From aa304d48b294e0c4cd26417572fe9eb553180cee Mon Sep 17 00:00:00 2001 From: Giles Knap Date: Sat, 29 Mar 2025 10:29:05 +0000 Subject: [PATCH 1/2] run docker containers as user account uid --- .gitignore | 7 ++----- include/init.sh | 9 ++++++++- include/ioc.yml | 3 +++ services/bl01t-di-cam-01/compose.yml | 7 +++++-- services/bl01t-ea-test-01/compose.yml | 3 +++ services/bl01t-mo-sim-01/compose.yml | 1 + services/gateway/compose.yml | 3 +++ services/pvagw/compose.yml | 3 +++ 8 files changed, 28 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 3e139de..e2a97fb 100644 --- a/.gitignore +++ b/.gitignore @@ -5,13 +5,10 @@ venv* .venv* *workspace -# this is the root directory for generated opi files -# and is created at runtime by IOCs using PVI +# these files are generated at runtime by IOC containers opi/auto-generated/* -!opi/auto-generated/README.md - autosave/* -!autosave/.placeholder +runtime/* # these files are generated from templates # when sourcing environment.sh diff --git a/include/init.sh b/include/init.sh index c2abe47..49e6ff6 100755 --- a/include/init.sh +++ b/include/init.sh @@ -15,4 +15,11 @@ cat $root/services/phoebus/config/settings.template | sed -e "s/5064/$EPICS_CA_SERVER_PORT/g" \ -e "s/5065/$EPICS_CA_REPEATER_PORT/g" \ -e "s/5075/$EPICS_PVA_SERVER_PORT/g" > \ - $root/services/phoebus/config/settings.ini \ No newline at end of file + $root/services/phoebus/config/settings.ini + +# this is a workaround for docker creating host mounts as root if they don't exist: +# not required for podman but benign +for ioc in bl01t-di-cam-01 bl01t-ea-test-01 bl01t-mo-sim-01; do + mkdir -p $root/autosave/$ioc + mkdir -p $root/runtime/$ioc + mkdir -p $root/opi/auto-generated/$ioc \ No newline at end of file diff --git a/include/ioc.yml b/include/ioc.yml index e948702..a17d9ab 100644 --- a/include/ioc.yml +++ b/include/ioc.yml @@ -14,6 +14,9 @@ services: # should be (used by machine IOCs) this is for parity (but redundant). location: localhost + # run with same ID as the user (for docker - for podman run as root) + user: ${UIDGID} + security_opt: - label=disable diff --git a/services/bl01t-di-cam-01/compose.yml b/services/bl01t-di-cam-01/compose.yml index 09878b3..009992b 100644 --- a/services/bl01t-di-cam-01/compose.yml +++ b/services/bl01t-di-cam-01/compose.yml @@ -22,8 +22,7 @@ services: volumes: - ../../opi/auto-generated/bl01t-di-cam-01:/epics/opi - ../../autosave/bl01t-di-cam-01:/autosave - # FOR DEVCONTAINERS: mount in the parent of the project - - ../../..:/workspaces + - ../../runtime/bl01t-di-cam-01:/epics/runtime configs: - source: bl01t-di-cam-01_config @@ -37,6 +36,10 @@ services: <<: *bl01t-di-cam-01 image: ghcr.io/epics-containers/ioc-adsimdetector-developer:2025.3.5 + volumes: + # FOR DEVCONTAINERS: mount in the parent of the project + - ../../..:/workspaces + profiles: - devcontainer diff --git a/services/bl01t-ea-test-01/compose.yml b/services/bl01t-ea-test-01/compose.yml index aa699ca..4a9e1ed 100644 --- a/services/bl01t-ea-test-01/compose.yml +++ b/services/bl01t-ea-test-01/compose.yml @@ -16,6 +16,9 @@ services: IOC_NAME: bl01t-ea-test-01 IOC_PREFIX: BL01T-EA-TEST-01 + volumes: + - ../../runtime/bl01t-ea-test-01:/epics/runtime + configs: - source: bl01t-ea-test-01_config target: epics/ioc/config diff --git a/services/bl01t-mo-sim-01/compose.yml b/services/bl01t-mo-sim-01/compose.yml index 1fd35e8..af0a2c5 100644 --- a/services/bl01t-mo-sim-01/compose.yml +++ b/services/bl01t-mo-sim-01/compose.yml @@ -18,6 +18,7 @@ services: volumes: - ../../opi/auto-generated/bl01t-mo-sim-01:/epics/opi - ../../autosave/bl01t-mo-sim-01:/autosave + - ../../runtime/bl01t-mo-sim-01:/epics/runtime configs: - source: bl01t-mo-sim-01_config diff --git a/services/gateway/compose.yml b/services/gateway/compose.yml index 7e58f55..c99e931 100644 --- a/services/gateway/compose.yml +++ b/services/gateway/compose.yml @@ -15,6 +15,9 @@ services: image: ghcr.io/epics-containers/gateways-runtime:2024.12.3 + # run with same ID as the user (for docker - for podman run as root) + user: ${UIDGID} + security_opt: - label=disable diff --git a/services/pvagw/compose.yml b/services/pvagw/compose.yml index 89926f1..959771a 100644 --- a/services/pvagw/compose.yml +++ b/services/pvagw/compose.yml @@ -12,6 +12,9 @@ services: depends_on: - init + # run with same ID as the user (for docker - for podman run as root) + user: ${UIDGID} + security_opt: - label=disable From 288199adbce7eb9cde6d1a0a7d79708816a12d2e Mon Sep 17 00:00:00 2001 From: Giles Knap Date: Sat, 29 Mar 2025 10:49:06 +0000 Subject: [PATCH 2/2] make init create ioc mounts and iocs depend on it --- compose.yaml | 3 +++ include/init.sh | 3 ++- include/ioc.yml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/compose.yaml b/compose.yaml index 4003beb..d974e70 100644 --- a/compose.yaml +++ b/compose.yaml @@ -46,3 +46,6 @@ services: - EPICS_PVA_NAME_SERVERS - EPICS_CA_NAME_SERVERS - EPICS_CA_ADDR_LIST + + # run with same ID as the user (for docker - for podman run as root) + user: ${UIDGID} diff --git a/include/init.sh b/include/init.sh index 49e6ff6..afff728 100755 --- a/include/init.sh +++ b/include/init.sh @@ -22,4 +22,5 @@ cat $root/services/phoebus/config/settings.template | for ioc in bl01t-di-cam-01 bl01t-ea-test-01 bl01t-mo-sim-01; do mkdir -p $root/autosave/$ioc mkdir -p $root/runtime/$ioc - mkdir -p $root/opi/auto-generated/$ioc \ No newline at end of file + mkdir -p $root/opi/auto-generated/$ioc +done diff --git a/include/ioc.yml b/include/ioc.yml index a17d9ab..651384f 100644 --- a/include/ioc.yml +++ b/include/ioc.yml @@ -5,6 +5,10 @@ services: # linux IOCs that run in a container ######################################### linux_ioc: &linux_ioc + depends_on: + init: + condition: service_completed_successfully + labels: # a reference to which repository created this IOC ioc_group: bl01t