Merge pull request #43 from thin-edge/feat-update-docker-container-ng

feat: use tedge-container-plugin-ng

.github/workflows/test.yaml

@@ -43,7 +43,7 @@ jobs:
           # podman
           - { target: tedge-container-bundle, name: "podman", image: debian-systemd-podman-cli }
           - { target: tedge-container-bundle, name: "podman v5", image: "podman-v5" }
-          # - { target: tedge-container-bundle, name: "podman v4", image: "podman-v4" }
+          - { target: tedge-container-bundle, name: "podman v4", image: "podman-v4" }
     steps:
       - name: Checkout
         uses: actions/checkout@v4

Dockerfile

@@ -39,12 +39,6 @@ RUN wget -O - https://thin-edge.io/install-services.sh | sh -s -- s6_overlay \
     && apk add --no-cache \
         c8y-command-plugin \
         tedge-apk-plugin \
-        # Note: Adding docker and compose adds ~75MB to the image
-        # FIXME: Either create another client, or enforce users to mount
-        # the docker cli and lib into the image
-        # apk add --no-cache libltdl
-        # -v /usr/bin/docker:/usr/bin/docker
-        docker-cli \
         # Enable easier management of containers using docker compose
         # without requiring the cli to be installed on the host (as read-only filesystems)
         # might not have access to it
@@ -55,7 +49,7 @@ RUN wget -O - https://thin-edge.io/install-services.sh | sh -s -- s6_overlay \
 # Set permissions of all files under /etc/tedge
 # TODO: Can thin-edge.io set permissions during installation?
 RUN chown -R tedge:tedge /etc/tedge \
-    && echo "tedge  ALL = (ALL) NOPASSWD:SETENV: /usr/bin/tedge, /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init, /usr/bin/tedgectl, /usr/bin/docker, /usr/bin/tedge-container, /bin/kill" >/etc/sudoers.d/tedge
+    && echo "tedge  ALL = (ALL) NOPASSWD:SETENV: /usr/bin/tedge, /etc/tedge/sm-plugins/[a-zA-Z0-9]*, /bin/sync, /sbin/init, /usr/bin/tedgectl, /bin/kill, /usr/bin/tedge-container, /usr/bin/docker, /usr/bin/podman, /usr/bin/podman-remote, /usr/bin/podman-compose" >/etc/sudoers.d/tedge
 # Custom init. scripts - e.g. write env variables data to files
 COPY cont-init.d/*  /etc/cont-init.d/
 
@@ -72,11 +66,8 @@ COPY files/tedge/c8y_RemoteAccessConnect /etc/tedge/operations/c8y/
 COPY files/tedge/c8y_RemoteAccessConnect /etc/tedge/operations/c8y/
 COPY files/tedge/launch-remote-access.sh /usr/bin/
 # Self update workflow
-COPY files/tedge/self.sh /etc/tedge/sm-plugins/self
 COPY files/tedge/software_update.toml /etc/tedge/operations/
 COPY files/tedge/self_update.toml /etc/tedge/operations/
-COPY files/tedge/self_update.sh /usr/bin/
-COPY files/tedge/container_run.tpl /usr/share/tedge/
 # Container log_upload customer handler
 COPY files/tedge/container-logs.sh /usr/bin/
 COPY files/tedge/log_upload.toml /etc/tedge/operations/

cont-init.d/50_configure.sh

@@ -3,6 +3,9 @@
 set -e
 echo "Current User: $(whoami)"
 
+MAX_CONNECT_ATTEMPTS=${MAX_CONNECT_ATTEMPTS:-5}
+MAX_RANDOM_WAIT=${MAX_RANDOM_WAIT:-15}
+
 #
 # device certificate loaders
 #
@@ -79,12 +82,36 @@ if [ -n "$C8Y_DOMAIN" ] && [ -z "${TEDGE_C8Y_URL:-}" ]; then
     tedge config set c8y.url "$C8Y_DOMAIN"
 fi
 
+random_sleep() {
+    VALUE=$(awk "BEGIN { srand(); print int(rand()*32768 % $MAX_RANDOM_WAIT) }")
+    echo "Sleeping ${VALUE}s" >&2
+    sleep "$VALUE" 
+}
+
 #
 # Connect the mappers (if they are configured and not already connected)
 #
 MAPPERS="c8y az aws"
 for MAPPER in $MAPPERS; do
     if tedge config get "${MAPPER}.url" 2>/dev/null; then
-        tedge connect "$MAPPER" ||:
+
+        # Try a few 
+        attempt=1
+        while :; do
+            if tedge reconnect "$MAPPER"; then
+                echo "Successfully connected to $MAPPER" >&2
+                break
+            fi
+            if [ "$attempt" -ge "$MAX_CONNECT_ATTEMPTS" ]; then
+                echo "Couldn't connect to $MAPPER but continuing anyway" >&2
+                break
+            fi
+            attempt=$((attempt + 1))
+            random_sleep
+        done
     fi
 done
+
+# Check which bridges are present
+echo "--- mosquitto-conf directory ---" >&2
+ls -l /etc/tedge/mosquitto-conf/

files/tedge/container-logs.sh

@@ -42,42 +42,50 @@ while [ $# -gt 0 ]; do
     shift
 done
 
-DOCKER_CMD=docker
-if ! docker ps >/dev/null 2>&1; then
-    if command -V sudo >/dev/null 2>&1; then
-        DOCKER_CMD="sudo docker"
-    fi
+SUDO=
+if command -V sudo >/dev/null 2>&1; then
+    SUDO="sudo"
 fi
+LOGS_CMD="$SUDO tedge-container tools container-logs"
 
 CONTAINER_NAME=${CONTAINER_NAME:-}
+
 if [ -z "$CONTAINER_NAME" ]; then
-    # Use the name of the container rather than the hostname as it human friendly
-    # and strip any leading slash (/)
-    CONTAINER_NAME=$($DOCKER_CMD inspect "$(hostname)" --format "{{.Name}}" | sed 's|^/||g')
+    # Lookup current container name so it can be included in the log header (though technically it isn't needed)
+    CONTAINER_NAME=$($SUDO tedge-container self list 2>/dev/null | head -n1 | cut -f1)
 fi
 
 TMP_LOG_DIR=$(mktemp -d)
 # Ensure directory is always deleted afterwards
 trap 'rm -rf -- "$TMP_LOG_DIR"' EXIT
-TMP_FILE="${TMP_LOG_DIR}/${TYPE}_${CONTAINER_NAME}_$(date -Iseconds).log"
+TMP_FILE="${TMP_LOG_DIR}/${TYPE}_${CONTAINER_NAME}_$(date +%Y-%m-%dT%H:%M:%S%z).log"
 
 # Add log header to give information about the contents
 {
     echo "---------------- log parameters ----------------------"
-    echo "container:  $CONTAINER_NAME"
+    echo "container:  ${CONTAINER_NAME:-current_container}"
     echo "dateFrom:   $DATE_FROM"
     echo "dateTo:     $DATE_TO"
     echo "maxLines:   $MAX_LINES"
-    echo "command:    $DOCKER_CMD logs --tail \"$MAX_LINES\" --since \"$DATE_FROM\" --until \"$DATE_TO\" \"$CONTAINER_NAME\""
+    echo "command:    $LOGS_CMD --tail \"$MAX_LINES\" --since \"$DATE_FROM\" --until \"$DATE_TO\" \"$CONTAINER_NAME\""
     echo "------------------------------------------------------"
     echo
 } > "$TMP_FILE"
 
-# Write logs to file (stripping any ansci colour codes)
-$DOCKER_CMD logs --tail "$MAX_LINES" --since "$DATE_FROM" --until "$DATE_TO" "$CONTAINER_NAME" 2>&1 \
+# Write logs to file (stripping any ansi codes)
+# Since we're in posix shell, we can't use -o pipefail, so instead we have to
+# use a marker file which exists when an error was encountered as outlined here: https://www.shellcheck.net/wiki/SC3040
+LOG_FAILED="$TMP_LOG_DIR/failed"
+# shellcheck disable=SC2086
+{ $LOGS_CMD --tail "$MAX_LINES" --since "$DATE_FROM" --until "$DATE_TO" $CONTAINER_NAME 2>&1 || echo > "$LOG_FAILED"; } \
     | sed -e 's/\x1b\[[0-9;]*m//g' \
     | tee -a "$TMP_FILE"
 
+if [ -f "$LOG_FAILED" ]; then
+    echo "Failed to get container logs" >&2
+    exit 1
+fi
+
 echo "Uploading log file to $UPLOAD_URL" >&2
 
 # Use mtls if configured

files/tedge/launch-remote-access.sh

@@ -1,70 +1,23 @@
 #!/bin/sh
 set -e
 
-# Disable spawning from a container
-REMOTE_ACCESS_DISABLE_CONTAINER_SPAWN=${REMOTE_ACCESS_DISABLE_CONTAINER_SPAWN:-0}
+REMOTE_ACCESS_DISABLE_CONTAINER_SPAWN="${REMOTE_ACCESS_DISABLE_CONTAINER_SPAWN:-0}"
 
-if ! command -V docker >/dev/null 2>&1 || [ ! -e /var/run/docker.sock ] || [ "$REMOTE_ACCESS_DISABLE_CONTAINER_SPAWN" = 1 ]; then
+SUDO=
+if command -V sudo >/dev/null 2>&1; then
+    SUDO="sudo -E"
+fi
+
+has_container_api_access() {
+    $SUDO tedge-container self list >/dev/null 2>&1
+}
+
+if [ "$REMOTE_ACCESS_DISABLE_CONTAINER_SPAWN" = 1 ] || ! has_container_api_access; then
     echo "Launching session as a child process"
     c8y-remote-access-plugin "$@"
     exit 0
 fi
 
 echo "Launching session in an independent container"
-DOCKER_CMD=docker
-if ! docker ps >/dev/null 2>&1; then
-    if command -V sudo >/dev/null 2>&1; then
-        DOCKER_CMD="sudo docker"
-    fi
-fi
-
-CONTAINER_NAME=${CONTAINER_NAME:-}
-if [ -z "$CONTAINER_NAME" ]; then
-    CONTAINER_NAME=$(hostname)
-fi
-CONTAINER_ID=$($DOCKER_CMD inspect "$CONTAINER_NAME" --format "{{.Id}}")
-
-# use the same image as the current container
-IMAGE=$($DOCKER_CMD inspect "$CONTAINER_ID" --format "{{.Config.Image}}")
-
-# Inherit docker flags
-# Note: The single quotes around 'EOT' prevents variable expansion
-TEMPLATE=$(
-    cat <<'EOT'
-  {{- with .HostConfig}}
-        {{- range $e := .ExtraHosts}}
-  --add-host {{printf "%q" $e}} \
-        {{- end}}
-    {{- end}}
-  {{- with .NetworkSettings -}}
-        {{- range $n, $conf := .Networks}}
-            {{- with $conf }}
-  --network {{printf "%q" $n}} \
-            {{- end}}
-        {{- end}}
-    {{- end}}
-EOT
-)
-OPTIONS=$($DOCKER_CMD inspect "$CONTAINER_ID" --format "$TEMPLATE" | tr -d "\n\\\"")
-
-TEDGE_C8Y_URL=$(tedge config get c8y.url)
-
-# Add a host alias so the spawned container can reference the MQTT broker in the current container
-MQTT_CLIENT_HOST=$($DOCKER_CMD inspect "$CONTAINER_ID" --format "{{.NetworkSettings.IPAddress}}" ||:)
-if [ -z "$MQTT_CLIENT_HOST" ]; then
-    echo "Getting container ip address from hostname"
-    MQTT_CLIENT_HOST=$(getent hosts "$CONTAINER_NAME" | cut -d' ' -f1)
-fi
-
-echo "Running command"
-set -x
-# Launch an independent container to handle the remote access session
-# so that it can do things like restarting this container
-# shellcheck disable=SC2086
-$DOCKER_CMD run --rm -d \
-    $OPTIONS \
-    --add-host tedge:"$MQTT_CLIENT_HOST" \
-    -e TEDGE_MQTT_CLIENT_HOST=tedge \
-    -e TEDGE_C8Y_URL="$TEDGE_C8Y_URL" \
-    "$IMAGE" \
-    c8y-remote-access-plugin --child "$@"
+$SUDO tedge-container tools run-in-context --rm -- c8y-remote-access-plugin --child "$@"
+exit 0