Merge pull request #7 from utilitywarehouse/remove-docker

Author: hectorhuertas

.goreleaser.yml

@@ -0,0 +1,19 @@
+builds:
+  - id: main
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    goarch:
+      - amd64
+archives:
+  - id: main
+    builds:
+      - main
+    format: binary
+    files:
+      - none*
+release:
+  github:
+    owner: utilitywarehouse
+    name: ssh-key-agent

.travis.yml

@@ -0,0 +1,15 @@
+language: go
+
+go:
+  - 1.15.x
+
+script:
+  - curl -sfL https://git.io/goreleaser | sh -s -- check # check goreleaser config for deprecations
+
+# calls goreleaser
+deploy:
+  - provider: script
+    skip_cleanup: true
+    script: curl -sL https://git.io/goreleaser | bash
+    on:
+      tags: true

README.md

@@ -1,7 +1,5 @@
 # ssh-key-agent
 
-[![Docker Repository on Quay](https://quay.io/repository/utilitywarehouse/ssh-key-agent/status "Docker Repository on Quay")](https://quay.io/repository/utilitywarehouse/ssh-key-agent)
-
 Companion service for https://github.com/utilitywarehouse/ssh-key-manager runs
 on the host and populates `authorized_keys` file based on the groups provided.
 
@@ -18,16 +16,7 @@ Required environment variables:
 
 #### systemd service file
 
-Requires docker install
-
-Whatever file you are mounting into container needs to exist prior, otherwise
-docker will create it as directory:
-
-> If you use -v or --volume to bind-mount a file or directory that does not yet
-> exist on the Docker host, -v will create the endpoint for you. It is always
-> created as a directory.
-
-example Systemd service: [./terraform/resources/ssh-key-agent.service](./terraform/resources/ssh-key-agent.service)
+Example Systemd service: [./terraform/resources/ssh-key-agent.service](./terraform/resources/ssh-key-agent.service)
 
 ### terraform module
 
@@ -36,6 +25,41 @@ Repository includes a terraform module, for use instructions have a look at
 
 ### releasing
 
-Before creating a tag / release in Github, please update the Docker image
-reference in
-[./terraform/variables.tf](./terraform/variables.tf)
+Before creating a tag/release in Github, please update the verion in [./terraform/variables.tf](./terraform/variables.tf)
+
+### Docker instructions
+
+If you prefer to run ssh-key-agent with docker, here's an example service:
+
+```
+[Unit]
+Description=ssh-key-agent
+After=docker.service
+Requires=docker.service
+[Service]
+Restart=on-failure
+ExecStartPre=-/usr/bin/mkdir -p /home/core/.ssh
+ExecStartPre=-/usr/bin/touch /home/core/.ssh/authorized_keys
+ExecStartPre=-/usr/bin/chown -R "core":"core" /home/core/.ssh
+ExecStartPre=-/usr/bin/chmod 700 /home/core/.ssh
+ExecStartPre=-/usr/bin/chmod 644 /home/core/.ssh/authorized_keys
+ExecStart=/bin/sh -c 'docker run --name=%p_$(uuidgen) --rm \
+ -v /home/core/.ssh/authorized_keys:/authorized_keys \
+ -e SKA_KEY_URI=${uri} \
+ -e SKA_GROUPS=${groups} \
+ -e SKA_AKF_LOC=/authorized_keys \
+ -e SKA_INTERVAL=60 \
+ quay.io/utilitywarehouse/ssh-key-agent:${version}'
+ExecStop=/bin/sh -c 'docker stop -t 3 "$(docker ps -q --filter=name=%p_)"'
+[Install]
+WantedBy=multi-user.target
+```
+
+[![Docker Repository on Quay](https://quay.io/repository/utilitywarehouse/ssh-key-agent/status "Docker Repository on Quay")](https://quay.io/repository/utilitywarehouse/ssh-key-agent)
+
+Whatever file you are mounting into container needs to exist prior, otherwise
+docker will create it as directory:
+
+> If you use -v or --volume to bind-mount a file or directory that does not yet
+> exist on the Docker host, -v will create the endpoint for you. It is always
+> created as a directory.

go.mod

@@ -0,0 +1,5 @@
+module github.com/utilitywarehouse/ssh-key-agent
+
+go 1.15
+
+require golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0

go.sum

@@ -0,0 +1,8 @@
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 h1:hb9wdF1z5waM+dSIICn1l0DkLVDT3hqhhQsDNUmHPRE=
+golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

terraform/README.md

@@ -6,13 +6,13 @@ The input variables are documented in their description and it's best to refer
 to [variables.tf](variables.tf).
 
 ## Outputs
-- `id` - the id of the ignition systemd unit file
-- `template_rendered` - the systemd unit template, rendered with the provided variables
+- `unit` - the ignition systemd unit file
+- `file` - the ignition file to setup the ssh-key-agent binary
 
 ## Usage
 ```hcl
 module "ssh_key_agent" {
-  source = "github.com/utilitywarehouse/tf_ssh_key_agent"
+  source = "github.com/utilitywarehouse/ssh-key-agent//terraform"
 
   groups  = [
     "[email protected]",

terraform/main.tf

@@ -1,11 +1,21 @@
+data "ignition_file" "ssh-key-agent" {
+  mode       = 493
+  filesystem = "root"
+  path       = "/opt/bin/ssh-key-agent"
+
+  source {
+    source = "https://github.com/utilitywarehouse/ssh-key-agent/releases/download/${var.agent_version}/ssh-key-agent_${var.agent_version}_linux_amd64"
+  }
+}
+
 data "ignition_systemd_unit" "ssh-key-agent" {
   name    = "ssh-key-agent.service"
   enabled = var.enabled
   content = templatefile("${path.module}/resources/ssh-key-agent.service",
     {
       uri     = var.uri
       groups  = "${join(",", var.groups)}"
-      version = var.docker_image_version
+      version = var.agent_version
     }
   )
 }

terraform/outputs.tf

@@ -1,3 +1,7 @@
-output "id" {
+output "unit" {
   value = data.ignition_systemd_unit.ssh-key-agent.rendered
 }
+
+output "file" {
+  value = data.ignition_file.ssh-key-agent.rendered
+}

terraform/resources/ssh-key-agent.service

@@ -1,21 +1,18 @@
 [Unit]
 Description=ssh-key-agent
-After=docker.service
-Requires=docker.service
+After=network-online.target
+Wants=network-online.target
 [Service]
 Restart=on-failure
 ExecStartPre=-/usr/bin/mkdir -p /home/core/.ssh
 ExecStartPre=-/usr/bin/touch /home/core/.ssh/authorized_keys
 ExecStartPre=-/usr/bin/chown -R "core":"core" /home/core/.ssh
 ExecStartPre=-/usr/bin/chmod 700 /home/core/.ssh
 ExecStartPre=-/usr/bin/chmod 644 /home/core/.ssh/authorized_keys
-ExecStart=/bin/sh -c 'docker run --name=%p_$(uuidgen) --rm \
- -v /home/core/.ssh/authorized_keys:/authorized_keys \
- -e SKA_KEY_URI=${uri} \
- -e SKA_GROUPS=${groups} \
- -e SKA_AKF_LOC=/authorized_keys \
- -e SKA_INTERVAL=60 \
- quay.io/utilitywarehouse/ssh-key-agent:${version}'
-ExecStop=/bin/sh -c 'docker stop -t 3 "$(docker ps -q --filter=name=%p_)"'
+Environment="SKA_KEY_URI=${uri}"
+Environment="SKA_GROUPS=${groups}"
+Environment="SKA_AKF_LOC=/home/core/.ssh/authorized_keys"
+Environment="SKA_INTERVAL=60"
+ExecStart=/opt/bin/ssh-key-agent
 [Install]
 WantedBy=multi-user.target

terraform/variables.tf

@@ -8,9 +8,9 @@ variable "groups" {
   description = "A list of allowed google groups"
 }
 
-variable "docker_image_version" {
+variable "agent_version" {
   type        = string
-  default     = "1.0.6"
+  default     = "1.0.7"
   description = "The ssh-key-agent version"
 }