Merge pull request #179 from resin-io/178-dind-docker-1.10.3-rsync-dropbear

178 dind docker 1.10.3 rsync dropbear

Makefile

@@ -14,6 +14,8 @@ PUBNUB_SUBSCRIBE_KEY = sub-c-bananas
 PUBNUB_PUBLISH_KEY = pub-c-bananas
 MIXPANEL_TOKEN = bananasbananas
 
+PASSWORDLESS_DROPBEAR = false
+
 ifdef BASE_DISTRO
 $(info BASE_DISTRO SPECIFIED. START BUILDING ALPINE SUPERVISOR)
 	IMAGE = "resin/$(ARCH)-supervisor:$(SUPERVISOR_VERSION)-alpine"
@@ -55,6 +57,7 @@ clean:
 	-rm Dockerfile
 
 supervisor-dind:
+	sed -i 's/\(ENV PASSWORDLESS_DROPBEAR\).*/\1 ${PASSWORDLESS_DROPBEAR}/' tools/dind/Dockerfile
 	cd tools/dind && docker build --no-cache=$(DISABLE_CACHE) -t resin/resin-supervisor-dind:$(SUPERVISOR_VERSION) .
 
 run-supervisor: supervisor-dind stop-supervisor

README.md

@@ -95,6 +95,14 @@ make ARCH=amd64 PRELOADED_IMAGE=true \
 ```
 This will make the docker-in-docker instance pull the image specified in apps.json before running the supervisor.
 
+### Enabling passwordless dropbear access
+
+If you want to enable passwordless dropbear login (e.g. while testing `resin sync`) you can set the `PASSWORDLESS_DROPBEAR` option to `true`, like:
+
+```bash
+make PASSWORDLESS_DROPBEAR=true ARCH=amd64 SUPERVISOR_IMAGE=username/resin-supervisor:master run-supervisor
+```
+
 ### View the containers logs
 ```bash
 docker exec -it resin_supervisor_1 journalctl -f

tools/dind/Dockerfile

@@ -1,22 +1,37 @@
-FROM resin/resin-base:1
+FROM resin/resin-base:2
 
 VOLUME /var/lib/docker
 VOLUME /resin-data
 
 RUN apt-get update \
-	&& apt-get install -y ifupdown \
+	&& apt-get install -y \
+	ifupdown \
+	rsync \
+	dropbear \
 	&& rm -rf /var/lib/apt/lists/*
 
-ENV DOCKER_VERSION 1.6.2
+ENV DOCKER_VERSION 1.10.3
+ENV RELEASE_NAME jessie
 
-# From get.docker.com script
-RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 \
-	&& echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list \
-	&& apt-get update && apt-get install -y lxc-docker-${DOCKER_VERSION} \
+# Change to 'true' to allow blank password dropbear logins on dind HostOS
+ENV PASSWORDLESS_DROPBEAR false
+
+RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D \
+	&& echo deb https://apt.dockerproject.org/repo debian-${RELEASE_NAME} main > /etc/apt/sources.list.d/docker.list \
+	&& apt-get update || true \
+	&& apt-get --force-yes install docker-engine=${DOCKER_VERSION}-0~${RELEASE_NAME} \
 	&& rm -rf /var/lib/apt/lists/*
 
+RUN passwd -d root
+
+# Change os release to a resin-sync compatible one
+RUN sed -i 's/\(PRETTY_NAME=\).*/\1"ResinOS 1.2.1+dind"/' /etc/os-release
+
 COPY config/openvpn/ /etc/openvpn/
+COPY config/dropbear/config /etc/default/dropbear
 COPY config/services/ /etc/systemd/system/
 COPY resin-vars vpn-init /usr/src/app/
 
+RUN if [ "$PASSWORDLESS_DROPBEAR" = "true" ]; then sed -i 's/\(DROPBEAR_EXTRA_ARGS=\).*/\1"-B"/' /etc/default/dropbear; fi
+
 RUN systemctl enable resin-supervisor-dind

tools/dind/config/dropbear/config

@@ -0,0 +1,2 @@
+DROPBEAR_EXTRA_ARGS="-s -w -g"
+DROPBEAR_PORT="22222"

tools/dind/config/services/docker.service.d/overlayfs.conf

@@ -1,3 +1,3 @@
 [Service]
 ExecStart=
-ExecStart=/usr/bin/docker -s overlay -d -H fd://
+ExecStart=/usr/bin/docker daemon --storage-driver overlay --host=fd://

tools/dind/config/services/resin-supervisor-dind.service

@@ -34,6 +34,7 @@ ExecStart=/bin/bash -c 'source /usr/src/app/resin-vars && \
 	-e "SUPERVISOR_IMAGE=${SUPERVISOR_IMAGE}" \
 	-e "DBUS_SYSTEM_BUS_ADDRESS=unix:path=/mnt/root/run/dbus/system_bus_socket" \
 	-e "RESIN_SUPERVISOR_SECRET=${RESIN_SUPERVISOR_SECRET}" \
+	-e "DOCKER_ROOT=/mnt/root/var/lib/docker" \
 	${SUPERVISOR_IMAGE}'
 TimeoutStartSec=0
 Restart=always