diff options
author | Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org> | 2018-04-27 10:14:51 +0000 |
---|---|---|
committer | Linaro Code Review <review@review.linaro.org> | 2018-04-27 10:14:51 +0000 |
commit | a9502397dec9fdf8c3e0b416e61f846fdd49ed9f (patch) | |
tree | 1fc576aa1e4999f979bcca5d0da8dfdaf043eed2 | |
parent | 5e8ab00127d8cc5df5125109e02e20c25f1418cd (diff) | |
parent | 69047c494893300b303bb17fe1047a31d45f50b0 (diff) |
Merge changes Ia9d66420,I65a9f6d5
* changes:
tcwg-dev: Simplify script names
tcwg-dev: Make start.sh friendly to run on unconfigured machine
-rwxr-xr-x | tcwg-base/tcwg-dev/build.sh | 6 | ||||
-rwxr-xr-x | tcwg-base/tcwg-dev/run.sh (renamed from tcwg-base/tcwg-dev/run.sh.tmpl) | 2 | ||||
-rwxr-xr-x | tcwg-base/tcwg-dev/start.sh | 119 | ||||
-rwxr-xr-x | tcwg-base/tcwg-dev/start.sh.tmpl | 42 |
4 files changed, 121 insertions, 48 deletions
diff --git a/tcwg-base/tcwg-dev/build.sh b/tcwg-base/tcwg-dev/build.sh index 8729547c..9d0e9f87 100755 --- a/tcwg-base/tcwg-dev/build.sh +++ b/tcwg-base/tcwg-dev/build.sh @@ -16,11 +16,7 @@ name=$(basename ${PWD} | cut -f3- -d '-') image=linaro/ci-${arch}-${name}-ubuntu:${distro} top=$(git rev-parse --show-toplevel) -cat $top/tcwg-base/tcwg-dev/start.sh.tmpl \ - | sed -e "s#@IMAGE@#$image#g" \ - -e "s#@DISTRO@#$distro#g" > start.sh -chmod +x start.sh -cp $top/tcwg-base/tcwg-dev/run.sh.tmpl run.sh +cp $top/tcwg-base/$name/start.sh $top/tcwg-base/$name/run.sh ./ (cd ..; ./build.sh) "$top"/tcwg-base/validate-dockerfile.sh Dockerfile diff --git a/tcwg-base/tcwg-dev/run.sh.tmpl b/tcwg-base/tcwg-dev/run.sh index 53bc630f..8029a32f 100755 --- a/tcwg-base/tcwg-dev/run.sh.tmpl +++ b/tcwg-base/tcwg-dev/run.sh @@ -2,7 +2,7 @@ set -e -if [ x"$@" = x"start.sh" ]; then +if [ x"$1" = x"start.sh" ]; then cat /start.sh exit 0 fi diff --git a/tcwg-base/tcwg-dev/start.sh b/tcwg-base/tcwg-dev/start.sh new file mode 100755 index 00000000..e36c8516 --- /dev/null +++ b/tcwg-base/tcwg-dev/start.sh @@ -0,0 +1,119 @@ +#!/bin/bash + +set -e + +usage () +{ + cat <<EOF +$0 [OPTIONS] -- IMAGE + +Options: + --getent DATA + User data from "getent passwd" + + --group NAME + Primary group name + + --name CONTAINER_NAME + Name of the container + + --pubkey KEY + SSH public key to install inside container + + --user USER + Username to create inside the container + + --verbose true/false + Whether to run in verbose mode +EOF + exit 1 +} + +getent="default" +group="default" +name="default" +pubkey="ldap" +user="$USER" +verbose=false + +while [ $# -gt 0 ]; do + case $1 in + --getent) getent="$2"; shift ;; + --group) group="$2"; shift ;; + --name) name="$2"; shift ;; + --pubkey) pubkey="$2"; shift ;; + --user) user="$2"; shift ;; + --verbose) verbose="$2"; shift ;; + --) shift; break ;; + *) echo "ERROR: Wrong option: $1"; usage ;; + esac + shift +done + +image="$1" + +if $verbose; then + set -x +fi + +if groups tcwg-buildslave 2>/dev/null | grep -q docker; then + # If tcwg-buildslave user is present, use it to start the container + # to have [sudo] log record of container startups. + DOCKER="sudo -u tcwg-buildslave docker" +elif [ x"$(id -u)" = x"0" ] || groups 2>/dev/null | grep -q docker; then + # Run docker straight up if $USER is root or in "docker" group. + DOCKER="docker" +else + # Fallback to sudo otherwise. + DOCKER="sudo docker" +fi + +if [ x"$name" = x"default" ]; then + name="$user-$(echo "$image" | tr "/:" "_")" +fi + +mounts="" +if [ -d "/home/$user" ]; then + # Bind-mount $HOME + mounts="$mounts -v /home/$user:/home/$user" +else + # Create/re-use docker volume and mount it as user's home + mounts="$mounts -v home-$user:/home" +fi + +if [ -d "/home/tcwg-buildslave" ]; then + # Bind-mount /home/tcwg-buildslave read-only to get access to + # /home/tcwg-buildslave/snapshots-ref/ + mounts="$mounts -v /home/tcwg-buildslave:/home/tcwg-buildslave:ro" +fi + +# Use at most half of all available RAM. +memlimit=$(($(free -g | awk '/^Mem/ { print $2 }') / 2))G +# IPC_LOCK is required for some implementations of ssh-agent (e.g., MATE's). +# SYS_PTRACE is required for debugger work. +caps="--cap-add=IPC_LOCK --cap-add=SYS_PTRACE" + +if [ x"$getent" = x"default" ]; then + getent=$(getent passwd $user) +fi + +if [ x"$group" = x"default" ]; then + group=$(id -gn $user) +fi + +if [ x"$pubkey" = x"ldap" ]; then + # Fetch ssh public key from LDAP. + pubkey=$(/etc/ssh/ssh_keys.py $user 2>/dev/null || sss_ssh_authorizedkeys $user 2>/dev/null) +fi + +$DOCKER run --name=$name -dt -p 22 $mounts --memory=$memlimit --pids-limit=5000 $caps $image "$getent" "$group" "$pubkey" + +port=$($DOCKER port $name 22 | cut -d: -f 2) + +set +x +echo "NOTE: the warning about kernel not supporting swap memory limit is expected" +echo "To connect to container run \"ssh -p $port localhost\"" +echo "To stop container run \"docker stop $name\"" +echo "To restart container run \"docker start $name\"" +echo "To remove container run \"docker rm -fv $name\"" +echo "See https://collaborate.linaro.org/display/TCWG/How+to+setup+personal+dev+environment+using+docker for additional info" diff --git a/tcwg-base/tcwg-dev/start.sh.tmpl b/tcwg-base/tcwg-dev/start.sh.tmpl deleted file mode 100755 index 9a3b3956..00000000 --- a/tcwg-base/tcwg-dev/start.sh.tmpl +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -set -e -set -x - -if groups tcwg-buildslave 2>/dev/null | grep -q docker; then - # If tcwg-buildslave user is present, use it to start the container - # to have [sudo] log record of container startups. - DOCKER="sudo -u tcwg-buildslave docker" -elif groups 2>/dev/null | grep -q docker; then - # Run docker straight up if $USER is in "docker" group. - DOCKER="docker" -else - # Fallback to sudo otherwise. - DOCKER="sudo docker" -fi - -image=@IMAGE@ -name=$USER-@DISTRO@ -# Bind-mount $HOME and /home/tcwg-buildslave (to get access to -# /home/tcwg-buildslave/snapshots-ref/) -mounts="-v $HOME:$HOME -v /home/tcwg-buildslave:/home/tcwg-buildslave:ro" -# Use at most half of all available RAM. -memlimit=$(($(free -g | awk '/^Mem/ { print $2 }') / 2))G -# IPC_LOCK is required for some implementations of ssh-agent (e.g., MATE's). -# SYS_PTRACE is required for debugger work. -caps="--cap-add=IPC_LOCK --cap-add=SYS_PTRACE" -# Fetch ssh public key from LDAP. -pubkey="$(/etc/ssh/ssh_keys.py $USER 2>/dev/null || sss_ssh_authorizedkeys $USER 2>/dev/null)" - -$DOCKER pull $image -$DOCKER run --name=$name -dt -p 22 $mounts --memory=$memlimit --pids-limit=5000 $caps $image "$(getent passwd $USER)" "$(id -gn)" "$pubkey" - -port=$($DOCKER port $name 22 | cut -d: -f 2) - -set +x -echo "NOTE: the warning about kernel not supporting swap memory limit is expected" -echo "To connect to container run \"ssh -p $port localhost\"" -echo "To stop container run \"docker stop $name\"" -echo "To restart container run \"docker start $name\"" -echo "To remove container run \"docker rm -fv $name\"" -echo "See https://collaborate.linaro.org/display/TCWG/How+to+setup+personal+dev+environment+using+docker for additional info" |