refactor: Use docker dind image with privilege

3d69504f · Lansana DIOMANDE · Guillaume WEBER · 281912b7 · 3d69504f · 3d69504f
Commit 3d69504f authored May 17, 2022 by Lansana DIOMANDE Committed by Guillaume WEBER May 31, 2022
--- a/Dockerfile.desktop
+++ b/Dockerfile.desktop
-FROM node:16.15
+FROM docker:20.10.16-dind-alpine3.15
-RUN apt update -y
+RUN apk update
-RUN apt  install vim -y && apt  install nano -y \
+RUN apk add --update nodejs npm
-    && apt  install rsync -y && apt install sudo -y \
+RUN apk  --no-cache add vim && apk  --no-cache add nano \
-    && apt  install bash -y  && apt  install openssh-server -y \
+    && apk  --no-cache add rsync && apk  --no-cache add sudo \
-    && apt  install git -y && apt install python3 -y \
+    && apk  --no-cache add bash && apk  --no-cache add openssh \
-    && ln -sf python3 /usr/bin/python && apt install g++ -y
+    && apk  --no-cache add git && apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
 ## User account
-RUN adduser --disabled-password --gecos '' deadlock && \
+RUN addgroup -S sudo && adduser --disabled-password --gecos '' deadlock && \
-    usermod -aG sudo deadlock && passwd -d deadlock
+    adduser deadlock sudo && \
-RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+    addgroup -S docker && adduser deadlock docker && \
+    echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
+RUN chown root:docker /usr/local/bin/docker
 COPY setup_trace.py setup_trace.py
@@ -20,18 +23,14 @@ RUN chown deadlock setup_trace.py
 COPY recorder-out deadlock/
 COPY .gitignore_recorder deadlock/.gitignore
 COPY start.desktop.sh .
 RUN chmod 504 deadlock/ -R
 RUN chmod 500 start.desktop.sh
-RUN mkdir /project && mkdir /tmp/.ssh && mkdir /home/deadlock/mission && \
+RUN mkdir /project && mkdir /tmp/.ssh && mkdir /home/deadlock/mission
-    chown deadlock:deadlock /home/deadlock
-RUN curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh
-RUN curl -SL https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose && \
-    chmod +x /usr/local/bin/docker-compose && \
-    ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
-RUN  usermod -aG docker deadlock
+RUN chown deadlock:deadlock /home/deadlock
 ENTRYPOINT ["bash", "start.desktop.sh"]
\ No newline at end of file
--- a/deadlock-plugins/deadlock-extension/src/core/controller.ts
+++ b/deadlock-plugins/deadlock-extension/src/core/controller.ts
@@ -87,8 +87,6 @@ export default class Controller {
    }
  }
-  public async createMissionUserChallengeJson(missionId: string) {}
  public async clear() {
    const exensionStorage = ExtensionStore.getInstance();
    await exensionStorage.clear();
@@ -133,7 +131,6 @@ export default class Controller {
        vscode.window.showInformationMessage('Déjà connecté: session récupérée');
      }
-      console.log('BEFORE QUERY');
      const user: User = await this.callApiService.getUser();
      const giteaPublicProperties: GiteaPublicProperties = await this.callApiService.getGiteaPublicProperties();
      // TODO Should I fetch GET api/missions/{missionId} one day instead of passing necessary parameters in vscode xdg-open link ?

--- a/deadlock-plugins/deadlock-extension/src/core/keycloakOAuth2DeviceFlowConnection.ts
+++ b/deadlock-plugins/deadlock-extension/src/core/keycloakOAuth2DeviceFlowConnection.ts
@@ -154,6 +154,7 @@ export default class KeycloakOAuth2DeviceFlowConnection {
        agent: new https.Agent({ rejectUnauthorized: REJECT_UNAUTHORIZED }),
      });
      userAuthenticationRequestResponseCode = userAuthenticationRequestResponse.status;
+      log(` Status ${userAuthenticationRequestResponseCode}`);
      switch (userAuthenticationRequestResponseCode) {
        case HttpStatusCode.BAD_REQUEST: {
          await this.onUserAuthenticationBadRequest(userAuthenticationRequestResponse);

--- a/deadlock-plugins/deadlock-extension/src/core/mission.ts
+++ b/deadlock-plugins/deadlock-extension/src/core/mission.ts
@@ -41,7 +41,7 @@ export default class Mission {
    this.hostMissionMountDir = `${this.hostMissionDir}/mounted`;
    this.dockerImageURL = getDockerImageURL(registryBaseURL, missionId, missionVersion);
    this.remoteUserHomeDir = '/home/deadlock';
-    this.remoteMissionDir = `${this.remoteUserHomeDir}/mission`;
+    this.remoteMissionDir = `${this.remoteUserHomeDir}/mission/`;
    this.remoteGiteaWorkDir = `/src`;
    this.user = user;
    this.giteaPublicProperties = giteaPublicProperties;
@@ -88,14 +88,8 @@ export default class Mission {
          shutdownAction: 'stopContainer',
          workspaceMount: `source=${this.hostMissionMountDir},target=${this.remoteMissionDir},type=bind`,
          workspaceFolder: `${this.remoteMissionDir}`,
-          onCreateCommand: `cp -R ${this.remoteGiteaWorkDir} ${this.remoteMissionDir}`,
+          onCreateCommand: `cp -R ${this.remoteGiteaWorkDir}/. ${this.remoteMissionDir}`,
-          features: {
+          runArgs: ['--privileged'],
-            'docker-from-docker': {
-              version: 'latest',
-              moby: true,
-              dockerDashComposeVersion: 'v1',
-            },
-          },
          ...options,
        };
        return JSON.stringify(devcontainer, null, 2);

--- a/start.desktop.sh
+++ b/start.desktop.sh
@@ -3,6 +3,9 @@
 ON_START_UP_FILE="/deadlock/startup.sh"
 TAG="[DEADLOCK]"
+# Start docker in docker
+dockerd-entrypoint.sh $@ &
 # setup ssh key for root user
 # must be installed by the API first within /tmp/.ssh
 mkdir ~/.ssh