Dockerfile for marv-robotics

Dockerfile

FROM ros:indigo
MAINTAINER Nikolaus Demmel <Nikolaus.Demmel@de.bosch.com>

################################################################################
## ARGUMENTS

# optional use --build-arg or ARG for proxy variables instead, but for our case
# we want them set also in the running container for convenience
ARG DOCKER_HOST_IP=172.17.0.1
ENV no_proxy="127.0.0.1,$DOCKER_HOST_IP"
ENV http_proxy=http://$DOCKER_HOST_IP:3128/
ENV https_proxy=https://$DOCKER_HOST_IP:3128/

# allow to change the uid/gid when starting the container
ENV MARV_USERID=1000
ENV MARV_GROUPID=1000

# the user and group name is not supposed to be changed when running a container,
# but it is still used in the entrypoint script
ENV MARV_USER=marv
ENV MARV_GROUP=marv

################################################################################
## BOILERPLATE

# Use the "noninteractive" debconf frontend since we're installing in a non-interactive way.
ARG DEBIAN_FRONTEND=noninteractive

# install bosch proxy certificates (for installingg gosu with https download)
RUN mkdir -p /usr/share/ca-certificates/bosch
COPY certificates/BoschInternetProxyCA2.crt /usr/share/ca-certificates/bosch
RUN for f in /usr/share/ca-certificates/bosch/*.crt; do echo "bosch/$(basename $f)" >> /etc/ca-certificates.conf; done
RUN update-ca-certificates

# gosu for easy step-down from root, which we use in our entrypoint script
# see: https://github.com/tianon/gosu
ARG GOSU_VERSION=1.9
RUN set -x \
    && apt-get update && apt-get install -y --no-install-recommends wget && rm -rf /var/lib/apt/lists/* \
    && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
    && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
    && wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc" \
    && export GNUPGHOME="$(mktemp -d)" \
    && gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 \
    && gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu \
    && rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc \
    && chmod +x /usr/local/bin/gosu \
    && gosu nobody true \
    && apt-get purge -y --auto-remove wget

################################################################################
## INSTALL MARV-ROBOTICS SYSTEM DEPENDENCIES

# get a more recent version of python 2.7 from a PPA
RUN apt-get update && apt-get install -y software-properties-common \
    && add-apt-repository ppa:fkrull/deadsnakes-python2.7 \
    && apt-get update \
    && apt-get upgrade -y \
    && rm -rf /var/lib/apt/lists/*

# system dependencies
RUN apt-get update && apt-get install -y \
    curl \
    ros-indigo-ros-base \
    python2.7-dev \
    ros-indigo-cv-bridge \
    python-opencv \
    python-virtualenv \
    libjpeg-dev \
    libz-dev \
    libffi-dev \
    && rm -rf /var/lib/apt/lists/*

################################################################################
## PREPARE USER DIR AND ENTRYPOINT

# add user and group
RUN groupadd -g $MARV_GROUPID $MARV_GROUP && \
    useradd -m -u $MARV_USERID -g $MARV_GROUPID $MARV_USER

# prepare entry point and environment
COPY marv_entrypoint.sh /
COPY marv_env.sh /
RUN echo ". /marv_env.sh" >> /etc/bash.bashrc

# prepare user and directory
RUN mkdir -p /marv/site
RUN chown -R $MARV_USER:$MARV_GROUP /marv
USER $MARV_USER
WORKDIR /marv
RUN touch .firstrun

################################################################################
## INSTALL MARV-ROBOTICCS

# prepare virtualenv with ROS
RUN rosdep update
RUN . /opt/ros/indigo/setup.sh \
    && virtualenv -p python2.7 --system-site-packages venv

# manually upgrade setuptools (needed on 14.04)
RUN . venv/bin/activate \
     && pip install -U setuptools

# install marv robotics
RUN . venv/bin/activate \
    && pip install -U --pre marv-robotics

# install uswgi server
RUN . venv/bin/activate \
    && pip install uwsgi

# default command: wsgi server; run as root since entrypoint drops privileges after setting permissions
WORKDIR /marv/site
USER root
ENTRYPOINT ["/marv_entrypoint.sh"]
CMD ["uwsgi", "--ini", "/marv/site/uwsgi.conf"]

marv_entrypoint.sh

#!/bin/bash

set -e

# Drop root privileges if we are running uwsgi or marv, but otherwise
# if the the container is run with `--user` or with a custom command, don't
# touch the uid
if [[ ("$1" = 'uwsgi' || "$1" = 'marv') && "$(id -u)" = '0' ]]; then

    # allow the user to specify the uid/gid of the marv user 
    if [ -f /marv/.firstrun ]; then

        # update ids of user and group
        usermod -u $MARV_USERID $MARV_USER
        groupmod -g $MARV_GROUPID $MARV_GROUP
        usermod -g $MARV_GROUPID $MARV_USER

	    # Update ownership of /marv to that of the container
	    chown -R $MARV_USER:$MARV_GROUP /marv
        if [ -d /marv/$MARV_USER ]; then
            chown -R $MARV_USER:$MARV_GROUP /home/$MARV_USER
        fi

        # remove flag to run this only once
        rm /marv/.firstrun
    fi    

    # change arguments to run with 'gosu' (drop root privileges)
    set -- gosu $MARV_USER "$@"
fi

# setup environment
source /marv_env.sh

# execute command
exec "$@"

marv_env.sh

set -e

source "/opt/ros/$ROS_DISTRO/setup.bash"
source /marv/venv/bin/activate

set +e