-
Notifications
You must be signed in to change notification settings - Fork 765
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Separate docker compose watch config and fix client container when ru…
…n in watch mode
- Loading branch information
1 parent
aa5df4c
commit 7a2673d
Showing
4 changed files
with
151 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
### A Docker image containing fleetspeak and grr clients. | ||
# | ||
# Fleetspeak client starts grr client as a subprocess based on the config. | ||
# | ||
# Fleetspeak client requires connectivity to fleetspeak server, we | ||
# recommend running this client in the docker compose stack or the config | ||
# needs to be adjusted. | ||
# | ||
# See documentation in compose.watch.yaml on how to start the Compose stack. | ||
# | ||
# (Optional) To verify if the client runs, check if the fleetspeak and | ||
# grr processes are running inside the container. | ||
# - Open a shell in the container: | ||
# $ docker exec -it grr-client /bin/bash | ||
# - Check the running processes: | ||
# $ ps aux | ||
# ... | ||
# ... fleetspeak-client -config /configs/client/client.config | ||
# ... /bin/bash /configs/client/grr_fleetspeak_client.sh --config /configs/client/grr.client.yaml | ||
# ... /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_fleetspeak_client --config /configs/client/grr.client.yaml | ||
# ... | ||
FROM ubuntu:22.04 | ||
|
||
ENV DEBIAN_FRONTEND=noninteractive | ||
|
||
# Buffering output (sometimes indefinitely if a thread is stuck in | ||
# a loop) makes for a non-optimal user experience when containers | ||
# are run in the foreground, so we disable that. | ||
ENV PYTHONUNBUFFERED=0 | ||
|
||
RUN apt-get update && \ | ||
apt-get install -y \ | ||
python-is-python3 \ | ||
python3-dev \ | ||
python3-pip \ | ||
python3-venv \ | ||
build-essential \ | ||
linux-headers-generic | ||
|
||
ENV FLEETSPEAK_BIN /fleetspeak/bin | ||
RUN mkdir -p $FLEETSPEAK_BIN | ||
COPY --from=ghcr.io/google/fleetspeak:latest /fleetspeak/bin/client $FLEETSPEAK_BIN/fleetspeak-client | ||
ENV PATH=${FLEETSPEAK_BIN}:${PATH} | ||
|
||
ENV VIRTUAL_ENV=/usr/share/grr-server | ||
ENV GRR_SOURCE=/usr/src/grr | ||
|
||
RUN python -m venv --system-site-packages $VIRTUAL_ENV | ||
ENV PATH=${VIRTUAL_ENV}/bin:${PATH} | ||
|
||
RUN mkdir -p ${GRR_SOURCE} | ||
ADD . ${GRR_SOURCE} | ||
|
||
WORKDIR ${GRR_SOURCE} | ||
|
||
RUN ${VIRTUAL_ENV}/bin/python -m pip install \ | ||
-e grr/proto \ | ||
-e grr/core \ | ||
-e grr/client | ||
|
||
RUN ${VIRTUAL_ENV}/bin/python grr/proto/makefile.py && \ | ||
${VIRTUAL_ENV}/bin/python grr/core/grr_response_core/artifacts/makefile.py | ||
|
||
ENTRYPOINT [ "fleetspeak-client" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
# Run grr in watch mode with: | ||
# ``` | ||
# $ docker compose -f compose.yaml -f compose.watch.yaml watch | ||
# ``` | ||
# | ||
# This is merging compose.watch.yaml with compose.yaml | ||
# (https://docs.docker.com/reference/compose-file/merge/) to apply adjustments | ||
# for running containers from source code: | ||
# - Add `build: ...` to build images from local Dockerfiles. | ||
# - Update `image: ... ` to prevent overwriting image tags fetched from github | ||
# container registry. | ||
# - Remove the admin ui healthcheck and it's dependency in the grr-client. | ||
# The healthcheck indicated if the client templates were repacked into | ||
# installers, as the client is installed from the debian installer in the | ||
# default setup. But here we run the client from source. | ||
# (The client templates are also not available in the locally build image, | ||
# they are build in the github workflow.) | ||
# - Update the grr-client entrypoint to start the client directly from source | ||
# instead of first installing the debian installer. | ||
# - Added `develop: watch: ...` to trigger a container sync and restart | ||
# when the code changes. | ||
services: | ||
grr-admin-ui: | ||
build: . | ||
image: watch-grr-admin-ui | ||
healthcheck: | ||
test: "" | ||
develop: | ||
watch: | ||
- action: sync+restart | ||
path: ./grr | ||
target: /usr/src/grr/grr | ||
ignore: | ||
- client/ | ||
|
||
grr-client: | ||
build: | ||
context: . | ||
dockerfile: ./Dockerfile.client | ||
image: watch-grr-client | ||
entrypoint: [ | ||
"/bin/bash", | ||
"-c", | ||
"fleetspeak-client -config /configs/client/client.config" | ||
] | ||
develop: | ||
watch: | ||
- action: sync+restart | ||
path: ./grr | ||
target: /usr/src/grr/grr | ||
ignore: | ||
- server/ | ||
|
||
grr-fleetspeak-frontend: | ||
build: . | ||
image: watch-grr-fleetspeak-frontend | ||
develop: | ||
watch: | ||
- action: sync+restart | ||
path: ./grr | ||
target: /usr/src/grr/grr | ||
ignore: | ||
- client/ | ||
|
||
grr-worker: | ||
build: . | ||
image: watch-grr-worker | ||
develop: | ||
watch: | ||
- action: sync+restart | ||
path: ./grr | ||
target: /usr/src/grr/grr | ||
ignore: | ||
- client/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters