Skip to content
Permalink
Browse files

Fix the DIND image

dockerd was being run as the go user, which is not permitted. Instead
run dockerd using a sudo wrapper
  • Loading branch information...
ketan committed Jul 22, 2019
1 parent 4ae5124 commit fc61beb9b34540a9068a20aecbe42326483d1e3f
@@ -186,7 +186,7 @@ enum Distro implements DistroBehavior {
@Override
List<DistroVersion> getSupportedVersions() {
return [
new DistroVersion(version: 'dind', releaseName: 'dind', eolDate: parseDate('2099-01-01'), installPrerequisitesCommands: ['apk add --no-cache cyrus-sasl cyrus-sasl-plain'])
new DistroVersion(version: 'dind', releaseName: 'dind', eolDate: parseDate('2099-01-01'), installPrerequisitesCommands: ['apk add --no-cache cyrus-sasl cyrus-sasl-plain sudo'])
]
}

@@ -86,12 +86,15 @@ ADD docker-entrypoint.sh /
COPY --from=gocd-agent-unzip /go-agent /go-agent
# ensure that logs are printed to console output
COPY --chown=go:root agent-bootstrapper-logback-include.xml agent-launcher-logback-include.xml agent-logback-include.xml /go-agent/config/
<#if distro.name() == "docker">
COPY --chown=root:root dockerd-sudo /etc/sudoers.d/dockerd-sudo
</#if>

RUN chown -R go:root /go-agent /docker-entrypoint.d /go /godata /docker-entrypoint.sh \
&& chmod -R g=u /go-agent /docker-entrypoint.d /go /godata /docker-entrypoint.sh

<#if distro.name() == "docker">
ADD run-docker-daemon.sh /
COPY --chown=root:root run-docker-daemon.sh /
</#if>

ENTRYPOINT ["/docker-entrypoint.sh"]
@@ -54,7 +54,7 @@ setup_autoregister_properties_file() {
}

if [ -e /run-docker-daemon.sh ]; then
source /run-docker-daemon.sh
sudo /run-docker-daemon.sh
fi

AGENT_WORK_DIR="/go"
@@ -0,0 +1,3 @@

Defaults env_reset
go ALL=(ALL) NOPASSWD: /run-docker-daemon.sh
@@ -14,4 +14,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.

sh -c "$(which dind) dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375" > /usr/local/bin/nohup.out 2>&1 &
$(which dind) dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 > /var/log/dockerd.log 2>&1 &
disown
@@ -92,6 +92,9 @@ subprojects {
def file = project.file("${task.gitRepoDirectory}/run-docker-daemon.sh")
file.bytes = BuildDockerImageTask.class.getResource("/gocd-docker-agent/run-docker-daemon.sh").bytes
file.setExecutable(true, false)

file = project.file("${task.gitRepoDirectory}/dockerd-sudo")
file.bytes = BuildDockerImageTask.class.getResource("/gocd-docker-agent/dockerd-sudo").bytes
}
}

0 comments on commit fc61beb

Please sign in to comment.
You can’t perform that action at this time.