fix dev containers for non-root containers
This commit is contained in:
sadnub
@@ -1,3 +1,10 @@
|
|||||||
|
# pulls community scripts from git repo
|
||||||
|
FROM python:3.9.9-slim AS GET_SCRIPTS_STAGE
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y --no-install-recommends git && \
|
||||||
|
git clone https://github.com/amidaware/community-scripts.git /community-scripts
|
||||||
|
|
||||||
FROM python:3.9.9-slim
|
FROM python:3.9.9-slim
|
||||||
|
|
||||||
ENV TACTICAL_DIR /opt/tactical
|
ENV TACTICAL_DIR /opt/tactical
|
||||||
@@ -13,6 +20,9 @@ EXPOSE 8000 8383 8005
|
|||||||
RUN groupadd -g 1000 tactical && \
|
RUN groupadd -g 1000 tactical && \
|
||||||
useradd -u 1000 -g 1000 tactical
|
useradd -u 1000 -g 1000 tactical
|
||||||
|
|
||||||
|
# copy community scripts
|
||||||
|
COPY --from=GET_SCRIPTS_STAGE /community-scripts /community-scripts
|
||||||
|
|
||||||
# Copy dev python reqs
|
# Copy dev python reqs
|
||||||
COPY .devcontainer/requirements.txt /
|
COPY .devcontainer/requirements.txt /
|
||||||
|
|
||||||
|
|||||||
@@ -1,19 +0,0 @@
|
|||||||
version: '3.4'
|
|
||||||
|
|
||||||
services:
|
|
||||||
api-dev:
|
|
||||||
image: api-dev
|
|
||||||
build:
|
|
||||||
context: .
|
|
||||||
dockerfile: ./api.dockerfile
|
|
||||||
command: ["sh", "-c", "pip install debugpy -t /tmp && python /tmp/debugpy --wait-for-client --listen 0.0.0.0:5678 manage.py runserver 0.0.0.0:8000 --nothreading --noreload"]
|
|
||||||
ports:
|
|
||||||
- 8000:8000
|
|
||||||
- 5678:5678
|
|
||||||
volumes:
|
|
||||||
- tactical-data-dev:/opt/tactical
|
|
||||||
- ..:/workspace:cached
|
|
||||||
networks:
|
|
||||||
dev:
|
|
||||||
aliases:
|
|
||||||
- tactical-backend
|
|
||||||
@@ -5,6 +5,7 @@ services:
|
|||||||
container_name: trmm-api-dev
|
container_name: trmm-api-dev
|
||||||
image: api-dev
|
image: api-dev
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
build:
|
build:
|
||||||
context: ..
|
context: ..
|
||||||
dockerfile: .devcontainer/api.dockerfile
|
dockerfile: .devcontainer/api.dockerfile
|
||||||
@@ -25,8 +26,7 @@ services:
|
|||||||
container_name: trmm-app-dev
|
container_name: trmm-app-dev
|
||||||
image: node:14-alpine
|
image: node:14-alpine
|
||||||
restart: always
|
restart: always
|
||||||
command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve
|
command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
|
||||||
-- --host 0.0.0.0 --port ${APP_PORT}"
|
|
||||||
working_dir: /workspace/web
|
working_dir: /workspace/web
|
||||||
volumes:
|
volumes:
|
||||||
- ..:/workspace:cached
|
- ..:/workspace:cached
|
||||||
@@ -42,6 +42,7 @@ services:
|
|||||||
container_name: trmm-nats-dev
|
container_name: trmm-nats-dev
|
||||||
image: ${IMAGE_REPO}tactical-nats:${VERSION}
|
image: ${IMAGE_REPO}tactical-nats:${VERSION}
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
environment:
|
environment:
|
||||||
API_HOST: ${API_HOST}
|
API_HOST: ${API_HOST}
|
||||||
API_PORT: ${API_PORT}
|
API_PORT: ${API_PORT}
|
||||||
@@ -62,6 +63,7 @@ services:
|
|||||||
container_name: trmm-meshcentral-dev
|
container_name: trmm-meshcentral-dev
|
||||||
image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
|
image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
environment:
|
environment:
|
||||||
MESH_HOST: ${MESH_HOST}
|
MESH_HOST: ${MESH_HOST}
|
||||||
MESH_USER: ${MESH_USER}
|
MESH_USER: ${MESH_USER}
|
||||||
@@ -85,6 +87,7 @@ services:
|
|||||||
container_name: trmm-mongodb-dev
|
container_name: trmm-mongodb-dev
|
||||||
image: mongo:4.4
|
image: mongo:4.4
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
environment:
|
environment:
|
||||||
MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
|
MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
|
||||||
MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
|
MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
|
||||||
@@ -116,6 +119,7 @@ services:
|
|||||||
redis-dev:
|
redis-dev:
|
||||||
container_name: trmm-redis-dev
|
container_name: trmm-redis-dev
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
command: redis-server --appendonly yes
|
command: redis-server --appendonly yes
|
||||||
image: redis:6.0-alpine
|
image: redis:6.0-alpine
|
||||||
volumes:
|
volumes:
|
||||||
@@ -148,6 +152,9 @@ services:
|
|||||||
- dev
|
- dev
|
||||||
volumes:
|
volumes:
|
||||||
- tactical-data-dev:/opt/tactical
|
- tactical-data-dev:/opt/tactical
|
||||||
|
- mesh-data-dev:/meshcentral-data
|
||||||
|
- redis-data-dev:/redis/data
|
||||||
|
- mongo-dev-data:/mongo/data/db
|
||||||
- ..:/workspace:cached
|
- ..:/workspace:cached
|
||||||
|
|
||||||
# container for celery worker service
|
# container for celery worker service
|
||||||
@@ -156,6 +163,7 @@ services:
|
|||||||
image: api-dev
|
image: api-dev
|
||||||
command: [ "tactical-celery-dev" ]
|
command: [ "tactical-celery-dev" ]
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
networks:
|
networks:
|
||||||
- dev
|
- dev
|
||||||
volumes:
|
volumes:
|
||||||
@@ -171,6 +179,7 @@ services:
|
|||||||
image: api-dev
|
image: api-dev
|
||||||
command: [ "tactical-celerybeat-dev" ]
|
command: [ "tactical-celerybeat-dev" ]
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
networks:
|
networks:
|
||||||
- dev
|
- dev
|
||||||
volumes:
|
volumes:
|
||||||
@@ -186,6 +195,7 @@ services:
|
|||||||
image: api-dev
|
image: api-dev
|
||||||
command: [ "tactical-websockets-dev" ]
|
command: [ "tactical-websockets-dev" ]
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
networks:
|
networks:
|
||||||
dev:
|
dev:
|
||||||
aliases:
|
aliases:
|
||||||
@@ -202,6 +212,7 @@ services:
|
|||||||
container_name: trmm-nginx-dev
|
container_name: trmm-nginx-dev
|
||||||
image: ${IMAGE_REPO}tactical-nginx:${VERSION}
|
image: ${IMAGE_REPO}tactical-nginx:${VERSION}
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
environment:
|
environment:
|
||||||
APP_HOST: ${APP_HOST}
|
APP_HOST: ${APP_HOST}
|
||||||
API_HOST: ${API_HOST}
|
API_HOST: ${API_HOST}
|
||||||
@@ -215,8 +226,8 @@ services:
|
|||||||
dev:
|
dev:
|
||||||
ipv4_address: ${DOCKER_NGINX_IP}
|
ipv4_address: ${DOCKER_NGINX_IP}
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:8080"
|
||||||
- "443:443"
|
- "443:4443"
|
||||||
volumes:
|
volumes:
|
||||||
- tactical-data-dev:/opt/tactical
|
- tactical-data-dev:/opt/tactical
|
||||||
|
|
||||||
@@ -224,6 +235,7 @@ services:
|
|||||||
container_name: trmm-mkdocs-dev
|
container_name: trmm-mkdocs-dev
|
||||||
image: api-dev
|
image: api-dev
|
||||||
restart: always
|
restart: always
|
||||||
|
user: 1000:1000
|
||||||
command: [ "tactical-mkdocs-dev" ]
|
command: [ "tactical-mkdocs-dev" ]
|
||||||
ports:
|
ports:
|
||||||
- "8005:8005"
|
- "8005:8005"
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ set -e
|
|||||||
: "${POSTGRES_PASS:=tactical}"
|
: "${POSTGRES_PASS:=tactical}"
|
||||||
: "${POSTGRES_DB:=tacticalrmm}"
|
: "${POSTGRES_DB:=tacticalrmm}"
|
||||||
: "${MESH_SERVICE:=tactical-meshcentral}"
|
: "${MESH_SERVICE:=tactical-meshcentral}"
|
||||||
: "${MESH_WS_URL:=ws://${MESH_SERVICE}:443}"
|
: "${MESH_WS_URL:=ws://${MESH_SERVICE}:4443}"
|
||||||
: "${MESH_USER:=meshcentral}"
|
: "${MESH_USER:=meshcentral}"
|
||||||
: "${MESH_PASS:=meshcentralpass}"
|
: "${MESH_PASS:=meshcentralpass}"
|
||||||
: "${MESH_HOST:=tactical-meshcentral}"
|
: "${MESH_HOST:=tactical-meshcentral}"
|
||||||
@@ -41,7 +41,7 @@ function django_setup {
|
|||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
|
|
||||||
until (echo > /dev/tcp/"${MESH_SERVICE}"/443) &> /dev/null; do
|
until (echo > /dev/tcp/"${MESH_SERVICE}"/4443) &> /dev/null; do
|
||||||
echo "waiting for meshcentral container to be ready..."
|
echo "waiting for meshcentral container to be ready..."
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
@@ -63,7 +63,7 @@ DOCKER_BUILD = True
|
|||||||
CERT_FILE = '${CERT_PUB_PATH}'
|
CERT_FILE = '${CERT_PUB_PATH}'
|
||||||
KEY_FILE = '${CERT_PRIV_PATH}'
|
KEY_FILE = '${CERT_PRIV_PATH}'
|
||||||
|
|
||||||
SCRIPTS_DIR = '${WORKSPACE_DIR}/scripts'
|
SCRIPTS_DIR = '/community-scripts'
|
||||||
|
|
||||||
ALLOWED_HOSTS = ['${API_HOST}', '*']
|
ALLOWED_HOSTS = ['${API_HOST}', '*']
|
||||||
|
|
||||||
@@ -117,6 +117,20 @@ if [ "$1" = 'tactical-init-dev' ]; then
|
|||||||
|
|
||||||
test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"
|
test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"
|
||||||
|
|
||||||
|
mkdir -p /meshcentral-data
|
||||||
|
mkdir -p ${TACTICAL_DIR}/tmp
|
||||||
|
mkdir -p ${TACTICAL_DIR}/certs
|
||||||
|
mkdir -p /mongo/data/db
|
||||||
|
mkdir -p /redis/data
|
||||||
|
touch /meshcentral-data/.initialized && chown -R 1000:1000 /meshcentral-data
|
||||||
|
touch ${TACTICAL_DIR}/tmp/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}
|
||||||
|
touch ${TACTICAL_DIR}/certs/.initialized && chown -R 1000:1000 ${TACTICAL_DIR}/certs
|
||||||
|
touch /mongo/data/db/.initialized && chown -R 1000:1000 /mongo/data/db
|
||||||
|
touch /redis/data/.initialized && chown -R 1000:1000 /redis/data
|
||||||
|
mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/exe
|
||||||
|
mkdir -p ${TACTICAL_DIR}/api/tacticalrmm/private/log
|
||||||
|
touch ${TACTICAL_DIR}/api/tacticalrmm/private/log/django_debug.log
|
||||||
|
|
||||||
# setup Python virtual env and install dependencies
|
# setup Python virtual env and install dependencies
|
||||||
! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
|
! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
|
||||||
"${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt
|
"${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt
|
||||||
|
|||||||
Reference in New Issue
Block a user