Use balena 17.06 and resin-base v2.9.2 for the docker-in-docker supervisor

Change-Type: patch
Signed-off-by: Pablo Carranza Velez <pablo@resin.io>
This commit is contained in:
Pablo Carranza Velez 2017-10-31 14:19:19 -07:00
parent bb350eca92
commit e75c331aa3
5 changed files with 44 additions and 17 deletions

View File

@ -1,4 +1,4 @@
FROM resin/resin-base:2
FROM resin/resin-base:v2.9.2
VOLUME /var/lib/docker
VOLUME /resin-data
@ -11,7 +11,7 @@ RUN apt-get update \
aufs-tools \
&& rm -rf /var/lib/apt/lists/*
ENV DOCKER_VERSION 1.10.3
ENV BALENA_VERSION 17.06-rev1
ENV RELEASE_NAME jessie
# Change to 'true' to allow blank password dropbear logins on dind HostOS
@ -20,14 +20,10 @@ ARG PASSWORDLESS_DROPBEAR=false
COPY config/certs/ /usr/local/share/ca-certificates/
RUN rm -f /usr/local/share/ca-certificates/.keepme ; update-ca-certificates
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D \
&& echo deb https://apt.dockerproject.org/repo debian-${RELEASE_NAME} main > /etc/apt/sources.list.d/docker.list \
&& apt-get update || true \
&& apt-get --force-yes install docker-engine=${DOCKER_VERSION}-0~${RELEASE_NAME} \
&& rm -rf /var/lib/apt/lists/*
RUN curl -sL "https://github.com/resin-os/balena/releases/download/${BALENA_VERSION}/balena-${BALENA_VERSION}-x86_64.tar.gz" \
| tar xzv -C /usr/bin --strip-components=1
ENV DIND_COMMIT 3b5fac462d21ca164b3778647420016315289034
RUN curl -sL https://raw.githubusercontent.com/docker/docker/${DIND_COMMIT}/hack/dind > /usr/bin/dind \
RUN curl -sL https://raw.githubusercontent.com/resin-os/balena/${BALENA_VERSION}/hack/dind > /usr/bin/dind \
&& chmod +x /usr/bin/dind
RUN passwd -d root
@ -43,6 +39,8 @@ COPY resin-vars vpn-init /usr/src/app/
RUN if [ "$PASSWORDLESS_DROPBEAR" = "true" ]; then sed -i 's/\(DROPBEAR_EXTRA_ARGS=\).*/\1"-B"/' /etc/default/dropbear; fi
ENV DOCKER_HOST unix:///var/run/docker.sock
RUN groupadd docker
RUN systemctl enable resin-supervisor-dind
COPY supervisor-image.tar /usr/src/

View File

@ -0,0 +1,19 @@
[Unit]
Description=Balena Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
[Service]
Type=notify
Restart=always
ExecStart=/usr/bin/dind /usr/bin/balenad --storage-driver aufs --host=fd:// -g /var/lib/docker
#Adjust OOMscore to -900 to make killing balena unlikely
OOMScoreAdjust=-900
MountFlags=slave
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
[Install]
WantedBy=multi-user.target

View File

@ -1,3 +0,0 @@
[Service]
ExecStart=
ExecStart=/usr/bin/dind /usr/bin/docker daemon --storage-driver aufs --host=fd://

View File

@ -0,0 +1,12 @@
[Unit]
Description=Docker Socket for the API
PartOf=docker.service
[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker
[Install]
WantedBy=sockets.target

View File

@ -6,15 +6,16 @@ Before=openvpn-resin.service
[Service]
WorkingDirectory=/usr/src/app
Environment=DOCKER_HOST=unix:///var/run/docker.sock
EnvironmentFile=/usr/src/app/config/env
EnvironmentFile=/usr/src/app/config/localenv
ExecStartPre=/bin/bash -c 'if [ "${PRELOADED_IMAGE}" == "true" ]; then /usr/bin/docker pull $(jq --raw-output ".[0].imageId" ${APPS_PATH}); fi'
ExecStartPre=/usr/bin/docker load --input /usr/src/supervisor-image.tar
ExecStartPre=-/usr/bin/docker kill resin_supervisor
ExecStartPre=-/usr/bin/docker rm resin_supervisor
ExecStartPre=/bin/bash -c 'if [ "${PRELOADED_IMAGE}" == "true" ]; then /usr/bin/balena pull $(jq --raw-output ".[0].imageId" ${APPS_PATH}); fi'
ExecStartPre=/usr/bin/balena load --input /usr/src/supervisor-image.tar
ExecStartPre=-/usr/bin/balena kill resin_supervisor
ExecStartPre=-/usr/bin/balena rm resin_supervisor
ExecStartPre=-/bin/touch /etc/resolv.conf
ExecStart=/bin/bash -c 'source /usr/src/app/resin-vars && \
/usr/bin/docker run --rm --privileged --name resin_supervisor \
/usr/bin/balena run --rm --privileged --name resin_supervisor \
--net=host \
-v /var/run/docker.sock:/var/run/docker.sock \
-v "${CONFIG_PATH}:/boot/config.json" \