-
Notifications
You must be signed in to change notification settings - Fork 2
/
c7
executable file
·245 lines (215 loc) · 7.3 KB
/
c7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
#!/bin/bash
# A script for launching 'RHEL 7 in a Box' on a DLS workstation
# NOTE that changes to this file should also be propgated to .devcontainer.json
image=ghcr.io/dls-controls/dev-c7
version=latest
hostname=$(hostname)
changed=false
pull=false
rhel=8
delete=false
gui=false
mount_only=false
install_devcontainer_json=false
network="--net=host"
userns="--userns=keep-id"
logging=""
# -l loads profile and bashrc
command="/bin/bash -l"
commandargs=
while getopts "mglrdphs:i:v:cnI" arg; do
case $arg in
l) logging="set -x" # enable logging
;;
r)
changed=true
userns=""
;;
g)
changed=true
gui=true
;;
p)
pull=true
changed=true
;;
s)
hostname=$OPTARG
changed=true
;;
i)
image=$OPTARG
changed=true
;;
n)
network="--network=podman"
changed=true
;;
v)
version=$OPTARG
changed=true
;;
c)
commandargs=YES
command="/bin/bash -lc "
break
;;
d) delete=true
;;
I) install_devcontainer_json=true
;;
*)
echo "
usage: c7 [options]
Launches a developer container that simulates a DLS RHEL7 workstation.
Options:
-h show this help
-l Enable logging
-p pull an updated version of the image first
-i image specify the container image (default: "${image}")
-v version specify the image version (default: "${version}")
-s host set a hostname for your container (default: ${hostname})
-d delete previous container and start afresh
-n run in podman virtual network instead of the host network
-c command run a command in the container (must be last option)
-I Install .devcontainer/devcontainer.json in the current directory for vscode
-g enable X11 GUI for containers launched via ssh (only required with -r)
-r run as root
"
exit 0
;;
esac
done
shift $((OPTIND-1))
if [[ ${install_devcontainer_json} == true ]] ; then
mkdir -p .devcontainer
cd .devcontainer
wget -nv https://raw.githubusercontent.com/dls-controls/dev-c7/main/.devcontainer/devcontainer.json
echo
echo "Installed devcontainer.json. Try 'Reopen in Container' or 'Reload Window'."
exit 0
fi
if ! grep overlay ~/.config/containers/storage.conf &> /dev/null; then
echo "ERROR: dev-c7 requires overlay filesystem."
echo "Please see https://dls-controls.github.io/dev-c7/main/how-to/podman.html"
exit 1
fi
if [[ -e /etc/centos-release ]] ; then
echo "ERROR: already in the a devcontainer"
exit 1
fi
if ${delete} ; then
podman rm -ft0 dev-c7
changed=false
fi
if [[ $(podman version -f {{.Version}}) == 1.* ]] ; then
echo "WARNING: this is a RHEL7 machine - EXPERIMENTAL SUPPORT ONLY"
echo "
WARNING: You will run as root in the container and will not be able to
use group permissions
"
rhel=7
fi
environ="
-e CONTAINER_NAME=dev-c7
-e DEV_PROMPT=C7
-e DISPLAY
-e HOME
-e USER
-e SSH_AUTH_SOCK
-e TERM=xterm-256color
"
volumes="
-v /scratch:/scratch
-v /dls:/dls:shared
-v /dls_sw:/dls_sw:shared
-v /home:/home:shared
-v /run/user/$(id -u):/run/user/$(id -u)
"
devices="-v /dev/ttyS0:/dev/ttyS0"
opts="${network} --hostname ${hostname} --security-opt=label=disable"
# Get around the issue of /tmp being mounted noexec by creating our own tmpfs
opts="${opts} --mount type=tmpfs,destination=/tmp"
# the identity settings enable secondary groups in the container
if [[ ${rhel} == 8 ]] ; then
identity="${userns}
--annotation run.oci.keep_original_groups=1"
fi
# this runtime is also required for secondary groups
if which crun &> /dev/null ; then
runtime="--runtime /usr/bin/crun"
identity="${identity} --storage-opt ignore_chown_errors=true"
fi
container_name=dev-c7
# setup X11 to work even if you launched dev-c7 from an ssh shell
# NOTE: this does not appear to be needed - I believe because the
# container uses keep-id the X11 auth passes through SSH OK.
if [[ ${gui} == "true" ]] ; then
XSOCK=/tmp/.X11-unix # X11 socket (but we mount the whole of tmp)
XAUTH=/tmp/.container.xauth.$USER
touch $XAUTH
xauth nlist $DISPLAY | sed -e 's/^..../ffff/' | xauth -f $XAUTH nmerge -
chmod 777 $XAUTH
x11="
-v $XAUTH:$XAUTH
-e XAUTHORITY=$XAUTH
"
opts="${opts} ${x11}"
echo "X11 over ssh compatibility mode"
fi
################################################################################
# Start the container in the background and then launch an interactive bash
# session in the container. This means that all invocations of this script
# share the same container. Also changes to the container filesystem are
# preserved unless an explict 'podman rm dev-c7' is invoked.
################################################################################
running=false
if [[ -n $(podman ps -q -f name=${container_name}) ]]; then
# container already running so no prep required
if ${changed} ; then
echo "ERROR: cannot change properties on a running container."
echo "Use -d option to delete the current container."
exit 1
fi
running=true
version_tag=$(podman inspect --format='{{index .Config.Labels "org.opencontainers.image.version"}}' dev-c7)
echo "Attaching to existing dev-c7 container version ${version_tag:- Unknown} ..."
elif [[ -n $(podman ps -qa -f name=${container_name}) ]]; then
# start the stopped container
echo "Restarting stopped dev-c7 container ..."
podman start ${container_name}
elif [[ ${running} == "false" ]]; then
# check for updates if requested/required
if ! podman image exists ${image}:${version} ; then
pull=true
fi
if ${pull} ; then
podman pull ${image}:${version}; echo
fi
# Create a new background container making process 1 wait indefinitely.
# Prior to sleep we update the default shell to be bash,
# this is because podman adds a user in etc/passwd but fails to honor
# /etc/adduser.conf
version_tag=$(podman inspect --format='{{index .Labels "org.opencontainers.image.version"}}' ghcr.io/dls-controls/dev-c7:${version})
echo "Creating new dev-c7 container version ${version_tag:- Unknown} ..."
${logging}
# At runtime we launch bash in the container and perform the following:
# Restore bash as the default shell in etc/passwd
# Reinstall git-core to overcome issue of https plugin missing
# Remove the git safe directory check to match the behaviour of RHEL7 git
podman run -dit --name ${container_name} ${runtime} ${environ}\
${identity} ${volumes} ${devices} ${opts} ${image}:${version} \
bash -c "sudo sed -i s#/bin/sh#/bin/bash# /etc/passwd ;
sudo yum -y reinstall git-core ;
git config --global --add safe.directory '*' ;
bash"
fi
# Execute a shell in the container - this allows multiple shells and avoids
# using process 1 so users can exit the shell without killing the container
if [[ -n ${commandargs} ]] ; then
${logging}
podman exec -itw $(pwd) ${container_name} ${command} "$*"
else
${logging}
podman exec -itw $(pwd) ${container_name} ${command}
fi