- fixes the issue where there were two docker binaries installed in two different locations $HOME/bin and /usr/local/bin/ - install docker rootless at /opt/docker/bin and puts in on path - install docker compose at /opt/docker/bin/cli-plugins and put it on the path - install additional libraries notably fuse-overlayfs which is recommended over vbr (tests only). vbr driver has a very poor performance. Likewise slirp4netns is recommended for as network driver over vpnkit (https://docs.docker.com/engine/security/rootless/)

Signed-off-by: Justin Travis <justin@kasmweb.com>
This commit is contained in:
tiaede00 2022-06-11 00:16:03 -04:00 committed by Justin Travis
parent 9651f9095e
commit 43c1dd53d9
4 changed files with 53 additions and 62 deletions

View File

@ -10,19 +10,30 @@ WORKDIR $HOME
######### Customize Container Here ###########
ENV DOCKER_CHANNEL=stable \
DOCKER_VERSION=20.10.9 \
DOCKER_COMPOSE_VERSION=1.29.2 \
DEBUG=false
ENV DOCKER_BIN=/opt/docker/bin \
XDG_RUNTIME_DIR=/docker
COPY ./src/ubuntu/install/dind_rootless $INST_SCRIPTS/dind_rootless/
RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh && rm -rf $INST_SCRIPTS/dind_rootless/
RUN mkdir -p $DOCKER_BIN && chown 1000:0 $DOCKER_BIN && \
mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR
ENV PATH=$DOCKER_BIN:$DOCKER_BIN/cli-plugins:$PATH \
DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock
COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh $INST_SCRIPTS/dind_rootless/
RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless_prerequisites.sh
COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless.sh $INST_SCRIPTS/dind_rootless/
RUN chown 1000:1000 $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh
# It's recommended that docker-rootless be installed by non root user
USER 1000
RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh
USER root
RUN rm -rf $INST_SCRIPTS/dind_rootless
COPY ./src/ubuntu/install/dind_rootless/custom_startup.sh $STARTUPDIR/custom_startup.sh
RUN chmod +x $STARTUPDIR/custom_startup.sh
RUN chmod 755 $STARTUPDIR/custom_startup.sh
RUN chmod +x $STARTUPDIR/custom_startup.sh && chmod 755 $STARTUPDIR/custom_startup.sh
COPY ./src/ubuntu/install/dind/modprobe /usr/local/bin/modprobe
COPY ./src/ubuntu/install/dind_rootless/modprobe /usr/local/bin/modprobe
RUN chmod +x /usr/local/bin/modprobe
### Install Tools
@ -45,19 +56,6 @@ RUN bash $INST_SCRIPTS/vs_code/install_vs_code.sh && rm -rf $INST_SCRIPTS/vs_co
COPY ./src/ubuntu/install/chrome $INST_SCRIPTS/chrome/
RUN bash $INST_SCRIPTS/chrome/install_chrome.sh && rm -rf $INST_SCRIPTS/chrome/
RUN chown 1000:0 $HOME
RUN mkdir -p /docker && chown 1000:0 /docker
USER 1000
### Install docker rootless
RUN curl -fsSL https://get.docker.com/rootless | sh
ENV XDG_RUNTIME_DIR /docker
ENV PATH /home/kasm-user/bin:$PATH
ENV DOCKER_HOST unix:///docker/docker.sock
USER root
######### End Customizations ###########
RUN chown 1000:0 $HOME
@ -66,4 +64,4 @@ ENV HOME /home/kasm-user
WORKDIR $HOME
RUN mkdir -p $HOME && chown -R 1000:0 $HOME
USER 1000
USER 1000

View File

@ -1,6 +1,6 @@
#!/usr/bin/env bash
set -ex
START_COMMAND="/home/kasm-user/bin/dockerd-rootless.sh"
START_COMMAND="$DOCKER_BIN/dockerd-rootless.sh"
PGREP="dockerd"
export MAXIMIZE="false"
MAXIMIZE_SCRIPT=$STARTUPDIR/maximize_window.sh

View File

@ -1,49 +1,21 @@
#!/usr/bin/env bash
set -ex
# This script should be executed as a non-root user.
# User verification: deny running as root
if [ "$(id -u)" = "0" ]; then
>&2 echo "Refusing to install rootless Docker as the root user"; exit 1
fi
apt-get update
apt-get install -y \
ca-certificates \
curl \
dbus-user-session \
kmod \
iptables \
openssh-client \
uidmap \
wget
rm -rf /var/lib/apt/list/*
mkdir -p /var/log/supervisor
chown -R 1000:1000 /var/log/supervisor
arch="$(uname --m)";
case "$arch" in
# amd64
x86_64) dockerArch='x86_64' ;;
# arm32v6
armhf) dockerArch='armel' ;;
# arm32v7
armv7) dockerArch='armhf' ;;
# arm64v8
aarch64) dockerArch='aarch64' ;;
*) echo >&2 "error: unsupported architecture ($arch)"; exit 1 ;;
esac;
curl -o docker.tgz "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${dockerArch}/docker-${DOCKER_VERSION}.tgz"
tar --extract \
--file docker.tgz \
--strip-components 1 \
--directory /usr/local/bin/
rm docker.tgz
echo "Installing Docker"
curl -fsSL https://get.docker.com/rootless | sh
dockerd --version
docker --version
echo "Installing Docker Compose"
mkdir -p /usr/local/lib/docker/cli-plugins
mkdir -p "${DOCKER_BIN}"/cli-plugins
COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" \
| awk '/tag_name/{print $4;exit}' FS='[""]');
COMPOSE_OS=$(uname -s)
curl -L https://github.com/docker/compose/releases/download/${COMPOSE_RELEASE}/docker-compose-${COMPOSE_OS,,}-$(uname -m) -o /usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
curl -L https://github.com/docker/compose/releases/download/"${COMPOSE_RELEASE}"/docker-compose-"${COMPOSE_OS,,}"-"$(uname -m)" -o "${DOCKER_BIN}"/cli-plugins/docker-compose
chmod +x "${DOCKER_BIN}"/cli-plugins/docker-compose

View File

@ -0,0 +1,21 @@
#!/usr/bin/env bash
set -ex
apt-get update && apt-get install -y \
ca-certificates \
curl \
dbus-user-session \
fuse-overlayfs \
kmod \
iptables \
openssh-client \
uidmap \
wget \
slirp4netns \
pigz \
xz-utils \
iproute2 \
xfsprogs \
btrfs-progs \
e2fsprogs && \
rm -rf /var/lib/apt/list/*