search

dune-gdt / containers

Dockerfiles for (daily) work with DUNE
Other
0 stars 0 forks source link

support rootless docker #90

Open renefritze opened 4 years ago

renefritze commented 4 years ago

In GitLab by @tobiasleibner on Oct 12, 2020, 07:47

Created by: ftalbrecht

As indicated in #87 I would like to support rootless docker and will sue it from now on personally. (works great and as expected). I would like to update the docker_run.sh script accordingly and support both rootless and traditional docker. I am just unsure how:

Two scripts is probably way easier (also to understand), but would induce some code duplication...

Opinions, @renefritze @tobiasleibner? Is any one of you using the docker_run.sh scripts?

renefritze commented 4 years ago

In GitLab by @tobiasleibner on Oct 12, 2020, 07:59

Created by: renefritze

No, I don't use any of the scripts. I have a global $HOME/.dockerrun.rc 

SYSTEM=${DOCKER_IMAGE/\//_}
DOCKER_TAG=${DOCKER_TAG:-latest}

export ZIVGITLAB_TOKEN=SECRET
EXPOSED_PORT=$(shuf -i 14000-17000 -n 1) 
DOCKER_OPTS_COMMON="-m 24G \
  --rm --privileged=true -t -i \
  --cap-add=SYS_PTRACE --security-opt seccomp=unconfined \
  -e LOCAL_USER=$USER -e LOCAL_UID=$(id -u) -e LOCAL_GID=$(id -g) \
  -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix \
  -e ZIVGITLAB_TOKEN=${ZIVGITLAB_TOKEN} \
  -v /etc/localtime:/etc/localtime:ro \
  -v ${HOME}/.dbus:/home/${USER}/.dbus \
  -v MORE_STUFF \
  --ipc=host \
  -p ${EXPOSED_PORT}:${EXPOSED_PORT} \
  -e EXPOSED_PORT=${EXPOSED_PORT} \
  -v ${HOME}/.config/allinea:/home/${USER}/.config/allinea"

DOCKER_HOME=~/projekte/uni/dune/docker/home/${DOCKER_SRC_DIR}/${SYSTEM}

DOCKER_OPTS_DOCKER_SRC_DIR="--hostname ${SYSTEM/_/-} \
  -v $DOCKER_HOME:/home/${USER} \
  ${DOCKER_EXTRA} \
  -v ${BASEDIR}/${DOCKER_SRC_DIR}:/home/${USER}/${DOCKER_SRC_DIR}"

function dockerrun () {
    mkdir -p ${DOCKER_HOME} 2> /dev/null
    docker run ${DOCKER_OPTS_COMMON} ${DOCKER_OPTS_DOCKER_SRC_DIR} \
        dunecommunity/${DOCKER_IMAGE}:${DOCKER_TAG} bash
}

and a small run script per project

#!/bin/bash
BASEDIR="$(cd "$(dirname ${BASH_SOURCE[0]})" ; pwd -P )"

DOCKER_IMAGE=debian-unstable-clion
DOCKER_SRC_DIR=main_xt

. ${HOME}/.dockerrun.rc
dockerrun

If I'd switch to rootless docker, I'd just need to set the right user mapping in my global rc, right?

renefritze commented 4 years ago

In GitLab by @tobiasleibner on Oct 12, 2020, 08:10

Created by: tobiasleibner

I am using the scripts but mostly to checkout the CI docker images to reproduce test failures locally. As long as that still works, I am fine with all changes. If it is easier to write and understand, two scripts sounds good.

renefritze commented 4 years ago

In GitLab by @tobiasleibner on Oct 13, 2020, 07:08

Created by: ftalbrecht

If I'd switch to rootless docker, I'd just need to set the right user mapping in my global rc, right?

From a quick glance, yes. -e LOCAL_USER=root -e LOCAL_UID=0 -e LOCAL_GID=0 should do it with the new entrypoint.