From 3060a757bd9733c80c979ce3c3427c53eeaf551a Mon Sep 17 00:00:00 2001 From: David Boreham Date: Mon, 8 Jan 2024 09:35:11 -0700 Subject: [PATCH 1/4] Changes to make double-nested containerization work --- act-runner/Dockerfile.task-executor | 23 ++++++++++++++++++++-- act-runner/entrypoint.sh | 7 +++++++ act-runner/logger.sh | 24 +++++++++++++++++++++++ act-runner/modprobe | 20 +++++++++++++++++++ act-runner/start-docker.sh | 30 +++++++++++++++++++++++++++++ act-runner/supervisor/dockerd.conf | 6 ++++++ 6 files changed, 108 insertions(+), 2 deletions(-) create mode 100644 act-runner/entrypoint.sh create mode 100644 act-runner/logger.sh create mode 100644 act-runner/modprobe create mode 100644 act-runner/start-docker.sh create mode 100644 act-runner/supervisor/dockerd.conf diff --git a/act-runner/Dockerfile.task-executor b/act-runner/Dockerfile.task-executor index e03b0a0..4d86e87 100644 --- a/act-runner/Dockerfile.task-executor +++ b/act-runner/Dockerfile.task-executor @@ -4,7 +4,7 @@ FROM ubuntu:22.04 RUN ln -snf /usr/share/zoneinfo/$CONTAINER_TIMEZONE /etc/localtime && echo $CONTAINER_TIMEZONE > /etc/timezone # Install basic tools -RUN apt update && apt install -y gpg curl apt-transport-https ca-certificates lsb-release build-essential +RUN apt update && apt install -y gpg curl wget apt-transport-https ca-certificates lsb-release build-essential # Add Docker repo RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg @@ -16,7 +16,6 @@ ARG NODE_MAJOR=18 # See: https://stackoverflow.com/a/77021599/1701505 RUN set -uex; \ apt-get update; \ - apt-get install -y ca-certificates curl gnupg; \ mkdir -p /etc/apt/keyrings; \ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \ | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg; \ @@ -31,3 +30,23 @@ RUN apt update && apt install -y docker-ce && rm -rf /var/lib/apt/lists/* RUN apt update && apt install -y sudo # Install software-properties-common so we have the add-apt-repository command, used by some actions to add a package repo RUN apt update && apt install -y software-properties-common + +# Packages and files to support dind functionality see: https://github.com/cruizba/ubuntu-dind +RUN apt update && apt install -y iptables supervisor +COPY modprobe start-docker.sh entrypoint.sh /usr/local/bin/ +COPY supervisor/ /etc/supervisor/conf.d/ +COPY logger.sh /opt/bash-utils/logger.sh + +RUN chmod +x /usr/local/bin/start-docker.sh \ + /usr/local/bin/entrypoint.sh \ + /usr/local/bin/modprobe + +ENV DOCKER_HOST "unix:///var/run/dind.sock" + +# This VOLUME directive is required for k3d to work, probably because it needs the directory to exist +# the volume does not need to be mounted. +VOLUME /var/lib/docker + +ENTRYPOINT ["entrypoint.sh"] +CMD ["bash"] + diff --git a/act-runner/entrypoint.sh b/act-runner/entrypoint.sh new file mode 100644 index 0000000..afc1037 --- /dev/null +++ b/act-runner/entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Start docker +start-docker.sh + +# Execute specified command +"$@" diff --git a/act-runner/logger.sh b/act-runner/logger.sh new file mode 100644 index 0000000..4a103ff --- /dev/null +++ b/act-runner/logger.sh @@ -0,0 +1,24 @@ +#!/bin/sh +# Logger from this post http://www.cubicrace.com/2016/03/log-tracing-mechnism-for-shell-scripts.html + +function INFO(){ + local function_name="${FUNCNAME[1]}" + local msg="$1" + timeAndDate=`date` + echo "[$timeAndDate] [INFO] [${0}] $msg" +} + + +function DEBUG(){ + local function_name="${FUNCNAME[1]}" + local msg="$1" + timeAndDate=`date` + echo "[$timeAndDate] [DEBUG] [${0}] $msg" +} + +function ERROR(){ + local function_name="${FUNCNAME[1]}" + local msg="$1" + timeAndDate=`date` + echo "[$timeAndDate] [ERROR] $msg" +} \ No newline at end of file diff --git a/act-runner/modprobe b/act-runner/modprobe new file mode 100644 index 0000000..45033ff --- /dev/null +++ b/act-runner/modprobe @@ -0,0 +1,20 @@ +#!/bin/sh +set -eu + +# "modprobe" without modprobe +# https://twitter.com/lucabruno/status/902934379835662336 + +# this isn't 100% fool-proof, but it'll have a much higher success rate than simply using the "real" modprobe + +# Docker often uses "modprobe -va foo bar baz" +# so we ignore modules that start with "-" +for module; do + if [ "${module#-}" = "$module" ]; then + ip link show "$module" || true + lsmod | grep "$module" || true + fi +done + +# remove /usr/local/... from PATH so we can exec the real modprobe as a last resort +export PATH='/usr/sbin:/usr/bin:/sbin:/bin' +exec modprobe "$@" \ No newline at end of file diff --git a/act-runner/start-docker.sh b/act-runner/start-docker.sh new file mode 100644 index 0000000..c713751 --- /dev/null +++ b/act-runner/start-docker.sh @@ -0,0 +1,30 @@ +#!/bin/bash +source /opt/bash-utils/logger.sh + +function wait_for_process () { + local max_time_wait=30 + local process_name="$1" + local waited_sec=0 + while ! pgrep "$process_name" >/dev/null && ((waited_sec < max_time_wait)); do + INFO "Process $process_name is not running yet. Retrying in 1 seconds" + INFO "Waited $waited_sec seconds of $max_time_wait seconds" + sleep 1 + ((waited_sec=waited_sec+1)) + if ((waited_sec >= max_time_wait)); then + return 1 + fi + done + return 0 +} + +INFO "Starting supervisor" +/usr/bin/supervisord -n >> /dev/null 2>&1 & + +INFO "Waiting for docker to be running" +wait_for_process dockerd +if [ $? -ne 0 ]; then + ERROR "dockerd is not running after max time" + exit 1 +else + INFO "dockerd is running" +fi \ No newline at end of file diff --git a/act-runner/supervisor/dockerd.conf b/act-runner/supervisor/dockerd.conf new file mode 100644 index 0000000..4481b74 --- /dev/null +++ b/act-runner/supervisor/dockerd.conf @@ -0,0 +1,6 @@ +[program:dockerd] +command=/usr/bin/dockerd -H %(ENV_DOCKER_HOST)s --userland-proxy=false +autostart=true +autorestart=true +stderr_logfile=/var/log/dockerd.err.log +stdout_logfile=/var/log/dockerd.out.log -- 2.45.2 From cefd19456f36e568bf607a1d398a183229886f52 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 9 Jan 2024 14:29:37 -0600 Subject: [PATCH 2/4] Minor tweaks. --- act-runner/Dockerfile.task-executor | 3 ++- act-runner/entrypoint.sh | 0 act-runner/logger.sh | 0 act-runner/modprobe | 0 act-runner/stack/deploy/commands.py | 3 ++- act-runner/start-docker.sh | 0 gitea/docker-compose.yml | 2 +- 7 files changed, 5 insertions(+), 3 deletions(-) mode change 100644 => 100755 act-runner/entrypoint.sh mode change 100644 => 100755 act-runner/logger.sh mode change 100644 => 100755 act-runner/modprobe mode change 100644 => 100755 act-runner/start-docker.sh diff --git a/act-runner/Dockerfile.task-executor b/act-runner/Dockerfile.task-executor index 4d86e87..889adc3 100644 --- a/act-runner/Dockerfile.task-executor +++ b/act-runner/Dockerfile.task-executor @@ -33,6 +33,7 @@ RUN apt update && apt install -y software-properties-common # Packages and files to support dind functionality see: https://github.com/cruizba/ubuntu-dind RUN apt update && apt install -y iptables supervisor + COPY modprobe start-docker.sh entrypoint.sh /usr/local/bin/ COPY supervisor/ /etc/supervisor/conf.d/ COPY logger.sh /opt/bash-utils/logger.sh @@ -47,6 +48,6 @@ ENV DOCKER_HOST "unix:///var/run/dind.sock" # the volume does not need to be mounted. VOLUME /var/lib/docker -ENTRYPOINT ["entrypoint.sh"] +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] CMD ["bash"] diff --git a/act-runner/entrypoint.sh b/act-runner/entrypoint.sh old mode 100644 new mode 100755 diff --git a/act-runner/logger.sh b/act-runner/logger.sh old mode 100644 new mode 100755 diff --git a/act-runner/modprobe b/act-runner/modprobe old mode 100644 new mode 100755 diff --git a/act-runner/stack/deploy/commands.py b/act-runner/stack/deploy/commands.py index d5e861b..21fa62b 100644 --- a/act-runner/stack/deploy/commands.py +++ b/act-runner/stack/deploy/commands.py @@ -21,6 +21,7 @@ def create(context, extra_args): # Our goal here is just to copy the config file for act deployment_config_dir = context.deployment_dir.joinpath("data", "act-runner-config") - compose_file = [f for f in context.command_context.cluster_context.compose_files if "act-runner" in f][0] + command_context = extra_args[2] + compose_file = [f for f in command_context.cluster_context.compose_files if "act-runner" in f][0] source_config_file = Path(compose_file).parent.joinpath("config", "act-runner-config.yml") copy(source_config_file, deployment_config_dir) diff --git a/act-runner/start-docker.sh b/act-runner/start-docker.sh old mode 100644 new mode 100755 diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index d19d1b4..c16fa44 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -1,7 +1,7 @@ services: server: - image: gitea/gitea:1.21 + image: cerc/gitea:local environment: - USER_UID=1000 - USER_GID=1000 -- 2.45.2 From f6fc495e1de33b272a9e3dc9d5495b43e8abefbc Mon Sep 17 00:00:00 2001 From: David Boreham Date: Thu, 11 Jan 2024 07:15:57 -0700 Subject: [PATCH 3/4] Revert gitea fork in this PR --- gitea/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index c16fa44..bb7b192 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -1,7 +1,7 @@ services: server: - image: cerc/gitea:local + image: cerc/gitea:1.21 environment: - USER_UID=1000 - USER_GID=1000 -- 2.45.2 From 4b3ca448737c25678382801412c82c01f6c5fc38 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Thu, 11 Jan 2024 07:16:39 -0700 Subject: [PATCH 4/4] Revert gitea fork in this PR --- gitea/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitea/docker-compose.yml b/gitea/docker-compose.yml index bb7b192..d19d1b4 100644 --- a/gitea/docker-compose.yml +++ b/gitea/docker-compose.yml @@ -1,7 +1,7 @@ services: server: - image: cerc/gitea:1.21 + image: gitea/gitea:1.21 environment: - USER_UID=1000 - USER_GID=1000 -- 2.45.2