search

cardboardcode / virtual_camera

A ROS2 package that simulates a camera, providing ROS messages from playing a static video.
Apache License 2.0
1 stars 0 forks source link

Dockerized instances unable to communicate outside of container #9

Closed cardboardcode closed 8 months ago

cardboardcode commented 8 months ago

Description :speech_balloon:

While dockerizing virtual_camera allows the code to be future-proofed, running it the ROS 2 node in a docker currently disallows it from communicating it with ROS systems outside of its container.

This defeats the purpose of dockerizing since virtual_camera would not be able to communicate with any ROS 2 systems when dockerized. Need to address to justify its use in future systems.

Steps To Reproduce :hammer:

  1. Download the repository.

    cd $HOME
git clone https://github.com/cardboardcode/virtual_camera.git --depth 1

  2. Build the docker image and container

    
# Build docker image
docker build --tag vcam_image .

Build docker container

docker run -ti \ --name vcam_test_container \ -v $(pwd):/home/user/virtual_camera \ -e DISPLAY=$DISPLAY \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -u 0 \ vcam_image:latest /bin/bash

You should now be in the bash shell within the docker container.

3. **Build** the package within docker container:
```bash
cd virtual_camera
bash scripts/build.bash

  1. Run virtual_camera ROS 2 node within docker container:

    cd virtual_camera
bash scripts/run.bash

  2. In host, run showimage ROS 2 node of image_tools package:

    source /opt/ros/humble/setup.bash
ros2 run image_tools showimage --ros-args --remap /image:=/virtual_camera/image_raw

    Author's Notes: image_tools is a package that exists in ros2/demos

Expected Behaviour :green_circle:

An image should be displayed in the OpenCV window created by showimage ROS 2 node in host.

Actual Behaviour :red_circle:

No image was displayed by showimage ROS 2 node in host. When running ros2 topic list in host, unable to properly detect /virtual_camera/image_raw topic in host from container.

Remarks

This is in relation to a past issue the author have investigated before. Should be a quick fix.

cardboardcode commented 8 months ago

Update

Running docker container with the following flags helps a little but issue remains unresolved.

docker run -ti
--ipc host \
--net host \
--name vcam_test_container \
-v $(pwd):/home/user/virtual_camera \
-e DISPLAY=$DISPLAY \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-u 0  \
 vcam_image:latest /bin/bash

This allows /virtual_camera/image_raw topic to be detected in host after running ros2 topic list. However, no messages can be successfully received outside of container in host. This is verified by no results outputted by ros2 topic echo /virtual_camera/image_raw in terminal.

Further debugging required.

cardboardcode commented 8 months ago

To address this issue incrementally, I can verify that fundamentally ROS 2 nodes in a docker container can communicate with ROS 2 nodes outside of it.

Here's a minimal example that has been ported to and verified using ROS 2 Humble

This example has a built-in ROS 2 talker node publishing std_msgs/msg/String messages in a docker container and listener node subscribing to the same chatter topic in host.

Steps To Reproduce

# Open new terminal 
sudo docker run -ti \
--rm \
--ipc host \
--net host \
-v /dev/shm:/dev/shm \
--user root \
osrf/ros:humble-desktop \
ros2 run demo_nodes_cpp talker
# Open new terminal
# Log in as root
sudo -i
cd /opt/ros/humble/
. setup.bash
ros2 run demo_nodes_cpp listener
cardboardcode commented 8 months ago

Elaborating on the minimal example showed above, images can now be received in host.

Dirty Workaround :adhesive_bandage:

  1. Build and run docker container containing virtual_camera ROS 2 node:

    docker run -ti \
--ipc host \
--net host \
--name vcam_test_container \
-v $(pwd):/home/user/virtual_camera \
-e DISPLAY=$DISPLAY \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-u 0  \
vcam_image:latest /bin/bash

  2. Build virtual_camera ROS 2 package and run virtual_camera ROS 2 node in docker container:

    # Within docker container
cd virtual_camera
bash scripts/build.bash
bash scripts/run.bash

  3. In host, instantiate showimage ROS 2 node in root to ensure same UID namespace:

    sudo -i
source /opt/ros/humble/setup.bash
ros2 run image_tools showimage --ros-args --remap /image:=/virtual_camera/image_raw

    The OpenCV window created by host's showimage node should now display the image coming from virtual_camera node in container.

Remarks :speech_balloon:

Now we just need to figure out how to do it nicely without using root since it obviously introduces a glaring security vulnerability.

cardboardcode commented 8 months ago

References

Here are some articles that may be useful in try to do it nicely:

cardboardcode commented 8 months ago 
ros2 run image_tools showimage --ros-args --remap /image:=/virtual_camera/image_raw

Just a quick update to this Dirty Workaround:

As long as I am not root as I run the ROS 2 node in the docker container, the issue is resolved. Verified. :sparkles:

Just need to either automatically log into docker container as user or append docker instruction with su user