mirror of
https://github.com/balena-os/balena-supervisor.git
synced 2024-12-24 07:46:41 +00:00
Use balena 17.06 and resin-base v2.9.2 for the docker-in-docker supervisor
Change-Type: patch Signed-off-by: Pablo Carranza Velez <pablo@resin.io>
This commit is contained in:
parent
bb350eca92
commit
e75c331aa3
@ -1,4 +1,4 @@
|
||||
FROM resin/resin-base:2
|
||||
FROM resin/resin-base:v2.9.2
|
||||
|
||||
VOLUME /var/lib/docker
|
||||
VOLUME /resin-data
|
||||
@ -11,7 +11,7 @@ RUN apt-get update \
|
||||
aufs-tools \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
ENV DOCKER_VERSION 1.10.3
|
||||
ENV BALENA_VERSION 17.06-rev1
|
||||
ENV RELEASE_NAME jessie
|
||||
|
||||
# Change to 'true' to allow blank password dropbear logins on dind HostOS
|
||||
@ -20,14 +20,10 @@ ARG PASSWORDLESS_DROPBEAR=false
|
||||
COPY config/certs/ /usr/local/share/ca-certificates/
|
||||
RUN rm -f /usr/local/share/ca-certificates/.keepme ; update-ca-certificates
|
||||
|
||||
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D \
|
||||
&& echo deb https://apt.dockerproject.org/repo debian-${RELEASE_NAME} main > /etc/apt/sources.list.d/docker.list \
|
||||
&& apt-get update || true \
|
||||
&& apt-get --force-yes install docker-engine=${DOCKER_VERSION}-0~${RELEASE_NAME} \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
RUN curl -sL "https://github.com/resin-os/balena/releases/download/${BALENA_VERSION}/balena-${BALENA_VERSION}-x86_64.tar.gz" \
|
||||
| tar xzv -C /usr/bin --strip-components=1
|
||||
|
||||
ENV DIND_COMMIT 3b5fac462d21ca164b3778647420016315289034
|
||||
RUN curl -sL https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind > /usr/bin/dind \
|
||||
RUN curl -sL https://raw.githubusercontent.com/resin-os/balena/${BALENA_VERSION}/hack/dind > /usr/bin/dind \
|
||||
&& chmod +x /usr/bin/dind
|
||||
|
||||
RUN passwd -d root
|
||||
@ -43,6 +39,8 @@ COPY resin-vars vpn-init /usr/src/app/
|
||||
|
||||
RUN if [ "$PASSWORDLESS_DROPBEAR" = "true" ]; then sed -i 's/\(DROPBEAR_EXTRA_ARGS=\).*/\1"-B"/' /etc/default/dropbear; fi
|
||||
|
||||
ENV DOCKER_HOST unix:///var/run/docker.sock
|
||||
RUN groupadd docker
|
||||
RUN systemctl enable resin-supervisor-dind
|
||||
|
||||
COPY supervisor-image.tar /usr/src/
|
||||
|
19
tools/dind/config/services/docker.service
Normal file
19
tools/dind/config/services/docker.service
Normal file
@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
Description=Balena Application Container Engine
|
||||
Documentation=http://docs.docker.com
|
||||
After=network.target docker.socket
|
||||
Requires=docker.socket
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
Restart=always
|
||||
ExecStart=/usr/bin/dind /usr/bin/balenad --storage-driver aufs --host=fd:// -g /var/lib/docker
|
||||
#Adjust OOMscore to -900 to make killing balena unlikely
|
||||
OOMScoreAdjust=-900
|
||||
MountFlags=slave
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=1048576
|
||||
LimitCORE=infinity
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,3 +0,0 @@
|
||||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/dind /usr/bin/docker daemon --storage-driver aufs --host=fd://
|
12
tools/dind/config/services/docker.socket
Normal file
12
tools/dind/config/services/docker.socket
Normal file
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=Docker Socket for the API
|
||||
PartOf=docker.service
|
||||
|
||||
[Socket]
|
||||
ListenStream=/var/run/docker.sock
|
||||
SocketMode=0660
|
||||
SocketUser=root
|
||||
SocketGroup=docker
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
@ -6,15 +6,16 @@ Before=openvpn-resin.service
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/usr/src/app
|
||||
Environment=DOCKER_HOST=unix:///var/run/docker.sock
|
||||
EnvironmentFile=/usr/src/app/config/env
|
||||
EnvironmentFile=/usr/src/app/config/localenv
|
||||
ExecStartPre=/bin/bash -c 'if [ "${PRELOADED_IMAGE}" == "true" ]; then /usr/bin/docker pull $(jq --raw-output ".[0].imageId" ${APPS_PATH}); fi'
|
||||
ExecStartPre=/usr/bin/docker load --input /usr/src/supervisor-image.tar
|
||||
ExecStartPre=-/usr/bin/docker kill resin_supervisor
|
||||
ExecStartPre=-/usr/bin/docker rm resin_supervisor
|
||||
ExecStartPre=/bin/bash -c 'if [ "${PRELOADED_IMAGE}" == "true" ]; then /usr/bin/balena pull $(jq --raw-output ".[0].imageId" ${APPS_PATH}); fi'
|
||||
ExecStartPre=/usr/bin/balena load --input /usr/src/supervisor-image.tar
|
||||
ExecStartPre=-/usr/bin/balena kill resin_supervisor
|
||||
ExecStartPre=-/usr/bin/balena rm resin_supervisor
|
||||
ExecStartPre=-/bin/touch /etc/resolv.conf
|
||||
ExecStart=/bin/bash -c 'source /usr/src/app/resin-vars && \
|
||||
/usr/bin/docker run --rm --privileged --name resin_supervisor \
|
||||
/usr/bin/balena run --rm --privileged --name resin_supervisor \
|
||||
--net=host \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v "${CONFIG_PATH}:/boot/config.json" \
|
||||
|
Loading…
Reference in New Issue
Block a user