mirror of
https://github.com/balena-io/balena-cli.git
synced 2024-12-24 07:46:39 +00:00
dockerfiles: initial commit of balenalib dockerfiles
Add dockerfiles for alpine and debian images, based on upstream balenalib/arch-distro-node images. Change-type: patch Signed-off-by: Kyle Harding <kyle@balena.io>
This commit is contained in:
parent
4cd3ef8b91
commit
a9be42e280
167
docker/DOCKER.md
Normal file
167
docker/DOCKER.md
Normal file
@ -0,0 +1,167 @@
|
||||
# Docker Images for balena CLI
|
||||
|
||||
Docker images with balena CLI and docker-in-docker.
|
||||
|
||||
## Available architectures
|
||||
|
||||
- `rpi`
|
||||
- `armv7hf`
|
||||
- `aarch64` (debian only)
|
||||
- `amd64`
|
||||
- `i386`
|
||||
|
||||
## Basic Usage
|
||||
|
||||
Here's a small example of running a single, detached container
|
||||
in the background and using `docker exec` to run balena CLI commands.
|
||||
|
||||
```
|
||||
$ docker run --detach --privileged --network host --name cli --rm -it balenalib/amd64-debian-balenacli /bin/bash
|
||||
|
||||
$ docker exec -it cli balena version -a
|
||||
balena-cli version "12.38.1"
|
||||
Node.js version "12.19.1"
|
||||
|
||||
$ docker exec -it cli balena login --token abc...
|
||||
|
||||
$ docker exec -it cli balena whoami
|
||||
== ACCOUNT INFORMATION
|
||||
USERNAME: ...
|
||||
EMAIL: ...
|
||||
URL: balena-cloud.com
|
||||
|
||||
$ docker exec -it cli balena apps
|
||||
ID APP NAME SLUG DEVICE TYPE ONLINE DEVICES DEVICE COUNT
|
||||
1491721 test-nuc gh_paulo_castro/test-nuc intel-nuc 0 1
|
||||
...
|
||||
|
||||
$ docker exec -it cli balena app test-nuc
|
||||
== test-nuc
|
||||
ID: 149...
|
||||
DEVICE TYPE: intel-nuc
|
||||
SLUG: gh_.../test-nuc
|
||||
COMMIT: ce9...
|
||||
```
|
||||
|
||||
## Advanced Usage
|
||||
|
||||
The following are examples of running the docker image in various
|
||||
modes in order to allow only the required functionality, and not
|
||||
elevate permissions unless required.
|
||||
|
||||
### scan
|
||||
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#scan>
|
||||
|
||||
```bash
|
||||
# balena scan requires the host network and NET_ADMIN
|
||||
docker run --rm -it --cap-add NET_ADMIN --network host \
|
||||
balenalib/amd64-debian-balenacli scan
|
||||
```
|
||||
|
||||
### ssh
|
||||
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#login>
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#key-add-name-path>
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#ssh-applicationordevice-service>
|
||||
|
||||
```bash
|
||||
# balena ssh requires a private ssh key
|
||||
docker run --rm -it -e SSH_PRIVATE_KEY="$(</path/to/priv/key)" \
|
||||
balenalib/amd64-debian-balenacli /bin/bash
|
||||
|
||||
> balena login --credentials --email johndoe@gmail.com --password secret
|
||||
> balena ssh f49cefd my-service
|
||||
> exit
|
||||
|
||||
# OR use your host ssh agent socket with a key already loaded
|
||||
docker run --rm -it -e SSH_AUTH_SOCK -v "$(dirname "${SSH_AUTH_SOCK}")" \
|
||||
balenalib/amd64-debian-balenacli /bin/bash
|
||||
|
||||
> balena login --credentials --email johndoe@gmail.com --password secret
|
||||
> balena ssh f49cefd my-service
|
||||
> exit
|
||||
```
|
||||
|
||||
### build | deploy
|
||||
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#build-source>
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#deploy-appname-image>
|
||||
|
||||
```bash
|
||||
# docker-in-docker requires SYS_ADMIN
|
||||
# note that we are mounting your app source into the container
|
||||
# with -v $PWD:$PWD -w $PWD for convenience
|
||||
docker run --rm -it --cap-add SYS_ADMIN \
|
||||
-v $PWD:$PWD -w $PWD \
|
||||
balenalib/amd64-debian-balenacli /bin/bash
|
||||
|
||||
> balena login --credentials --email johndoe@gmail.com --password secret
|
||||
> balena build --application myApp
|
||||
> balena deploy myApp
|
||||
> exit
|
||||
|
||||
# OR use your host docker socket
|
||||
# note that we are mounting your app source into the container
|
||||
# with -v $PWD:$PWD -w $PWD for convenience
|
||||
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v $PWD:$PWD -w $PWD \
|
||||
balenalib/amd64-debian-balenacli /bin/bash
|
||||
|
||||
> balena login --credentials --email johndoe@gmail.com --password secret
|
||||
> balena build --application myApp
|
||||
> balena deploy myApp
|
||||
> exit
|
||||
```
|
||||
|
||||
### preload
|
||||
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#os-download-type>
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#os-configure-image>
|
||||
- <https://www.balena.io/docs/reference/balena-cli/#preload-image>
|
||||
|
||||
```bash
|
||||
# docker-in-docker requires SYS_ADMIN
|
||||
docker run --rm -it --cap-add SYS_ADMIN \
|
||||
balenalib/amd64-debian-balenacli /bin/bash
|
||||
|
||||
> balena login --credentials --email johndoe@gmail.com --password secret
|
||||
> balena os download raspberrypi3 -o raspberry-pi.img
|
||||
> balena os configure raspberry-pi.img --app MyApp
|
||||
> balena preload raspberry-pi.img --app MyApp --commit current
|
||||
> exit
|
||||
|
||||
# OR use your host docker socket
|
||||
# note the .img path must be the same on the host as in the container
|
||||
# therefore we are using -v $PWD:$PWD -w $PWD so the paths align
|
||||
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v $PWD:$PWD -w $PWD \
|
||||
balenalib/amd64-debian-balenacli /bin/bash
|
||||
|
||||
> balena login --credentials --email johndoe@gmail.com --password secret
|
||||
> balena os download raspberrypi3 -o raspberry-pi.img
|
||||
> balena os configure raspberry-pi.img --app MyApp
|
||||
> balena preload raspberry-pi.img --app MyApp --commit current
|
||||
> exit
|
||||
```
|
||||
|
||||
## Custom images / contributing
|
||||
|
||||
The following script / steps may be used to create custom CLI images or
|
||||
to contribute bug reports, fixes or features.
|
||||
|
||||
```bash
|
||||
# optionally enable qemu for cross-compiling
|
||||
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
|
||||
|
||||
export BALENA_ARCH="amd64"
|
||||
export BALENA_DISTRO="debian"
|
||||
export BALENA_CLI_VERSION="12.38.0"
|
||||
|
||||
docker build ${BALENA_DISTRO} \
|
||||
--build-arg BALENA_ARCH \
|
||||
--build-arg BALENA_CLI_VERSION \
|
||||
--tag "balenalib/${BALENA_ARCH}-${BALENA_DISTRO}-balenacli:${BALENA_CLI_VERSION}" \
|
||||
--tag "balenalib/${BALENA_ARCH}-${BALENA_DISTRO}-balenacli:latest" \
|
||||
--pull
|
||||
```
|
32
docker/alpine/Dockerfile
Normal file
32
docker/alpine/Dockerfile
Normal file
@ -0,0 +1,32 @@
|
||||
ARG BALENA_ARCH
|
||||
|
||||
FROM balenalib/${BALENA_ARCH}-alpine-node:12-run
|
||||
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
ARG BALENA_CLI_VERSION
|
||||
|
||||
# hadolint ignore=DL3018
|
||||
RUN apk add --no-cache -t .build-deps \
|
||||
build-base \
|
||||
curl \
|
||||
git \
|
||||
linux-headers \
|
||||
python3 && \
|
||||
npm install balena-cli@${BALENA_CLI_VERSION} -g --production --unsafe-perm && \
|
||||
apk del --purge .build-deps
|
||||
|
||||
# fail early if balena binary won't run
|
||||
RUN balena --version
|
||||
|
||||
# https://github.com/balena-io/balena-cli/blob/master/INSTALL-LINUX.md#additional-dependencies
|
||||
# hadolint ignore=DL3018
|
||||
RUN apk add --no-cache avahi bash ca-certificates docker openssh
|
||||
|
||||
COPY init.sh ./
|
||||
|
||||
RUN chmod +x ./init.sh
|
||||
|
||||
ENTRYPOINT [ "./init.sh" ]
|
||||
|
||||
CMD [ "--help" ]
|
28
docker/alpine/init.sh
Normal file
28
docker/alpine/init.sh
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
|
||||
# start dockerd if socket not mounted from host
|
||||
if ! docker info >/dev/null 2>&1
|
||||
then
|
||||
[ -e /var/run/docker.sock ] && rm /var/run/docker.sock
|
||||
dockerd &
|
||||
fi
|
||||
|
||||
# start ssh agent if socket not mounted from host
|
||||
if [ ! -e "${SSH_AUTH_SOCK}" ]
|
||||
then
|
||||
eval "$(ssh-agent -s)"
|
||||
fi
|
||||
|
||||
# install private ssh key if one is provided
|
||||
if [ -n "${SSH_PRIVATE_KEY}" ]
|
||||
then
|
||||
echo "${SSH_PRIVATE_KEY}" | tr -d '\r' | ssh-add -
|
||||
fi
|
||||
|
||||
# try to determine if an executable was provided or just args
|
||||
if [ "${1}" = "balena" ] || [ -x "${1}" ] || "${1}" -v >/dev/null 2>&1
|
||||
then
|
||||
exec "$@"
|
||||
else
|
||||
exec balena "$@"
|
||||
fi
|
34
docker/debian/Dockerfile
Normal file
34
docker/debian/Dockerfile
Normal file
@ -0,0 +1,34 @@
|
||||
ARG BALENA_ARCH
|
||||
|
||||
FROM balenalib/${BALENA_ARCH}-debian-node:12-run
|
||||
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
ARG BALENA_CLI_VERSION
|
||||
|
||||
ENV DEBCONF_NONINTERACTIVE_SEEN true
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
# hadolint ignore=DL3008,SC2086
|
||||
RUN buildDeps="build-essential ca-certificates curl git python3" && \
|
||||
apt-get update && apt-get install --no-install-recommends -y $buildDeps && \
|
||||
npm install balena-cli@${BALENA_CLI_VERSION} -g --production --unsafe-perm && \
|
||||
apt-get purge -y --auto-remove $buildDeps && \
|
||||
apt-get clean && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# fail early if balena binary won't run
|
||||
RUN balena --version
|
||||
|
||||
# https://github.com/balena-io/balena-cli/blob/master/INSTALL-LINUX.md#additional-dependencies
|
||||
# hadolint ignore=DL3008
|
||||
RUN apt-get update && apt-get install --no-install-recommends -y \
|
||||
avahi-daemon ca-certificates docker.io openssh-client && \
|
||||
apt-get clean && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
COPY init.sh ./
|
||||
|
||||
RUN chmod +x ./init.sh
|
||||
|
||||
ENTRYPOINT [ "./init.sh" ]
|
||||
|
||||
CMD [ "--help" ]
|
28
docker/debian/init.sh
Normal file
28
docker/debian/init.sh
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/sh
|
||||
|
||||
# start dockerd if socket not mounted from host
|
||||
if ! docker info >/dev/null 2>&1
|
||||
then
|
||||
[ -e /var/run/docker.sock ] && rm /var/run/docker.sock
|
||||
dockerd &
|
||||
fi
|
||||
|
||||
# start ssh agent if socket not mounted from host
|
||||
if [ ! -e "${SSH_AUTH_SOCK}" ]
|
||||
then
|
||||
eval "$(ssh-agent -s)"
|
||||
fi
|
||||
|
||||
# install private ssh key if one is provided
|
||||
if [ -n "${SSH_PRIVATE_KEY}" ]
|
||||
then
|
||||
echo "${SSH_PRIVATE_KEY}" | tr -d '\r' | ssh-add -
|
||||
fi
|
||||
|
||||
# try to determine if an executable was provided or just args
|
||||
if [ "${1}" = "balena" ] || [ -x "${1}" ] || "${1}" -v >/dev/null 2>&1
|
||||
then
|
||||
exec "$@"
|
||||
else
|
||||
exec balena "$@"
|
||||
fi
|
Loading…
Reference in New Issue
Block a user