Fix users permissions
This commit is contained in:
parent
5eb7a2fc0f
commit
228297a813
@ -1,16 +1,19 @@
|
|||||||
ARG VERSION
|
ARG VERSION
|
||||||
FROM uazo/build-deps:$VERSION
|
FROM ubuntu:latest
|
||||||
|
|
||||||
ENV DEBIAN_FRONTEND=noninteractive
|
ENV DEBIAN_FRONTEND=noninteractive
|
||||||
|
|
||||||
USER lg
|
|
||||||
COPY buildbox-casd .
|
COPY buildbox-casd .
|
||||||
|
COPY set-perms.sh .
|
||||||
|
|
||||||
RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\
|
RUN apt-get update &&\
|
||||||
sudo chmod +x buildbox-casd
|
apt-get -f -y install sudo libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\
|
||||||
|
sudo chmod +x buildbox-casd &&\
|
||||||
|
sudo chmod +x set-perms.sh
|
||||||
|
|
||||||
CMD sudo rm -rf /wrk-cache/* &&\
|
CMD sudo rm -rf /wrk-cache/* &&\
|
||||||
bash -c "socat UNIX-LISTEN:/wrk-cache/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &" &&\
|
bash -c "socat UNIX-LISTEN:/wrk-cache/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &" &&\
|
||||||
|
bash -c "$PWD/set-perms.sh &" &&\
|
||||||
./buildbox-casd \
|
./buildbox-casd \
|
||||||
--instance=default_instance \
|
--instance=default_instance \
|
||||||
--cas-instance=default_instance \
|
--cas-instance=default_instance \
|
||||||
@ -18,5 +21,3 @@ CMD sudo rm -rf /wrk-cache/* &&\
|
|||||||
--ra-remote=http://$REMOTEEXEC_ADDR \
|
--ra-remote=http://$REMOTEEXEC_ADDR \
|
||||||
--verbose \
|
--verbose \
|
||||||
/wrk-cache
|
/wrk-cache
|
||||||
|
|
||||||
|
|
||||||
|
23
images/buildboxcasd/set-perms.sh
Normal file
23
images/buildboxcasd/set-perms.sh
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
|
||||||
|
wait_file() {
|
||||||
|
local file="$1"; shift
|
||||||
|
local wait_seconds="${1:-10}"; shift # 10 seconds as default timeout
|
||||||
|
|
||||||
|
until test $((wait_seconds--)) -eq 0 -o -e "$file" ; do sleep 1; done
|
||||||
|
|
||||||
|
((++wait_seconds))
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "--Checking permissions bots.sock"
|
||||||
|
wait_file "/wrk-cache/bots.sock" && {
|
||||||
|
echo "--Set bots.sock permissions"
|
||||||
|
sudo chmod 777 /wrk-cache/bots.sock
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "--Checking permissions casd.sock"
|
||||||
|
wait_file "/wrk-cache/casd.sock" && {
|
||||||
|
echo "--Set casd.sock permissions"
|
||||||
|
sudo chmod 777 /wrk-cache/casd.sock
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "--Done"
|
@ -7,10 +7,18 @@ USER lg
|
|||||||
COPY buildbox-worker .
|
COPY buildbox-worker .
|
||||||
COPY buildbox-run-hosttools .
|
COPY buildbox-run-hosttools .
|
||||||
|
|
||||||
|
RUN HTTP_PROXY= &&\
|
||||||
|
HTTPS_PROXY= &&\
|
||||||
|
http_proxy= &&\
|
||||||
|
https_proxy= &&\
|
||||||
|
sudo rm /etc/apt/apt.conf.d/proxy.conf
|
||||||
|
|
||||||
RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\
|
RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\
|
||||||
sudo chmod +x buildbox-worker &&\
|
sudo chmod +x buildbox-worker &&\
|
||||||
sudo chmod +x buildbox-run-hosttools
|
sudo chmod +x buildbox-run-hosttools
|
||||||
|
|
||||||
|
USER root
|
||||||
|
|
||||||
CMD PATH=.:$PATH &&\
|
CMD PATH=.:$PATH &&\
|
||||||
./buildbox-worker \
|
./buildbox-worker \
|
||||||
--instance=default_instance \
|
--instance=default_instance \
|
||||||
|
@ -1,14 +1,33 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
#docker stop gh-proxy
|
||||||
|
|
||||||
|
SYSBOX_UID=$(cat /etc/subuid | grep sysbox | cut -d : -f 2)
|
||||||
|
mkdir -p /tmp/proxy
|
||||||
|
mkdir -p /tmp/forward-proxy
|
||||||
|
mkdir -p ~/redis
|
||||||
|
|
||||||
|
sudo chown $SYSBOX_UID:$SYSBOX_UID /tmp/proxy
|
||||||
|
sudo chown $SYSBOX_UID:$SYSBOX_UID /tmp/forward-proxy
|
||||||
|
sudo chown $SYSBOX_UID:$SYSBOX_UID ~/redis
|
||||||
|
|
||||||
|
docker run --rm -d --runtime=sysbox-runc \
|
||||||
|
--name=gh-proxy \
|
||||||
|
-e "REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR" \
|
||||||
|
-v /tmp/proxy:/tmp/proxy:rw \
|
||||||
|
-v /tmp/forward-proxy:/tmp/forward-proxy:rw \
|
||||||
|
uazo/privoxy
|
||||||
|
|
||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
|
|
||||||
docker run --runtime=sysbox-runc --name=gh-runner -ti --rm \
|
docker run --runtime=sysbox-runc --name=gh-runner -ti --rm \
|
||||||
--env-file=.env \
|
--env-file=.env \
|
||||||
-v ~/docker-inner/:/var/lib/docker/ \
|
-v ~/docker-inner/:/var/lib/docker/:rw \
|
||||||
-v /storage/images:/storage/images \
|
-v /storage/images:/storage/images:rw \
|
||||||
-v /tmp/forward-proxy:/tmp/forward-proxy \
|
-v /tmp/proxy:/tmp/proxy:rw \
|
||||||
-v /tmp/proxy:/tmp/proxy \
|
-v /tmp/forward-proxy:/tmp/forward-proxy:rw \
|
||||||
|
-v ~/redis:/redis:rw \
|
||||||
--network none \
|
--network none \
|
||||||
uazo/github-runner
|
uazo/github-runner
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ COPY config-file .
|
|||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& \
|
&& \
|
||||||
apt-get -y install sudo wget git socat \
|
apt-get -y install sudo wget git socat redis-server \
|
||||||
&& \
|
&& \
|
||||||
sudo chmod +x ./install-goma-server.sh \
|
sudo chmod +x ./install-goma-server.sh \
|
||||||
&& \
|
&& \
|
||||||
|
@ -3,7 +3,10 @@
|
|||||||
RED='\033[0;31m'
|
RED='\033[0;31m'
|
||||||
NC='\033[0m' # No Color
|
NC='\033[0m' # No Color
|
||||||
|
|
||||||
#export REDISHOST=localhost
|
echo -e ${RED} -------- start redis-server ${NC}
|
||||||
|
|
||||||
|
export REDISHOST=localhost
|
||||||
|
sudo redis-server /etc/redis/redis.conf
|
||||||
|
|
||||||
echo -e ${RED} -------- start goma-server ${NC}
|
echo -e ${RED} -------- start goma-server ${NC}
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
FROM alpine:3.14
|
FROM ubuntu:latest
|
||||||
|
|
||||||
ARG REMOTEEXEC_ADDR
|
ARG REMOTEEXEC_ADDR
|
||||||
|
|
||||||
@ -6,7 +6,16 @@ COPY user.action .
|
|||||||
COPY privoxy.conf .
|
COPY privoxy.conf .
|
||||||
COPY start-proxy.sh .
|
COPY start-proxy.sh .
|
||||||
|
|
||||||
RUN apk update && apk add privoxy bash sudo socat
|
RUN apt-get update && apt-get install -y privoxy bash sudo socat
|
||||||
|
|
||||||
|
#RUN useradd -u 2000 -m ghproxy \
|
||||||
|
# && usermod -aG sudo ghproxy \
|
||||||
|
# && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
|
||||||
|
|
||||||
|
#RUN useradd -m runner1 \
|
||||||
|
# && usermod -aG sudo runner1
|
||||||
|
#
|
||||||
|
#USER ghproxy
|
||||||
|
|
||||||
CMD sudo chmod +x ./start-proxy.sh &&\
|
CMD sudo chmod +x ./start-proxy.sh &&\
|
||||||
REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
|
REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
|
||||||
|
@ -1,12 +1,13 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo Connect /tmp/forward-proxy/proxy.sock to 127.0.0.1:8118
|
||||||
test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock
|
test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock
|
||||||
test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
|
|
||||||
|
|
||||||
socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 &
|
socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 &
|
||||||
socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
|
|
||||||
|
|
||||||
sudo chmod 777 /tmp/forward-proxy/proxy.sock
|
sudo chmod 777 /tmp/forward-proxy/proxy.sock
|
||||||
|
|
||||||
|
echo Connect /tmp/proxy/bots.sock to $REMOTEEXEC_ADDR
|
||||||
|
test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
|
||||||
|
socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
|
||||||
sudo chmod 777 /tmp/proxy/bots.sock
|
sudo chmod 777 /tmp/proxy/bots.sock
|
||||||
|
|
||||||
privoxy --no-daemon privoxy.conf
|
privoxy --no-daemon privoxy.conf
|
||||||
|
Loading…
Reference in New Issue
Block a user