Last active
September 19, 2021 15:53
-
-
Save egrath/d9aadfd5189a2a3982df82c3789b3684 to your computer and use it in GitHub Desktop.
Quick'n'Dirty Podman Container Management for Endless OS to run a Ubuntu Docker Image
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # For USB Devices to work in unprivileged containers, you need to set up a UDEV rule | |
| # to set the permission correctly. | |
| # | |
| # SUBSYSTEM=="usb",ATTRS{idVendor}=="072f",ATTRS{idProduct}=="2200",MODE="0666" | |
| # | |
| # Special note for ACR122 NFC device: Blacklist the following modules in /etc/modprobe.d/blacklist.conf: | |
| # blacklist nfc | |
| # blacklist pn533 | |
| # blacklist pn533_usb | |
| # | |
| # Additionally, as setting the USB permissions requires root privileges, it's a easier to allow | |
| # to run this script as root by adding the following entry to sudoers.d: | |
| # | |
| # egon ALL=NOPASSWD: /sysroot/home/egon/bin/ubuntu.sh | |
| # | |
| # General usage: | |
| # | |
| # ubuntu.sh -create [image] [name] | |
| # image = image to use or ubuntu 20.04 if not given | |
| # name = name of container or 'test' if not given | |
| # | |
| # ubuntu.sh -dump [name] | |
| # name = name of container to dump it's filesystem to a compressed file | |
| # | |
| # ubuntu.sh -import [name] | |
| # name = name of image to import as a source for containers | |
| # | |
| # Example for dumping, removing and recreating a container: | |
| # | |
| # ubuntu.sh -dump test | |
| # ubuntu.sh -remove test | |
| # ubuntu.sh -import test | |
| # ubuntu.sh -create 462d2ba093c1 test | |
| # | |
| DEFAULT_CONTAINER=ubuntu2004 | |
| DEFAULT_IMAGE=ubuntu:20.04 | |
| DEVICE=072f:2200 | |
| function allow_usb_device | |
| { | |
| CONTAINER=${DEFAULT_CONTAINER} | |
| if [ ${#1} -gt 0 ]; then | |
| CONTAINER=${1} | |
| fi | |
| if [ $(id -u) -ne 0 ]; then | |
| echo must be run as root | |
| return | |
| fi | |
| echo Finding device ... | |
| BUS=$(lsusb -d ${DEVICE} | awk '{print $2}') | |
| DEV=$(lsusb -d ${DEVICE} | awk -F '[ :]' '{print $4}') | |
| if [ ${#BUS} -eq 0 ] || [ ${#DEV} -eq 0 ]; then | |
| echo USB device not on Bus, probably not connected\! | |
| exit 0 | |
| else | |
| echo USB device found\! | |
| fi | |
| MAJOR=$(ls -la /dev/bus/usb/${BUS}/${DEV} | head -1 | awk -F '[ ,]' '{print $5}') | |
| echo Adding permission to cgroup ... | |
| find /sys/fs/cgroup/devices -regex ".*${CONTAINER}.*devices.allow" | while read line | |
| do | |
| echo "c ${MAJOR}:* rwm" > ${line} | |
| done | |
| } | |
| function create_container | |
| { | |
| IMAGE=${DEFAULT_IMAGE} | |
| CONTAINER=${DEFAULT_CONTAINER} | |
| if [ ${#1} -ne 0 ]; then | |
| IMAGE=${1} | |
| podman image list | grep ${IMAGE} 2>&1 1>/dev/null | |
| if [ $? -ne 0 ]; then | |
| echo Image ${IMAGE} does not exist, terminating | |
| exit 0 | |
| fi | |
| echo Using image: ${IMAGE} | |
| fi | |
| if [ ${#2} -ne 0 ]; then | |
| CONTAINER=${2} | |
| echo Using ${CONTAINER} as the name for the new container | |
| fi | |
| podman container list --all | grep ${CONTAINER} 2>/dev/null 1>&2 | |
| if [ $? -eq 0 ]; then | |
| echo "Container already exists, please remove first" | |
| return | |
| fi | |
| echo "Creating container ..." | |
| podman run --interactive --tty --name ${CONTAINER} --volume /tmp/.X11-unix:/tmp/.X11-unix --env DISPLAY --device /dev/dri --device /dev/snd --device /dev/input/mouse0 --volume /dev/bus/usb:/dev/bus/usb --volume /etc/localtime:/etc/localtime:ro --volume ${HOME}:/mnt --cap-add=ALL --security-opt seccomp=unconfined ${IMAGE} /bin/bash | |
| } | |
| function remove_container | |
| { | |
| CONTAINER=${DEFAULT_CONTAINER} | |
| if [ ${#1} -gt 0 ]; then | |
| CONTAINER=${1} | |
| fi | |
| echo Removing container: ${CONTAINER} | |
| podman container list --all | grep ${CONTAINER} 2>/dev/null 1>&2 | |
| if [ $? -ne 0 ]; then | |
| echo "Container does not exist ..." | |
| return | |
| fi | |
| podman container rm --force ${CONTAINER} | |
| } | |
| function dump_container | |
| { | |
| CONTAINER=${DEFAULT_CONTAINER} | |
| if [ ${#1} -gt 0 ]; then | |
| CONTAINER=${1} | |
| fi | |
| echo Exporting container: ${CONTAINER} | |
| podman container export ${CONTAINER} | gzip > ${CONTAINER}.tar.gz | |
| } | |
| function import_container | |
| { | |
| CONTAINER=${DEFAULT_CONTAINER} | |
| if [ ${#1} -gt 0 ]; then | |
| CONTAINER=${1} | |
| fi | |
| echo Importing container: ${CONTAINER} | |
| if [ -f ${CONTAINER}.tar.gz ]; then | |
| gzip -dc ${CONTAINER}.tar.gz | podman image import - | |
| ID=$(podman image list --sort created --quiet | head -1) | |
| echo Imported as: ${ID} | |
| else | |
| echo Dump ${CONTAINER}.tar.gz does not exists | |
| fi | |
| } | |
| function run_container | |
| { | |
| CONTAINER=${DEFAULT_CONTAINER} | |
| if [ ${#1} -gt 0 ]; then | |
| CONTAINER=${1} | |
| fi | |
| echo Running shell in container: ${CONTAINER} | |
| podman start ${CONTAINER} | |
| C="podman exec --interactive --tty --privileged ${CONTAINER}" | |
| if [ $# -ge 1 ]; then | |
| ${C} bash -c "${*}" | |
| else | |
| ${C} bash | |
| fi | |
| } | |
| function check_root | |
| { | |
| if [ $(id -u) -eq 0 ]; then | |
| echo Dont run as root | |
| exit 0 | |
| fi | |
| } | |
| if [ $# -gt 0 ]; then | |
| PARAMS=(${*}) | |
| case "${1}" in | |
| "-create") create_container ${PARAMS[@]:1}; exit;; | |
| "-remove") remove_container ${PARAMS[@]:1}; exit;; | |
| "-dump") dump_container ${PARAMS[@]:1}; exit;; | |
| "-import")import_container ${PARAMS[@]:1}; exit;; | |
| "-usb") allow_usb_device ${PARAMS[@]:1}; exit;; | |
| *) echo Passing parameter \"${*}\" to the container;; | |
| esac | |
| fi | |
| check_root | |
| run_container ${*} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment