Add systemd support and pre-installed Cisco 5.1.14.145 binaries

- Add systemd, dbus packages to Dockerfile - Pre-install Cisco Secure Client 5.1.14.145 binaries - Add hosts entries for VPN servers at runtime - Add cgroup volume mount for systemd support - Start dbus daemon in entrypoint for Cisco client 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-24 21:51:26 +00:00
parent bed2e37610
commit cfb6b04563
6 changed files with 67 additions and 8 deletions
--- a/apps/rego-tunnel-linux/source/Dockerfile
+++ b/apps/rego-tunnel-linux/source/Dockerfile
@@ -1,7 +1,10 @@
 FROM ubuntu:24.04
-ENV DEBIAN_FRONTEND=noninteractive 
+ENV DEBIAN_FRONTEND=noninteractive
+ENV container=docker

+# Install systemd and required packages
 RUN apt-get update && apt-get install -y \
+    systemd systemd-sysv dbus dbus-x11 \
    iproute2 iptables ca-certificates \
    curl wget openssh-client \
    x11vnc xvfb fluxbox novnc websockify xterm nano oathtool \
@@ -17,18 +20,50 @@ RUN apt-get update && apt-get install -y \

 RUN apt-get update && (apt-get install -y libasound2t64 || apt-get install -y libasound2) && rm -rf /var/lib/apt/lists/*

-COPY cisco-secure-client-linux64-5.1.11.388-core-vpn-webdeploy-k9.sh /tmp/cisco-install.sh
-RUN chmod +x /tmp/cisco-install.sh && \
-    /tmp/cisco-install.sh && \
-    rm /tmp/cisco-install.sh
+# Configure systemd - remove unnecessary units
+RUN cd /lib/systemd/system/sysinit.target.wants/ && \
+    ls | grep -v systemd-tmpfiles-setup | xargs rm -f && \
+    rm -f /lib/systemd/system/multi-user.target.wants/* && \
+    rm -f /etc/systemd/system/*.wants/* && \
+    rm -f /lib/systemd/system/local-fs.target.wants/* && \
+    rm -f /lib/systemd/system/sockets.target.wants/*udev* && \
+    rm -f /lib/systemd/system/sockets.target.wants/*initctl* && \
+    rm -f /lib/systemd/system/basic.target.wants/* && \
+    rm -f /lib/systemd/system/anaconda.target.wants/* && \
+    rm -f /lib/systemd/system/plymouth* && \
+    rm -f /lib/systemd/system/systemd-update-utmp*

-COPY hostscan /root/.cisco/hostscan
-RUN chmod -R 755 /root/.cisco/hostscan
+# Copy and extract pre-built Cisco Secure Client 5.1.14.145
+COPY cisco-secureclient-5.1.14.145.tar.gz /tmp/
+RUN tar -xzf /tmp/cisco-secureclient-5.1.14.145.tar.gz -C / && \
+    rm /tmp/cisco-secureclient-5.1.14.145.tar.gz
+
+# Copy user data (hostscan, etc)
+COPY cisco-userdata.tar.gz /tmp/
+RUN tar -xzf /tmp/cisco-userdata.tar.gz -C /root && \
+    rm /tmp/cisco-userdata.tar.gz
+
+# Create Cisco systemd service
+RUN mkdir -p /etc/systemd/system && \
+    echo '[Unit]' > /etc/systemd/system/vpnagentd.service && \
+    echo 'Description=Cisco AnyConnect Secure Mobility Client Agent' >> /etc/systemd/system/vpnagentd.service && \
+    echo 'After=network.target' >> /etc/systemd/system/vpnagentd.service && \
+    echo '' >> /etc/systemd/system/vpnagentd.service && \
+    echo '[Service]' >> /etc/systemd/system/vpnagentd.service && \
+    echo 'Type=forking' >> /etc/systemd/system/vpnagentd.service && \
+    echo 'ExecStart=/opt/cisco/secureclient/bin/vpnagentd' >> /etc/systemd/system/vpnagentd.service && \
+    echo 'Restart=on-failure' >> /etc/systemd/system/vpnagentd.service && \
+    echo '' >> /etc/systemd/system/vpnagentd.service && \
+    echo '[Install]' >> /etc/systemd/system/vpnagentd.service && \
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/vpnagentd.service && \
+    systemctl enable vpnagentd.service 2>/dev/null || true

 COPY vpn-sso.sh /root/vpn-sso.sh
 RUN chmod +x /root/vpn-sso.sh

 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
+
+VOLUME [ "/sys/fs/cgroup" ]
 EXPOSE 8806
 ENTRYPOINT ["/entrypoint.sh"]
--- a/apps/rego-tunnel-linux/source/cisco-secureclient-5.1.14.145.tar.gz
+++ b/apps/rego-tunnel-linux/source/cisco-secureclient-5.1.14.145.tar.gz
--- a/apps/rego-tunnel-linux/source/cisco-userdata.tar.gz
+++ b/apps/rego-tunnel-linux/source/cisco-userdata.tar.gz
--- a/apps/rego-tunnel-linux/source/entrypoint.sh
+++ b/apps/rego-tunnel-linux/source/entrypoint.sh
@@ -7,6 +7,19 @@ DISPLAY_ADDR="${DISPLAY:-:1}"

 pids=()

+setup_hosts() {
+  # Add VPN hosts entries (Docker manages /etc/hosts, so add at runtime)
+  grep -q "vpn-ord1.dovercorp.com" /etc/hosts || echo "162.209.24.100 vpn-ord1.dovercorp.com" >> /etc/hosts
+  grep -q "vpn.dovercorp.com" /etc/hosts || echo "13.67.192.27 vpn.dovercorp.com" >> /etc/hosts
+}
+
+start_dbus() {
+  # Start dbus for Cisco Secure Client
+  mkdir -p /run/dbus
+  rm -f /run/dbus/pid
+  dbus-daemon --system --fork 2>/dev/null || true
+}
+
 start_gui() {
  mkdir -p /root/.vnc
  x11vnc -storepasswd "$VNC_PASSWORD" /root/.vnc/pass >/dev/null 2>&1 || true
@@ -24,7 +37,8 @@ start_gui() {
 }

 start_vpnagent() {
-  /opt/cisco/secureclient/bin/vpnagentd -execv_instance &
+  # Start Cisco VPN agent daemon
+  /opt/cisco/secureclient/bin/vpnagentd &
  pids+=($!)
 }

@@ -50,8 +64,10 @@ start_terminal() {
 trap 'kill 0' INT TERM

 echo "Starting Rego VPN container..."
+setup_hosts
 setup_tun
 setup_nat
+start_dbus
 start_gui
 start_vpnagent
 start_terminal