search

sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
36.21k stars 1.79k forks source link

Running on a linux headless server #19

Closed kneelesh48 closed 4 years ago

kneelesh48 commented 4 years ago

Is it possible to run this on a headless linux server? I'd like to have full 1080p display output when VNCing to the server. I've experienced Linux VNC machines lagging when using the GUI but Windows 10 works perfectly fine even on low bandwidth.

sickcodes commented 4 years ago

https://github.com/sickcodes/Docker-OSX/tree/master/vnc-version

sickcodes commented 4 years ago

Test it out, let me know if it works.

Has to have hardware virtualization turned on, digital ocean does.

Combine the two Dockerfiles together if you want to change the size of the disk because it uses the first container to do the VNC one.

Let me know if works or issues!

romancin commented 4 years ago

In my case it is not working:

ALSA lib pcm.c:2642:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4693:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5181:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2642:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'
gtk initialization failed
(qemu) #
sickcodes commented 4 years ago

tail /sys/module/kvm_intel/parameters/nested

tail /sys/module/kvm_amd/parameters/nested

Only works if nested hard ware virt is yes or 1

romancin commented 4 years ago

Yes, it is enabled in my case, AMD Ryzen 5 1600. It is supposed to work in AMD? Thank you!

sickcodes commented 4 years ago

Are you using the VNC or X11 version?

romancin commented 4 years ago

VNC

andersc commented 4 years ago

Tried running on a Google cloud machine ..

anders.cedronius@example-nested-vm:~/docker/Docker-OSX/vnc-version$ sudo docker events& [1] 30919 anders.cedronius@example-nested-vm:~/docker/Docker-OSX/vnc-version$ sudo docker run -p 8888:5999 -d --privileged docker-osx-vnc:latest 2020-06-07T20:34:05.448740873Z volume create 109397d57e9b1d2e8fcf295c0d73f11b94e0c79afa4b6459abe1ca22f4ee80b8 (driver=local) 2020-06-07T20:34:05.458726111Z container create 5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec (image=docker-osx-vnc:latest, name=sad_bassi) 5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec 2020-06-07T20:34:05.500887198Z network connect 68139c83c2af3605d2ee76d860b920195aaedd7440d3f8c2809fa4d9d1005c17 (container=5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec, name=bridge, type=bridge) 2020-06-07T20:34:05.506521141Z volume mount 109397d57e9b1d2e8fcf295c0d73f11b94e0c79afa4b6459abe1ca22f4ee80b8 (container=5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec, destination=/tmp/.X11-unix, driver=local, propagation=, read/write=true) 2020-06-07T20:34:05.756569562Z container start 5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec (image=docker-osx-vnc:latest, name=sad_bassi) anders.cedronius@example-nested-vm:~/docker/Docker-OSX/vnc-version$ 2020-06-07T20:34:09.054319158Z container die 5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec (exitCode=1, image=docker-osx-vnc:latest, name=sad_bassi) 2020-06-07T20:34:09.181568287Z network disconnect 68139c83c2af3605d2ee76d860b920195aaedd7440d3f8c2809fa4d9d1005c17 (container=5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec, name=bridge, type=bridge) 2020-06-07T20:34:09.195693750Z volume unmount 109397d57e9b1d2e8fcf295c0d73f11b94e0c79afa4b6459abe1ca22f4ee80b8 (container=5ea8cf55cff7f42218feda7c17d48e87830e814864a09ebb4a5a4bca0e7790ec, driver=local)

So for me it never starts running.

Machine info ->

anders.cedronius@example-nested-vm:~/docker/Docker-OSX/vnc-version$ kvm-ok 
INFO: /dev/kvm exists
KVM acceleration can be used
sickcodes commented 4 years ago 
grep 1 /sys/module/kvm_intel/parameters/nested
grep 1 /sys/module/kvm_amd/parameters/nested

If neither of those commands work, you have to turn on nested virt first:

sudo modprobe kvm_intel nested=1 || sudo modprobe kvm_amd nested=1
# works until reboot

See https://docs.fedoraproject.org/en-US/quick-docs/using-nested-virtualization-in-kvm/

Not all providers allow nested virt, but you can easily find VPS with nested virt turned on, Digital Ocean does.

Have to have KVM, which you have, as well as nested virt, which you can turn on using modprobe.

sickcodes commented 4 years ago

VNC

Can you show some more output @romancin?

You got into the QEMU shell so it’s running. Are you sure you’re running the correct docker run?

Which OS?

andersc commented 4 years ago

never mind.. got it working!!

image

I run that on a 4-core skylake in GCP-Amsterdam. (Ubuntu 18.04)

sickcodes commented 4 years ago

@andersc Perfect!

Any tips I can should to the readme?

romancin commented 4 years ago

VNC

Can you show some more output @romancin?

You got into the QEMU shell so it’s running. Are you sure you’re running the correct docker run?

Which OS?

Hi! Finally got it working! Thank you!

It seems that sometimes VNC server is not closed correctly and didn't work when restarting container... Deleted container and in the first run it works fine.

I can see this in the log: Warning: 29524081a705:99 is taken because of /tmp/.X99-lock Remove this file if there is no X server 29524081a705:99 A VNC server is already running as :99 Unable to init server: Could not connect: Connection refused QEMU 5.0.0 monitor - type 'help' for more information

andersc commented 4 years ago

@sickcodes, yes. Will write a script getting the machine up and running. Give me some time. BTW.. Great work!

sickcodes commented 4 years ago

VNC

Can you show some more output @romancin? You got into the QEMU shell so it’s running. Are you sure you’re running the correct docker run? Which OS?

Hi! Finally got it working! Thank you!

It seems that sometimes VNC server is not closed correctly and didn't work when restarting container... Deleted container and in the first run it works fine.

I can see this in the log: Warning: 29524081a705:99 is taken because of /tmp/.X99-lock Remove this file if there is no X server 29524081a705:99 A VNC server is already running as :99 Unable to init server: Could not connect: Connection refused QEMU 5.0.0 monitor - type 'help' for more information

Thanks for sending that through! Perhaps I should add remove the file lock. The container should never two VNC servers running anyway given PID 1 only starts once ever. I will review what I just wrote when I make that change.

andersc commented 4 years ago

OK.. There is unnecessary installs and parts of the script.. Will shave off the stuff I detect when I get the time. Also modify the stuff you see..

The following steps will create a plain vanilla Ubuntu18.04 GCP-VM and installs and run all parts to get a VNC connection to your osx-docker image.

  1. Get the google machine up and running ->
#!/bin/bash

#./create_osx_host.sh google_zone disk_name vm_name image_name
#list all zones by -> gcloud compute zones list
#Example :
#./create_osx.sh europe-west4-b osx-host-disk osx-host-vm osx-host-image

if [ "$#" -ne 4 ]; then
    echo "Illegal number of parameters, expect 4."
    echo "./create_osx_host.sh google_zone disk_name vm_name image_name"
    exit 1
fi

gcloud compute disks create $2 --image-project ubuntu-os-cloud --image-family ubuntu-1804-lts --size=250GB --zone=$1
gcloud compute images create $4 --source-disk $2 --source-disk-zone $1 --licenses "https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"
gcloud compute instances create $3 --zone $1 --min-cpu-platform "Intel Haswell" --image $4 --machine-type=n1-standard-4 --enable-display-device
  1. SSH to the machine and run this script.
#!/bin/bash

sudo apt update -y
sudo apt upgrade -y
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common git qemu qemu-kvm libvirt-clients virt-manager libvirt-daemon-system libvirt-clients
 bridge-utils -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update -y 
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
sudo adduser `id -un` libvirt
sudo adduser `id -un` kvm
sudo usermod -aG kvm $(whoami) && sudo reboot
  1. SSH to the machine again after the reboot and run
#!/bin/bash

git clone https://github.com/sickcodes/Docker-OSX.git
cd Docker-OSX/vnc-version/
sudo docker build -t docker-osx-vnc . --build-arg SIZE=200G
sudo modprobe kvm_intel nested=1 || sudo modprobe kvm_amd nested=1
sudo chmod 666 /dev/kvm
sudo chown root:kvm /dev/kvm
sudo systemctl restart libvirtd.service
  1. you are good to go.. just fire up the container. Like this for example.

sudo docker run -p 8888:5999 -d --privileged docker-osx-vnc:latest

As I said.. just made this up quite fast pulling together the history from my last runs.. So there is room for improvement.

sickcodes commented 4 years ago

@andersc fantastic work and thanks for uploading your input! Can I add some of it to the readme?

andersc commented 4 years ago

@sickcodes sure.. However the scripts are rough and installs more than you need.. I'm not sure the reboot is needed and so on.. I'll put some time cleaning stuff up that I find later today. But YES.. Use whatever you want you feel benefit your project.

Then since I got your attention, what would be your recommended way of starting the vnc version with 8GB (or more) RAM, and is there a way you know getting osx-docker to benefit from a monster VM with for example 32CPU's?, When I run the container on a skylake (VM) it register core 2 duo CPUs inside OSX.

matusnovak commented 4 years ago

I was having this same issue. I am running the VNC version as:

docker run -p 8888:5999 --privileged --cap-add=ALL -v /lib/modules:/lib/modules -v /dev:/dev --name osx -it osx-mojave-vnc:latest

No issue there unless I stop and start the container again:

docker stop osx
docker start osx

Then it fails with gtk initialization failed when qemu tries to start. The problem is that the vncserver command in OpenCore-Boot_custom.sh fails with (but does not terminate the bash script):

Warning: f21471f8a08f:99 is taken because of /tmp/.X99-lock
Remove this file if there is no X server f21471f8a08f:99
A VNC server is already running as :99

I have found a workaround for it. Adding this before vncserver command seems to fix it:

vncserver -kill :99 || true
sickcodes commented 4 years ago

OK.. There is unnecessary installs and parts of the script.. Will shave off the stuff I detect when I get the time. Also modify the stuff you see..

The following steps will create a plain vanilla Ubuntu18.04 GCP-VM and installs and run all parts to get a VNC connection to your osx-docker image.

1. Get the google machine up and running ->
#!/bin/bash

#./create_osx_host.sh google_zone disk_name vm_name image_name
#list all zones by -> gcloud compute zones list
#Example :
#./create_osx.sh europe-west4-b osx-host-disk osx-host-vm osx-host-image

if [ "$#" -ne 4 ]; then
    echo "Illegal number of parameters, expect 4."
    echo "./create_osx_host.sh google_zone disk_name vm_name image_name"
    exit 1
fi

gcloud compute disks create $2 --image-project ubuntu-os-cloud --image-family ubuntu-1804-lts --size=250GB --zone=$1
gcloud compute images create $4 --source-disk $2 --source-disk-zone $1 --licenses "https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx"
gcloud compute instances create $3 --zone $1 --min-cpu-platform "Intel Haswell" --image $4 --machine-type=n1-standard-4 --enable-display-device 
1. SSH to the machine and run this script.
#!/bin/bash

sudo apt update -y
sudo apt upgrade -y
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common git qemu qemu-kvm libvirt-clients virt-manager libvirt-daemon-system libvirt-clients
 bridge-utils -y
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update -y 
sudo apt-get install docker-ce docker-ce-cli containerd.io -y
sudo adduser `id -un` libvirt
sudo adduser `id -un` kvm
sudo usermod -aG kvm $(whoami) && sudo reboot
1. SSH to the machine again after the reboot and run
#!/bin/bash

git clone https://github.com/sickcodes/Docker-OSX.git
cd Docker-OSX/vnc-version/
sudo docker build -t docker-osx-vnc . --build-arg SIZE=200G
sudo modprobe kvm_intel nested=1 || sudo modprobe kvm_amd nested=1
sudo chmod 666 /dev/kvm
sudo chown root:kvm /dev/kvm
sudo systemctl restart libvirtd.service
1. you are good to go.. just fire up the container. Like this for example.

sudo docker run -p 8888:5999 -d --privileged docker-osx-vnc:latest

As I said.. just made this up quite fast pulling together the history from my last runs.. So there is room for improvement.

Hey Anders, yes I am adding RAM and CPU cores, socket arguments in the next version!

Regarding the reboot, I believe you should reboot to ensure qemu/kvm kernel module loads correctly.

sickcodes commented 4 years ago

Finished adding CPU/SMP cores as args, and SSH for headless mode.

True headless mode, you might like to look at xdotool.