app/SSHFS/
fusermount -uz $HOME/app/SSHFS

Any ideas what I am doing wrong or if there is a better way to accomplish this?


Daniel Mikusa
 

There's a branch of that repo that uses a .profile.d script.


https://github.com/dmikusa-pivotal/cf-ex-wordpress/blob/pcf-sshfs-example/.profile.d/setup.sh

It's a little different than the Python one as it pulls the connection info
from a bound service, but you don't have to do that.


https://github.com/dmikusa-pivotal/cf-ex-wordpress/blob/pcf-sshfs-example/.profile.d/setup.sh#L33-L36

Some additional comments inline...


#!/bin/bash
mv $HOME/app/.ssh $HOME/
chmod 644 $HOME/.ssh/*
chmod 600 $HOME/.ssh/sshfs_rsa
mv $HOME/app/main.rb /tmp/
mkdir -p $HOME/app/SSHFS/
sshfs root(a)192.168.1.15:

Can you access 192.168.1.15 from the container? You might try adding a
`ping -c 5 192.168.1.15` earlier in the script to test that. If it doesn't
work check your security groups and make sure that you can route to that
network.



/root/ssh_target/ $HOME/app/SSHFS -o IdentityFile=$HOME/.ssh/sshfs_rsa -o
StrictHostKeyChecking=yes -o UserKnownHostsFile=$HOME/.ssh/known_hosts -o
idmap=user -o cache=yes -o kernel_cache -o compression=no -o large_read
Try running this command from your PC and make sure it works and that it
connects without prompting for a password. That last bit is critical or
you need to change the command so that the password is piped in like this.

https://github.com/dmikusa-pivotal/cf-ex-wordpress/blob/pcf-sshfs-example/.profile.d/setup.sh#L48-L56



mv /tmp/main.rb $HOME/app/SSHFS/
fusermount -uz $HOME/app/SSHFS
The Python script is run by the build pack, so it runs during staging.
This is why it unmounts the volume. A .profile.d script runs in the
runtime container prior to the application starting. You probably don't
want to unmount the drive or it won't be accessible. You also want to make
sure that it runs in the background or your script will just hang.

Dan


Cory Jett
 

Perfect, thanks! I had to do a little hacking to make it work right since it is using the SSHFS service (which we arent using) and it is setup to use credentials (and not keys) but otherwise it worked great.


Daniel Mikusa
 

Awesome! Any chance you could share the final product? Sounds like it
could be useful to others.

Dan

On Tue, Oct 13, 2015 at 3:52 PM, Cory Jett <cory.jett(a)gmail.com> wrote:

Perfect, thanks! I had to do a little hacking to make it work right since
it is using the SSHFS service (which we arent using) and it is setup to use
credentials (and not keys) but otherwise it worked great.


Cory Jett
 

Sure! Let me figure out a good way to pull VCAP_SERVICES in BASH and then Ill post back.


Daniel Mikusa
 

I think recent versions of the cflinuxfs2 stack have jq installed on them.

Dan

On Wed, Oct 14, 2015 at 1:18 PM, Cory Jett <cory.jett(a)gmail.com> wrote:

Sure! Let me figure out a good way to pull VCAP_SERVICES in BASH and then
Ill post back.