diff options
author | pmikus <peter.mikus@protonmail.ch> | 2023-05-05 08:10:29 +0000 |
---|---|---|
committer | pmikus <peter.mikus@protonmail.ch> | 2023-05-05 08:10:29 +0000 |
commit | d4f8ab4aa9b8f918e31d85802dad62a225bbe775 (patch) | |
tree | 078897dc551989a2e50cead23526613ba3877d22 /fdio.infra.ansible/roles/docker_images | |
parent | 089b5394689ac28e2e77e16d51197c19cc3dd486 (diff) |
fix(ansible): Docker image roles
Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: Ic9f9044ffd7ba1a8720fc029aaf2bd154eb043a5
Diffstat (limited to 'fdio.infra.ansible/roles/docker_images')
4 files changed, 31 insertions, 56 deletions
diff --git a/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile index 0a17bf6404..cbbaf35f6f 100644 --- a/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile +++ b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile @@ -67,6 +67,7 @@ RUN apt-get -q update \ vim \ wget \ zlib1g-dev \ + && ln -s -f /usr/lib/x86_64-linux-gnu/libc.a /usr/lib/x86_64-linux-gnu/liblibc.a \ && curl -fsSL https://get.docker.com | sh \ && rm -rf /var/lib/apt/lists/* @@ -146,7 +147,12 @@ RUN pip3 install \ snowballstemmer==2.2.0 \ urllib3==1.26.10 -RUN useradd -rm -d /home/testuser -s /bin/bash -g root -G sudo -u 1000 testuser \ +RUN groupadd -g 1000 testuser \ + && useradd -rm -d /home/testuser -s /bin/bash -g testuser -G sudo -u 1000 testuser \ && echo 'testuser:Csit1234' | chpasswd +RUN echo 'root:Csit1234' | chpasswd \ + && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \ + && echo "export VISIBLE=now" >> /etc/profile + RUN service ssh start
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh deleted file mode 100755 index 0f93def8b5..0000000000 --- a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -case "${1:-start}" in - "start" ) - # Run TG - for cnt in $(seq 1 ${2:-1}); do - docker network create --driver bridge csit-nw-tg${cnt} || true - # If the IMAGE is not already loaded then docker run will pull the - # IMAGE, and all image dependencies, before it starts the container. - dcr_image="base-ubuntu2204:local" - # Run the container in the background and print the new container - # ID. - dcr_stc_params="--detach=true " - # Give extended privileges to this container. A "privileged" - # container is given access to all devices and able to run nested - # containers. - dcr_stc_params+="--privileged " - # Publish all exposed ports to random ports on the host interfaces. - dcr_stc_params+="--publish 600${cnt}:2222 " - # Automatically remove the container when it exits. - dcr_stc_params+="--rm " - # Size of /dev/shm. - dcr_stc_params+="--shm-size 4G " - # Mount vfio to be able to bind to see binded interfaces. We cannot - # use --device=/dev/vfio as this does not see newly binded - # interfaces. - dcr_stc_params+="--volume /dev:/dev " - # Mount /opt/boot/ where VM kernel and initrd are located. - dcr_stc_params+="--volume /opt:/opt " - # Mount host hugepages for VMs. - dcr_stc_params+="--volume /dev/hugepages:/dev/hugepages " - - params=(${dcr_stc_params} --name csit-tg-"${cnt}" "${dcr_image}") - docker run --network=csit-nw-tg${cnt} "${params[@]}" - done - ;; - "stop" ) - docker rm --force $(docker ps --all --quiet --filter name=csit) - docker network rm $(docker network ls --filter name=csit --quiet) - ;; -esac diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 index bcb29f1ae0..be0ffcd9f4 100644 --- a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 +++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 @@ -12,11 +12,14 @@ services: privileged: true restart: "always" shm_size: "4G" - devices: - - "/dev/hugepages:/dev/hugepages" - - "/dev/vfio:/dev/vfio" volumes: - type: "bind" + source: "/dev/hugepages" + target: "/dev/hugepages" + - type: "bind" + source: "/dev/vfio" + target: "/dev/vfio" + - type: "bind" source: "/etc/sudoers" target: "/etc/sudoers" - type: "bind" @@ -43,11 +46,14 @@ services: privileged: true restart: "always" shm_size: "4G" - devices: - - "/dev/hugepages:/dev/hugepages" - - "/dev/vfio:/dev/vfio" volumes: - type: "bind" + source: "/dev/hugepages" + target: "/dev/hugepages" + - type: "bind" + source: "/dev/vfio" + target: "/dev/vfio" + - type: "bind" source: "/etc/sudoers" target: "/etc/sudoers" - type: "bind" diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 index 0cbe6c5590..1fd365eec0 100644 --- a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 +++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 @@ -15,11 +15,14 @@ services: - "6001:6001" restart: "always" shm_size: "4G" - devices: - - "/dev/hugepages:/dev/hugepages" - - "/dev/vfio:/dev/vfio" volumes: - type: "bind" + source: "/dev/hugepages" + target: "/dev/hugepages" + - type: "bind" + source: "/dev/vfio" + target: "/dev/vfio" + - type: "bind" source: "/etc/sudoers" target: "/etc/sudoers" - type: "bind" @@ -43,11 +46,14 @@ services: - "6002:6002" restart: "always" shm_size: "4G" - devices: - - "/dev/hugepages:/dev/hugepages" - - "/dev/vfio:/dev/vfio" volumes: - type: "bind" + source: "/dev/hugepages" + target: "/dev/hugepages" + - type: "bind" + source: "/dev/vfio" + target: "/dev/vfio" + - type: "bind" source: "/etc/sudoers" target: "/etc/sudoers" - type: "bind" |