Add Docker in Docker

2022-10-08 21:01:08 +13:00
parent 477e25f82c
commit 9712eede91
12 changed files with 151 additions and 14 deletions
--- a/35
+++ b/35
@@ -479,6 +479,41 @@ RUN \
    && \
    echo

+# Setup dind
+# Mostly taken from https://github.com/docker-library/docker/blob/master/20.10/dind/Dockerfile
+ARG DOCKER_VERSION=20.10.18
+ARG DOCKER_COMPOSE_VERSION=v2.11.2
+ARG DIND_COMMIT=42b1175eda071c0e9121e1d64345928384a93df1
+RUN \
+    echo "**** Fetch Docker static binary package ****" \
+        && cd /tmp \
+        && wget -O /tmp/docker-${DOCKER_VERSION}.tgz \
+            https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
+    && \
+    echo "**** Extract static binaries ****" \
+        && mkdir -p /usr/local/bin \
+        && tar --extract \
+            --file /tmp/docker-${DOCKER_VERSION}.tgz \
+            --strip-components 1 \
+            --directory /usr/local/bin/ \
+            --no-same-owner \
+    && \
+    echo "**** Install dind hack ****" \
+        && wget -O /usr/local/bin/docker-compose "https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-Linux-x86_64" \
+        && chmod +x /usr/local/bin/docker-compose \
+    && \
+    echo "**** Section cleanup ****" \
+        && apt-get clean autoclean -y \
+        && apt-get autoremove -y \
+        && rm -rf \
+            /var/lib/apt/lists/* \
+            /var/tmp/* \
+            /tmp/* \
+    && \
+    echo
+VOLUME /var/lib/docker
+
+
 # Configure default user and set env
 ENV \
    USER="default" \
--- a/overlay/etc/cont-init.d/10-setup_user.sh
+++ b/overlay/etc/cont-init.d/10-setup_user.sh
@@ -57,11 +57,21 @@ echo "Setting umask to ${UMASK}";
 umask ${UMASK}


+# TODO: Move this to its own 'display' init script. It does not really belong here
 # Configure the 'XDG_RUNTIME_DIR' path
 echo "Create the user XDG_RUNTIME_DIR path '${XDG_RUNTIME_DIR}'"
 mkdir -p ${XDG_RUNTIME_DIR}
+# Ensure it is owned by the 'default' user
 chown -R ${PUID}:${PGID} ${XDG_RUNTIME_DIR}
+# Ensure only the 'default' user can access this directory
+chmod 700 ${XDG_RUNTIME_DIR}
 export XDG_DATA_DIRS="${XDG_DATA_DIRS}:/var/lib/flatpak/exports/share:/home/${USER}/.local/share/flatpak/exports/share"
+# Ensure the start-desktop.sh script is executable
+chmod +x /usr/bin/start-desktop.sh
+# Set the default background for gnome based desktop
+mkdir -p /etc/alternatives
+ln -sf /usr/share/backgrounds/steam.jpg /etc/alternatives/desktop-background
+chmod a+r /etc/alternatives/desktop-background


 # Setup home directory and permissions
@@ -69,8 +79,6 @@ echo "Adding default home directory template"
 mkdir -p ${USER_HOME}
 chown -R ${PUID}:${PGID} /etc/home_directory_template
 rsync -aq --ignore-existing /etc/home_directory_template/ ${USER_HOME}/
-# TODO: Move this to its own init script. It does not really belong here
-chmod +x /usr/bin/start-desktop.sh


 # Setup services log path
--- a/overlay/etc/supervisor.d/dind.ini
+++ b/overlay/etc/supervisor.d/dind.ini
@@ -0,0 +1,15 @@
+
+[program:dind]
+priority=20
+autostart=false
+autorestart=true
+user=root
+command=/usr/bin/start-dind.sh
+environment=DISPLAY="%(ENV_DISPLAY)s",DISPLAY_DPI="%(ENV_DISPLAY_DPI)s",XDG_RUNTIME_DIR="/run/user/0"
+stopsignal=INT
+stdout_logfile=/home/%(ENV_USER)s/.cache/log/dind.log
+stdout_logfile_maxbytes=10MB
+stdout_logfile_backups=7
+stderr_logfile=/home/%(ENV_USER)s/.cache/log/dind.err.log
+stderr_logfile_maxbytes=10MB
+stderr_logfile_backups=7
--- a/overlay/etc/supervisor.d/xorg.ini
+++ b/overlay/etc/supervisor.d/xorg.ini
@@ -5,7 +5,7 @@ autostart=false
 autorestart=true
 user=root
 command=/usr/bin/start-xorg.sh
-environment=DISPLAY="%(ENV_DISPLAY)s",DISPLAY_DPI="%(ENV_DISPLAY_DPI)s",XDG_RUNTIME_DIR="%(ENV_XDG_RUNTIME_DIR)s"
+environment=DISPLAY="%(ENV_DISPLAY)s",DISPLAY_DPI="%(ENV_DISPLAY_DPI)s",XDG_RUNTIME_DIR="/run/user/0"
 stopsignal=INT
 stdout_logfile=/home/%(ENV_USER)s/.cache/log/xorg.log
 stdout_logfile_maxbytes=10MB
--- a/overlay/usr/bin/common-functions.sh
+++ b/overlay/usr/bin/common-functions.sh
@@ -9,24 +9,52 @@
 # Modified By: Josh.5 (jsunnex@gmail.com)
 ###

+# Wait for X server to start
+#   (Credit: https://gist.github.com/tullmann/476cc71169295d5c3fe6)
 wait_for_x() {
-    # Wait for X server to start
-    #   (Credit: https://gist.github.com/tullmann/476cc71169295d5c3fe6)
    MAX=60 # About 30 seconds
    CT=0
    while ! xdpyinfo >/dev/null 2>&1; do
        sleep 0.50s
        CT=$(( CT + 1 ))
        if [ "$CT" -ge "$MAX" ]; then
-            LOG "FATAL: $0: Gave up waiting for X server $DISPLAY"
+            echo "FATAL: $0: Gave up waiting for X server $DISPLAY"
            exit 11
        fi
    done
 }

+# Wait for udev init to complete
+wait_for_udev() {
+    MAX=10
+    CT=0
+    while [ ! -f /tmp/.udev-started ]; do
+        sleep 1
+        CT=$(( CT + 1 ))
+        if [ "$CT" -ge "$MAX" ]; then
+            echo "FATAL: $0: Gave up waiting for udev server to start"
+            exit 11
+        fi
+    done
+}

+# Wait for dockerd to start
+wait_for_docker() {
+    MAX=10
+    CT=0
+    while ! docker system info >/dev/null 2>&1; do
+        sleep 1
+        CT=$(( CT + 1 ))
+        if [ "$CT" -ge "$MAX" ]; then
+            echo "FATAL: $0: Gave up waiting for dockerd service to start"
+            exit 11
+        fi
+    done
+    echo "DOCKERD RUNNING!"
+}
+
+# Fech NVIDIA GPU device (if one exists)
 get_nvidia_gpu_id() {
-    # Fech NVIDIA GPU device (if one exists)
    if [ "${NVIDIA_VISIBLE_DEVICES:-}" == "all" ]; then
        gpu_select=$(nvidia-smi --format=csv --query-gpu=uuid 2> /dev/null | sed -n 2p)
    elif [ -z "${NVIDIA_VISIBLE_DEVICES:-}" ]; then
--- a/overlay/usr/bin/start-desktop.sh
+++ b/overlay/usr/bin/start-desktop.sh
@@ -8,7 +8,7 @@
 # Last Modified: Wednesday, 26th January 2022 5:38:23 pm
 # Modified By: Console and webGui login account (jsunnex@gmail.com)
 ###
-
+set -e
 source /usr/bin/common-functions.sh

 # CATCH TERM SIGNAL:
@@ -22,10 +22,6 @@ trap _term SIGTERM SIGINT
 XDG_DATA_DIRS="${XDG_DATA_DIRS}:/var/lib/flatpak/exports/share:/home/${USER}/.local/share/flatpak/exports/share"
 export $(dbus-launch)

-# Set the default background for gnome based desktop
-mkdir -p /etc/alternatives
-ln -sf /usr/share/backgrounds/steam.jpg /etc/alternatives/desktop-background
-

 # EXECUTE PROCESS:
 # Wait for the X server to start
--- a/overlay/usr/bin/start-dind.sh
+++ b/overlay/usr/bin/start-dind.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+###
+# File: start-dind.sh
+# Project: bin
+# File Created: Saturday, 8th October 2022 1:49:45 pm
+# Author: Josh.5 (jsunnex@gmail.com)
+# -----
+# Last Modified: Saturday, 8th October 2022 1:49:45 pm
+# Modified By: Josh.5 (jsunnex@gmail.com)
+###
+set -e
+
+
+# CATCH TERM SIGNAL:
+_term() {
+    kill -TERM "$docker_pid" 2>/dev/null
+}
+trap _term SIGTERM SIGINT
+
+
+# CONFIGURE:
+#   Refrences:
+#       - https://raw.githubusercontent.com/docker/docker/42b1175eda071c0e9121e1d64345928384a93df1/hack/dind
+#
+# apparmor sucks and Docker needs to know that it's in a container (c) @tianon
+export container=docker
+if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then
+	mount -t securityfs none /sys/kernel/security || {
+		echo >&2 'Could not mount /sys/kernel/security.'
+		echo >&2 'AppArmor detection and --privileged mode might break.'
+	}
+fi
+# cgroup v2: enable nesting
+if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
+	# move the processes from the root group to the /init group,
+	# otherwise writing subtree_control fails with EBUSY.
+	# An error during moving non-existent process (i.e., "cat") is ignored.
+	mkdir -p /sys/fs/cgroup/init
+	xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
+	# enable controllers
+	sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
+		> /sys/fs/cgroup/cgroup.subtree_control
+fi
+
+
+# EXECUTE PROCESS:
+/usr/local/bin/dockerd &
+docker_pid=$!
+
+
+# WAIT FOR CHILD PROCESS:
+wait "$docker_pid"
--- a/overlay/usr/bin/start-pulseaudio.sh
+++ b/overlay/usr/bin/start-pulseaudio.sh
@@ -8,6 +8,7 @@
 # Last Modified: Sunday, 2nd October 2022 22:58:17 pm
 # Modified By: Josh.5 (jsunnex@gmail.com)
 ###
+set -e

 # CATCH TERM SIGNAL:
 _term() {
--- a/overlay/usr/bin/start-sunshine.sh
+++ b/overlay/usr/bin/start-sunshine.sh
@@ -8,7 +8,7 @@
 # Last Modified: Tuesday, 4th October 2022 8:22:17 pm
 # Modified By: Josh.5 (jsunnex@gmail.com)
 ###
-
+set -e
 source /usr/bin/common-functions.sh

 # CATCH TERM SIGNAL:
--- a/overlay/usr/bin/start-udev.sh
+++ b/overlay/usr/bin/start-udev.sh
@@ -8,6 +8,7 @@
 # Last Modified: Friday, 14th January 2022 9:21:00 am
 # Modified By: Josh.5 (jsunnex@gmail.com)
 ###
+set -e

 # CATCH TERM SIGNAL:
 _term() {
--- a/overlay/usr/bin/start-x11vnc.sh
+++ b/overlay/usr/bin/start-x11vnc.sh
@@ -8,7 +8,7 @@
 # Last Modified: Tuesday, 6th October 2022 9:30:00 pm
 # Modified By: Josh.5 (jsunnex@gmail.com)
 ###
-
+set -e
 source /usr/bin/common-functions.sh

 # CATCH TERM SIGNAL:
--- a/overlay/usr/bin/start-xorg.sh
+++ b/overlay/usr/bin/start-xorg.sh
@@ -8,6 +8,7 @@
 # Last Modified: Friday, 6th October 2022 9:21:00 pm
 # Modified By: Josh.5 (jsunnex@gmail.com)
 ###
+set -e

 # CATCH TERM SIGNAL:
 _term() {