stackhpc · wtripp180901 · Aug 11, 2023 · Aug 11, 2023 · Aug 11, 2023 · Aug 15, 2023
diff --git a/image/Dockerfile b/image/Dockerfile
@@ -15,8 +15,8 @@ RUN set -ex \
     && yum -y install dnf-plugins-core epel-release \
     && yum -y install dnf-plugins-core \
     && yum config-manager --set-enabled powertools \
-    && yum -y module enable ruby:2.7 nodejs:14 \
-    && yum -y install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm \
+    && yum -y module enable ruby:3.0 nodejs:14 \
+    && yum -y install https://yum.osc.edu/ondemand/3.0/ondemand-release-web-3.0-1.noarch.rpm \
     && yum -y module install ruby nodejs \
     && yum -y install \
        wget \
@@ -46,6 +46,8 @@ RUN set -ex \
        openssh-server \
        apptainer \
        ondemand \
+       passwd \
+       mod_authnz_pam \
     && yum clean all \
     && rm -rf /var/cache/yum
 
@@ -92,8 +94,7 @@ RUN mkdir /etc/sysconfig/slurm \
         /var/lib/slurmd/fed_mgr_state \
     && useradd -r --uid=990 slurm \
     && chown -R slurm:slurm /var/*/slurm* \
-    && useradd -u 1000 rocky \
-    && usermod -p '*' rocky # unlocks account but sets no password
+    && useradd -u 1000 rocky
 
 VOLUME /etc/slurm
 COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh

diff --git a/image/docker-entrypoint.sh b/image/docker-entrypoint.sh
@@ -86,6 +86,8 @@ then
     chown root:root /home
     chmod 755 /home
 
+    echo $ROCKY_OOD_PASS | passwd --stdin rocky
+
     echo "---> Setting up ssh for user"
 
     mkdir -p /home/rocky/.ssh
@@ -95,6 +97,7 @@ then
         echo "ssh keys already found"
     else
             ssh-keygen -t rsa -f /home/rocky/.ssh/id_rsa -N ""
+            chown rocky:rocky /home/rocky/.ssh/id_rsa /home/rocky/.ssh/id_rsa.pub
     fi
 
     echo "---> Setting permissions for user home directories"
@@ -129,10 +132,22 @@ then
     env > /etc/ood/config/apps/shell/env
 
     /usr/libexec/httpd-ssl-gencerts
-    /opt/ood/ood-portal-generator/sbin/update_ood_portal
+
+    echo "LoadModule authnz_pam_module modules/mod_authnz_pam.so" > /etc/httpd/conf.modules.d/55-authnz_pam.conf
+    cp /etc/pam.d/password-auth /etc/pam.d/ood
+    chmod 640 /etc/shadow
+    chgrp apache /etc/shadow
+
     mkdir --parents /opt/rh/httpd24/root/etc/httpd/
+    /usr/bin/htpasswd -cb /opt/rh/httpd24/root/etc/httpd/apache-passwords rocky $ROCKY_OOD_PASS
 
-    /usr/bin/htdbm -cb /opt/rh/httpd24/root/etc/httpd/.htpasswd.dbm rocky $ROCKY_OOD_PASS
+    head -102 /var/www/ood/apps/sys/dashboard/config/environments/production.rb > tmp.txt
+    cat tmp.txt > /var/www/ood/apps/sys/dashboard/config/environments/production.rb
+    echo "  config.hosts = nil" >> /var/www/ood/apps/sys/dashboard/config/environments/production.rb
+    echo "end" >> /var/www/ood/apps/sys/dashboard/config/environments/production.rb
+
+    /opt/ood/ood-portal-generator/sbin/update_ood_portal
+
     /usr/sbin/httpd -k start -X -e debug
 
 elif [ "$1" = "check-queue-hook" ]