diff options
| author |   Vincent Rubiolo <vincent.rubiolo@iot.bzh> | 2019-09-30 10:20:31 +0200 |
|---|---|---|
| committer | Vincent Rubiolo <vincent.rubiolo@iot.bzh> | 2019-10-01 11:44:05 +0200 |
| commit | aae2298b7afa1eff82f49529a659d9e220cac82b (patch) | |
| tree | 6fb24e6ccf2f927933fb302a15f0847a06c13876 | |
| parent | b7a761f11c7920628b8653a3ffda2e8644f6f6b8 (diff) | |
Sync container userid/group ids with those of host userHEADmarlin_12.91.0marlin_12.90.1marlin_12.90.0marlin/12.91.0marlin/12.90.1marlin/12.90.0lamprey_11.92.0lamprey_11.91.0lamprey/11.92.0lamprey/11.91.0koi_10.93.0koi_10.92.0koi_10.91.0koi/10.93.0koi/10.92.0koi/10.91.0jellyfish_9.99.4jellyfish_9.99.3jellyfish_9.99.2jellyfish_9.99.1jellyfish/9.99.4jellyfish/9.99.3jellyfish/9.99.2jellyfish/9.99.1icefish_8.99.5icefish_8.99.4icefish_8.99.3icefish_8.99.2icefish_8.99.1icefish/8.99.5icefish/8.99.4icefish/8.99.3icefish/8.99.2icefish/8.99.19.99.49.99.39.99.29.99.18.99.58.99.48.99.38.99.28.99.112.91.012.90.112.90.011.92.010.93.010.92.010.91.0master
This changeset updates the Docker container creation script to make it
so that the 'devel' user has the same userid/guid as that of the host
user running the script (code courtesy of Sebastien Douheret).
This simplifies workflows and is less error-prone (no need to manually
change ownerships or add the host user to the custom 'devel' group).
The README is also updated with a few formatting fixes as well as a
mention that we now use Debian 10.
Bug AGL: SPEC-2842
Change-Id: If6878e2cd7a98107753b6c16fe16d40cbf4bf5ab
Signed-off-by: Vincent Rubiolo <vincent.rubiolo@iot.bzh>
| -rw-r--r-- | README.md | 19 | ||||
| -rwxr-xr-x | contrib/create_container | 111 |
2 files changed, 93 insertions, 37 deletions
@@ -4,13 +4,14 @@ This repository contains some scripts to generate a Docker image suitable for AGL workers. -The AGL worker image is a Docker image based on Debian 8 and contains the necessary tools +The AGL worker image is a Docker image based on Debian 10 and contains the necessary tools either to build platform images based on Yocto, or run the AGL SDK to build AGL Applications outside of Yocto process. ## Requirements -Have a recent docker daemon (>=1.10) installed. All the setup is done inside the image so no other tool is required on the host. +Have a recent docker daemon (>=1.10) installed. All the setup is done inside the +image so no other tool is required on the host. ## Usage @@ -69,9 +70,13 @@ This image can then be exported to a tarball and/or pushed to a Docker registry. To publish the image, there are 2 ways: using a docker registry OR exporting to a tarball. -In the first case, using the image is very easy as it can be pulled directly from the registry host using a 'docker pull' command. The main issue with this method is the efficiency: images are not compressed and it takes ages to transfer overlays to the client host. +In the first case, using the image is very easy as it can be pulled directly +from the registry host using a 'docker pull' command. The main issue with this +method is the efficiency: images are not compressed and it takes ages to +transfer overlays to the client host. -In the second case, the efficiency is better but requires to transfer the image archive manually. On the client host, loading the image is as simple as: +In the second case, the efficiency is better but requires to transfer the image +archive manually. On the client host, loading the image is as simple as: ``` # wget -O - <archive_url> | docker load @@ -79,14 +84,16 @@ In the second case, the efficiency is better but requires to transfer the image ### Instantiate a container -The following command located in contrib/ subdir can be used as **an example** to instantiate a container: +The following command located in contrib/ subdir can be used as **an example** +to instantiate a container: ``` # contrib/create_container 0 ``` -To instantiate more containers on the same host, the instance ID passed as argument must be different from the previous ones. +To instantiate more containers on the same host, the instance ID passed as an +argument must be different from the previous ones. **PLEASE ADJUST THE SCRIPT create_container TO FIT YOUR ENVIRONMENT AND YOUR NEEDS** diff --git a/contrib/create_container b/contrib/create_container index 64fd28c..392e4c9 100755 --- a/contrib/create_container +++ b/contrib/create_container @@ -8,11 +8,12 @@ # You should customize it to fit your environment and in particular # adjust the paths and permissions where needed. # -# Note that sharing volumes with host system is not mandatory: it -# was just added for performances reasons: building from a SSD is +# Note that sharing volumes with the host system is not mandatory: it +# was just added for performance reasons: building from a SSD is # just faster than using the container filesystem: that's why /xdt is -# mounted from there. Same applies to ~/mirror and ~/share, which are -# just 2 convenient folders to store reference build caches (used in prepare_meta script) +# mounted from there. The same applies to ~/mirror and ~/share, which are +# just 2 convenient folders to store reference build caches (used in +# prepare_meta script) # ########################################## @@ -23,6 +24,8 @@ OCCUPIED_ID=$(docker ps -a -f name=${PREFIX} --format "{{.Names}}" | grep -oE "[ BOOTSRV="" ID="" IMAGE="" +DOCKER_USER="devel" +DOCKER_UID="1664" function usage() { echo "Usage: $(basename $0) <instance ID> [image name] [--enable-boot-srv]" >&2 @@ -33,6 +36,67 @@ function usage() { exit 1 } +function updateContainerUid () { + echo -n "Setup docker user and group id to match yours " + + res=3 + max=30 + count=0 + while [ $res -ne 1 ] && [ $count -le $max ]; do + sleep 1 + docker exec ${NAME} bash -c "loginctl user-status $DOCKER_USER |grep sd-pam" 2>/dev/null 1>&2 + res=$? + echo -n "." + count=$((count + 1)); + done + + echo -n "." + + # Set uid + if docker exec -t ${NAME} bash -c "id $(id -u)" > /dev/null 2>&1 && \ + [ "$(id -u)" != "$DOCKER_UID" ]; then + echo "Cannot set docker $DOCKER_USER user id to your id: conflicting id $(id -u) !" + exit 1 + fi + docker exec -t ${NAME} bash -c "usermod -u $(id -u) $DOCKER_USER" || exit 1 + echo -n "." + + # Set gid + if docker exec -t ${NAME} bash -c "grep $(id -g) /etc/group" > /dev/null 2>&1; then + docker exec -t ${NAME} bash -c "usermod -g $(id -g) $DOCKER_USER" || exit 1 + else + docker exec -t ${NAME} bash -c "groupmod -g $(id -g) $DOCKER_USER" || exit 1 + fi + echo -n "." + + docker exec -t ${NAME} bash -c "chown -R $DOCKER_USER:$DOCKER_USER /home/$DOCKER_USER" || exit 1 + echo -n "." + docker exec -t ${NAME} bash -c "chown -R $DOCKER_USER:$DOCKER_USER $XDTDIR_MAPPED" + echo "." +} + +function setupContainerSsh () { + echo "Copying your SSH identity to container $NAME" + echo -n Waiting for the ssh service to come up in the container ... + res=3 + max=30 + count=0 + while [ $res -ne 0 ] && [ $count -le $max ]; do + sleep 1 + docker exec ${NAME} bash -c "systemctl status ssh" 2>/dev/null 1>&2 + res=$? + echo -n "." + count=$(expr $count + 1); + done + echo + + ssh-keygen -R [$(hostname)]:$SSH_PORT -f ~/.ssh/known_hosts + docker exec ${NAME} bash -c "mkdir -p /home/$DOCKER_USER/.ssh" + docker cp ~/.ssh/id_rsa.pub ${NAME}:/home/$DOCKER_USER/.ssh/authorized_keys + docker exec ${NAME} bash -c "chown $DOCKER_USER:$DOCKER_USER -R /home/$DOCKER_USER/.ssh ;chmod 0700 /home/$DOCKER_USER/.ssh;chmod 0600 /home/$DOCKER_USER/.ssh/*" + ssh -o StrictHostKeyChecking=no -p $SSH_PORT $DOCKER_USER@$(hostname) exit +} + while [ $# -ne 0 ]; do case $1 in -h|--help|"") @@ -70,8 +134,8 @@ do if [ $NAME = $n ] then echo "This id is already taken." - echo "Please choose anohter one." - echo "Already taken id are: ${OCCUPIED_ID}" + echo "Please choose another one." + echo "ids already in use: ${OCCUPIED_ID}" exit 2 fi done @@ -80,6 +144,10 @@ MIRRORDIR=$HOME/ssd/localmirror_$ID XDTDIR=$HOME/ssd/xdt_$ID SHAREDDIR=$HOME/ssd/share +MIRRORDIR_MAPPED=/home/$DOCKER_USER/mirror +XDTDIR_MAPPED=/xdt +SHAREDDIR_MAPPED=/home/$DOCKER_USER/share + SSH_PORT=$((2222 + ID)) WWW_PORT=$((8000 + ID)) BOOT_PORT=69 @@ -98,9 +166,9 @@ docker run \ --detach=true \ --hostname=$NAME --name=$NAME \ --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ - -v $MIRRORDIR:/home/devel/mirror \ - -v $SHAREDDIR:/home/devel/share \ - -v $XDTDIR:/xdt \ + -v $MIRRORDIR:$MIRRORDIR_MAPPED \ + -v $SHAREDDIR:$SHAREDDIR_MAPPED \ + -v $XDTDIR:$XDTDIR_MAPPED \ -it $IMAGE if [ $? -ne 0 ]; then @@ -108,27 +176,8 @@ if [ $? -ne 0 ]; then exit 1 fi -echo "Copying your identity to container $NAME" -#wait ssh service -echo -n wait ssh service . -res=3 -max=30 -count=0 -while [ $res -ne 0 ] && [ $count -le $max ]; do - sleep 1 - docker exec ${NAME} bash -c "systemctl status ssh" 2>/dev/null 1>&2 - res=$? - echo -n "." - count=$(expr $count + 1); -done -echo - -ssh-keygen -R [$(hostname)]:$SSH_PORT -f ~/.ssh/known_hosts -docker exec ${NAME} bash -c "mkdir -p /home/devel/.ssh" -docker cp ~/.ssh/id_rsa.pub ${NAME}:/home/devel/.ssh/authorized_keys -docker exec ${NAME} bash -c "chown devel:devel -R /home/devel/.ssh ;chmod 0700 /home/devel/.ssh;chmod 0600 /home/devel/.ssh/*" -ssh -o StrictHostKeyChecking=no -p $SSH_PORT devel@$(hostname) exit +setupContainerSsh +updateContainerUid echo "You can now login using:" -echo " ssh -p $SSH_PORT devel@$(hostname)" - +echo " ssh -p $SSH_PORT $DOCKER_USER@$(hostname)" |