Use systemd as init with /sbin/init
This commit is contained in:
@@ -55,11 +55,11 @@ RUN chmod +x /root/vpn-sso.sh
|
||||
# Copy AnyConnect preferences
|
||||
COPY .anyconnect_global /opt/cisco/secureclient/vpn/.anyconnect_global
|
||||
|
||||
# Copy and install systemd services
|
||||
COPY rego-vpn-setup.sh /usr/local/bin/rego-vpn-setup.sh
|
||||
COPY rego-vpn-gui.sh /usr/local/bin/rego-vpn-gui.sh
|
||||
RUN chmod +x /usr/local/bin/rego-vpn-setup.sh /usr/local/bin/rego-vpn-gui.sh
|
||||
# Copy entrypoint script
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
# Copy systemd services
|
||||
COPY rego-vpn.service /etc/systemd/system/rego-vpn.service
|
||||
COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
|
||||
|
||||
@@ -67,13 +67,9 @@ COPY cisco-vpnagentd.service /etc/systemd/system/cisco-vpnagentd.service
|
||||
RUN systemctl enable rego-vpn.service && \
|
||||
systemctl enable cisco-vpnagentd.service
|
||||
|
||||
# Keep old entrypoint as fallback script
|
||||
COPY entrypoint.sh /entrypoint.sh
|
||||
RUN chmod +x /entrypoint.sh
|
||||
|
||||
VOLUME [ "/sys/fs/cgroup" ]
|
||||
EXPOSE 8806
|
||||
|
||||
# Use systemd as init
|
||||
STOPSIGNAL SIGRTMIN+3
|
||||
ENTRYPOINT ["/lib/systemd/systemd"]
|
||||
CMD ["/sbin/init"]
|
||||
|
||||
@@ -7,6 +7,8 @@ Wants=dbus.service
|
||||
Type=forking
|
||||
ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh
|
||||
ExecStartPre=-/bin/rm -f /root/.cisco/hostscan/.libcsd.ipc
|
||||
ExecStartPre=-/bin/rm -f /run/vpnagentd.pid
|
||||
ExecStartPre=-/bin/rm -f /run/scan.pid
|
||||
ExecStart=/opt/cisco/secureclient/bin/vpnagentd
|
||||
Restart=on-failure
|
||||
RestartSec=3
|
||||
|
||||
@@ -36,15 +36,7 @@ start_gui() {
|
||||
pids+=($!)
|
||||
}
|
||||
|
||||
start_vpnagent() {
|
||||
# Load TUN module if needed
|
||||
/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
|
||||
# Clean up stale IPC socket
|
||||
rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
|
||||
# Start Cisco VPN agent daemon
|
||||
/opt/cisco/secureclient/bin/vpnagentd &
|
||||
pids+=($!)
|
||||
}
|
||||
# vpnagentd is now started by systemd (cisco-vpnagentd.service)
|
||||
|
||||
setup_tun() {
|
||||
mkdir -p /dev/net
|
||||
@@ -73,7 +65,6 @@ setup_tun
|
||||
setup_nat
|
||||
start_dbus
|
||||
start_gui
|
||||
start_vpnagent
|
||||
start_terminal
|
||||
|
||||
echo "All services started. noVNC available on port $NOVNC_PORT"
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Main GUI service for Rego VPN
|
||||
|
||||
NOVNC_PORT="${NOVNC_PORT:-8806}"
|
||||
DISPLAY_ADDR="${DISPLAY:-:1}"
|
||||
|
||||
# Start Xvfb
|
||||
Xvfb "$DISPLAY_ADDR" -screen 0 ${XVFB_WxHxD:-1280x800x24} +extension RANDR &
|
||||
XVFB_PID=$!
|
||||
sleep 1
|
||||
|
||||
export DISPLAY="$DISPLAY_ADDR"
|
||||
|
||||
# Start window manager
|
||||
fluxbox >/tmp/fluxbox.log 2>&1 &
|
||||
|
||||
# Start VNC server
|
||||
x11vnc -display "$DISPLAY_ADDR" -rfbauth /root/.vnc/pass -forever -shared -rfbport 5900 -quiet &
|
||||
|
||||
# Start websockify for noVNC
|
||||
websockify --web=/usr/share/novnc/ 0.0.0.0:"$NOVNC_PORT" localhost:5900 >/tmp/websockify.log 2>&1 &
|
||||
|
||||
# Start terminal
|
||||
sleep 1
|
||||
xterm -fa 'Monospace' -fs 11 -bg black -fg white -geometry 120x35+50+50 \
|
||||
-T "Rego VPN" -e bash &
|
||||
|
||||
echo "Rego VPN GUI started on port $NOVNC_PORT"
|
||||
|
||||
# Wait for Xvfb (main process)
|
||||
wait $XVFB_PID
|
||||
@@ -1,31 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Pre-start setup for Rego VPN
|
||||
|
||||
# Add VPN hosts entries
|
||||
grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts
|
||||
grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts
|
||||
|
||||
# Setup TUN device
|
||||
mkdir -p /dev/net
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mknod /dev/net/tun c 10 200 2>/dev/null || true
|
||||
chmod 600 /dev/net/tun
|
||||
fi
|
||||
|
||||
# Enable IP forwarding
|
||||
sysctl -w net.ipv4.ip_forward=1 >/dev/null 2>&1 || true
|
||||
|
||||
# Load TUN module
|
||||
/opt/cisco/secureclient/bin/load_tun.sh 2>/dev/null || true
|
||||
|
||||
# Clean up stale IPC socket
|
||||
rm -f /root/.cisco/hostscan/.libcsd.ipc 2>/dev/null || true
|
||||
|
||||
# Setup VNC password
|
||||
mkdir -p /root/.vnc
|
||||
x11vnc -storepasswd "${VNC_PASSWORD:-vpnpass}" /root/.vnc/pass >/dev/null 2>&1 || true
|
||||
|
||||
# Clean up old X locks
|
||||
rm -f /tmp/.X1-lock /tmp/.X11-unix/X1 2>/dev/null || true
|
||||
|
||||
echo "Rego VPN setup complete"
|
||||
@@ -5,11 +5,7 @@ Wants=dbus.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
Environment=DISPLAY=:1
|
||||
Environment=NOVNC_PORT=8806
|
||||
Environment=VNC_PASSWORD=vpnpass
|
||||
ExecStartPre=/usr/local/bin/rego-vpn-setup.sh
|
||||
ExecStart=/usr/local/bin/rego-vpn-gui.sh
|
||||
ExecStart=/entrypoint.sh
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
|
||||
Reference in New Issue
Block a user