mirror of
https://github.com/kasmtech/workspaces-core-images.git
synced 2025-02-17 17:40:50 +01:00
Resolve KASM-2436 "Feature/ core gpu image"
This commit is contained in:
Matthew McClaskey
Justin Travis
parent
84e2d9246f
commit
27a4885b3e
@ -72,26 +72,6 @@ build_cuda_focal:
|
|||||||
except:
|
except:
|
||||||
- schedules
|
- schedules
|
||||||
|
|
||||||
build_nvidia_focal:
|
|
||||||
stage: build
|
|
||||||
image: ${ORG_NAME}/docker-buildx-private:develop
|
|
||||||
variables:
|
|
||||||
BUILD_PLATFORMS: "linux/amd64,linux/arm64"
|
|
||||||
script:
|
|
||||||
# get qemu ready
|
|
||||||
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
|
|
||||||
# prep the buildx env
|
|
||||||
- docker buildx create --use
|
|
||||||
# build for multiple architectures
|
|
||||||
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-nvidia-focal-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-nvidia-focal-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-nvidia-focal:$SANITIZED_BRANCH -t ${ORG_NAME}/core-nvidia-focal:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg BASE_IMAGE="ubuntu:20.04" --build-arg BG_IMG=bg_focal.png -f dockerfile-kasm-core-nvidia .
|
|
||||||
tags:
|
|
||||||
- aws-autoscale
|
|
||||||
only:
|
|
||||||
- develop
|
|
||||||
- /^release\/.*$/
|
|
||||||
except:
|
|
||||||
- schedules
|
|
||||||
|
|
||||||
build_remnux_bionic:
|
build_remnux_bionic:
|
||||||
stage: build
|
stage: build
|
||||||
script:
|
script:
|
||||||
@ -276,27 +256,6 @@ build_cuda_focal_dev:
|
|||||||
tags:
|
tags:
|
||||||
- aws-autoscale
|
- aws-autoscale
|
||||||
|
|
||||||
build_nvidia_focal_dev:
|
|
||||||
stage: build
|
|
||||||
script:
|
|
||||||
- >
|
|
||||||
docker build
|
|
||||||
-t ${ORG_NAME}/core-nvidia-focal-private:$(arch)-$SANITIZED_BRANCH
|
|
||||||
--build-arg START_PULSEAUDIO=1
|
|
||||||
--build-arg START_XFCE4=1
|
|
||||||
--build-arg BASE_IMAGE="ubuntu:20.04"
|
|
||||||
--build-arg BG_IMG=bg_focal.png
|
|
||||||
-f dockerfile-kasm-core-nvidia .
|
|
||||||
- docker push ${ORG_NAME}/core-nvidia-focal-private:$(arch)-$SANITIZED_BRANCH
|
|
||||||
except:
|
|
||||||
- develop
|
|
||||||
- /^release\/.*$/
|
|
||||||
tags:
|
|
||||||
- ${TAG}
|
|
||||||
parallel:
|
|
||||||
matrix:
|
|
||||||
- TAG: [ aws-autoscale, aws-autoscale-arm64 ]
|
|
||||||
|
|
||||||
build_remnux_bionic_dev:
|
build_remnux_bionic_dev:
|
||||||
stage: build
|
stage: build
|
||||||
script:
|
script:
|
||||||
@ -474,7 +433,6 @@ test_multi_arch_dev:
|
|||||||
KASM_IMAGE:
|
KASM_IMAGE:
|
||||||
- core-ubuntu-bionic-private
|
- core-ubuntu-bionic-private
|
||||||
- core-ubuntu-focal-private
|
- core-ubuntu-focal-private
|
||||||
- core-nvidia-focal-private
|
|
||||||
- core-kali-rolling-private
|
- core-kali-rolling-private
|
||||||
- core-oracle-8-private
|
- core-oracle-8-private
|
||||||
- core-opensuse-15-private
|
- core-opensuse-15-private
|
||||||
@ -532,7 +490,6 @@ manifest_dev:
|
|||||||
- KASM_IMAGE:
|
- KASM_IMAGE:
|
||||||
- core-ubuntu-bionic-private
|
- core-ubuntu-bionic-private
|
||||||
- core-ubuntu-focal-private
|
- core-ubuntu-focal-private
|
||||||
- core-nvidia-focal-private
|
|
||||||
- core-kali-rolling-private
|
- core-kali-rolling-private
|
||||||
- core-oracle-8-private
|
- core-oracle-8-private
|
||||||
- core-opensuse-15-private
|
- core-opensuse-15-private
|
||||||
@ -615,23 +572,6 @@ build_cuda_focal_schedules:
|
|||||||
only:
|
only:
|
||||||
- schedules
|
- schedules
|
||||||
|
|
||||||
build_nvidia_focal_schedules:
|
|
||||||
stage: build
|
|
||||||
image: ${ORG_NAME}/docker-buildx-private:develop
|
|
||||||
variables:
|
|
||||||
BUILD_PLATFORMS: "linux/amd64,linux/arm64"
|
|
||||||
script:
|
|
||||||
# get qemu ready
|
|
||||||
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
|
|
||||||
# prep the buildx env
|
|
||||||
- docker buildx create --use
|
|
||||||
# build for multiple architectures
|
|
||||||
- docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-nvidia-focal-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-nvidia-focal:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="ubuntu:20.04" --build-arg BG_IMG=bg_focal.png -f dockerfile-kasm-core-nvidia .
|
|
||||||
tags:
|
|
||||||
- aws-autoscale
|
|
||||||
only:
|
|
||||||
- schedules
|
|
||||||
|
|
||||||
build_remnux_bionic_schedules:
|
build_remnux_bionic_schedules:
|
||||||
stage: build
|
stage: build
|
||||||
script:
|
script:
|
||||||
@ -766,4 +706,3 @@ update_readmes:
|
|||||||
- core-cuda-focal
|
- core-cuda-focal
|
||||||
- core-ubuntu-bionic
|
- core-ubuntu-bionic
|
||||||
- core-ubuntu-focal
|
- core-ubuntu-focal
|
||||||
- core-nvidia-focal
|
|
||||||
|
|||||||
@ -4,6 +4,7 @@ ARG DISTRO=ubuntu
|
|||||||
|
|
||||||
LABEL "org.opencontainers.image.authors"='Kasm Tech "info@kasmweb.com"'
|
LABEL "org.opencontainers.image.authors"='Kasm Tech "info@kasmweb.com"'
|
||||||
LABEL "com.kasmweb.image"="true"
|
LABEL "com.kasmweb.image"="true"
|
||||||
|
LABEL "com.kasmweb.gpu_acceleration_egl"="nvidia"
|
||||||
|
|
||||||
### Environment config
|
### Environment config
|
||||||
ARG START_XFCE4=0
|
ARG START_XFCE4=0
|
||||||
@ -51,6 +52,13 @@ EXPOSE $VNC_PORT \
|
|||||||
WORKDIR $HOME
|
WORKDIR $HOME
|
||||||
RUN mkdir -p $HOME/Desktop
|
RUN mkdir -p $HOME/Desktop
|
||||||
|
|
||||||
|
# Support NVIDIA gpus for graphics acceleration
|
||||||
|
RUN echo "/usr/local/nvidia/lib" >> /etc/ld.so.conf.d/nvidia.conf && \
|
||||||
|
echo "/usr/local/nvidia/lib64" >> /etc/ld.so.conf.d/nvidia.conf
|
||||||
|
ENV LD_LIBRARY_PATH /usr/lib/x86_64-linux-gnu:/usr/lib/i386-linux-gnu${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}:/usr/local/nvidia/lib:/usr/local/nvidia/lib64
|
||||||
|
ENV NVIDIA_DRIVER_CAPABILITIES=${NVIDIA_DRIVER_CAPABILITIES:+$NVIDIA_DRIVER_CAPABILITIES,}graphics,compat32,utility
|
||||||
|
COPY src/ubuntu/install/nvidia/10_nvidia.json /usr/share/glvnd/egl_vendor.d/10_nvidia.json
|
||||||
|
|
||||||
### Install common tools
|
### Install common tools
|
||||||
COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
|
COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
|
||||||
RUN bash $INST_SCRIPTS/tools/install_tools.sh && rm -rf $INST_SCRIPTS/tools/
|
RUN bash $INST_SCRIPTS/tools/install_tools.sh && rm -rf $INST_SCRIPTS/tools/
|
||||||
@ -109,20 +117,24 @@ RUN rm -rf $INST_SCRIPTS/resources/
|
|||||||
RUN chmod +x /etc/squid/kasm_squid_adapter
|
RUN chmod +x /etc/squid/kasm_squid_adapter
|
||||||
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
||||||
|
|
||||||
### Setup Container User - Libnss Wrapper
|
|
||||||
COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/
|
|
||||||
RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/
|
|
||||||
|
|
||||||
### configure startup
|
### configure startup
|
||||||
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
||||||
ADD ./src/common/startup_scripts $STARTUPDIR
|
ADD ./src/common/startup_scripts $STARTUPDIR
|
||||||
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME
|
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \
|
||||||
|
echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
|
||||||
|
|
||||||
### extra configurations needed per distro variant
|
### extra configurations needed per distro variant
|
||||||
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
||||||
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
||||||
|
|
||||||
|
### VirtualGL
|
||||||
|
COPY ./src/ubuntu/install/virtualgl $INST_SCRIPTS/virtualgl/
|
||||||
|
RUN bash $INST_SCRIPTS/virtualgl/install_virtualgl.sh && rm -rf $INST_SCRIPTS/virtualgl/
|
||||||
|
|
||||||
|
### Create user and home directory for base images that don't already define it
|
||||||
|
RUN (groupadd -g 1000 kasm-user \
|
||||||
|
&& useradd -M -u 1000 -g 1000 kasm-user \
|
||||||
|
&& usermod -a -G kasm-user kasm-user) ; exit 0
|
||||||
ENV HOME /home/kasm-user
|
ENV HOME /home/kasm-user
|
||||||
WORKDIR $HOME
|
WORKDIR $HOME
|
||||||
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
||||||
|
|||||||
@ -121,20 +121,20 @@ RUN rm -rf "$INST_SCRIPTS/resources/"
|
|||||||
RUN chmod +x /etc/squid/kasm_squid_adapter
|
RUN chmod +x /etc/squid/kasm_squid_adapter
|
||||||
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
||||||
|
|
||||||
### Setup Container User - Libnss Wrapper
|
|
||||||
COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/
|
|
||||||
RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/
|
|
||||||
|
|
||||||
### configure startup
|
### configure startup
|
||||||
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
||||||
COPY ./src/common/startup_scripts $STARTUPDIR
|
COPY ./src/common/startup_scripts $STARTUPDIR
|
||||||
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME
|
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \
|
||||||
|
echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
|
||||||
|
|
||||||
### extra configurations needed per distro variant
|
### extra configurations needed per distro variant
|
||||||
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
||||||
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
||||||
|
|
||||||
|
### Create user and home directory for base images that don't already define it
|
||||||
|
RUN (groupadd -g 1000 kasm-user \
|
||||||
|
&& useradd -M -u 1000 -g 1000 kasm-user \
|
||||||
|
&& usermod -a -G kasm-user kasm-user) ; exit 0
|
||||||
ENV HOME /home/kasm-user
|
ENV HOME /home/kasm-user
|
||||||
WORKDIR $HOME
|
WORKDIR $HOME
|
||||||
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
||||||
|
|||||||
@ -1,176 +0,0 @@
|
|||||||
ARG BASE_IMAGE="ubuntu:focal"
|
|
||||||
FROM $BASE_IMAGE AS install_tools
|
|
||||||
|
|
||||||
### Install common tools
|
|
||||||
COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
|
|
||||||
RUN bash $INST_SCRIPTS/tools/install_tools.sh && rm -rf $INST_SCRIPTS/tools/
|
|
||||||
|
|
||||||
FROM install_tools AS squid_builder
|
|
||||||
|
|
||||||
### Build Squid
|
|
||||||
RUN wget 'https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/a590f319f328a8a576cb966c2db5ec4a5b3b7b9b/output/kasm-squid-builder_ubuntu.tar.gz'
|
|
||||||
RUN tar -xzf kasm-squid-builder_ubuntu.tar.gz -C /
|
|
||||||
|
|
||||||
FROM install_tools
|
|
||||||
|
|
||||||
LABEL "org.opencontainers.image.authors"='Kasm Tech "info@kasmweb.com"'
|
|
||||||
LABEL "com.kasmweb.image"="true"
|
|
||||||
LABEL "com.kasmweb.gpu_acceleration_egl"="nvidia"
|
|
||||||
|
|
||||||
### Environment config
|
|
||||||
ARG START_XFCE4=1
|
|
||||||
ARG START_PULSEAUDIO=1
|
|
||||||
ARG BG_IMG=bg_kasm.png
|
|
||||||
ARG EXTRA_SH=noop.sh
|
|
||||||
ARG DISTRO=ubuntu
|
|
||||||
ARG LANG='en_US.UTF-8'
|
|
||||||
ARG LANGUAGE='en_US:en'
|
|
||||||
ARG LC_ALL='en_US.UTF-8'
|
|
||||||
ENV DISPLAY=:1 \
|
|
||||||
VNC_PORT=5901 \
|
|
||||||
NO_VNC_PORT=6901 \
|
|
||||||
VNC_PORT=5901 \
|
|
||||||
AUDIO_PORT=4901 \
|
|
||||||
VNC_RESOLUTION=1280x720 \
|
|
||||||
MAX_FRAME_RATE=24 \
|
|
||||||
VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0" \
|
|
||||||
HOME=/home/kasm-default-profile \
|
|
||||||
TERM=xterm \
|
|
||||||
STARTUPDIR=/dockerstartup \
|
|
||||||
INST_SCRIPTS=/dockerstartup/install \
|
|
||||||
KASM_VNC_PATH=/usr/share/kasmvnc \
|
|
||||||
DEBIAN_FRONTEND=noninteractive \
|
|
||||||
VNC_COL_DEPTH=24 \
|
|
||||||
VNC_RESOLUTION=1280x1024 \
|
|
||||||
VNC_PW=vncpassword \
|
|
||||||
VNC_VIEW_ONLY_PW=vncviewonlypassword \
|
|
||||||
LD_LIBRARY_PATH=/usr/local/lib/ \
|
|
||||||
OMP_WAIT_POLICY=PASSIVE \
|
|
||||||
SHELL=/bin/bash \
|
|
||||||
START_XFCE4=$START_XFCE4 \
|
|
||||||
START_PULSEAUDIO=$START_PULSEAUDIO \
|
|
||||||
LANG=$LANG \
|
|
||||||
LANGUAGE=$LANGUAGE \
|
|
||||||
LC_ALL=$LC_ALL \
|
|
||||||
KASMVNC_AUTO_RECOVER=true \
|
|
||||||
PULSE_RUNTIME_PATH=/var/run/pulse
|
|
||||||
|
|
||||||
EXPOSE $VNC_PORT \
|
|
||||||
$NO_VNC_PORT \
|
|
||||||
$UPLOAD_PORT \
|
|
||||||
$AUDIO_PORT
|
|
||||||
|
|
||||||
WORKDIR $HOME
|
|
||||||
RUN mkdir -p $HOME/Desktop
|
|
||||||
|
|
||||||
### Copy over the maximization script to our startup dir for use by app images.
|
|
||||||
COPY ./src/ubuntu/install/maximize_script $STARTUPDIR/
|
|
||||||
|
|
||||||
# NVIDIA SETUP
|
|
||||||
RUN echo "/usr/local/nvidia/lib" >> /etc/ld.so.conf.d/nvidia.conf && \
|
|
||||||
echo "/usr/local/nvidia/lib64" >> /etc/ld.so.conf.d/nvidia.conf
|
|
||||||
ENV LD_LIBRARY_PATH /usr/lib/x86_64-linux-gnu:/usr/lib/i386-linux-gnu${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}:/usr/local/nvidia/lib:/usr/local/nvidia/lib64
|
|
||||||
ENV NVIDIA_DRIVER_CAPABILITIES=${NVIDIA_DRIVER_CAPABILITIES:+$NVIDIA_DRIVER_CAPABILITIES,}graphics,compat32,utility
|
|
||||||
COPY src/ubuntu/install/nvidia/10_nvidia.json /usr/share/glvnd/egl_vendor.d/10_nvidia.json
|
|
||||||
|
|
||||||
### Install custom fonts
|
|
||||||
COPY ./src/ubuntu/install/fonts $INST_SCRIPTS/fonts/
|
|
||||||
RUN bash $INST_SCRIPTS/fonts/install_custom_fonts.sh && rm -rf $INST_SCRIPTS/fonts/
|
|
||||||
|
|
||||||
### Install xfce UI
|
|
||||||
COPY ./src/ubuntu/install/xfce $INST_SCRIPTS/xfce/
|
|
||||||
RUN bash $INST_SCRIPTS/xfce/install_xfce_ui.sh && rm -rf $INST_SCRIPTS/xfce/
|
|
||||||
ADD ./src/$DISTRO/xfce/.config/ $HOME/.config/
|
|
||||||
RUN mkdir -p /usr/share/extra/backgrounds/
|
|
||||||
RUN mkdir -p /usr/share/extra/icons/
|
|
||||||
ADD /src/common/resources/images/bg_kasm.png /usr/share/extra/backgrounds/bg_kasm.png
|
|
||||||
ADD /src/common/resources/images/$BG_IMG /usr/share/extra/backgrounds/bg_default.png
|
|
||||||
ADD /src/common/resources/images/icon_ubuntu.png /usr/share/extra/icons/icon_ubuntu.png
|
|
||||||
ADD /src/common/resources/images/icon_ubuntu.png /usr/share/extra/icons/icon_default.png
|
|
||||||
ADD /src/common/resources/images/icon_kasm.png /usr/share/extra/icons/icon_kasm.png
|
|
||||||
|
|
||||||
### Install kasm_vnc dependencies and binaries
|
|
||||||
COPY ./src/ubuntu/install/kasm_vnc $INST_SCRIPTS/kasm_vnc/
|
|
||||||
RUN bash $INST_SCRIPTS/kasm_vnc/install_kasm_vnc.sh && rm -rf $INST_SCRIPTS/kasm_vnc/
|
|
||||||
|
|
||||||
### Install Kasm Upload Server
|
|
||||||
COPY ./src/ubuntu/install/kasm_upload_server $INST_SCRIPTS/kasm_upload_server/
|
|
||||||
RUN bash $INST_SCRIPTS/kasm_upload_server/install_kasm_upload_server.sh && rm -rf $INST_SCRIPTS/kasm_upload_server/
|
|
||||||
|
|
||||||
### Install Audio
|
|
||||||
COPY ./src/ubuntu/install/audio $INST_SCRIPTS/audio/
|
|
||||||
RUN bash $INST_SCRIPTS/audio/install_audio.sh && rm -rf $INST_SCRIPTS/audio/
|
|
||||||
|
|
||||||
### Install Audio Input
|
|
||||||
COPY ./src/ubuntu/install/audio_input $INST_SCRIPTS/audio_input/
|
|
||||||
RUN bash $INST_SCRIPTS/audio_input/install_audio_input.sh && rm -rf $INST_SCRIPTS/audio_input/
|
|
||||||
|
|
||||||
### Install custom cursors
|
|
||||||
COPY ./src/ubuntu/install/cursors $INST_SCRIPTS/cursors/
|
|
||||||
RUN bash $INST_SCRIPTS/cursors/install_cursors.sh && rm -rf $INST_SCRIPTS/cursors/
|
|
||||||
|
|
||||||
### Copy built Squid
|
|
||||||
COPY --from=squid_builder /usr/local/squid /usr/local/squid
|
|
||||||
|
|
||||||
### Install Squid
|
|
||||||
COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/
|
|
||||||
RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/
|
|
||||||
COPY ./src/ubuntu/install/squid/resources/*.conf /etc/squid/
|
|
||||||
COPY ./src/ubuntu/install/squid/resources/start_squid.sh /etc/squid/start_squid.sh
|
|
||||||
COPY ./src/ubuntu/install/squid/resources/SN.png /usr/local/squid/share/icons/SN.png
|
|
||||||
RUN chown proxy:proxy /usr/local/squid/share/icons/SN.png
|
|
||||||
COPY ./src/ubuntu/install/squid/resources/error_message/access_denied.html /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED
|
|
||||||
RUN chown proxy:proxy /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED
|
|
||||||
RUN rm -rf $INST_SCRIPTS/resources/
|
|
||||||
|
|
||||||
RUN chmod +x /etc/squid/kasm_squid_adapter
|
|
||||||
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
|
||||||
|
|
||||||
### configure startup
|
|
||||||
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
|
||||||
ADD ./src/common/startup_scripts $STARTUPDIR
|
|
||||||
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME
|
|
||||||
|
|
||||||
### extra configurations needed per distro variant
|
|
||||||
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
|
||||||
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
|
||||||
|
|
||||||
### VirtualGL
|
|
||||||
COPY ./src/ubuntu/install/virtualgl $INST_SCRIPTS/virtualgl/
|
|
||||||
RUN bash $INST_SCRIPTS/virtualgl/install_virtualgl.sh && rm -rf $INST_SCRIPTS/virtualgl/
|
|
||||||
RUN groupadd -g 1000 ubuntu \
|
|
||||||
&& useradd -u 1000 -g 1000 -m ubuntu \
|
|
||||||
&& usermod -a -G ubuntu ubuntu
|
|
||||||
|
|
||||||
ENV HOME /home/kasm-user
|
|
||||||
WORKDIR $HOME
|
|
||||||
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
|
||||||
|
|
||||||
### FIX PERMISSIONS ## Objective is to change the owner of non-home paths to root, remove write permissions, and set execute where required
|
|
||||||
# these files are created on container first exec, by the default user, so we have to create them since default will not have write perm
|
|
||||||
RUN touch $STARTUPDIR/wm.log \
|
|
||||||
&& touch $STARTUPDIR/window_manager_startup.log \
|
|
||||||
&& touch $STARTUPDIR/vnc_startup.log \
|
|
||||||
&& touch $STARTUPDIR/no_vnc_startup.log \
|
|
||||||
&& chown -R root:root $STARTUPDIR \
|
|
||||||
&& find $STARTUPDIR -type d -exec chmod 755 {} \; \
|
|
||||||
&& find $STARTUPDIR -type f -exec chmod 644 {} \; \
|
|
||||||
&& find $STARTUPDIR -type f -iname "*.sh" -exec chmod 755 {} \; \
|
|
||||||
&& find $STARTUPDIR -type f -iname "*.py" -exec chmod 755 {} \; \
|
|
||||||
&& find $STARTUPDIR -type f -iname "*.rb" -exec chmod 755 {} \; \
|
|
||||||
&& find $STARTUPDIR -type f -iname "*.pl" -exec chmod 755 {} \; \
|
|
||||||
&& find $STARTUPDIR -type f -iname "*.log" -exec chmod 666 {} \; \
|
|
||||||
&& chmod 755 $STARTUPDIR/upload_server/kasm_upload_server \
|
|
||||||
&& chmod 755 $STARTUPDIR/audio_input/kasm_audio_input_server \
|
|
||||||
&& chmod 755 $STARTUPDIR/generate_container_user \
|
|
||||||
&& chmod +x $STARTUPDIR/jsmpeg/kasm_audio_out-linux \
|
|
||||||
&& rm -rf $STARTUPDIR/install \
|
|
||||||
&& mkdir -p $STARTUPDIR/kasmrx/Downloads \
|
|
||||||
&& chown 1000:1000 $STARTUPDIR/kasmrx/Downloads \
|
|
||||||
&& chown -R root:root /usr/local/bin \
|
|
||||||
&& chown 1000:root /var/run/pulse
|
|
||||||
|
|
||||||
USER ubuntu
|
|
||||||
|
|
||||||
ENTRYPOINT ["/dockerstartup/kasm_default_profile.sh", "/dockerstartup/vnc_startup.sh", "/dockerstartup/kasm_startup.sh"]
|
|
||||||
CMD ["--wait"]
|
|
||||||
@ -134,20 +134,20 @@ RUN rm -rf "$INST_SCRIPTS/resources/"
|
|||||||
RUN chmod +x /etc/squid/kasm_squid_adapter
|
RUN chmod +x /etc/squid/kasm_squid_adapter
|
||||||
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
||||||
|
|
||||||
### Setup Container User - Libnss Wrapper
|
|
||||||
COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/
|
|
||||||
RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/
|
|
||||||
|
|
||||||
### configure startup
|
### configure startup
|
||||||
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
||||||
COPY ./src/common/startup_scripts $STARTUPDIR
|
COPY ./src/common/startup_scripts $STARTUPDIR
|
||||||
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME
|
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \
|
||||||
|
echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
|
||||||
|
|
||||||
### extra configurations needed per distro variant
|
### extra configurations needed per distro variant
|
||||||
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
||||||
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
||||||
|
|
||||||
|
### Create user and home directory for base images that don't already define it
|
||||||
|
RUN (groupadd -g 1000 kasm-user \
|
||||||
|
&& useradd -M -u 1000 -g 1000 kasm-user \
|
||||||
|
&& usermod -a -G kasm-user kasm-user) ; exit 0
|
||||||
ENV HOME /home/kasm-user
|
ENV HOME /home/kasm-user
|
||||||
WORKDIR $HOME
|
WORKDIR $HOME
|
||||||
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
||||||
|
|||||||
@ -118,20 +118,20 @@ RUN rm -rf "$INST_SCRIPTS/resources/"
|
|||||||
RUN chmod +x /etc/squid/kasm_squid_adapter
|
RUN chmod +x /etc/squid/kasm_squid_adapter
|
||||||
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh
|
||||||
|
|
||||||
### Setup Container User - Libnss Wrapper
|
|
||||||
COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/
|
|
||||||
RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/
|
|
||||||
|
|
||||||
### configure startup
|
### configure startup
|
||||||
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR
|
||||||
COPY ./src/common/startup_scripts $STARTUPDIR
|
COPY ./src/common/startup_scripts $STARTUPDIR
|
||||||
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME
|
RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \
|
||||||
|
echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
|
||||||
|
|
||||||
### extra configurations needed per distro variant
|
### extra configurations needed per distro variant
|
||||||
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/
|
||||||
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/
|
||||||
|
|
||||||
|
### Create user and home directory for base images that don't already define it
|
||||||
|
RUN (groupadd -g 1000 kasm-user \
|
||||||
|
&& useradd -M -u 1000 -g 1000 kasm-user \
|
||||||
|
&& usermod -a -G kasm-user kasm-user) ; exit 0
|
||||||
ENV HOME /home/kasm-user
|
ENV HOME /home/kasm-user
|
||||||
WORKDIR $HOME
|
WORKDIR $HOME
|
||||||
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
|
||||||
|
|||||||
@ -1,23 +1,3 @@
|
|||||||
detect_libnss_wrapper() {
|
|
||||||
if $(which dpkg &>/dev/null); then
|
|
||||||
libnss_wrapper_file=$(dpkg -S libnss_wrapper.so | awk -F' ' '{ print $2 }')
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -r /usr/lib/libnss_wrapper.so ]; then
|
|
||||||
libnss_wrapper_file=/usr/lib/libnss_wrapper.so
|
|
||||||
elif [ -r /usr/lib64/libnss_wrapper.so ]; then
|
|
||||||
libnss_wrapper_file=/usr/lib64/libnss_wrapper.so
|
|
||||||
else
|
|
||||||
echo "no libnss_wrapper.so installed!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set current user in nss_wrapper
|
|
||||||
USER_ID=$(id -u)
|
|
||||||
GROUP_ID=$(id -g)
|
|
||||||
|
|
||||||
# Attempt to set the username to the kasm username
|
# Attempt to set the username to the kasm username
|
||||||
USERNAME=${KASM_USER:-default}
|
USERNAME=${KASM_USER:-default}
|
||||||
# Make the username posix compliant
|
# Make the username posix compliant
|
||||||
@ -25,20 +5,4 @@ USERNAME=$(echo "$USERNAME" | sed -r 's#[^a-zA-Z0-9\._\-]#_#g')
|
|||||||
if ! echo "$USERNAME" | grep -qP "^[a-zA-Z0-9_\.][a-zA-Z0-9_\-\.]*"; then
|
if ! echo "$USERNAME" | grep -qP "^[a-zA-Z0-9_\.][a-zA-Z0-9_\-\.]*"; then
|
||||||
USERNAME="default"
|
USERNAME="default"
|
||||||
fi
|
fi
|
||||||
export PS1="$USERNAME:\w\$ "
|
export PS1="$USERNAME:\w\$ "
|
||||||
|
|
||||||
if [ x"$USER_ID" != x"0" ]; then
|
|
||||||
|
|
||||||
NSS_WRAPPER_PASSWD=/tmp/passwd
|
|
||||||
NSS_WRAPPER_GROUP=/etc/group
|
|
||||||
|
|
||||||
cat /etc/passwd > $NSS_WRAPPER_PASSWD
|
|
||||||
|
|
||||||
echo "${USERNAME}:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/bin/bash" >> $NSS_WRAPPER_PASSWD
|
|
||||||
|
|
||||||
export NSS_WRAPPER_PASSWD
|
|
||||||
export NSS_WRAPPER_GROUP
|
|
||||||
|
|
||||||
detect_libnss_wrapper
|
|
||||||
export LD_PRELOAD="$libnss_wrapper_file"
|
|
||||||
fi
|
|
||||||
@ -1,31 +0,0 @@
|
|||||||
#!/usr/bin/env bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
echo "Install nss-wrapper to be able to execute image as non-root user"
|
|
||||||
if [[ "${DISTRO}" == @(centos|oracle7|oracle8) ]] ; then
|
|
||||||
if [ "${DISTRO}" == "centos" ]; then
|
|
||||||
yum install -y centos-release-scl-rh && yum install -y nss_wrapper
|
|
||||||
elif [ "${DISTRO}" == "oracle8" ]; then
|
|
||||||
dnf install -y nss_wrapper gettext hostname
|
|
||||||
dnf clean all
|
|
||||||
else
|
|
||||||
yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-scl-rh-2-3.el7.centos.noarch.rpm && yum install -y nss_wrapper
|
|
||||||
fi
|
|
||||||
if [[ "${DISTRO}" == @(centos|oracle7) ]] ; then
|
|
||||||
yum install -y gettext
|
|
||||||
yum clean all
|
|
||||||
fi
|
|
||||||
elif [[ "${DISTRO}" == "opensuse" ]] ; then
|
|
||||||
zypper install -ny nss_wrapper gettext-runtime
|
|
||||||
zypper clean --all
|
|
||||||
sed -i 's/mirrorcache-us.opensuse.org/download.opensuse.org/g' /etc/zypp/repos.d/*.repo
|
|
||||||
else
|
|
||||||
apt-get update
|
|
||||||
apt-get install -y libnss-wrapper gettext
|
|
||||||
apt-get clean -y
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "add 'source generate_container_user' to .bashrc"
|
|
||||||
|
|
||||||
# have to be added to hold all env vars correctly
|
|
||||||
echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc
|
|
||||||
@ -29,7 +29,7 @@ if [[ "${DISTRO}" == @(centos|oracle) ]]; then
|
|||||||
useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy
|
useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy
|
||||||
elif [ "${DISTRO}" == "opensuse" ]; then
|
elif [ "${DISTRO}" == "opensuse" ]; then
|
||||||
useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy
|
useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy
|
||||||
groupadd proxy
|
groupadd -g 65511 proxy
|
||||||
usermod -a -G proxy proxy
|
usermod -a -G proxy proxy
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -5,7 +5,7 @@ echo "Install some common tools for further installation"
|
|||||||
if [[ "${DISTRO}" == @(centos|oracle7) ]] ; then
|
if [[ "${DISTRO}" == @(centos|oracle7) ]] ; then
|
||||||
yum install -y vim wget net-tools bzip2 python3 ca-certificates
|
yum install -y vim wget net-tools bzip2 python3 ca-certificates
|
||||||
elif [ "${DISTRO}" == "oracle8" ]; then
|
elif [ "${DISTRO}" == "oracle8" ]; then
|
||||||
dnf install -y wget net-tools bzip2 python3 tar vim
|
dnf install -y wget net-tools bzip2 python3 tar vim hostname
|
||||||
dnf clean all
|
dnf clean all
|
||||||
elif [ "${DISTRO}" == "opensuse" ]; then
|
elif [ "${DISTRO}" == "opensuse" ]; then
|
||||||
sed -i 's/download.opensuse.org/mirrorcache-us.opensuse.org/g' /etc/zypp/repos.d/*.repo
|
sed -i 's/download.opensuse.org/mirrorcache-us.opensuse.org/g' /etc/zypp/repos.d/*.repo
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user