From e23a03662cb7249bd7fb81b6b69819595cbf2c00 Mon Sep 17 00:00:00 2001 From: octopusbob Date: Fri, 2 Oct 2020 10:20:35 -0500 Subject: [PATCH] Updating the base docker image to not have the docker in docker feature enabled --- ReadMe.md | 4 +- base/Dockerfile | 1 - base/scripts/run-tentacle.sh | 7 --- tentacle-executioncontainer/Dockerfile | 41 ++++++++++++++- .../scripts/configure-tentacle.sh | 52 +++++++++++++++++++ .../scripts/run-tentacle.sh | 11 ++++ 6 files changed, 104 insertions(+), 12 deletions(-) create mode 100644 tentacle-executioncontainer/scripts/configure-tentacle.sh create mode 100644 tentacle-executioncontainer/scripts/run-tentacle.sh diff --git a/ReadMe.md b/ReadMe.md index 8b7e984..87f717e 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -10,7 +10,7 @@ There are four images to help get you started. - `tentacle`: this is the base image which includes just enough to run the tentacle. Based on `mcr.microsoft.com/dotnet/core/runtime-deps`. - `tentacle-worker`: includes a variety of software to get started using this tentacle as a worker. Based on `tentacle`. - `tentacle-k8sworker`: similar to the `tentacle-worker` but only includes the software useful for kubernetes deployments. Based on `tentacle`. -- `tentacle-executioncontainer`: only includes the necessary software to run the [execution container feature](https://octopus.com/docs/deployment-process/execution-containers-for-workers) in Octopus Deploy. Based on `tentacle`. +- `tentacle-executioncontainer`: only includes the necessary software to run the [execution container feature](https://octopus.com/docs/deployment-process/execution-containers-for-workers) in Octopus Deploy. Based on `mcr.microsoft.com/dotnet/core/runtime-deps`. ## Tentacle This is the bare bones to run a tentacle as a docker container. It is based on the latest .NET Core runtime dependencies `3.1-bionic` image provided by Microsoft. @@ -95,7 +95,7 @@ The docker container has a few self-imposed limitations. - **SPACE**: The name of the [space](https://octopus.com/docs/administration/spaces) to register the tentacle with. Default is Default. - **COMMUNICATION_TYPE**: Whether you are using [polling tentacles or listening tentacles](https://octopus.com/docs/infrastructure/deployment-targets/windows-targets/tentacle-communication). Default is Polling. - **MACHINE_POLICY_NAME**: The name of the [machine policy](https://octopus.com/docs/infrastructure/deployment-targets/machine-policies) to associate the container with. Defaults to `Default Machine Policy.` -- **DISABLE_DIND**: Indicates if docker in docker should be disabled. Defaults to N. +- **DISABLE_DIND**: Indicates if docker in docker should be disabled. Defaults to N. Only for `tentacle-executioncontainer` image only. - **ACCEPT_EULA**: You must accept the [Octopus Deploy EULA](https://octopus.com/legal/customer-agreement). ## Ports diff --git a/base/Dockerfile b/base/Dockerfile index 05b3ef2..23205b6 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -29,7 +29,6 @@ ENV SPACE="Default" ENV TARGET_WORKER_POOL="" ENV MACHINE_POLICY_NAME="Default Machine Policy" ENV COMMUNICATION_TYPE="Polling" -ENV DISABLE_DIND=N ENV ACCEPT_EULA=N CMD /scripts/configure-tentacle.sh && /scripts/run-tentacle.sh \ No newline at end of file diff --git a/base/scripts/run-tentacle.sh b/base/scripts/run-tentacle.sh index 4cc3161..10bfd77 100644 --- a/base/scripts/run-tentacle.sh +++ b/base/scripts/run-tentacle.sh @@ -1,11 +1,4 @@ #!/bin/bash set -eux -if [[ "$DISABLE_DIND" == "Y" ]]; then - echo Docker-in-Docker is disabled. -else - echo "Starting Docker-in-Docker daemon. This requires that this container be run in privileged mode." - nohup /usr/local/bin/dockerd-entrypoint.sh dockerd & -fi - tentacle agent --instance Tentacle --noninteractive \ No newline at end of file diff --git a/tentacle-executioncontainer/Dockerfile b/tentacle-executioncontainer/Dockerfile index 273f2e8..a3f6bbd 100644 --- a/tentacle-executioncontainer/Dockerfile +++ b/tentacle-executioncontainer/Dockerfile @@ -1,12 +1,20 @@ -FROM octopuslabs/tentacle:latest +FROM mcr.microsoft.com/dotnet/core/runtime-deps:3.1-bionic + +RUN apt-get update && \ + apt-get install -y wget unzip apt-utils curl software-properties-common RUN apt-get update && \ apt-get install -y curl sudo dos2unix && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* +EXPOSE 10933 + WORKDIR /tmp +COPY ./scripts/* /scripts/ +RUN chmod +x /scripts/*.sh + COPY ./install-scripts/* /install-scripts/ RUN chmod +x /install-scripts/*.sh @@ -14,4 +22,33 @@ RUN chmod +x /install-scripts/*.sh COPY ./scripts/dockerd-entrypoint.sh /usr/local/bin/ RUN /install-scripts/install-docker.sh -VOLUME /var/lib/docker \ No newline at end of file +# Install Tentacle +RUN apt-key adv --fetch-keys https://apt.octopus.com/public.key && \ + add-apt-repository "deb https://apt.octopus.com/ stretch main" && \ + apt-get update && \ + apt-get install tentacle + +WORKDIR / + +# We know this won't reduce the image size at all. It's just to make the filesystem a little tidier. +RUN rm -rf /tmp/* + +ENV DISABLE_DIND=N +ENV SERVER_URL="https://octopus.example.com/" +ENV SERVER_PORT=10943 +ENV SERVER_API_KEY="API-SOURCE-THIS-FROM-YOUR-OCTOPUS-SERVER" +ENV ServerThumbprint="" +ENV SERVER_USERNAME="" +ENV SERVER_PASSWORD="" +ENV TARGET_ENVIRONMENT="" +ENV TARGET_ROLE="" +ENV REGISTRATION_NAME="" +ENV SPACE="Default" +ENV TARGET_WORKER_POOL="" +ENV MACHINE_POLICY_NAME="Default Machine Policy" +ENV COMMUNICATION_TYPE="Polling" +ENV ACCEPT_EULA=N + +VOLUME /var/lib/docker + +CMD /scripts/configure-tentacle.sh && /scripts/run-tentacle.sh \ No newline at end of file diff --git a/tentacle-executioncontainer/scripts/configure-tentacle.sh b/tentacle-executioncontainer/scripts/configure-tentacle.sh new file mode 100644 index 0000000..e3d79da --- /dev/null +++ b/tentacle-executioncontainer/scripts/configure-tentacle.sh @@ -0,0 +1,52 @@ +#!/bin/bash +set -eux + +function splitAndGetArgs { + finalstring="" + IFS=',' + #Convert string to array + read -ra strarr <<< "$2" + for i in "${strarr[@]}"; do + finalstring+="--$1 \"$(echo $i | xargs)\" " + done + echo $finalstring +} + +if [[ "$ACCEPT_EULA" != "Y" ]]; then + echo "ERROR: You must accept the EULA at https://octopus.com/company/legal by passing an environment variable 'ACCEPT_EULA=Y'" + exit 1 +fi + +if [ -f "/usr/bin/tentacle" ]; then + echo "Octopus Tentacle is already configured." + return +fi + +ln -s /opt/octopus/tentacle/Tentacle /usr/bin/tentacle + +# Tentacle Docker images only support once instance per container. Running multiple instances can be achieved by running multiple containers. +instanceName=Tentacle +configurationDirectory=/etc/octopus +applicationsDirectory=/home/Octopus/Applications + +mkdir -p $configurationDirectory +mkdir -p $applicationsDirectory + +tentacle create-instance --instance "$instanceName" --config "$configurationDirectory/tentacle.config" +tentacle new-certificate --instance "$instanceName" --if-blank + +registerName=$HOSTNAME +if [[ "$REGISTRATION_NAME" != "" ]]; then + registerName=$REGISTRATION_NAME +fi + +workerPoolString=$(splitAndGetArgs "workerpool" "$TARGET_WORKER_POOL") + +if [[ "$COMMUNICATION_TYPE" != "Polling" ]]; then + tentacle configure --instance "$instanceName" --app "$applicationsDirectory" --noListen "False" --reset-trust --port "$LISTENING_PORT" + tentacle configure --trust "$ServerThumbprint" + eval tentacle register-worker --instance \"$instanceName\" --server \"$SERVER_URL\" --name \"$registerName\" --comms-style \"TentaclePassive\" --tentacle-comms-port $LISTENING_PORT --username \"$SERVER_USERNAME\" --password \"$SERVER_PASSWORD\" --apiKey \"$SERVER_API_KEY\" --space \"$SPACE\" --policy=\"$MACHINE_POLICY_NAME\" $workerPoolString --force +else + tentacle configure --instance "$instanceName" --app "$applicationsDirectory" --noListen "True" --reset-trust + eval tentacle register-worker --instance \"$instanceName\" --server \"$SERVER_URL\" --name \"$registerName\" --comms-style \"TentacleActive\" --server-comms-port $SERVER_PORT --username \"$SERVER_USERNAME\" --password \"$SERVER_PASSWORD\" --apiKey \"$SERVER_API_KEY\" --space \"$SPACE\" --policy=\"$MACHINE_POLICY_NAME\" $workerPoolString --force +fi \ No newline at end of file diff --git a/tentacle-executioncontainer/scripts/run-tentacle.sh b/tentacle-executioncontainer/scripts/run-tentacle.sh new file mode 100644 index 0000000..4cc3161 --- /dev/null +++ b/tentacle-executioncontainer/scripts/run-tentacle.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -eux + +if [[ "$DISABLE_DIND" == "Y" ]]; then + echo Docker-in-Docker is disabled. +else + echo "Starting Docker-in-Docker daemon. This requires that this container be run in privileged mode." + nohup /usr/local/bin/dockerd-entrypoint.sh dockerd & +fi + +tentacle agent --instance Tentacle --noninteractive \ No newline at end of file