trying to add rootless docker

This commit is contained in:
David Holdeman 2023-01-25 21:45:11 -06:00
parent a4004b33b3
commit c3b214f0d6
3 changed files with 44 additions and 2 deletions

View File

@ -26,7 +26,7 @@ COPY --from=builder /tmp/rusefi-provide_gcc /tmp/rusefi-provide_gcc
ENV JAVA_HOME /usr/lib/jvm/temurin-11-jdk-amd64/
RUN useradd -m -g sudo docker &&\
RUN useradd -m -g sudo -u 1001 docker &&\
apt-get update -y &&\
apt-get install -y wget gpg &&\
wget -O key.gpg https://packages.adoptium.net/artifactory/api/gpg/key/public &&\
@ -69,6 +69,8 @@ RUN useradd -m -g sudo docker &&\
scour \
librsvg2-bin \
temurin-11-jdk \
uidmap \
supervisor \
&& apt-get autoremove -y && apt-get clean -y &&\
echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers &&\
echo 'APT::Get::Assume-Yes "true";' >/etc/apt/apt.conf.d/90forceyes &&\
@ -76,10 +78,28 @@ RUN useradd -m -g sudo docker &&\
chown -R docker /tmp/rusefi-provide_gcc &&\
update-alternatives --set java /usr/lib/jvm/temurin-11-jdk-amd64/bin/java
# Install Docker CLI
RUN curl -fsSL https://get.docker.com -o- | sh && \
rm -rf /var/lib/apt/lists/* && \
apt-get clean
# Install Docker-Compose
RUN curl -L -o /usr/local/bin/docker-compose \
"https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_VERSION}/docker-compose-$(uname -s)-$(uname -m)" && \
chmod +x /usr/local/bin/docker-compose
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN chmod 644 /etc/supervisor/conf.d/supervisord.conf &&\
chmod u-s /usr/bin/newuidmap &&\
chmod u-s /usr/bin/newgidmap
WORKDIR /opt
USER docker
RUN dockerd-rootless-setuptool.sh install
VOLUME /opt/actions-runner
ENTRYPOINT ["./start.sh"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

View File

@ -1,5 +1,14 @@
#!/bin/bash
if [[ "$@" == "bash" ]]; then
exec $@
fi
export XDG_RUNTIME_DIR=$HOME/.docker/xrd
rm -rf $XDG_RUNTIME_DIR
mkdir -p $XDG_RUNTIME_DIR
PATH=/usr/bin:/sbin:/usr/sbin:$PATH dockerd-rootless.sh
cd /opt/actions-runner
if [[ -z $RUNNER_NAME ]]; then
@ -70,4 +79,4 @@ else
--unattended
fi
./run.sh & wait $!
exec "$@"

13
supervisord.conf Normal file
View File

@ -0,0 +1,13 @@
[supervisord]
user=docker
nodaemon=true
logfile=/dev/fd/1
logfile_maxbytes=0
loglevel=error
[program:runner]
directory=/opt/actions-runner
command=/opt/actions-runner/bin/runsvc.sh
stdout_logfile=/dev/fd/1
stdout_logfile_maxbytes=0
redirect_stderr=true