KASM-2137 Create Kasm Docker in Docker image

.gitlab-ci.yml

@@ -42,7 +42,7 @@ build:
     - aws-autoscale
   parallel:
     matrix:
-      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly ]
+      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly, ubuntu-bionic-dind, ubuntu-bionic-dind-rootless ]
 
 
 
@@ -73,7 +73,7 @@ build_dev:
     - aws-autoscale
   parallel:
     matrix:
-      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly ]
+      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly, ubuntu-bionic-dind, ubuntu-bionic-dind-rootless ]
 
 
 
@@ -101,7 +101,7 @@ build_schedules:
     - aws-autoscale
   parallel:
     matrix:
-      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly ]
+      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly, ubuntu-bionic-dind, ubuntu-bionic-dind-rootless ]
 
 
 
@@ -121,4 +121,4 @@ update_readmes:
       - $README_PASSWORD
   parallel:
     matrix:
-      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly ]
+      - KASM_IMAGE: [chrome, chromium, firefox, desktop, desktop-deluxe, firefox-mobile, tor-browser, doom, edge, terminal, vmware-horizon, remmina, rdesktop, brave, discord, sublime-text, gimp, vs-code, slack, teams, only-office, zoom, signal, steam, postman, insomnia, zsnes, vlc, ubuntu-bionic-desktop, maltego, centos-7-desktop, telegram, hunchly, ubuntu-bionic-dind, ubuntu-bionic-dind-rootless ]

dockerfile-kasm-ubuntu-bionic-dind

@@ -0,0 +1,61 @@
+ARG BASE_TAG="develop"
+FROM kasmweb/core-ubuntu-bionic:$BASE_TAG
+USER root
+
+ENV HOME /home/kasm-default-profile
+ENV STARTUPDIR /dockerstartup
+ENV INST_SCRIPTS $STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+ENV DOCKER_CHANNEL=stable \
+	DOCKER_VERSION=20.10.9 \
+	DOCKER_COMPOSE_VERSION=1.29.2 \
+	DEBUG=false
+
+COPY ./src/ubuntu/install/dind $INST_SCRIPTS/dind/
+COPY ./src/ubuntu/install/dind/daemon.json /etc/docker/daemon.json
+
+RUN bash $INST_SCRIPTS/dind/install_dind.sh  && rm -rf $INST_SCRIPTS/dind/
+
+COPY ./src/ubuntu/install/dind/custom_startup.sh $STARTUPDIR/custom_startup.sh
+RUN chmod +x $STARTUPDIR/custom_startup.sh
+RUN chmod 755 $STARTUPDIR/custom_startup.sh
+
+COPY ./src/ubuntu/install/dind/modprobe /usr/local/bin/modprobe
+RUN chmod +x /usr/local/bin/modprobe
+COPY ./src/ubuntu/install/dind/dockerd.conf /etc/supervisor/conf.d/
+
+### Install Tools
+COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
+RUN bash $INST_SCRIPTS/tools/install_tools_deluxe.sh  && rm -rf $INST_SCRIPTS/tools/
+
+# Install Utilities
+COPY ./src/ubuntu/install/misc $INST_SCRIPTS/misc/
+RUN bash $INST_SCRIPTS/misc/install_tools.sh && rm -rf $INST_SCRIPTS/misc/
+
+### Install Sublime Text
+COPY ./src/ubuntu/install/sublime_text $INST_SCRIPTS/sublime_text/
+RUN bash $INST_SCRIPTS/sublime_text/install_sublime_text.sh  && rm -rf $INST_SCRIPTS/sublime_text/
+
+### Install Visual Studio Code
+COPY ./src/ubuntu/install/vs_code $INST_SCRIPTS/vs_code/
+RUN bash $INST_SCRIPTS/vs_code/install_vs_code.sh  && rm -rf $INST_SCRIPTS/vs_code/
+
+# Install Google Chrome
+COPY ./src/ubuntu/install/chrome $INST_SCRIPTS/chrome/
+RUN bash $INST_SCRIPTS/chrome/install_chrome.sh  && rm -rf $INST_SCRIPTS/chrome/
+
+### Remove maxmius
+RUN apt-get remove -y maximus
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000

dockerfile-kasm-ubuntu-bionic-dind-rootless

@@ -0,0 +1,71 @@
+ARG BASE_TAG="develop"
+FROM kasmweb/core-ubuntu-bionic:$BASE_TAG
+USER root
+
+ENV HOME /home/kasm-default-profile
+ENV STARTUPDIR /dockerstartup
+ENV INST_SCRIPTS $STARTUPDIR/install
+WORKDIR $HOME
+
+######### Customize Container Here ###########
+
+ENV DOCKER_CHANNEL=stable \
+	DOCKER_VERSION=20.10.9 \
+	DOCKER_COMPOSE_VERSION=1.29.2 \
+	DEBUG=false
+
+COPY ./src/ubuntu/install/dind_rootless $INST_SCRIPTS/dind_rootless/
+RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh  && rm -rf $INST_SCRIPTS/dind_rootless/
+
+COPY ./src/ubuntu/install/dind_rootless/custom_startup.sh $STARTUPDIR/custom_startup.sh
+RUN chmod +x $STARTUPDIR/custom_startup.sh
+RUN chmod 755 $STARTUPDIR/custom_startup.sh
+
+COPY ./src/ubuntu/install/dind/modprobe /usr/local/bin/modprobe
+RUN chmod +x /usr/local/bin/modprobe
+
+### Install Tools
+COPY ./src/ubuntu/install/tools $INST_SCRIPTS/tools/
+RUN bash $INST_SCRIPTS/tools/install_tools_deluxe.sh  && rm -rf $INST_SCRIPTS/tools/
+
+# Install Utilities
+COPY ./src/ubuntu/install/misc $INST_SCRIPTS/misc/
+RUN bash $INST_SCRIPTS/misc/install_tools.sh && rm -rf $INST_SCRIPTS/misc/
+
+### Install Sublime Text
+COPY ./src/ubuntu/install/sublime_text $INST_SCRIPTS/sublime_text/
+RUN bash $INST_SCRIPTS/sublime_text/install_sublime_text.sh  && rm -rf $INST_SCRIPTS/sublime_text/
+
+### Install Visual Studio Code
+COPY ./src/ubuntu/install/vs_code $INST_SCRIPTS/vs_code/
+RUN bash $INST_SCRIPTS/vs_code/install_vs_code.sh  && rm -rf $INST_SCRIPTS/vs_code/
+
+# Install Google Chrome
+COPY ./src/ubuntu/install/chrome $INST_SCRIPTS/chrome/
+RUN bash $INST_SCRIPTS/chrome/install_chrome.sh  && rm -rf $INST_SCRIPTS/chrome/
+
+### Remove maxmius
+RUN apt-get remove -y maximus
+
+RUN chown 1000:0 $HOME
+
+USER 1000
+
+### Install docker rootless
+RUN curl -fsSL https://get.docker.com/rootless | sh
+
+ENV XDG_RUNTIME_DIR /home/kasm-user/.docker/run
+ENV PATH /home/kasm-user/bin:$PATH
+ENV DOCKER_HOST unix:///home/kasm-user/.docker/run/docker.sock
+
+USER root
+
+######### End Customizations ###########
+
+RUN chown 1000:0 $HOME
+
+ENV HOME /home/kasm-user
+WORKDIR $HOME
+RUN mkdir -p $HOME && chown -R 1000:0 $HOME
+
+USER 1000

docs/ubuntu-bionic-dind-rootless/README.md

@@ -0,0 +1,13 @@
+# About This Image
+
+This Image contains a browser-accessible version of [Docker](https://www.docker.com/) running as a normal, non-root user.
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/ubuntu_dind.jpg "Image Screenshot"
+
+See [Kasm Docs](https://kasmweb.com/docs/latest/how_to/docker_in_kasm.html) for additional setup instructions.
+
+# Environment Variables
+
+* `APP_ARGS` - Additional arguments to pass to the application when launched.

docs/ubuntu-bionic-dind-rootless/description.txt

@@ -0,0 +1 @@
+Rootless Docker for Kasm Workspaces

docs/ubuntu-bionic-dind/README.md

@@ -0,0 +1,13 @@
+# About This Image
+
+This Image contains a browser-accessible version of [Docker](https://www.docker.com/).
+
+![Screenshot][Image_Screenshot]
+
+[Image_Screenshot]: https://f.hubspotusercontent30.net/hubfs/5856039/dockerhub/ubuntu_dind.jpg "Image Screenshot"
+
+See [Kasm Docs](https://kasmweb.com/docs/latest/how_to/docker_in_kasm.html) for additional setup instructions.
+
+# Environment Variables
+
+* `APP_ARGS` - Additional arguments to pass to the application when launched.

docs/ubuntu-bionic-dind/description.txt

@@ -0,0 +1 @@
+Docker for Kasm Workspaces

src/ubuntu/install/dind/custom_startup.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+set -ex
+START_COMMAND="/usr/bin/supervisord"
+PGREP="supervisord"
+MAXIMUS="false"
+DEFAULT_ARGS="-n"
+ARGS=${APP_ARGS:-$DEFAULT_ARGS}
+
+options=$(getopt -o gau: -l go,assign,url: -n "$0" -- "$@") || exit
+eval set -- "$options"
+
+while [[ $1 != -- ]]; do
+    case $1 in
+        -g|--go) GO='true'; shift 1;;
+        -a|--assign) ASSIGN='true'; shift 1;;
+        -u|--url) OPT_URL=$2; shift 2;;
+        *) echo "bad option: $1" >&2; exit 1;;
+    esac
+done
+shift
+
+# Process non-option arguments.
+for arg; do
+    echo "arg! $arg"
+done
+
+FORCE=$2
+
+kasm_startup() {
+    if [ -n "$KASM_URL" ] ; then
+        URL=$KASM_URL
+    elif [ -z "$URL" ] ; then
+        URL=$LAUNCH_URL
+    fi
+
+    if  [ -z "$DISABLE_CUSTOM_STARTUP" ] ||  [ -n "$FORCE" ]  ; then
+
+         if [[ $MAXIMUS == 'true' ]] ; then
+            maximus &
+        fi       
+        
+        while true
+        do
+            if ! pgrep -x $PGREP > /dev/null
+            then
+                /usr/bin/filter_ready
+                /usr/bin/desktop_ready
+                set +e
+                sudo /usr/bin/supervisord -n &
+                set -e
+            fi
+            sleep 1
+        done
+    
+    fi
+
+} 
+
+if [ -n "$GO" ] || [ -n "$ASSIGN" ] ; then
+    kasm_exec
+else
+    kasm_startup
+fi

src/ubuntu/install/dind/daemon.json

@@ -0,0 +1,3 @@
+{
+    "storage-driver": "vfs"
+}

src/ubuntu/install/dind/dockerd.conf

@@ -0,0 +1,6 @@
+[program:dockerd]
+command=/usr/local/bin/dockerd
+autostart=true
+autorestart=true
+stderr_logfile=/var/log/dockerd.err.log
+stdout_logfile=/var/log/dockerd.out.log

src/ubuntu/install/dind/install_dind.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+set -ex
+
+apt-get update
+apt-get install -y \
+    ca-certificates \
+    curl \
+    dbus-user-session \
+    kmod \
+    iptables \
+    openssh-client \
+    sudo \
+    supervisor \
+    uidmap \
+    wget
+rm -rf /var/lib/apt/list/*
+
+mkdir -p /var/log/supervisor
+chown -R 1000:1000 /var/log/supervisor
+
+arch="$(uname --m)"; 
+case "$arch" in 
+    # amd64
+    x86_64) dockerArch='x86_64' ;; 
+    # arm32v6
+    armhf) dockerArch='armel' ;;
+    # arm32v7
+    armv7) dockerArch='armhf' ;;
+    # arm64v8
+    aarch64) dockerArch='aarch64' ;;
+    *) echo >&2 "error: unsupported architecture ($arch)"; exit 1 ;;
+esac;
+
+curl -o docker.tgz "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${dockerArch}/docker-${DOCKER_VERSION}.tgz"
+
+tar --extract \
+    --file docker.tgz \
+    --strip-components 1 \
+    --directory /usr/local/bin/
+rm docker.tgz
+
+dockerd --version
+docker --version
+
+echo "Installing Docker Compose"
+mkdir -p /usr/local/lib/docker/cli-plugins
+curl -L https://github.com/docker/compose/releases/download/v2.0.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/lib/docker/cli-plugins/docker-compose
+chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
+
+useradd -m -d /home/kasm-user -s /bin/bash kasm-user 
+echo 'kasm-user:kasm-user' | chpasswd
+echo 'kasm-user ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
+
+groupadd docker
+adduser kasm-user docker

src/ubuntu/install/dind/modprobe

@@ -0,0 +1,20 @@
+#!/bin/sh
+set -eu
+
+# "modprobe" without modprobe
+# https://twitter.com/lucabruno/status/902934379835662336
+
+# this isn't 100% fool-proof, but it'll have a much higher success rate than simply using the "real" modprobe
+
+# Docker often uses "modprobe -va foo bar baz"
+# so we ignore modules that start with "-"
+for module; do
+	if [ "${module#-}" = "$module" ]; then
+		ip link show "$module" || true
+		lsmod | grep "$module" || true
+	fi
+done
+
+# remove /usr/local/... from PATH so we can exec the real modprobe as a last resort
+export PATH='/usr/sbin:/usr/bin:/sbin:/bin'
+exec modprobe "$@"

src/ubuntu/install/dind_rootless/custom_startup.sh

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+set -ex
+START_COMMAND="/home/kasm-user/bin/dockerd-rootless.sh"
+PGREP="dockerd"
+MAXIMUS="false"
+DEFAULT_ARGS=""
+ARGS=${APP_ARGS:-$DEFAULT_ARGS}
+
+options=$(getopt -o gau: -l go,assign,url: -n "$0" -- "$@") || exit
+eval set -- "$options"
+
+while [[ $1 != -- ]]; do
+    case $1 in
+        -g|--go) GO='true'; shift 1;;
+        -a|--assign) ASSIGN='true'; shift 1;;
+        -u|--url) OPT_URL=$2; shift 2;;
+        *) echo "bad option: $1" >&2; exit 1;;
+    esac
+done
+shift
+
+# Process non-option arguments.
+for arg; do
+    echo "arg! $arg"
+done
+
+FORCE=$2
+
+kasm_startup() {
+    if [ -n "$KASM_URL" ] ; then
+        URL=$KASM_URL
+    elif [ -z "$URL" ] ; then
+        URL=$LAUNCH_URL
+    fi
+
+    if  [ -z "$DISABLE_CUSTOM_STARTUP" ] ||  [ -n "$FORCE" ]  ; then
+
+         if [[ $MAXIMUS == 'true' ]] ; then
+            maximus &
+        fi       
+
+        while true
+        do
+            if ! pgrep -x $PGREP > /dev/null
+            then
+                /usr/bin/filter_ready
+                /usr/bin/desktop_ready
+                set +e
+                $START_COMMAND $ARGS 
+                set -e
+            fi
+            sleep 1
+        done
+    
+    fi
+
+} 
+
+if [ -n "$GO" ] || [ -n "$ASSIGN" ] ; then
+    kasm_exec
+else
+    kasm_startup
+fi

src/ubuntu/install/dind_rootless/install_dind_rootless.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+set -ex
+
+apt-get update
+apt-get install -y \
+    ca-certificates \
+    curl \
+    dbus-user-session \
+    kmod \
+    iptables \
+    openssh-client \
+    uidmap \
+    wget
+rm -rf /var/lib/apt/list/*
+
+mkdir -p /var/log/supervisor
+chown -R 1000:1000 /var/log/supervisor
+
+arch="$(uname --m)"; 
+case "$arch" in 
+    # amd64
+    x86_64) dockerArch='x86_64' ;; 
+    # arm32v6
+    armhf) dockerArch='armel' ;;
+    # arm32v7
+    armv7) dockerArch='armhf' ;;
+    # arm64v8
+    aarch64) dockerArch='aarch64' ;;
+    *) echo >&2 "error: unsupported architecture ($arch)"; exit 1 ;;
+esac;
+
+curl -o docker.tgz "https://download.docker.com/linux/static/${DOCKER_CHANNEL}/${dockerArch}/docker-${DOCKER_VERSION}.tgz"
+
+tar --extract \
+    --file docker.tgz \
+    --strip-components 1 \
+    --directory /usr/local/bin/
+rm docker.tgz
+
+dockerd --version
+docker --version
+
+echo "Installing Docker Compose"
+mkdir -p /usr/local/lib/docker/cli-plugins
+curl -L https://github.com/docker/compose/releases/download/v2.0.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/lib/docker/cli-plugins/docker-compose
+chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
+
+useradd -m -d /home/kasm-user -s /bin/bash kasm-user 

src/ubuntu/install/dind_rootless/modprobe

@@ -0,0 +1,20 @@
+#!/bin/sh
+set -eu
+
+# "modprobe" without modprobe
+# https://twitter.com/lucabruno/status/902934379835662336
+
+# this isn't 100% fool-proof, but it'll have a much higher success rate than simply using the "real" modprobe
+
+# Docker often uses "modprobe -va foo bar baz"
+# so we ignore modules that start with "-"
+for module; do
+	if [ "${module#-}" = "$module" ]; then
+		ip link show "$module" || true
+		lsmod | grep "$module" || true
+	fi
+done
+
+# remove /usr/local/... from PATH so we can exec the real modprobe as a last resort
+export PATH='/usr/sbin:/usr/bin:/sbin:/bin'
+exec modprobe "$@"