diff options
| author |   Vincent Rubiolo <vincent.rubiolo@iot.bzh> | 2019-09-30 10:20:31 +0200 |
|---|---|---|
| committer | Vincent Rubiolo <vincent.rubiolo@iot.bzh> | 2019-10-01 11:44:05 +0200 |
| commit | aae2298b7afa1eff82f49529a659d9e220cac82b (patch) | |
| tree | 6fb24e6ccf2f927933fb302a15f0847a06c13876 /contrib | |
| parent | b7a761f11c7920628b8653a3ffda2e8644f6f6b8 (diff) | |
Sync container userid/group ids with those of host userHEADmarlin_12.91.0marlin_12.90.1marlin_12.90.0marlin/12.91.0marlin/12.90.1marlin/12.90.0lamprey_11.92.0lamprey_11.91.0lamprey/11.92.0lamprey/11.91.0koi_10.93.0koi_10.92.0koi_10.91.0koi/10.93.0koi/10.92.0koi/10.91.0jellyfish_9.99.4jellyfish_9.99.3jellyfish_9.99.2jellyfish_9.99.1jellyfish/9.99.4jellyfish/9.99.3jellyfish/9.99.2jellyfish/9.99.1icefish_8.99.5icefish_8.99.4icefish_8.99.3icefish_8.99.2icefish_8.99.1icefish/8.99.5icefish/8.99.4icefish/8.99.3icefish/8.99.2icefish/8.99.19.99.49.99.39.99.29.99.18.99.58.99.48.99.38.99.28.99.112.91.012.90.112.90.011.92.010.93.010.92.010.91.0master
This changeset updates the Docker container creation script to make it
so that the 'devel' user has the same userid/guid as that of the host
user running the script (code courtesy of Sebastien Douheret).
This simplifies workflows and is less error-prone (no need to manually
change ownerships or add the host user to the custom 'devel' group).
The README is also updated with a few formatting fixes as well as a
mention that we now use Debian 10.
Bug AGL: SPEC-2842
Change-Id: If6878e2cd7a98107753b6c16fe16d40cbf4bf5ab
Signed-off-by: Vincent Rubiolo <vincent.rubiolo@iot.bzh>
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/create_container | 111 |
1 files changed, 80 insertions, 31 deletions
diff --git a/contrib/create_container b/contrib/create_container index 64fd28c..392e4c9 100755 --- a/contrib/create_container +++ b/contrib/create_container @@ -8,11 +8,12 @@ # You should customize it to fit your environment and in particular # adjust the paths and permissions where needed. # -# Note that sharing volumes with host system is not mandatory: it -# was just added for performances reasons: building from a SSD is +# Note that sharing volumes with the host system is not mandatory: it +# was just added for performance reasons: building from a SSD is # just faster than using the container filesystem: that's why /xdt is -# mounted from there. Same applies to ~/mirror and ~/share, which are -# just 2 convenient folders to store reference build caches (used in prepare_meta script) +# mounted from there. The same applies to ~/mirror and ~/share, which are +# just 2 convenient folders to store reference build caches (used in +# prepare_meta script) # ########################################## @@ -23,6 +24,8 @@ OCCUPIED_ID=$(docker ps -a -f name=${PREFIX} --format "{{.Names}}" | grep -oE "[ BOOTSRV="" ID="" IMAGE="" +DOCKER_USER="devel" +DOCKER_UID="1664" function usage() { echo "Usage: $(basename $0) <instance ID> [image name] [--enable-boot-srv]" >&2 @@ -33,6 +36,67 @@ function usage() { exit 1 } +function updateContainerUid () { + echo -n "Setup docker user and group id to match yours " + + res=3 + max=30 + count=0 + while [ $res -ne 1 ] && [ $count -le $max ]; do + sleep 1 + docker exec ${NAME} bash -c "loginctl user-status $DOCKER_USER |grep sd-pam" 2>/dev/null 1>&2 + res=$? + echo -n "." + count=$((count + 1)); + done + + echo -n "." + + # Set uid + if docker exec -t ${NAME} bash -c "id $(id -u)" > /dev/null 2>&1 && \ + [ "$(id -u)" != "$DOCKER_UID" ]; then + echo "Cannot set docker $DOCKER_USER user id to your id: conflicting id $(id -u) !" + exit 1 + fi + docker exec -t ${NAME} bash -c "usermod -u $(id -u) $DOCKER_USER" || exit 1 + echo -n "." + + # Set gid + if docker exec -t ${NAME} bash -c "grep $(id -g) /etc/group" > /dev/null 2>&1; then + docker exec -t ${NAME} bash -c "usermod -g $(id -g) $DOCKER_USER" || exit 1 + else + docker exec -t ${NAME} bash -c "groupmod -g $(id -g) $DOCKER_USER" || exit 1 + fi + echo -n "." + + docker exec -t ${NAME} bash -c "chown -R $DOCKER_USER:$DOCKER_USER /home/$DOCKER_USER" || exit 1 + echo -n "." + docker exec -t ${NAME} bash -c "chown -R $DOCKER_USER:$DOCKER_USER $XDTDIR_MAPPED" + echo "." +} + +function setupContainerSsh () { + echo "Copying your SSH identity to container $NAME" + echo -n Waiting for the ssh service to come up in the container ... + res=3 + max=30 + count=0 + while [ $res -ne 0 ] && [ $count -le $max ]; do + sleep 1 + docker exec ${NAME} bash -c "systemctl status ssh" 2>/dev/null 1>&2 + res=$? + echo -n "." + count=$(expr $count + 1); + done + echo + + ssh-keygen -R [$(hostname)]:$SSH_PORT -f ~/.ssh/known_hosts + docker exec ${NAME} bash -c "mkdir -p /home/$DOCKER_USER/.ssh" + docker cp ~/.ssh/id_rsa.pub ${NAME}:/home/$DOCKER_USER/.ssh/authorized_keys + docker exec ${NAME} bash -c "chown $DOCKER_USER:$DOCKER_USER -R /home/$DOCKER_USER/.ssh ;chmod 0700 /home/$DOCKER_USER/.ssh;chmod 0600 /home/$DOCKER_USER/.ssh/*" + ssh -o StrictHostKeyChecking=no -p $SSH_PORT $DOCKER_USER@$(hostname) exit +} + while [ $# -ne 0 ]; do case $1 in -h|--help|"") @@ -70,8 +134,8 @@ do if [ $NAME = $n ] then echo "This id is already taken." - echo "Please choose anohter one." - echo "Already taken id are: ${OCCUPIED_ID}" + echo "Please choose another one." + echo "ids already in use: ${OCCUPIED_ID}" exit 2 fi done @@ -80,6 +144,10 @@ MIRRORDIR=$HOME/ssd/localmirror_$ID XDTDIR=$HOME/ssd/xdt_$ID SHAREDDIR=$HOME/ssd/share +MIRRORDIR_MAPPED=/home/$DOCKER_USER/mirror +XDTDIR_MAPPED=/xdt +SHAREDDIR_MAPPED=/home/$DOCKER_USER/share + SSH_PORT=$((2222 + ID)) WWW_PORT=$((8000 + ID)) BOOT_PORT=69 @@ -98,9 +166,9 @@ docker run \ --detach=true \ --hostname=$NAME --name=$NAME \ --privileged -v /sys/fs/cgroup:/sys/fs/cgroup:ro \ - -v $MIRRORDIR:/home/devel/mirror \ - -v $SHAREDDIR:/home/devel/share \ - -v $XDTDIR:/xdt \ + -v $MIRRORDIR:$MIRRORDIR_MAPPED \ + -v $SHAREDDIR:$SHAREDDIR_MAPPED \ + -v $XDTDIR:$XDTDIR_MAPPED \ -it $IMAGE if [ $? -ne 0 ]; then @@ -108,27 +176,8 @@ if [ $? -ne 0 ]; then exit 1 fi -echo "Copying your identity to container $NAME" -#wait ssh service -echo -n wait ssh service . -res=3 -max=30 -count=0 -while [ $res -ne 0 ] && [ $count -le $max ]; do - sleep 1 - docker exec ${NAME} bash -c "systemctl status ssh" 2>/dev/null 1>&2 - res=$? - echo -n "." - count=$(expr $count + 1); -done -echo - -ssh-keygen -R [$(hostname)]:$SSH_PORT -f ~/.ssh/known_hosts -docker exec ${NAME} bash -c "mkdir -p /home/devel/.ssh" -docker cp ~/.ssh/id_rsa.pub ${NAME}:/home/devel/.ssh/authorized_keys -docker exec ${NAME} bash -c "chown devel:devel -R /home/devel/.ssh ;chmod 0700 /home/devel/.ssh;chmod 0600 /home/devel/.ssh/*" -ssh -o StrictHostKeyChecking=no -p $SSH_PORT devel@$(hostname) exit +setupContainerSsh +updateContainerUid echo "You can now login using:" -echo " ssh -p $SSH_PORT devel@$(hostname)" - +echo " ssh -p $SSH_PORT $DOCKER_USER@$(hostname)" |