github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-19 04:04:32 +00:00
Code Issues Projects Releases Wiki Activity

build: Fix clh source build as normal user

Browse Source 
While running make as non-privileged user, the make errors out with
the following message:
"INFO: Build cloud-hypervisor enabling the following features: tdx
Got permission denied while trying to connect to the Docker daemon
socket at unix:///var/run/docker.sock: Post
"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/images/create?fromImage=cloudhypervisor%2Fdev&tag=20220524-0":
dial unix /var/run/docker.sock: connect: permission denied"

Even though the user may be part of docker group, the clh build from
source does a docker in docker build. It is necessary for the user of
the nested container to be part of docker build for the build to
succeed.

Fixes #4594

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This commit is contained in:
Archana Shinde 2022-07-05 14:46:43 -07:00
parent 071dd4c790
commit efdb92366b
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tools/packaging/kata-deploy/local-build/dockerbuild/Dockerfile
View File

@ -23,8 +23,13 @@ RUN apt-get update && \
ARG IMG_USER=kata-builder ARG IMG_USER=kata-builder
ARG UID=1000 ARG UID=1000
ARG GID=1000 ARG GID=1000
# gid of the docker group on the host, required for running docker in docker builds.
ARG HOST_DOCKER_GID
RUN if [ ${IMG_USER} != "root" ]; then groupadd --gid=${GID} ${IMG_USER};fi RUN if [ ${IMG_USER} != "root" ]; then groupadd --gid=${GID} ${IMG_USER};fi
RUN if [ ${IMG_USER} != "root" ]; then adduser ${IMG_USER} --uid=${UID} --gid=${GID};fi RUN if [ ${IMG_USER} != "root" ]; then adduser ${IMG_USER} --uid=${UID} --gid=${GID};fi
RUN if [ ${IMG_USER} != "root" ] && [ ! -z ${HOST_DOCKER_GID} ]; then groupadd --gid=${HOST_DOCKER_GID} docker_on_host;fi
RUN if [ ${IMG_USER} != "root" ] && [ ! -z ${HOST_DOCKER_GID} ]; then usermod -a -G docker_on_host ${IMG_USER};fi
RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers" RUN sh -c "echo '${IMG_USER} ALL=NOPASSWD: ALL' >> /etc/sudoers"
#FIXME: gcc is required as agent is build out of a container build. #FIXME: gcc is required as agent is build out of a container build.
@ -40,4 +45,4 @@ RUN apt-get update && \
apt-get clean && rm -rf /var/lib/apt/lists apt-get clean && rm -rf /var/lib/apt/lists
ENV USER ${IMG_USER} ENV USER ${IMG_USER}
USER ${UID}:${GID} USER ${IMG_USER}

14
tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
View File

@ -20,17 +20,27 @@ if [ "${script_dir}" != "${PWD}" ]; then
ln -sf "${script_dir}/build" "${PWD}/build" ln -sf "${script_dir}/build" "${PWD}/build"
fi fi
# This is the gid of the "docker" group on host. In case of docker in docker builds
# for some of the targets (clh builds from source), the nested container user needs to
# be part of this group.
docker_gid=$(getent group docker | cut -d: -f3 || { echo >&2 "Missing docker group, docker needs to be installed" && false; })
# If docker gid is the effective group id of the user, do not pass it as
# an additional group.
if [ ${docker_gid} == ${gid} ]; then
docker_gid=""
fi
docker build -q -t build-kata-deploy \ docker build -q -t build-kata-deploy \
--build-arg IMG_USER="${USER}" \ --build-arg IMG_USER="${USER}" \
--build-arg UID=${uid} \ --build-arg UID=${uid} \
--build-arg GID=${gid} \ --build-arg GID=${gid} \
--build-arg HOST_DOCKER_GID=${docker_gid} \
"${script_dir}/dockerbuild/" "${script_dir}/dockerbuild/"
docker run \ docker run \
-v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/docker.sock:/var/run/docker.sock \
--user ${uid}:${gid} \
--env USER=${USER} -v "${kata_dir}:${kata_dir}" \ --env USER=${USER} -v "${kata_dir}:${kata_dir}" \
--rm \ --rm \
-w ${script_dir} \ -w ${script_dir} \
build-kata-deploy "${kata_deploy_create}" $@ build-kata-deploy "${kata_deploy_create}" $@