Fix users permissions

This commit is contained in:
uazo 2021-08-03 15:26:16 +00:00
parent 5eb7a2fc0f
commit 228297a813
8 changed files with 83 additions and 19 deletions

View File

@ -1,16 +1,19 @@
ARG VERSION ARG VERSION
FROM uazo/build-deps:$VERSION FROM ubuntu:latest
ENV DEBIAN_FRONTEND=noninteractive ENV DEBIAN_FRONTEND=noninteractive
USER lg
COPY buildbox-casd . COPY buildbox-casd .
COPY set-perms.sh .
RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\ RUN apt-get update &&\
sudo chmod +x buildbox-casd apt-get -f -y install sudo libgoogle-glog-dev libprotobuf17 libgrpc++1 socat &&\
sudo chmod +x buildbox-casd &&\
sudo chmod +x set-perms.sh
CMD sudo rm -rf /wrk-cache/* &&\ CMD sudo rm -rf /wrk-cache/* &&\
bash -c "socat UNIX-LISTEN:/wrk-cache/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &" &&\ bash -c "socat UNIX-LISTEN:/wrk-cache/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &" &&\
bash -c "$PWD/set-perms.sh &" &&\
./buildbox-casd \ ./buildbox-casd \
--instance=default_instance \ --instance=default_instance \
--cas-instance=default_instance \ --cas-instance=default_instance \
@ -18,5 +21,3 @@ CMD sudo rm -rf /wrk-cache/* &&\
--ra-remote=http://$REMOTEEXEC_ADDR \ --ra-remote=http://$REMOTEEXEC_ADDR \
--verbose \ --verbose \
/wrk-cache /wrk-cache

View File

@ -0,0 +1,23 @@
wait_file() {
local file="$1"; shift
local wait_seconds="${1:-10}"; shift # 10 seconds as default timeout
until test $((wait_seconds--)) -eq 0 -o -e "$file" ; do sleep 1; done
((++wait_seconds))
}
echo "--Checking permissions bots.sock"
wait_file "/wrk-cache/bots.sock" && {
echo "--Set bots.sock permissions"
sudo chmod 777 /wrk-cache/bots.sock
}
echo "--Checking permissions casd.sock"
wait_file "/wrk-cache/casd.sock" && {
echo "--Set casd.sock permissions"
sudo chmod 777 /wrk-cache/casd.sock
}
echo "--Done"

View File

@ -7,10 +7,18 @@ USER lg
COPY buildbox-worker . COPY buildbox-worker .
COPY buildbox-run-hosttools . COPY buildbox-run-hosttools .
RUN HTTP_PROXY= &&\
HTTPS_PROXY= &&\
http_proxy= &&\
https_proxy= &&\
sudo rm /etc/apt/apt.conf.d/proxy.conf
RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\ RUN sudo apt-get -f -y install libgoogle-glog-dev libprotobuf17 libgrpc++1 &&\
sudo chmod +x buildbox-worker &&\ sudo chmod +x buildbox-worker &&\
sudo chmod +x buildbox-run-hosttools sudo chmod +x buildbox-run-hosttools
USER root
CMD PATH=.:$PATH &&\ CMD PATH=.:$PATH &&\
./buildbox-worker \ ./buildbox-worker \
--instance=default_instance \ --instance=default_instance \

View File

@ -1,14 +1,33 @@
#!/bin/bash #!/bin/bash
#docker stop gh-proxy
SYSBOX_UID=$(cat /etc/subuid | grep sysbox | cut -d : -f 2)
mkdir -p /tmp/proxy
mkdir -p /tmp/forward-proxy
mkdir -p ~/redis
sudo chown $SYSBOX_UID:$SYSBOX_UID /tmp/proxy
sudo chown $SYSBOX_UID:$SYSBOX_UID /tmp/forward-proxy
sudo chown $SYSBOX_UID:$SYSBOX_UID ~/redis
docker run --rm -d --runtime=sysbox-runc \
--name=gh-proxy \
-e "REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR" \
-v /tmp/proxy:/tmp/proxy:rw \
-v /tmp/forward-proxy:/tmp/forward-proxy:rw \
uazo/privoxy
while true while true
do do
docker run --runtime=sysbox-runc --name=gh-runner -ti --rm \ docker run --runtime=sysbox-runc --name=gh-runner -ti --rm \
--env-file=.env \ --env-file=.env \
-v ~/docker-inner/:/var/lib/docker/ \ -v ~/docker-inner/:/var/lib/docker/:rw \
-v /storage/images:/storage/images \ -v /storage/images:/storage/images:rw \
-v /tmp/forward-proxy:/tmp/forward-proxy \ -v /tmp/proxy:/tmp/proxy:rw \
-v /tmp/proxy:/tmp/proxy \ -v /tmp/forward-proxy:/tmp/forward-proxy:rw \
-v ~/redis:/redis:rw \
--network none \ --network none \
uazo/github-runner uazo/github-runner

View File

@ -6,7 +6,7 @@ COPY config-file .
RUN apt-get update \ RUN apt-get update \
&& \ && \
apt-get -y install sudo wget git socat \ apt-get -y install sudo wget git socat redis-server \
&& \ && \
sudo chmod +x ./install-goma-server.sh \ sudo chmod +x ./install-goma-server.sh \
&& \ && \

View File

@ -3,7 +3,10 @@
RED='\033[0;31m' RED='\033[0;31m'
NC='\033[0m' # No Color NC='\033[0m' # No Color
#export REDISHOST=localhost echo -e ${RED} -------- start redis-server ${NC}
export REDISHOST=localhost
sudo redis-server /etc/redis/redis.conf
echo -e ${RED} -------- start goma-server ${NC} echo -e ${RED} -------- start goma-server ${NC}

View File

@ -1,4 +1,4 @@
FROM alpine:3.14 FROM ubuntu:latest
ARG REMOTEEXEC_ADDR ARG REMOTEEXEC_ADDR
@ -6,7 +6,16 @@ COPY user.action .
COPY privoxy.conf . COPY privoxy.conf .
COPY start-proxy.sh . COPY start-proxy.sh .
RUN apk update && apk add privoxy bash sudo socat RUN apt-get update && apt-get install -y privoxy bash sudo socat
#RUN useradd -u 2000 -m ghproxy \
# && usermod -aG sudo ghproxy \
# && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
#RUN useradd -m runner1 \
# && usermod -aG sudo runner1
#
#USER ghproxy
CMD sudo chmod +x ./start-proxy.sh &&\ CMD sudo chmod +x ./start-proxy.sh &&\
REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\ REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\

View File

@ -1,12 +1,13 @@
#!/bin/bash #!/bin/bash
echo Connect /tmp/forward-proxy/proxy.sock to 127.0.0.1:8118
test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock
test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 & socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 &
socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
sudo chmod 777 /tmp/forward-proxy/proxy.sock sudo chmod 777 /tmp/forward-proxy/proxy.sock
echo Connect /tmp/proxy/bots.sock to $REMOTEEXEC_ADDR
test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
sudo chmod 777 /tmp/proxy/bots.sock sudo chmod 777 /tmp/proxy/bots.sock
privoxy --no-daemon privoxy.conf privoxy --no-daemon privoxy.conf