[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-deployment] branch master updated (4719487 -> 2007b9b)
|
From: |
gnunet |
|
Subject: |
[taler-deployment] branch master updated (4719487 -> 2007b9b) |
|
Date: |
Tue, 30 May 2023 07:29:49 +0200 |
This is an automated email from the git hooks/post-receive script.
dold pushed a change to branch master
in repository deployment.
from 4719487 -limit
new b29f2be -no spaces
new 2007b9b scripts for installing rootless docker
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
bootstrap-docker/README | 2 +
bootstrap-docker/bootstrap-docker.sh | 7 +
bootstrap-docker/install-plugin-buildx.sh | 7 +
bootstrap-docker/install-plugin-compose.sh | 7 +
bootstrap-docker/install-rootless-docker.sh | 252 +++++++++++++++++++++++++
sandcastle/images/merchant/create_instances.sh | 2 +-
6 files changed, 276 insertions(+), 1 deletion(-)
create mode 100644 bootstrap-docker/README
create mode 100644 bootstrap-docker/bootstrap-docker.sh
create mode 100644 bootstrap-docker/install-plugin-buildx.sh
create mode 100644 bootstrap-docker/install-plugin-compose.sh
create mode 100644 bootstrap-docker/install-rootless-docker.sh
diff --git a/bootstrap-docker/README b/bootstrap-docker/README
new file mode 100644
index 0000000..85a3e98
--- /dev/null
+++ b/bootstrap-docker/README
@@ -0,0 +1,2 @@
+Scripts to install rootless docker together with docker-compose and buildx
+plugins.
diff --git a/bootstrap-docker/bootstrap-docker.sh
b/bootstrap-docker/bootstrap-docker.sh
new file mode 100644
index 0000000..601e121
--- /dev/null
+++ b/bootstrap-docker/bootstrap-docker.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -eu
+
+./install-rootless-docker.sh
+./install-plugin-compose.sh
+./install-plugin-buildx.sh
diff --git a/bootstrap-docker/install-plugin-buildx.sh
b/bootstrap-docker/install-plugin-buildx.sh
new file mode 100644
index 0000000..4b3f4bc
--- /dev/null
+++ b/bootstrap-docker/install-plugin-buildx.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -eu
+
+DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
+mkdir -p $DOCKER_CONFIG/cli-plugins
+curl -SL
https://github.com/docker/buildx/releases/download/v0.10.5/buildx-v0.10.5.linux-amd64
-o $DOCKER_CONFIG/cli-plugins/docker-buildx
diff --git a/bootstrap-docker/install-plugin-compose.sh
b/bootstrap-docker/install-plugin-compose.sh
new file mode 100644
index 0000000..45d7dcc
--- /dev/null
+++ b/bootstrap-docker/install-plugin-compose.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -eu
+
+DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
+mkdir -p $DOCKER_CONFIG/cli-plugins
+curl -SL
https://github.com/docker/compose/releases/download/v2.18.1/docker-compose-linux-x86_64
-o $DOCKER_CONFIG/cli-plugins/docker-compose
diff --git a/bootstrap-docker/install-rootless-docker.sh
b/bootstrap-docker/install-rootless-docker.sh
new file mode 100644
index 0000000..c597186
--- /dev/null
+++ b/bootstrap-docker/install-rootless-docker.sh
@@ -0,0 +1,252 @@
+#!/bin/sh
+set -e
+# Docker CE for Linux installation script (Rootless mode)
+#
+# See https://docs.docker.com/go/rootless/ for the
+# installation steps.
+#
+# This script is meant for quick & easy install via:
+# $ curl -fsSL https://get.docker.com/rootless -o get-docker.sh
+# $ sh get-docker.sh
+#
+# NOTE: Make sure to verify the contents of the script
+# you downloaded matches the contents of install.sh
+# located at https://github.com/docker/docker-install
+# before executing.
+#
+# Git commit from https://github.com/docker/docker-install when
+# the script was uploaded (Should only be modified by upload job):
+SCRIPT_COMMIT_SHA=c2de081
+
+# This script should be run with an unprivileged user and install/setup Docker
under $HOME/bin/.
+
+# The channel to install from:
+# * nightly
+# * test
+# * stable
+DEFAULT_CHANNEL_VALUE="stable"
+if [ -z "$CHANNEL" ]; then
+ CHANNEL=$DEFAULT_CHANNEL_VALUE
+fi
+# The latest release is currently hard-coded.
+STABLE_LATEST="24.0.1"
+TEST_LATEST="24.0.1"
+STATIC_RELEASE_URL=
+STATIC_RELEASE_ROOTLESS_URL=
+case "$CHANNEL" in
+ "stable")
+ echo "# Installing stable version ${STABLE_LATEST}"
+
STATIC_RELEASE_URL="https://download.docker.com/linux/static/$CHANNEL/$(uname
-m)/docker-${STABLE_LATEST}.tgz"
+
STATIC_RELEASE_ROOTLESS_URL="https://download.docker.com/linux/static/$CHANNEL/$(uname
-m)/docker-rootless-extras-${STABLE_LATEST}.tgz"
+ ;;
+ "test")
+ echo "# Installing test version ${TEST_LATEST}"
+
STATIC_RELEASE_URL="https://download.docker.com/linux/static/$CHANNEL/$(uname
-m)/docker-${TEST_LATEST}.tgz"
+
STATIC_RELEASE_ROOTLESS_URL="https://download.docker.com/linux/static/$CHANNEL/$(uname
-m)/docker-rootless-extras-${TEST_LATEST}.tgz"
+ ;;
+ "nightly")
+ echo "# Installing nightly"
+ STATIC_RELEASE_URL="https://master.dockerproject.org/linux/$(uname
-m)/docker.tgz"
+
STATIC_RELEASE_ROOTLESS_URL="https://master.dockerproject.org/linux/$(uname
-m)/docker-rootless-extras.tgz"
+ ;;
+ *)
+ >&2 echo "Aborting because of unknown CHANNEL \"$CHANNEL\". Set
\$CHANNEL to either \"stable\", \"test\", or \"nightly\"."; exit 1
+ ;;
+esac
+
+init_vars() {
+ BIN="${DOCKER_BIN:-$HOME/bin}"
+
+ DAEMON=dockerd
+ SYSTEMD=
+ if systemctl --user daemon-reload >/dev/null 2>&1; then
+ SYSTEMD=1
+ fi
+}
+
+checks() {
+ # OS verification: Linux only, point osx/win to helpful locations
+ case "$(uname)" in
+ Linux)
+ ;;
+ *)
+ >&2 echo "Rootless Docker cannot be installed on $(uname)";
exit 1
+ ;;
+ esac
+
+ # User verification: deny running as root (unless forced?)
+ if [ "$(id -u)" = "0" ] && [ -z "$FORCE_ROOTLESS_INSTALL" ]; then
+ >&2 echo "Refusing to install rootless Docker as the root
user"; exit 1
+ fi
+
+ # HOME verification
+ if [ ! -d "$HOME" ]; then
+ >&2 echo "Aborting because HOME directory $HOME does not
exist"; exit 1
+ fi
+
+ if [ -d "$BIN" ]; then
+ if [ ! -w "$BIN" ]; then
+ >&2 echo "Aborting because $BIN is not writable"; exit 1
+ fi
+ else
+ if [ ! -w "$HOME" ]; then
+ >&2 echo "Aborting because HOME (\"$HOME\") is not
writable"; exit 1
+ fi
+ fi
+
+ # Existing rootful docker verification
+ if [ -w /var/run/docker.sock ] && [ -z "$FORCE_ROOTLESS_INSTALL" ]; then
+ >&2 echo "Aborting because rootful Docker is running and
accessible. Set FORCE_ROOTLESS_INSTALL=1 to ignore."; exit 1
+ fi
+
+ # Validate XDG_RUNTIME_DIR
+ if [ ! -w "$XDG_RUNTIME_DIR" ]; then
+ if [ -n "$SYSTEMD" ]; then
+ >&2 echo "Aborting because systemd was detected but
XDG_RUNTIME_DIR (\"$XDG_RUNTIME_DIR\") does not exist or is not writable"
+ >&2 echo "Hint: this could happen if you changed users
with 'su' or 'sudo'. To work around this:"
+ >&2 echo "- try again by first running with root
privileges 'loginctl enable-linger <user>' where <user> is the unprivileged
user and export XDG_RUNTIME_DIR to the value of RuntimePath as shown by
'loginctl show-user <user>'"
+ >&2 echo "- or simply log back in as the desired
unprivileged user (ssh works for remote machines)"
+ exit 1
+ fi
+ fi
+
+ # Already installed verification (unless force?). Only having docker
cli binary previously shouldn't fail the build.
+ if [ -x "$BIN/$DAEMON" ]; then
+ # If rootless installation is detected print out the modified
PATH and DOCKER_HOST that needs to be set.
+ echo "# Existing rootless Docker detected at $BIN/$DAEMON"
+ echo
+ echo "# To reinstall or upgrade rootless Docker, run the
following commands and then rerun the installation script:"
+ echo "systemctl --user stop docker"
+ echo "rm -f $BIN/$DAEMON"
+ echo
+ echo "# Alternatively, install the docker-ce-rootless-extras
RPM/deb package for ease of package management (requires root)."
+ echo "# See https://docs.docker.com/go/rootless/ for details."
+ exit 0
+ fi
+
+ INSTRUCTIONS=
+
+ # uidmap dependency check
+ if ! command -v newuidmap >/dev/null 2>&1; then
+ if command -v apt-get >/dev/null 2>&1; then
+ INSTRUCTIONS="apt-get install -y uidmap"
+ elif command -v dnf >/dev/null 2>&1; then
+ INSTRUCTIONS="dnf install -y shadow-utils"
+ elif command -v yum >/dev/null 2>&1; then
+ INSTRUCTIONS="curl -o
/etc/yum.repos.d/vbatts-shadow-utils-newxidmap-epel-7.repo
https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo
+yum install -y shadow-utils46-newxidmap"
+ else
+ echo "newuidmap binary not found. Please install with a
package manager."
+ exit 1
+ fi
+ fi
+
+ # iptables dependency check
+ if [ -z "$SKIP_IPTABLES" ] && ! command -v iptables >/dev/null 2>&1 &&
[ ! -f /sbin/iptables ] && [ ! -f /usr/sbin/iptables ]; then
+ if command -v apt-get >/dev/null 2>&1; then
+ INSTRUCTIONS="${INSTRUCTIONS}
+apt-get install -y iptables"
+ elif command -v dnf >/dev/null 2>&1; then
+ INSTRUCTIONS="${INSTRUCTIONS}
+dnf install -y iptables"
+ else
+ echo "iptables binary not found. Please install with a
package manager."
+ exit 1
+ fi
+ fi
+
+ # ip_tables module dependency check
+ if [ -z "$SKIP_IPTABLES" ] && ! lsmod | grep ip_tables >/dev/null 2>&1
&& ! grep -q ip_tables "/lib/modules/$(uname -r)/modules.builtin"; then
+ INSTRUCTIONS="${INSTRUCTIONS}
+modprobe ip_tables"
+ fi
+
+ # debian requires setting unprivileged_userns_clone
+ if [ -f /proc/sys/kernel/unprivileged_userns_clone ]; then
+ if [ "1" != "$(cat /proc/sys/kernel/unprivileged_userns_clone)"
]; then
+ INSTRUCTIONS="${INSTRUCTIONS}
+cat <<EOT > /etc/sysctl.d/50-rootless.conf
+kernel.unprivileged_userns_clone = 1
+EOT
+sysctl --system"
+ fi
+ fi
+
+ # centos requires setting max_user_namespaces
+ if [ -f /proc/sys/user/max_user_namespaces ]; then
+ if [ "0" = "$(cat /proc/sys/user/max_user_namespaces)" ]; then
+ INSTRUCTIONS="${INSTRUCTIONS}
+cat <<EOT > /etc/sysctl.d/51-rootless.conf
+user.max_user_namespaces = 28633
+EOT
+sysctl --system"
+ fi
+ fi
+
+ if [ -n "$INSTRUCTIONS" ]; then
+ echo "# Missing system requirements. Please run following
commands to
+# install the requirements and run this installer again.
+# Alternatively iptables checks can be disabled with SKIP_IPTABLES=1"
+
+ echo
+ echo "cat <<EOF | sudo sh -x"
+ echo "$INSTRUCTIONS"
+ echo "EOF"
+ echo
+ exit 1
+ fi
+
+ # validate subuid/subgid files for current user
+ if ! grep "^$(id -un):\|^$(id -u):" /etc/subuid >/dev/null 2>&1; then
+ >&2 echo "Could not find records for the current user $(id -un)
from /etc/subuid . Please make sure valid subuid range is set there.
+For example:
+echo \"$(id -un):100000:65536\" >> /etc/subuid"
+ exit 1
+ fi
+ if ! grep "^$(id -un):\|^$(id -u):" /etc/subgid >/dev/null 2>&1; then
+ >&2 echo "Could not find records for the current user $(id -un)
from /etc/subgid . Please make sure valid subuid range is set there.
+For example:
+echo \"$(id -un):100000:65536\" >> /etc/subgid"
+ exit 1
+ fi
+}
+
+exec_setuptool() {
+ if [ -n "$FORCE_ROOTLESS_INSTALL" ]; then
+ set -- "$@" --force
+ fi
+ if [ -n "$SKIP_IPTABLES" ]; then
+ set -- "$@" --skip-iptables
+ fi
+ (
+ set -x
+ PATH="$BIN:$PATH" "$BIN/dockerd-rootless-setuptool.sh" install
"$@"
+ )
+}
+
+do_install() {
+ echo "# Executing docker rootless install script, commit:
$SCRIPT_COMMIT_SHA"
+
+ init_vars
+ checks
+
+ tmp=$(mktemp -d)
+ trap 'rm -rf "$tmp"' EXIT INT TERM
+ # Download tarballs docker-* and docker-rootless-extras=*
+ (
+ cd "$tmp"
+ curl -L -o docker.tgz "$STATIC_RELEASE_URL"
+ curl -L -o rootless.tgz "$STATIC_RELEASE_ROOTLESS_URL"
+ )
+ # Extract under $HOME/bin/
+ (
+ mkdir -p "$BIN"
+ cd "$BIN"
+ tar zxf "$tmp/docker.tgz" --strip-components=1
+ tar zxf "$tmp/rootless.tgz" --strip-components=1
+ )
+
+ exec_setuptool "$@"
+}
+
+do_install "$@"
diff --git a/sandcastle/images/merchant/create_instances.sh
b/sandcastle/images/merchant/create_instances.sh
index cca4799..714c40e 100644
--- a/sandcastle/images/merchant/create_instances.sh
+++ b/sandcastle/images/merchant/create_instances.sh
@@ -38,7 +38,7 @@ function create_instance() {
echo DONE
}
-create_instance default "$DEFAULT_IBAN" "Test Merchant"
+create_instance default "$DEFAULT_IBAN" TestMerchant
create_instance pos "$POS_IBAN" PoS
create_instance blog "$BLOG_IBAN" BlogCompany
create_instance GNUnet "$GNUNET_IBAN" GNUnet
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-deployment] branch master updated (4719487 -> 2007b9b),
gnunet <=