From 9712eede91ec9e24cd68d937db75824fe7a9d7b3 Mon Sep 17 00:00:00 2001 From: "Josh.5" Date: Sat, 8 Oct 2022 21:01:08 +1300 Subject: [PATCH] Add Docker in Docker --- Dockerfile | 35 ++++++++++++++++ overlay/etc/cont-init.d/10-setup_user.sh | 12 +++++- overlay/etc/supervisor.d/dind.ini | 15 +++++++ overlay/etc/supervisor.d/xorg.ini | 2 +- overlay/usr/bin/common-functions.sh | 36 ++++++++++++++-- overlay/usr/bin/start-desktop.sh | 6 +-- overlay/usr/bin/start-dind.sh | 52 ++++++++++++++++++++++++ overlay/usr/bin/start-pulseaudio.sh | 1 + overlay/usr/bin/start-sunshine.sh | 2 +- overlay/usr/bin/start-udev.sh | 1 + overlay/usr/bin/start-x11vnc.sh | 2 +- overlay/usr/bin/start-xorg.sh | 1 + 12 files changed, 151 insertions(+), 14 deletions(-) create mode 100644 overlay/etc/supervisor.d/dind.ini create mode 100755 overlay/usr/bin/start-dind.sh diff --git a/Dockerfile b/Dockerfile index 98d164a..b1039cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -479,6 +479,41 @@ RUN \ && \ echo +# Setup dind +# Mostly taken from https://github.com/docker-library/docker/blob/master/20.10/dind/Dockerfile +ARG DOCKER_VERSION=20.10.18 +ARG DOCKER_COMPOSE_VERSION=v2.11.2 +ARG DIND_COMMIT=42b1175eda071c0e9121e1d64345928384a93df1 +RUN \ + echo "**** Fetch Docker static binary package ****" \ + && cd /tmp \ + && wget -O /tmp/docker-${DOCKER_VERSION}.tgz \ + https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \ + && \ + echo "**** Extract static binaries ****" \ + && mkdir -p /usr/local/bin \ + && tar --extract \ + --file /tmp/docker-${DOCKER_VERSION}.tgz \ + --strip-components 1 \ + --directory /usr/local/bin/ \ + --no-same-owner \ + && \ + echo "**** Install dind hack ****" \ + && wget -O /usr/local/bin/docker-compose "https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-Linux-x86_64" \ + && chmod +x /usr/local/bin/docker-compose \ + && \ + echo "**** Section cleanup ****" \ + && apt-get clean autoclean -y \ + && apt-get autoremove -y \ + && rm -rf \ + /var/lib/apt/lists/* \ + /var/tmp/* \ + /tmp/* \ + && \ + echo +VOLUME /var/lib/docker + + # Configure default user and set env ENV \ USER="default" \ diff --git a/overlay/etc/cont-init.d/10-setup_user.sh b/overlay/etc/cont-init.d/10-setup_user.sh index 2a09cd7..c569947 100644 --- a/overlay/etc/cont-init.d/10-setup_user.sh +++ b/overlay/etc/cont-init.d/10-setup_user.sh @@ -57,11 +57,21 @@ echo "Setting umask to ${UMASK}"; umask ${UMASK} +# TODO: Move this to its own 'display' init script. It does not really belong here # Configure the 'XDG_RUNTIME_DIR' path echo "Create the user XDG_RUNTIME_DIR path '${XDG_RUNTIME_DIR}'" mkdir -p ${XDG_RUNTIME_DIR} +# Ensure it is owned by the 'default' user chown -R ${PUID}:${PGID} ${XDG_RUNTIME_DIR} +# Ensure only the 'default' user can access this directory +chmod 700 ${XDG_RUNTIME_DIR} export XDG_DATA_DIRS="${XDG_DATA_DIRS}:/var/lib/flatpak/exports/share:/home/${USER}/.local/share/flatpak/exports/share" +# Ensure the start-desktop.sh script is executable +chmod +x /usr/bin/start-desktop.sh +# Set the default background for gnome based desktop +mkdir -p /etc/alternatives +ln -sf /usr/share/backgrounds/steam.jpg /etc/alternatives/desktop-background +chmod a+r /etc/alternatives/desktop-background # Setup home directory and permissions @@ -69,8 +79,6 @@ echo "Adding default home directory template" mkdir -p ${USER_HOME} chown -R ${PUID}:${PGID} /etc/home_directory_template rsync -aq --ignore-existing /etc/home_directory_template/ ${USER_HOME}/ -# TODO: Move this to its own init script. It does not really belong here -chmod +x /usr/bin/start-desktop.sh # Setup services log path diff --git a/overlay/etc/supervisor.d/dind.ini b/overlay/etc/supervisor.d/dind.ini new file mode 100644 index 0000000..3b31c43 --- /dev/null +++ b/overlay/etc/supervisor.d/dind.ini @@ -0,0 +1,15 @@ + +[program:dind] +priority=20 +autostart=false +autorestart=true +user=root +command=/usr/bin/start-dind.sh +environment=DISPLAY="%(ENV_DISPLAY)s",DISPLAY_DPI="%(ENV_DISPLAY_DPI)s",XDG_RUNTIME_DIR="/run/user/0" +stopsignal=INT +stdout_logfile=/home/%(ENV_USER)s/.cache/log/dind.log +stdout_logfile_maxbytes=10MB +stdout_logfile_backups=7 +stderr_logfile=/home/%(ENV_USER)s/.cache/log/dind.err.log +stderr_logfile_maxbytes=10MB +stderr_logfile_backups=7 diff --git a/overlay/etc/supervisor.d/xorg.ini b/overlay/etc/supervisor.d/xorg.ini index 78c3ecc..7e62d69 100644 --- a/overlay/etc/supervisor.d/xorg.ini +++ b/overlay/etc/supervisor.d/xorg.ini @@ -5,7 +5,7 @@ autostart=false autorestart=true user=root command=/usr/bin/start-xorg.sh -environment=DISPLAY="%(ENV_DISPLAY)s",DISPLAY_DPI="%(ENV_DISPLAY_DPI)s",XDG_RUNTIME_DIR="%(ENV_XDG_RUNTIME_DIR)s" +environment=DISPLAY="%(ENV_DISPLAY)s",DISPLAY_DPI="%(ENV_DISPLAY_DPI)s",XDG_RUNTIME_DIR="/run/user/0" stopsignal=INT stdout_logfile=/home/%(ENV_USER)s/.cache/log/xorg.log stdout_logfile_maxbytes=10MB diff --git a/overlay/usr/bin/common-functions.sh b/overlay/usr/bin/common-functions.sh index d21f69b..464f45c 100755 --- a/overlay/usr/bin/common-functions.sh +++ b/overlay/usr/bin/common-functions.sh @@ -9,24 +9,52 @@ # Modified By: Josh.5 (jsunnex@gmail.com) ### +# Wait for X server to start +# (Credit: https://gist.github.com/tullmann/476cc71169295d5c3fe6) wait_for_x() { - # Wait for X server to start - # (Credit: https://gist.github.com/tullmann/476cc71169295d5c3fe6) MAX=60 # About 30 seconds CT=0 while ! xdpyinfo >/dev/null 2>&1; do sleep 0.50s CT=$(( CT + 1 )) if [ "$CT" -ge "$MAX" ]; then - LOG "FATAL: $0: Gave up waiting for X server $DISPLAY" + echo "FATAL: $0: Gave up waiting for X server $DISPLAY" exit 11 fi done } +# Wait for udev init to complete +wait_for_udev() { + MAX=10 + CT=0 + while [ ! -f /tmp/.udev-started ]; do + sleep 1 + CT=$(( CT + 1 )) + if [ "$CT" -ge "$MAX" ]; then + echo "FATAL: $0: Gave up waiting for udev server to start" + exit 11 + fi + done +} +# Wait for dockerd to start +wait_for_docker() { + MAX=10 + CT=0 + while ! docker system info >/dev/null 2>&1; do + sleep 1 + CT=$(( CT + 1 )) + if [ "$CT" -ge "$MAX" ]; then + echo "FATAL: $0: Gave up waiting for dockerd service to start" + exit 11 + fi + done + echo "DOCKERD RUNNING!" +} + +# Fech NVIDIA GPU device (if one exists) get_nvidia_gpu_id() { - # Fech NVIDIA GPU device (if one exists) if [ "${NVIDIA_VISIBLE_DEVICES:-}" == "all" ]; then gpu_select=$(nvidia-smi --format=csv --query-gpu=uuid 2> /dev/null | sed -n 2p) elif [ -z "${NVIDIA_VISIBLE_DEVICES:-}" ]; then diff --git a/overlay/usr/bin/start-desktop.sh b/overlay/usr/bin/start-desktop.sh index c53bbf5..6acd46a 100755 --- a/overlay/usr/bin/start-desktop.sh +++ b/overlay/usr/bin/start-desktop.sh @@ -8,7 +8,7 @@ # Last Modified: Wednesday, 26th January 2022 5:38:23 pm # Modified By: Console and webGui login account (jsunnex@gmail.com) ### - +set -e source /usr/bin/common-functions.sh # CATCH TERM SIGNAL: @@ -22,10 +22,6 @@ trap _term SIGTERM SIGINT XDG_DATA_DIRS="${XDG_DATA_DIRS}:/var/lib/flatpak/exports/share:/home/${USER}/.local/share/flatpak/exports/share" export $(dbus-launch) -# Set the default background for gnome based desktop -mkdir -p /etc/alternatives -ln -sf /usr/share/backgrounds/steam.jpg /etc/alternatives/desktop-background - # EXECUTE PROCESS: # Wait for the X server to start diff --git a/overlay/usr/bin/start-dind.sh b/overlay/usr/bin/start-dind.sh new file mode 100755 index 0000000..322ab1c --- /dev/null +++ b/overlay/usr/bin/start-dind.sh @@ -0,0 +1,52 @@ +#!/usr/bin/env bash +### +# File: start-dind.sh +# Project: bin +# File Created: Saturday, 8th October 2022 1:49:45 pm +# Author: Josh.5 (jsunnex@gmail.com) +# ----- +# Last Modified: Saturday, 8th October 2022 1:49:45 pm +# Modified By: Josh.5 (jsunnex@gmail.com) +### +set -e + + +# CATCH TERM SIGNAL: +_term() { + kill -TERM "$docker_pid" 2>/dev/null +} +trap _term SIGTERM SIGINT + + +# CONFIGURE: +# Refrences: +# - https://raw.githubusercontent.com/docker/docker/42b1175eda071c0e9121e1d64345928384a93df1/hack/dind +# +# apparmor sucks and Docker needs to know that it's in a container (c) @tianon +export container=docker +if [ -d /sys/kernel/security ] && ! mountpoint -q /sys/kernel/security; then + mount -t securityfs none /sys/kernel/security || { + echo >&2 'Could not mount /sys/kernel/security.' + echo >&2 'AppArmor detection and --privileged mode might break.' + } +fi +# cgroup v2: enable nesting +if [ -f /sys/fs/cgroup/cgroup.controllers ]; then + # move the processes from the root group to the /init group, + # otherwise writing subtree_control fails with EBUSY. + # An error during moving non-existent process (i.e., "cat") is ignored. + mkdir -p /sys/fs/cgroup/init + xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || : + # enable controllers + sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \ + > /sys/fs/cgroup/cgroup.subtree_control +fi + + +# EXECUTE PROCESS: +/usr/local/bin/dockerd & +docker_pid=$! + + +# WAIT FOR CHILD PROCESS: +wait "$docker_pid" diff --git a/overlay/usr/bin/start-pulseaudio.sh b/overlay/usr/bin/start-pulseaudio.sh index 28cfe74..65c4ee7 100755 --- a/overlay/usr/bin/start-pulseaudio.sh +++ b/overlay/usr/bin/start-pulseaudio.sh @@ -8,6 +8,7 @@ # Last Modified: Sunday, 2nd October 2022 22:58:17 pm # Modified By: Josh.5 (jsunnex@gmail.com) ### +set -e # CATCH TERM SIGNAL: _term() { diff --git a/overlay/usr/bin/start-sunshine.sh b/overlay/usr/bin/start-sunshine.sh index b949b1d..c8fc19e 100755 --- a/overlay/usr/bin/start-sunshine.sh +++ b/overlay/usr/bin/start-sunshine.sh @@ -8,7 +8,7 @@ # Last Modified: Tuesday, 4th October 2022 8:22:17 pm # Modified By: Josh.5 (jsunnex@gmail.com) ### - +set -e source /usr/bin/common-functions.sh # CATCH TERM SIGNAL: diff --git a/overlay/usr/bin/start-udev.sh b/overlay/usr/bin/start-udev.sh index 0e70759..16dae39 100755 --- a/overlay/usr/bin/start-udev.sh +++ b/overlay/usr/bin/start-udev.sh @@ -8,6 +8,7 @@ # Last Modified: Friday, 14th January 2022 9:21:00 am # Modified By: Josh.5 (jsunnex@gmail.com) ### +set -e # CATCH TERM SIGNAL: _term() { diff --git a/overlay/usr/bin/start-x11vnc.sh b/overlay/usr/bin/start-x11vnc.sh index 41e3e35..44aad1b 100755 --- a/overlay/usr/bin/start-x11vnc.sh +++ b/overlay/usr/bin/start-x11vnc.sh @@ -8,7 +8,7 @@ # Last Modified: Tuesday, 6th October 2022 9:30:00 pm # Modified By: Josh.5 (jsunnex@gmail.com) ### - +set -e source /usr/bin/common-functions.sh # CATCH TERM SIGNAL: diff --git a/overlay/usr/bin/start-xorg.sh b/overlay/usr/bin/start-xorg.sh index add5e59..1de93da 100755 --- a/overlay/usr/bin/start-xorg.sh +++ b/overlay/usr/bin/start-xorg.sh @@ -8,6 +8,7 @@ # Last Modified: Friday, 6th October 2022 9:21:00 pm # Modified By: Josh.5 (jsunnex@gmail.com) ### +set -e # CATCH TERM SIGNAL: _term() {