From 47c3a14269164ec774e63b37f94bd331e27634ca Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Mon, 27 Dec 2021 15:37:01 +0000 Subject: [PATCH] initial commit --- .drone.yml | 30 +++++++++++++++++++++ Dockerfile | 5 ++++ README.md | 5 ++++ rsync.sh | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 118 insertions(+) create mode 100644 .drone.yml create mode 100644 Dockerfile create mode 100755 rsync.sh diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..71fb0c2 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,30 @@ +--- +kind: pipeline +type: docker +name: docker-build + +steps: + +- name: docker + image: plugins/docker + settings: + registry: c8n.io + repo: c8n.io/simonburblecom/rsync + username: + from_secret: DOCKER_USER + password: + from_secret: DOCKER_PW + +--- +kind: secret +name: DOCKER_USER +get: + path: burble.dn42/kv/data/drone/docker + name: username + +--- +kind: secret +name: DOCKER_PW +get: + path: burble.dn42/kv/data/drone/docker + name: password diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..02b70d0 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine +RUN apk add --update bash jq openssh-client rsync && rm -rf /var/cache/apk/* +ADD rsync.sh /rsync.sh +ENTRYPOINT [ '/rsync.sh' ] + diff --git a/README.md b/README.md index 5128280..6863419 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,7 @@ # docker-rsync +[![Build Status](https://ci.burble.dn42/api/badges/burble.dn42/docker-rsync/status.svg?ref=refs/heads/main)](https://ci.burble.dn42/burble.dn42/docker-rsync) + +burble.dn42 specific docker image to rsync application data to a host + + diff --git a/rsync.sh b/rsync.sh new file mode 100755 index 0000000..d59c59b --- /dev/null +++ b/rsync.sh @@ -0,0 +1,78 @@ +#!/bin/bash +########################################################################## + +tdir='' + +function cleanup { + if [ -n "$tdir" -a -d "$tdir" ] + then + rm -rf "$tdir" + fi +} +trap cleanup EXIT + +########################################################################## +# figure out args + +rsync_hosts=( ${1//,/ } ) +rsync_src="$2" +rsync_dst="$3" + +if [ -z "$rsync_dst" ] +then + echo "Usage: $0 " + exit 1 +fi + +opts='-av' +extra_args='' + +if [ -n "$RSYNC_CHOWN" ] +then + opts+='og' + extra_args+=" --chown ${RSYNC_CHOWN}" +fi + +if [ -n "$RSYNC_CHMOD" ] +then + opts+='p' + extra_args+=" --chmod=${RSYNC_CHMOD}" +fi + +########################################################################## +# generate a temporary key + +tdir=$(mktemp -d rsync.XXXXXX) +key="${tdir}/rsync" +ssh-keygen -t ed25519 -a 100 -N '' -f "$key" +pubkey=$(cat "${key}.pub") + +url='https://vault.burble.dn42/v1/' +url+='burble.dn42/ssh/user/sign/rsync' + +json="{\"public_key\":\"${pubkey}\"}" + +wget -O- -q --header "X-Vault-Token: ${VAULT_TOKEN}" \ + --post-data="$json" "$url" \ + | jq -r .data.signed_key > "${key}-cert.pub" +if [ ! -s "${key}-cert.pub" ] +then + echo "Failed to sign ssh key" + exit 1 +fi + +########################################################################## +# do the rsync thing + +echo "Copying: $rsync_src -> $rsync_dst" +echo "Options: $opts $extra_args" + +for host in "${rsync_hosts[@]}" +do + echo "Syncing to host: $host" + rsync $opts --delete -e "ssh -i '${key}'" $extra_args \ + "$rsync_src" "root@${host}:${rsync_dst}" +done + +########################################################################## +# end of file