From 4bac5442b816023b08a2aa53b84446c5e993a53d Mon Sep 17 00:00:00 2001 From: Platform Default User Date: Fri, 4 Oct 2024 15:41:50 +0200 Subject: [PATCH 1/4] pushed the user specific stuff to the end, because we want to stop having to recompile the whole thing to figure out this permission nonsense --- options.sh | 6 ++- ros.Dockerfile | 100 +++++++++++++++++++++--------------------- scripts/entrypoint.sh | 13 ++++-- 3 files changed, 63 insertions(+), 56 deletions(-) diff --git a/options.sh b/options.sh index d942927..d508b2f 100755 --- a/options.sh +++ b/options.sh @@ -14,8 +14,10 @@ USE_ANDROID_VM=false #true BT_DONGLE_VENDOR_ID=0bda:8771 USERNAME=rosopensimrt -USER_ID_THAT_WAS_USED_TO_BUILD_THIS_DOCKER=908 -USER_GID_THAT_WAS_USED_TO_BUILD_THIS_DOCKER=908 + +# Why? Because there are some things, like dbus that we can't chmod to belong to the docker user, so if we just keep the same number, it should just work. +USER_ID_THAT_WAS_USED_TO_BUILD_THIS_DOCKER=$(id -u) #1000 +USER_GID_THAT_WAS_USED_TO_BUILD_THIS_DOCKER=$(id -u) #1000 COMPLETE_BUILD=true SUFFIX=_complete diff --git a/ros.Dockerfile b/ros.Dockerfile index b2bdff3..1620690 100644 --- a/ros.Dockerfile +++ b/ros.Dockerfile @@ -2,6 +2,10 @@ ARG start_with_image=ros:noetic-ros-base ARG IS_ROOTLESS=false FROM ${start_with_image} AS stage1 ARG IS_ROOTLESS +ARG user=osruser1 +ARG group=osruser1 +ARG uid=1000 +ARG gid=1000 ENV IS_ROOTLESS=${IS_ROOTLESS} ENV DEBIAN_FRONTEND=noninteractive @@ -11,6 +15,7 @@ RUN apt-get update && apt-get install \ curl \ freeglut3-dev \ git \ + gosu \ libxi-dev \ libxmu-dev \ liblapack-dev \ @@ -44,7 +49,6 @@ RUN apt-get install \ ros-noetic-rosbridge-server \ --yes && rm -rf /var/lib/apt/lists/* - ADD scripts/configure_sound.bash /tmp/conf_alsa.bash RUN /tmp/conf_alsa.bash @@ -66,6 +70,10 @@ RUN wget https://sourceforge.net/projects/dependencies/files/vicon/ViconDataStr RUN git clone https://github.com/mysablehats/OpenSimRT_data.git /srv/data FROM stage1 AS stage2 +ARG user=osruser1 +ARG group=osruser1 +ARG uid=1000 +ARG gid=1000 ADD scripts/ximu.bash /bin RUN /bin/ximu.bash @@ -89,35 +97,16 @@ RUN /bin/ximu.bash ## also need pupil and nest for eye_tracker RUN wget https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && python3 -m pip install --upgrade pynvim && \ pip3 install --upgrade pip && hash -r && pip3 install --upgrade pip && pip3 install protobuf==3.20.1 mock numpy pupil-labs-realtime-api nest_asyncio && \ - pip3 install --ignore-installed PyYAML==5.3 + pip3 install --ignore-installed PyYAML==5.3 && \ + pip3 install timeout_decorator libtmux sympy tqdm pandas -RUN echo "reinstall neovim" ADD vim /nvim ADD scripts/vim_install.bash /nvim RUN /nvim/vim_install.bash ADD tmux/.tmux.conf /etc/tmux -RUN echo "I use this to make it get stuff from git again" - -# Set user and group -ARG user=osruser1 -ARG group=osruser1 -ARG uid=1000 -ARG gid=1000 -#ARG VIDEOGROUP=${VIDEOGROUP} -#RUN groupadd -g $VIDEOGROUP video -RUN groupadd -g ${gid} ${group} - -## opensimrtuser) -## generate other password with $ openssl passwd -6 "somepassword" -RUN useradd -l -u ${uid} -g ${gid} -G sudo,audio,video -s /bin/bash -m -p '$6$WsqPSjlIKm37devi$U3hwXWYilUOFYRH8EE7FoStlfCfeK0dJY3.fdEWKFJkDGMg6p9YQIsycpcv7OM4SFSdz3D0sfEGyrY8reNSgu1' ${user} -# Switch to user - -ENV XDG_RUNTIME_DIR=/run/user/"${uid}" - WORKDIR /catkin_opensim/src - ENV OPENSIMRTDIR=opensimrt_core #half way into removing those hardcoded paths. still hardcoded, but a bit better @@ -128,11 +117,10 @@ RUN git clone https://github.com/opensimrt-ros/opensimrt_core.git ./$OPENSIMRTDI RUN sed 's@~@/opt@' ./$OPENSIMRTDIR/.github/workflows/env_variables >> /etc/profile.d/opensim_envs.sh RUN git clone https://github.com/opensimrt-ros/opensimrt_msgs.git -b devel && echo "pulling opensimrt_msgs again" -#RUN echo "I use this to make it get stuff from git again" RUN git clone https://github.com/opensimrt-ros/opensimrt_bridge.git -b devel && echo "pulling opensimrt_bridge again" -ENV PYTHONPATH=/opt/ros/noetic/lib/python3/dist-packages/:$PYTHONPATH +ENV PYTHONPATH=/opt/ros/noetic/lib/python3/dist-packages/ #I dont think this variable is set yet ENV OPENSIM_PYTHON_DIR=/usr/local/lib/python3.8/site-packages @@ -146,34 +134,35 @@ RUN sed -i "s/\(subprocess.Popen([^)]*\)/\1,universal_newlines=True/" /opt/ros/n ADD scripts/realsense_install.bash /usr/sbin/ RUN bash /usr/sbin/realsense_install.bash -RUN mkdir -p -m 0700 /var/run/dbus && chown ${uid}:${gid} /var/run/dbus && chown ${uid}:${gid} -R /catkin_opensim - -USER ${uid} - -ENV HOME_DIR=/home/${user} -ADD scripts/vim_configure.bash ${HOME_DIR}/ -RUN ~/vim_configure.bash - -ADD tmux/.tmux.conf ${HOME_DIR}/ - ADD scripts/build_opensimrt.bash /bin/catkin_build_opensimrt.bash ADD scripts/build_catkin_ws.bash /bin/catkin_build_ws.bash -RUN printf "source /catkin_ws/devel/setup.bash\nsource /catkin_opensim/devel/setup.bash" >> ~/.bash_history - -############################################################################################################################################################################################################################################### FROM stage2 AS stage3 +## just builds opensimrt +ARG user=osruser1 +ARG group=osruser1 +ARG uid=1000 +ARG gid=1000 + WORKDIR /catkin_opensim/src/opensimrt_core RUN git pull WORKDIR /catkin_opensim -#RUN . /opt/ros/noetic/setup.sh && . /etc/profile.d/opensim_envs.sh && catkin_make ## it's not a session, so it wont load the exports... RUN /bin/catkin_build_opensimrt.bash -WORKDIR /catkin_opensim/src +ADD scripts/banners /etc/banners +ADD scripts/banners/welcome.sh /etc/profile.d/welcome.sh FROM stage3 AS final +# Set user and group +ARG user=osruser1 +ARG group=osruser1 +ARG uid=1000 +ARG gid=1000 +ENV XDG_RUNTIME_DIR=/run/user/"${uid}" + +## sets exposed ports #EXPOSE 8080/udp #EXPOSE 8080/tcp @@ -188,6 +177,26 @@ EXPOSE 7000/tcp #port for insoles EXPOSE 9999 +#ARG VIDEOGROUP=${VIDEOGROUP} +#RUN groupadd -g $VIDEOGROUP video +RUN groupadd -g ${gid} ${group} + +## opensimrtuser) +## generate other password with $ openssl passwd -6 "somepassword" +RUN useradd -l -u ${uid} -g ${gid} -G sudo,audio,video -s /bin/bash -m -p '$6$WsqPSjlIKm37devi$U3hwXWYilUOFYRH8EE7FoStlfCfeK0dJY3.fdEWKFJkDGMg6p9YQIsycpcv7OM4SFSdz3D0sfEGyrY8reNSgu1' ${user} +# Switch to user +RUN chown ${uid}:${gid} -R /catkin_opensim + +USER ${uid} + +ENV HOME_DIR=/home/${user} +ADD scripts/vim_configure.bash ${HOME_DIR}/ +RUN ~/vim_configure.bash + +ADD tmux/.tmux.conf ${HOME_DIR}/ + +RUN printf "source /catkin_ws/devel/setup.bash\nsource /catkin_opensim/devel/setup.bash" >> ~/.bash_history + ##BLING ADD scripts/bash_git.bash ${HOME_DIR}/.bash_git ADD scripts/bashbar.bash ${HOME_DIR}/.bash_bar @@ -199,19 +208,11 @@ RUN echo "source ~/.bash_git" >> ~/.bashrc && \ ADD scripts/create_bashrcs.bash ${HOME_DIR}/.create_bashrcs.sh RUN bash ~/.create_bashrcs.sh -#ADD tmux/ /usr/local/bin # moved to a volume - -ADD scripts/catkin.sh /bin/first_time_catkin_builder.sh ## gets latest local environment ADD scripts/set_local_branches.bash /bin/set_local_branches.bash #ADD scripts/get_latest_local_branches.bash /bin/get_latest_local_branches.bash -WORKDIR /catkin_ws -#RUN apt remove python -y -#RUN apt install cowsay -y - RUN rosdep update -RUN pip3 install timeout_decorator libtmux sympy tqdm pandas WORKDIR ${HOME_DIR} RUN git clone https://github.com/mrocklin/multipolyfit.git \ @@ -220,9 +221,6 @@ RUN git clone https://github.com/mrocklin/multipolyfit.git \ WORKDIR /catkin_ws -ADD scripts/banners /etc/banners -ADD scripts/banners/welcome.sh /etc/profile.d/welcome.sh - USER root RUN set -eux; \ apt-get update; \ @@ -231,5 +229,7 @@ RUN set -eux; \ # verify that the binary works gosu nobody true +RUN mkdir -p -m 0700 /var/run/dbus && chown ${uid}:${gid} /var/run/dbus + ADD scripts/entrypoint.sh /bin/entrypoint.sh ENTRYPOINT [ "entrypoint.sh" ] diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 6afa6c4..8ac8503 100755 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -20,15 +20,20 @@ fi ## I should get this from options// DOCKER_USER_NAME=rosopensimrt +## if we want screen, sound and dev, this is unavoidable. +# maybe when they fix the way volumes are mounted this can all be removed +echo "Changing userid. This takes a long time..." +usermod -u ${OUTSIDEY_USER_ID} $DOCKER_USER_NAME +groupmod -g ${OUTSIDEY_USER_ID} $DOCKER_USER_NAME + export DBUS_SESSION_BUS_ADDRESS=unix:path=$XDG_RUNTIME_DIR -gosu $DOCKER_USER_NAME:$DOCKER_USER_NAME dbus-daemon --session --address=$DBUS_SESSION_BUS_ADDRESS --nofork --nopidfile --syslog-only & +gosu $OUTSIDEY_USER_ID dbus-daemon --session --address=$DBUS_SESSION_BUS_ADDRESS --nofork --nopidfile --syslog-only & #dbus-daemon --session --address=$DBUS_SESSION_BUS_ADDRESS --nofork --nopidfile --syslog-only & -# inspired by: https://github.com/redis/docker-library-redis/blob/master/Dockerfile.template& https://github.com/redis/docker-library-redis/blob/master/docker-entrypoint.sh +## This doesn't work. I mean, it works, but not completely. -#maybe we can use just the second one for docker --user ? +# inspired by: https://github.com/redis/docker-library-redis/blob/master/Dockerfile.template& https://github.com/redis/docker-library-redis/blob/master/docker-entrypoint.sh -#usermod -u ${OUTSIDEY_USER_ID} $DOCKER_USER_NAME ACTUAL_USER_ID=$OUTSIDEY_USER_ID if [ "$IS_ROOTLESS" = "true" ]; then From f56984fbbca73837a6984d92d7a0c113551ede92 Mon Sep 17 00:00:00 2001 From: Platform Default User Date: Fri, 4 Oct 2024 16:58:50 +0200 Subject: [PATCH 2/4] faster srv/data --- ros.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ros.Dockerfile b/ros.Dockerfile index 1620690..956954f 100644 --- a/ros.Dockerfile +++ b/ros.Dockerfile @@ -67,7 +67,7 @@ RUN wget https://sourceforge.net/projects/dependencies/files/vicon/ViconDataStr #RUN echo "I use this to make it get stuff from git again" -RUN git clone https://github.com/mysablehats/OpenSimRT_data.git /srv/data +RUN git clone --depth=1 https://github.com/mysablehats/OpenSimRT_data.git /srv/data FROM stage1 AS stage2 ARG user=osruser1 From 82f5757d4a4858dc95c52640c4737fb3af217012 Mon Sep 17 00:00:00 2001 From: Platform Default User Date: Fri, 4 Oct 2024 17:11:06 +0200 Subject: [PATCH 3/4] use host network option added --- options.sh | 3 +++ run_docker_image.sh | 14 ++++++++------ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/options.sh b/options.sh index d508b2f..fb06889 100755 --- a/options.sh +++ b/options.sh @@ -10,6 +10,9 @@ #BRANCH=latest +## to connect with vicon and not having to deal with routing tables, it is just easier to use the host network +USE_HOST_NETWORK=true + USE_ANDROID_VM=false #true BT_DONGLE_VENDOR_ID=0bda:8771 diff --git a/run_docker_image.sh b/run_docker_image.sh index b71b9e1..0f486da 100755 --- a/run_docker_image.sh +++ b/run_docker_image.sh @@ -51,16 +51,18 @@ elif [ "$(expr substr $(uname -s) 1 5)" == "Linux" ]; then nmcli con up "${CONNECTION_NAME}" fi EXTRA_OPTIONS="" - if [ "$IS_ROOTLESS" = true ]; then + if [ "$IS_ROOTLESS" = true ] || [ "$USE_HOST_NETWORK" = true ]; then + EXTRA_OPTIONS=--network=host - fi - #not sure if I need to expose these ports, but it is working - docker run --rm -it $EXTRA_OPTIONS --network=host \ - -p 9000:9000/udp \ + else + EXTRA_OPTIONS=-p 9000:9000/udp \ -p 8001:8001/udp \ -p 10000:10000/udp \ -p 9999:9999 \ - -p 1030:1030/udp \ + -p 1030:1030/udp + fi + #not sure if I need to expose these ports, but it is working + docker run --rm -it $EXTRA_OPTIONS \ -e WINDOW_TITLE="${THIS_WINDOW_TITLE}" \ -e DISPLAY=unix$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix -v /tmp/.docker.xauth:/tmp/.docker.xauth:rw -e XAUTHORITY=/tmp/.docker.xauth \ --name=$NAME \ From 3d89881a895e2332e7e127a968204ac7ba1e0311 Mon Sep 17 00:00:00 2001 From: Platform Default User Date: Fri, 4 Oct 2024 17:24:07 +0200 Subject: [PATCH 4/4] gets rid of 1 error message, but doesnt solve the problem with flexbe dbus access --- ros.Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ros.Dockerfile b/ros.Dockerfile index 956954f..3cf5d96 100644 --- a/ros.Dockerfile +++ b/ros.Dockerfile @@ -229,7 +229,8 @@ RUN set -eux; \ # verify that the binary works gosu nobody true -RUN mkdir -p -m 0700 /var/run/dbus && chown ${uid}:${gid} /var/run/dbus +RUN mkdir -p -m 0700 /var/run/dbus && chown ${uid}:${gid} /var/run/dbus &&\ + mkdir -p -m 0700 /var/run/user/${uid} && chown ${uid}:${gid} /var/run/user/${uid} ADD scripts/entrypoint.sh /bin/entrypoint.sh ENTRYPOINT [ "entrypoint.sh" ]