From 27a4885b3e2db36e87ac2c6bd3d49d08b8189bee Mon Sep 17 00:00:00 2001 From: Matthew McClaskey Date: Fri, 13 May 2022 18:19:59 +0000 Subject: [PATCH] Resolve KASM-2436 "Feature/ core gpu image" --- .gitlab-ci.yml | 61 ------ dockerfile-kasm-core | 24 ++- dockerfile-kasm-core-centos | 12 +- dockerfile-kasm-core-nvidia | 176 ------------------ dockerfile-kasm-core-oracle | 12 +- dockerfile-kasm-core-suse | 12 +- .../startup_scripts/generate_container_user | 38 +--- src/ubuntu/install/libnss/libnss_wrapper.sh | 31 --- .../install/squid/install/install_squid.sh | 2 +- src/ubuntu/install/tools/install_tools.sh | 2 +- 10 files changed, 39 insertions(+), 331 deletions(-) delete mode 100644 dockerfile-kasm-core-nvidia delete mode 100644 src/ubuntu/install/libnss/libnss_wrapper.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8f87f3f..a14c4c2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -72,26 +72,6 @@ build_cuda_focal: except: - schedules -build_nvidia_focal: - stage: build - image: ${ORG_NAME}/docker-buildx-private:develop - variables: - BUILD_PLATFORMS: "linux/amd64,linux/arm64" - script: - # get qemu ready - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - # prep the buildx env - - docker buildx create --use - # build for multiple architectures - - docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-nvidia-focal-private:$SANITIZED_BRANCH -t ${ORG_NAME}/core-nvidia-focal-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-nvidia-focal:$SANITIZED_BRANCH -t ${ORG_NAME}/core-nvidia-focal:$SANITIZED_ROLLING_BRANCH --build-arg START_PULSEAUDIO=1 --build-arg BASE_IMAGE="ubuntu:20.04" --build-arg BG_IMG=bg_focal.png -f dockerfile-kasm-core-nvidia . - tags: - - aws-autoscale - only: - - develop - - /^release\/.*$/ - except: - - schedules - build_remnux_bionic: stage: build script: @@ -276,27 +256,6 @@ build_cuda_focal_dev: tags: - aws-autoscale -build_nvidia_focal_dev: - stage: build - script: - - > - docker build - -t ${ORG_NAME}/core-nvidia-focal-private:$(arch)-$SANITIZED_BRANCH - --build-arg START_PULSEAUDIO=1 - --build-arg START_XFCE4=1 - --build-arg BASE_IMAGE="ubuntu:20.04" - --build-arg BG_IMG=bg_focal.png - -f dockerfile-kasm-core-nvidia . - - docker push ${ORG_NAME}/core-nvidia-focal-private:$(arch)-$SANITIZED_BRANCH - except: - - develop - - /^release\/.*$/ - tags: - - ${TAG} - parallel: - matrix: - - TAG: [ aws-autoscale, aws-autoscale-arm64 ] - build_remnux_bionic_dev: stage: build script: @@ -474,7 +433,6 @@ test_multi_arch_dev: KASM_IMAGE: - core-ubuntu-bionic-private - core-ubuntu-focal-private - - core-nvidia-focal-private - core-kali-rolling-private - core-oracle-8-private - core-opensuse-15-private @@ -532,7 +490,6 @@ manifest_dev: - KASM_IMAGE: - core-ubuntu-bionic-private - core-ubuntu-focal-private - - core-nvidia-focal-private - core-kali-rolling-private - core-oracle-8-private - core-opensuse-15-private @@ -615,23 +572,6 @@ build_cuda_focal_schedules: only: - schedules -build_nvidia_focal_schedules: - stage: build - image: ${ORG_NAME}/docker-buildx-private:develop - variables: - BUILD_PLATFORMS: "linux/amd64,linux/arm64" - script: - # get qemu ready - - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes - # prep the buildx env - - docker buildx create --use - # build for multiple architectures - - docker buildx build --push --platform $BUILD_PLATFORMS -t ${ORG_NAME}/core-nvidia-focal-private:$SANITIZED_ROLLING_BRANCH -t ${ORG_NAME}/core-nvidia-focal:$SANITIZED_ROLLING_BRANCH --build-arg BASE_IMAGE="ubuntu:20.04" --build-arg BG_IMG=bg_focal.png -f dockerfile-kasm-core-nvidia . - tags: - - aws-autoscale - only: - - schedules - build_remnux_bionic_schedules: stage: build script: @@ -766,4 +706,3 @@ update_readmes: - core-cuda-focal - core-ubuntu-bionic - core-ubuntu-focal - - core-nvidia-focal diff --git a/dockerfile-kasm-core b/dockerfile-kasm-core index fc1db77..ff19f62 100644 --- a/dockerfile-kasm-core +++ b/dockerfile-kasm-core @@ -4,6 +4,7 @@ ARG DISTRO=ubuntu LABEL "org.opencontainers.image.authors"='Kasm Tech "info@kasmweb.com"' LABEL "com.kasmweb.image"="true" +LABEL "com.kasmweb.gpu_acceleration_egl"="nvidia" ### Environment config ARG START_XFCE4=0 @@ -51,6 +52,13 @@ EXPOSE $VNC_PORT \ WORKDIR $HOME RUN mkdir -p $HOME/Desktop +# Support NVIDIA gpus for graphics acceleration +RUN echo "/usr/local/nvidia/lib" >> /etc/ld.so.conf.d/nvidia.conf && \ + echo "/usr/local/nvidia/lib64" >> /etc/ld.so.conf.d/nvidia.conf +ENV LD_LIBRARY_PATH /usr/lib/x86_64-linux-gnu:/usr/lib/i386-linux-gnu${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}:/usr/local/nvidia/lib:/usr/local/nvidia/lib64 +ENV NVIDIA_DRIVER_CAPABILITIES=${NVIDIA_DRIVER_CAPABILITIES:+$NVIDIA_DRIVER_CAPABILITIES,}graphics,compat32,utility +COPY src/ubuntu/install/nvidia/10_nvidia.json /usr/share/glvnd/egl_vendor.d/10_nvidia.json + ### Install common tools COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/ RUN bash $INST_SCRIPTS/tools/install_tools.sh && rm -rf $INST_SCRIPTS/tools/ @@ -109,20 +117,24 @@ RUN rm -rf $INST_SCRIPTS/resources/ RUN chmod +x /etc/squid/kasm_squid_adapter RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh -### Setup Container User - Libnss Wrapper -COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/ -RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/ - ### configure startup COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR ADD ./src/common/startup_scripts $STARTUPDIR -RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME - +RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \ + echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc ### extra configurations needed per distro variant COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/ RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/ +### VirtualGL +COPY ./src/ubuntu/install/virtualgl $INST_SCRIPTS/virtualgl/ +RUN bash $INST_SCRIPTS/virtualgl/install_virtualgl.sh && rm -rf $INST_SCRIPTS/virtualgl/ + +### Create user and home directory for base images that don't already define it +RUN (groupadd -g 1000 kasm-user \ + && useradd -M -u 1000 -g 1000 kasm-user \ + && usermod -a -G kasm-user kasm-user) ; exit 0 ENV HOME /home/kasm-user WORKDIR $HOME RUN mkdir -p $HOME && chown -R 1000:0 $HOME diff --git a/dockerfile-kasm-core-centos b/dockerfile-kasm-core-centos index 59a5a1c..f6ff23a 100644 --- a/dockerfile-kasm-core-centos +++ b/dockerfile-kasm-core-centos @@ -121,20 +121,20 @@ RUN rm -rf "$INST_SCRIPTS/resources/" RUN chmod +x /etc/squid/kasm_squid_adapter RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh -### Setup Container User - Libnss Wrapper -COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/ -RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/ - ### configure startup COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR COPY ./src/common/startup_scripts $STARTUPDIR -RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME - +RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \ + echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc ### extra configurations needed per distro variant COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/ RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/ +### Create user and home directory for base images that don't already define it +RUN (groupadd -g 1000 kasm-user \ + && useradd -M -u 1000 -g 1000 kasm-user \ + && usermod -a -G kasm-user kasm-user) ; exit 0 ENV HOME /home/kasm-user WORKDIR $HOME RUN mkdir -p $HOME && chown -R 1000:0 $HOME diff --git a/dockerfile-kasm-core-nvidia b/dockerfile-kasm-core-nvidia deleted file mode 100644 index 05774e1..0000000 --- a/dockerfile-kasm-core-nvidia +++ /dev/null @@ -1,176 +0,0 @@ -ARG BASE_IMAGE="ubuntu:focal" -FROM $BASE_IMAGE AS install_tools - -### Install common tools -COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/ -RUN bash $INST_SCRIPTS/tools/install_tools.sh && rm -rf $INST_SCRIPTS/tools/ - -FROM install_tools AS squid_builder - -### Build Squid -RUN wget 'https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/a590f319f328a8a576cb966c2db5ec4a5b3b7b9b/output/kasm-squid-builder_ubuntu.tar.gz' -RUN tar -xzf kasm-squid-builder_ubuntu.tar.gz -C / - -FROM install_tools - -LABEL "org.opencontainers.image.authors"='Kasm Tech "info@kasmweb.com"' -LABEL "com.kasmweb.image"="true" -LABEL "com.kasmweb.gpu_acceleration_egl"="nvidia" - -### Environment config -ARG START_XFCE4=1 -ARG START_PULSEAUDIO=1 -ARG BG_IMG=bg_kasm.png -ARG EXTRA_SH=noop.sh -ARG DISTRO=ubuntu -ARG LANG='en_US.UTF-8' -ARG LANGUAGE='en_US:en' -ARG LC_ALL='en_US.UTF-8' -ENV DISPLAY=:1 \ - VNC_PORT=5901 \ - NO_VNC_PORT=6901 \ - VNC_PORT=5901 \ - AUDIO_PORT=4901 \ - VNC_RESOLUTION=1280x720 \ - MAX_FRAME_RATE=24 \ - VNCOPTIONS="-PreferBandwidth -DynamicQualityMin=4 -DynamicQualityMax=7 -DLP_ClipDelay=0" \ - HOME=/home/kasm-default-profile \ - TERM=xterm \ - STARTUPDIR=/dockerstartup \ - INST_SCRIPTS=/dockerstartup/install \ - KASM_VNC_PATH=/usr/share/kasmvnc \ - DEBIAN_FRONTEND=noninteractive \ - VNC_COL_DEPTH=24 \ - VNC_RESOLUTION=1280x1024 \ - VNC_PW=vncpassword \ - VNC_VIEW_ONLY_PW=vncviewonlypassword \ - LD_LIBRARY_PATH=/usr/local/lib/ \ - OMP_WAIT_POLICY=PASSIVE \ - SHELL=/bin/bash \ - START_XFCE4=$START_XFCE4 \ - START_PULSEAUDIO=$START_PULSEAUDIO \ - LANG=$LANG \ - LANGUAGE=$LANGUAGE \ - LC_ALL=$LC_ALL \ - KASMVNC_AUTO_RECOVER=true \ - PULSE_RUNTIME_PATH=/var/run/pulse - -EXPOSE $VNC_PORT \ - $NO_VNC_PORT \ - $UPLOAD_PORT \ - $AUDIO_PORT - -WORKDIR $HOME -RUN mkdir -p $HOME/Desktop - -### Copy over the maximization script to our startup dir for use by app images. -COPY ./src/ubuntu/install/maximize_script $STARTUPDIR/ - -# NVIDIA SETUP -RUN echo "/usr/local/nvidia/lib" >> /etc/ld.so.conf.d/nvidia.conf && \ - echo "/usr/local/nvidia/lib64" >> /etc/ld.so.conf.d/nvidia.conf -ENV LD_LIBRARY_PATH /usr/lib/x86_64-linux-gnu:/usr/lib/i386-linux-gnu${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}:/usr/local/nvidia/lib:/usr/local/nvidia/lib64 -ENV NVIDIA_DRIVER_CAPABILITIES=${NVIDIA_DRIVER_CAPABILITIES:+$NVIDIA_DRIVER_CAPABILITIES,}graphics,compat32,utility -COPY src/ubuntu/install/nvidia/10_nvidia.json /usr/share/glvnd/egl_vendor.d/10_nvidia.json - -### Install custom fonts -COPY ./src/ubuntu/install/fonts $INST_SCRIPTS/fonts/ -RUN bash $INST_SCRIPTS/fonts/install_custom_fonts.sh && rm -rf $INST_SCRIPTS/fonts/ - -### Install xfce UI -COPY ./src/ubuntu/install/xfce $INST_SCRIPTS/xfce/ -RUN bash $INST_SCRIPTS/xfce/install_xfce_ui.sh && rm -rf $INST_SCRIPTS/xfce/ -ADD ./src/$DISTRO/xfce/.config/ $HOME/.config/ -RUN mkdir -p /usr/share/extra/backgrounds/ -RUN mkdir -p /usr/share/extra/icons/ -ADD /src/common/resources/images/bg_kasm.png /usr/share/extra/backgrounds/bg_kasm.png -ADD /src/common/resources/images/$BG_IMG /usr/share/extra/backgrounds/bg_default.png -ADD /src/common/resources/images/icon_ubuntu.png /usr/share/extra/icons/icon_ubuntu.png -ADD /src/common/resources/images/icon_ubuntu.png /usr/share/extra/icons/icon_default.png -ADD /src/common/resources/images/icon_kasm.png /usr/share/extra/icons/icon_kasm.png - -### Install kasm_vnc dependencies and binaries -COPY ./src/ubuntu/install/kasm_vnc $INST_SCRIPTS/kasm_vnc/ -RUN bash $INST_SCRIPTS/kasm_vnc/install_kasm_vnc.sh && rm -rf $INST_SCRIPTS/kasm_vnc/ - -### Install Kasm Upload Server -COPY ./src/ubuntu/install/kasm_upload_server $INST_SCRIPTS/kasm_upload_server/ -RUN bash $INST_SCRIPTS/kasm_upload_server/install_kasm_upload_server.sh && rm -rf $INST_SCRIPTS/kasm_upload_server/ - -### Install Audio -COPY ./src/ubuntu/install/audio $INST_SCRIPTS/audio/ -RUN bash $INST_SCRIPTS/audio/install_audio.sh && rm -rf $INST_SCRIPTS/audio/ - -### Install Audio Input -COPY ./src/ubuntu/install/audio_input $INST_SCRIPTS/audio_input/ -RUN bash $INST_SCRIPTS/audio_input/install_audio_input.sh && rm -rf $INST_SCRIPTS/audio_input/ - -### Install custom cursors -COPY ./src/ubuntu/install/cursors $INST_SCRIPTS/cursors/ -RUN bash $INST_SCRIPTS/cursors/install_cursors.sh && rm -rf $INST_SCRIPTS/cursors/ - -### Copy built Squid -COPY --from=squid_builder /usr/local/squid /usr/local/squid - -### Install Squid -COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/ -RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/ -COPY ./src/ubuntu/install/squid/resources/*.conf /etc/squid/ -COPY ./src/ubuntu/install/squid/resources/start_squid.sh /etc/squid/start_squid.sh -COPY ./src/ubuntu/install/squid/resources/SN.png /usr/local/squid/share/icons/SN.png -RUN chown proxy:proxy /usr/local/squid/share/icons/SN.png -COPY ./src/ubuntu/install/squid/resources/error_message/access_denied.html /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED -RUN chown proxy:proxy /usr/local/squid/share/errors/en/ERR_ACCESS_DENIED -RUN rm -rf $INST_SCRIPTS/resources/ - -RUN chmod +x /etc/squid/kasm_squid_adapter -RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh - -### configure startup -COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR -ADD ./src/common/startup_scripts $STARTUPDIR -RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME - -### extra configurations needed per distro variant -COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/ -RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/ - -### VirtualGL -COPY ./src/ubuntu/install/virtualgl $INST_SCRIPTS/virtualgl/ -RUN bash $INST_SCRIPTS/virtualgl/install_virtualgl.sh && rm -rf $INST_SCRIPTS/virtualgl/ -RUN groupadd -g 1000 ubuntu \ - && useradd -u 1000 -g 1000 -m ubuntu \ - && usermod -a -G ubuntu ubuntu - -ENV HOME /home/kasm-user -WORKDIR $HOME -RUN mkdir -p $HOME && chown -R 1000:0 $HOME - -### FIX PERMISSIONS ## Objective is to change the owner of non-home paths to root, remove write permissions, and set execute where required -# these files are created on container first exec, by the default user, so we have to create them since default will not have write perm -RUN touch $STARTUPDIR/wm.log \ - && touch $STARTUPDIR/window_manager_startup.log \ - && touch $STARTUPDIR/vnc_startup.log \ - && touch $STARTUPDIR/no_vnc_startup.log \ - && chown -R root:root $STARTUPDIR \ - && find $STARTUPDIR -type d -exec chmod 755 {} \; \ - && find $STARTUPDIR -type f -exec chmod 644 {} \; \ - && find $STARTUPDIR -type f -iname "*.sh" -exec chmod 755 {} \; \ - && find $STARTUPDIR -type f -iname "*.py" -exec chmod 755 {} \; \ - && find $STARTUPDIR -type f -iname "*.rb" -exec chmod 755 {} \; \ - && find $STARTUPDIR -type f -iname "*.pl" -exec chmod 755 {} \; \ - && find $STARTUPDIR -type f -iname "*.log" -exec chmod 666 {} \; \ - && chmod 755 $STARTUPDIR/upload_server/kasm_upload_server \ - && chmod 755 $STARTUPDIR/audio_input/kasm_audio_input_server \ - && chmod 755 $STARTUPDIR/generate_container_user \ - && chmod +x $STARTUPDIR/jsmpeg/kasm_audio_out-linux \ - && rm -rf $STARTUPDIR/install \ - && mkdir -p $STARTUPDIR/kasmrx/Downloads \ - && chown 1000:1000 $STARTUPDIR/kasmrx/Downloads \ - && chown -R root:root /usr/local/bin \ - && chown 1000:root /var/run/pulse - -USER ubuntu - -ENTRYPOINT ["/dockerstartup/kasm_default_profile.sh", "/dockerstartup/vnc_startup.sh", "/dockerstartup/kasm_startup.sh"] -CMD ["--wait"] diff --git a/dockerfile-kasm-core-oracle b/dockerfile-kasm-core-oracle index 7d6a75e..ba02e4a 100644 --- a/dockerfile-kasm-core-oracle +++ b/dockerfile-kasm-core-oracle @@ -134,20 +134,20 @@ RUN rm -rf "$INST_SCRIPTS/resources/" RUN chmod +x /etc/squid/kasm_squid_adapter RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh -### Setup Container User - Libnss Wrapper -COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/ -RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/ - ### configure startup COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR COPY ./src/common/startup_scripts $STARTUPDIR -RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME - +RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \ + echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc ### extra configurations needed per distro variant COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/ RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/ +### Create user and home directory for base images that don't already define it +RUN (groupadd -g 1000 kasm-user \ + && useradd -M -u 1000 -g 1000 kasm-user \ + && usermod -a -G kasm-user kasm-user) ; exit 0 ENV HOME /home/kasm-user WORKDIR $HOME RUN mkdir -p $HOME && chown -R 1000:0 $HOME diff --git a/dockerfile-kasm-core-suse b/dockerfile-kasm-core-suse index db9595d..1db9156 100644 --- a/dockerfile-kasm-core-suse +++ b/dockerfile-kasm-core-suse @@ -118,20 +118,20 @@ RUN rm -rf "$INST_SCRIPTS/resources/" RUN chmod +x /etc/squid/kasm_squid_adapter RUN chmod +x /etc/squid/start_squid.sh && chmod 4755 /etc/squid/start_squid.sh -### Setup Container User - Libnss Wrapper -COPY ./src/ubuntu/install/libnss $INST_SCRIPTS/libnss/ -RUN bash $INST_SCRIPTS/libnss/libnss_wrapper.sh && rm -rf $INST_SCRIPTS/libnss/ - ### configure startup COPY ./src/common/scripts/kasm_hook_scripts $STARTUPDIR COPY ./src/common/startup_scripts $STARTUPDIR -RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME - +RUN bash $STARTUPDIR/set_user_permission.sh $STARTUPDIR $HOME && \ + echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc ### extra configurations needed per distro variant COPY ./src/ubuntu/install/extra $INST_SCRIPTS/extra/ RUN bash $INST_SCRIPTS/extra/$EXTRA_SH && rm -rf $INST_SCRIPTS/extra/ +### Create user and home directory for base images that don't already define it +RUN (groupadd -g 1000 kasm-user \ + && useradd -M -u 1000 -g 1000 kasm-user \ + && usermod -a -G kasm-user kasm-user) ; exit 0 ENV HOME /home/kasm-user WORKDIR $HOME RUN mkdir -p $HOME && chown -R 1000:0 $HOME diff --git a/src/common/startup_scripts/generate_container_user b/src/common/startup_scripts/generate_container_user index 80945a5..dff7542 100644 --- a/src/common/startup_scripts/generate_container_user +++ b/src/common/startup_scripts/generate_container_user @@ -1,23 +1,3 @@ -detect_libnss_wrapper() { - if $(which dpkg &>/dev/null); then - libnss_wrapper_file=$(dpkg -S libnss_wrapper.so | awk -F' ' '{ print $2 }') - return - fi - - if [ -r /usr/lib/libnss_wrapper.so ]; then - libnss_wrapper_file=/usr/lib/libnss_wrapper.so - elif [ -r /usr/lib64/libnss_wrapper.so ]; then - libnss_wrapper_file=/usr/lib64/libnss_wrapper.so - else - echo "no libnss_wrapper.so installed!" - exit 1 - fi -} - -# Set current user in nss_wrapper -USER_ID=$(id -u) -GROUP_ID=$(id -g) - # Attempt to set the username to the kasm username USERNAME=${KASM_USER:-default} # Make the username posix compliant @@ -25,20 +5,4 @@ USERNAME=$(echo "$USERNAME" | sed -r 's#[^a-zA-Z0-9\._\-]#_#g') if ! echo "$USERNAME" | grep -qP "^[a-zA-Z0-9_\.][a-zA-Z0-9_\-\.]*"; then USERNAME="default" fi -export PS1="$USERNAME:\w\$ " - -if [ x"$USER_ID" != x"0" ]; then - - NSS_WRAPPER_PASSWD=/tmp/passwd - NSS_WRAPPER_GROUP=/etc/group - - cat /etc/passwd > $NSS_WRAPPER_PASSWD - - echo "${USERNAME}:x:${USER_ID}:${GROUP_ID}:Default Application User:${HOME}:/bin/bash" >> $NSS_WRAPPER_PASSWD - - export NSS_WRAPPER_PASSWD - export NSS_WRAPPER_GROUP - - detect_libnss_wrapper - export LD_PRELOAD="$libnss_wrapper_file" -fi \ No newline at end of file +export PS1="$USERNAME:\w\$ " \ No newline at end of file diff --git a/src/ubuntu/install/libnss/libnss_wrapper.sh b/src/ubuntu/install/libnss/libnss_wrapper.sh deleted file mode 100644 index 7a5179b..0000000 --- a/src/ubuntu/install/libnss/libnss_wrapper.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash -set -e - -echo "Install nss-wrapper to be able to execute image as non-root user" -if [[ "${DISTRO}" == @(centos|oracle7|oracle8) ]] ; then - if [ "${DISTRO}" == "centos" ]; then - yum install -y centos-release-scl-rh && yum install -y nss_wrapper - elif [ "${DISTRO}" == "oracle8" ]; then - dnf install -y nss_wrapper gettext hostname - dnf clean all - else - yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-scl-rh-2-3.el7.centos.noarch.rpm && yum install -y nss_wrapper - fi - if [[ "${DISTRO}" == @(centos|oracle7) ]] ; then - yum install -y gettext - yum clean all - fi -elif [[ "${DISTRO}" == "opensuse" ]] ; then - zypper install -ny nss_wrapper gettext-runtime - zypper clean --all - sed -i 's/mirrorcache-us.opensuse.org/download.opensuse.org/g' /etc/zypp/repos.d/*.repo -else - apt-get update - apt-get install -y libnss-wrapper gettext - apt-get clean -y -fi - -echo "add 'source generate_container_user' to .bashrc" - -# have to be added to hold all env vars correctly -echo 'source $STARTUPDIR/generate_container_user' >> $HOME/.bashrc diff --git a/src/ubuntu/install/squid/install/install_squid.sh b/src/ubuntu/install/squid/install/install_squid.sh index c351a81..cd659a3 100644 --- a/src/ubuntu/install/squid/install/install_squid.sh +++ b/src/ubuntu/install/squid/install/install_squid.sh @@ -29,7 +29,7 @@ if [[ "${DISTRO}" == @(centos|oracle) ]]; then useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy elif [ "${DISTRO}" == "opensuse" ]; then useradd --system --shell /usr/sbin/nologin --home-dir /bin proxy - groupadd proxy + groupadd -g 65511 proxy usermod -a -G proxy proxy fi diff --git a/src/ubuntu/install/tools/install_tools.sh b/src/ubuntu/install/tools/install_tools.sh index 5519948..d996b00 100644 --- a/src/ubuntu/install/tools/install_tools.sh +++ b/src/ubuntu/install/tools/install_tools.sh @@ -5,7 +5,7 @@ echo "Install some common tools for further installation" if [[ "${DISTRO}" == @(centos|oracle7) ]] ; then yum install -y vim wget net-tools bzip2 python3 ca-certificates elif [ "${DISTRO}" == "oracle8" ]; then - dnf install -y wget net-tools bzip2 python3 tar vim + dnf install -y wget net-tools bzip2 python3 tar vim hostname dnf clean all elif [ "${DISTRO}" == "opensuse" ]; then sed -i 's/download.opensuse.org/mirrorcache-us.opensuse.org/g' /etc/zypp/repos.d/*.repo