Resolve KASM-6039 "Feature/ noble dind"

This commit is contained in:
Ryan Kuba 2024-07-01 22:29:11 +00:00 committed by Justin Travis
parent a84e7dd847
commit d901c460ee
10 changed files with 207 additions and 7 deletions

View File

@ -649,6 +649,35 @@ multiImages:
- src/ubuntu/install/cleanup/**
- src/ubuntu/install/chromium/**
- src/ubuntu/install/chrome/**
- name: ubuntu-noble-dind
singleapp: false
base: core-ubuntu-noble
dockerfile: dockerfile-kasm-ubuntu-noble-dind
changeFiles:
- dockerfile-kasm-ubuntu-noble-dind
- src/ubuntu/install/vs_code/**
- src/ubuntu/install/tools/**
- src/ubuntu/install/sublime_text/**
- src/ubuntu/install/misc/**
- src/ubuntu/install/dind/**
- src/ubuntu/install/cleanup/**
- src/ubuntu/install/chromium/**
- src/ubuntu/install/chrome/**
- name: ubuntu-noble-dind-rootless
singleapp: false
base: core-ubuntu-noble
dockerfile: dockerfile-kasm-ubuntu-noble-dind-rootless
changeFiles:
- dockerfile-kasm-ubuntu-noble-dind-rootless
- src/ubuntu/install/vs_code/**
- src/ubuntu/install/vs_code/**
- src/ubuntu/install/tools/**
- src/ubuntu/install/sublime_text/**
- src/ubuntu/install/misc/**
- src/ubuntu/install/dind_rootless/**
- src/ubuntu/install/cleanup/**
- src/ubuntu/install/chromium/**
- src/ubuntu/install/chrome/**
- name: vivaldi
singleapp: true
base: core-ubuntu-focal

View File

@ -0,0 +1,51 @@
ARG BASE_TAG="develop"
ARG BASE_IMAGE="core-ubuntu-noble"
FROM kasmweb/$BASE_IMAGE:$BASE_TAG
USER root
ENV HOME /home/kasm-default-profile
ENV STARTUPDIR /dockerstartup
WORKDIR $HOME
### Envrionment config
ENV DEBUG=false \
DEBIAN_FRONTEND=noninteractive \
SKIP_CLEAN=true \
KASM_RX_HOME=$STARTUPDIR/kasmrx \
DONT_PROMPT_WSL_INSTALL="No_Prompt_please" \
INST_DIR=$STARTUPDIR/install \
INST_SCRIPTS="/ubuntu/install/dind/install_dind.sh \
/ubuntu/install/tools/install_tools_deluxe.sh \
/ubuntu/install/misc/install_tools.sh \
/ubuntu/install/chrome/install_chrome.sh \
/ubuntu/install/chromium/install_chromium.sh \
/ubuntu/install/sublime_text/install_sublime_text.sh \
/ubuntu/install/vs_code/install_vs_code.sh \
/ubuntu/install/cleanup/cleanup.sh"
# Startup Scripts
COPY ./src/ubuntu/install/dind/custom_startup.sh $STARTUPDIR/custom_startup.sh
RUN chmod 755 $STARTUPDIR/custom_startup.sh
COPY ./src/ubuntu/install/dind/dockerd.conf /etc/supervisor/conf.d/
# Copy install scripts
COPY ./src/ $INST_DIR
# Run installations
RUN \
for SCRIPT in $INST_SCRIPTS; do \
bash ${INST_DIR}${SCRIPT} || exit 1; \
done && \
$STARTUPDIR/set_user_permission.sh $HOME && \
rm -f /etc/X11/xinit/Xclients && \
chown 1000:0 $HOME && \
mkdir -p /home/kasm-user && \
chown -R 1000:0 /home/kasm-user && \
rm -Rf ${INST_DIR}
# Userspace Runtime
ENV HOME /home/kasm-user
WORKDIR $HOME
USER 1000
CMD ["--tail-log"]

View File

@ -0,0 +1,57 @@
ARG BASE_TAG="develop"
ARG BASE_IMAGE="core-ubuntu-noble"
FROM kasmweb/$BASE_IMAGE:$BASE_TAG
USER root
ENV HOME /home/kasm-default-profile
ENV STARTUPDIR /dockerstartup
ENV INST_SCRIPTS $STARTUPDIR/install
WORKDIR $HOME
# Rootless Dind
COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless.sh $INST_SCRIPTS/dind_rootless/
RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh
RUN rm -rf $INST_SCRIPTS/dind_rootless
COPY ./src/ubuntu/install/dind_rootless/custom_startup.sh $STARTUPDIR/custom_startup.sh
RUN chmod +x $STARTUPDIR/custom_startup.sh && chmod 755 $STARTUPDIR/custom_startup.sh
COPY ./src/ubuntu/install/dind_rootless/modprobe /usr/local/bin/modprobe
RUN chmod +x /usr/local/bin/modprobe
ENV XDG_RUNTIME_DIR=/docker \
DOCKER_HOST=unix:///docker/docker.sock
RUN mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR
### Envrionment config
ENV DEBIAN_FRONTEND=noninteractive \
SKIP_CLEAN=true \
KASM_RX_HOME=$STARTUPDIR/kasmrx \
DONT_PROMPT_WSL_INSTALL="No_Prompt_please" \
INST_DIR=$STARTUPDIR/install \
INST_SCRIPTS="/ubuntu/install/tools/install_tools_deluxe.sh \
/ubuntu/install/misc/install_tools.sh \
/ubuntu/install/chrome/install_chrome.sh \
/ubuntu/install/chromium/install_chromium.sh \
/ubuntu/install/sublime_text/install_sublime_text.sh \
/ubuntu/install/vs_code/install_vs_code.sh \
/ubuntu/install/cleanup/cleanup.sh"
# Copy install scripts
COPY ./src/ $INST_DIR
# Run installations
RUN \
for SCRIPT in $INST_SCRIPTS; do \
bash ${INST_DIR}${SCRIPT} || exit 1; \
done && \
$STARTUPDIR/set_user_permission.sh $HOME && \
rm -f /etc/X11/xinit/Xclients && \
chown 1000:0 $HOME && \
mkdir -p /home/kasm-user && \
chown -R 1000:0 /home/kasm-user && \
rm -Rf ${INST_DIR}
# Userspace Runtime
ENV HOME /home/kasm-user
WORKDIR $HOME
USER 1000
CMD ["--tail-log"]

View File

@ -0,0 +1,13 @@
# About This Image
This Image contains a browser-accessible version of [Docker](https://www.docker.com/) running as a normal, non-root user.
![Screenshot][Image_Screenshot]
[Image_Screenshot]: https://5856039.fs1.hubspotusercontent-na1.net/hubfs/5856039/dockerhub/image-screenshots/ubuntu-jammy-dind-rootless.png "Image Screenshot"
See [Kasm Docs](https://kasmweb.com/docs/latest/how_to/docker_in_kasm.html) for additional setup instructions.
# Environment Variables
* `APP_ARGS` - Additional arguments to pass to the application when launched.

View File

@ -0,0 +1,9 @@
# Live Demo
**Launch a real-time demo in a new browser window:** <a href="https://app.kasmweb.com/#/cast/5670885710" target="_blank">Live Demo</a>.
<a href="https://app.kasmweb.com/#/cast/5670885710" target="_blank"><img src="https://5856039.fs1.hubspotusercontent-na1.net/hub/5856039/hubfs/dockerhub/casting-buttons/UbuntuJammyD-in-D.png" width="300" height="104"></a>
&lowast;*Docker will not be functional in the demo for security reasons.*
&lowast;*Note: Demo is limited to 3 minutes and has upload/downloads restricted for security purposes.*

View File

@ -0,0 +1 @@
Rootless Docker for Kasm Workspaces

View File

@ -0,0 +1,13 @@
# About This Image
This Image contains a browser-accessible version of [Docker](https://www.docker.com/).
![Screenshot][Image_Screenshot]
[Image_Screenshot]: https://5856039.fs1.hubspotusercontent-na1.net/hubfs/5856039/dockerhub/image-screenshots/ubuntu-jammy-dind.png "Image Screenshot"
See [Kasm Docs](https://kasmweb.com/docs/latest/how_to/docker_in_kasm.html) for additional setup instructions.
# Environment Variables
* `APP_ARGS` - Additional arguments to pass to the application when launched.

View File

@ -0,0 +1,9 @@
# Live Demo
**Launch a real-time demo in a new browser window:** <a href="https://app.kasmweb.com/#/cast/1093408057" target="_blank">Live Demo</a>.
<a href="https://app.kasmweb.com/#/cast/1093408057" target="_blank"><img src="https://5856039.fs1.hubspotusercontent-na1.net/hub/5856039/hubfs/dockerhub/casting-buttons/UbuntuJammyD-in-D.png" width="300" height="104"></a>
&lowast;*Docker will not be functional in the demo for security reasons.*
&lowast;*Note: Demo is limited to 3 minutes and has upload/downloads restricted for security purposes.*

View File

@ -0,0 +1 @@
Docker for Kasm Workspaces

View File

@ -32,9 +32,18 @@ Pin-Priority: 1001
fi
apt-get install -y firefox p11-kit-modules
elif grep -q "ID=debian" /etc/os-release || grep -q "ID=kali" /etc/os-release || grep -q "ID=parrot" /etc/os-release; then
echo \
"deb http://deb.debian.org/debian/ unstable main contrib non-free" >> \
/etc/apt/sources.list
if grep -q "bullseye" /etc/os-release; then
apt-get update
apt-get install -y firefox-esr p11-kit-modules
rm -f $HOME/Desktop/firefox.desktop
cp \
/usr/share/applications/firefox-esr.desktop \
$HOME/Desktop/
chmod +x $HOME/Desktop/firefox-esr.desktop
else
echo \
"deb http://deb.debian.org/debian/ unstable main contrib non-free" >> \
/etc/apt/sources.list
cat > /etc/apt/preferences.d/99pin-unstable <<EOF
Package: *
Pin: release a=stable
@ -44,8 +53,9 @@ Package: *
Pin: release a=unstable
Pin-Priority: 10
EOF
apt-get update
apt-get install -o Dpkg::Options::="--force-confnew" -y -t unstable firefox p11-kit-modules
apt-get update
apt-get install -o Dpkg::Options::="--force-confnew" -y -t unstable firefox p11-kit-modules
fi
else
apt-mark unhold firefox || :
apt-get remove firefox
@ -103,8 +113,13 @@ fi
if [[ "${DISTRO}" != @(centos|oracle8|rockylinux9|rockylinux8|oracle9|almalinux9|almalinux8|opensuse|fedora37|fedora38|fedora39|fedora40) ]]; then
# Update firefox to utilize the system certificate store instead of the one that ships with firefox
rm -f /usr/lib/firefox/libnssckbi.so
ln /usr/lib/$(arch)-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
if grep -q "bullseye" /etc/os-release; then
rm -f /usr/lib/firefox-esr/libnssckbi.so
ln /usr/lib/$(arch)-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox-esr/libnssckbi.so
else
rm -f /usr/lib/firefox/libnssckbi.so
ln /usr/lib/$(arch)-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
fi
fi
if [[ "${DISTRO}" == @(centos|oracle8|rockylinux9|rockylinux8|oracle9|almalinux9|almalinux8|fedora37|fedora38|fedora39|fedora40) ]]; then
@ -116,6 +131,8 @@ if [[ "${DISTRO}" == @(centos|oracle8|rockylinux9|rockylinux8|oracle9|almalinux9
sed -i -e '/homepage/d' "$preferences_file"
elif [ "${DISTRO}" == "opensuse" ]; then
preferences_file=/usr/lib64/firefox/browser/defaults/preferences/firefox.js
elif grep -q "bullseye" /etc/os-release; then
preferences_file=/usr/lib/firefox-esr/browser/defaults/preferences/firefox.js
else
preferences_file=/usr/lib/firefox/browser/defaults/preferences/firefox.js
fi