diff --git a/.gitea/workflows/amd64-image.yml b/.gitea/workflows/amd64-image.yml deleted file mode 100644 index 957df7e..0000000 --- a/.gitea/workflows/amd64-image.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Build images -run-name: Build images -on: - push: - branches: [ "main" ] - schedule: - - cron: '30 5 */5 * *' - -jobs: - build-images: - runs-on: [ linux_amd64, ubuntu-latest ] - steps: - - name: install actions deps - run: | - dnf install -y nodejs git - - name: Check out repository code - uses: actions/checkout@v3 - - name: Build selected images - run: | - podman build ./system-toolbox --tag system-toolbox:latest - podman build ./cloud-toolbox --tag cloud-toolbox:latest - podman build ./tor --tag tor:latest - podman build ./wireguard --tag wireguard:latest - podman build ./zabbix-agent --tag zabbix-agent:latest - - name: login to registry - run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud - - name: Push image - run: | - # tagging - podman tag system-toolbox:latest gitea.maciej.cloud/packages/system-toolbox:latest - podman tag cloud-toolbox:latest gitea.maciej.cloud/packages/cloud-toolbox:latest - podman tag tor:latest gitea.maciej.cloud/packages/tor:latest - podman tag wireguard:latest gitea.maciej.cloud/packages/wireguard:latest - podman tag zabbix-agent:latest gitea.maciej.cloud/packages/zabbix-agent:latest - # pushing - podman push gitea.maciej.cloud/packages/system-toolbox:latest - podman push gitea.maciej.cloud/packages/cloud-toolbox:latest - podman push gitea.maciej.cloud/packages/tor:latest - podman push gitea.maciej.cloud/packages/wireguard:latest - podman push gitea.maciej.cloud/packages/zabbix-agent:latest diff --git a/.gitea/workflows/build-images.yml b/.gitea/workflows/build-images.yml new file mode 100644 index 0000000..69f7463 --- /dev/null +++ b/.gitea/workflows/build-images.yml @@ -0,0 +1,66 @@ +name: Build images +run-name: Build images +on: + push: + branches: [ "main" ] + schedule: + - cron: '30 5 */5 * *' + +jobs: + build-images-arm64: + runs-on: [ linux_arm64 ] + steps: + - name: install actions deps + run: | + dnf install -y nodejs git + - name: Check out repository code + uses: actions/checkout@v3 + - name: login to registry + run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud + - name: Build selected images + run: | + IMAGES=(system-toolbox cloud-toolbox tor wireguard zabbix-agent); + for image in "${IMAGES[@]}"; + do + echo "building image $image"; + podman build ./$image --tag gitea.maciej.cloud/packages/$image:arm64; + echo "pushing image $image"; + podman push gitea.maciej.cloud/packages/$image:arm64; + done + build-images-amd64: + runs-on: [ linux_amd64 ] + steps: + - name: install actions deps + run: | + dnf install -y nodejs git + - name: Check out repository code + uses: actions/checkout@v3 + - name: login to registry + run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud + - name: Build selected images + run: | + IMAGES=(system-toolbox cloud-toolbox tor wireguard zabbix-agent); + for image in "${IMAGES[@]}"; + do + echo "building image $image"; + podman build ./$image --tag gitea.maciej.cloud/packages/$image:amd64; + echo "pushing image $image"; + podman push gitea.maciej.cloud/packages/$image:amd64; + done + update-images-manifests: + runs-on: [ linux_amd64 ] + needs: + - build-images-amd64 + - build-images-arm64 + steps: + - name: login to registry + run: podman login -u "${{ secrets.PACKAGES_USERNAME }}" -p "${{ secrets.PACKAGES_PASSWD }}" gitea.maciej.cloud + - name: Create manifests and push + run: | + IMAGES=(system-toolbox cloud-toolbox tor wireguard zabbix-agent); + for image in "${IMAGES[@]}"; + do + echo "Updating manifest for $image"; + podman manifest create gitea.maciej.cloud/packages/$image:latest gitea.maciej.cloud/packages/$image:amd64 gitea.maciej.cloud/packages/$image:arm64; + podman manifest push gitea.maciej.cloud/packages/$image:latest gitea.maciej.cloud/packages/$image:latest; + done diff --git a/README.md b/README.md index e1bb654..0eaebbe 100644 --- a/README.md +++ b/README.md @@ -153,10 +153,6 @@ required for SMART monitoring. Setting up such contenerized agent in systemd based system: ```bash -systemctl stop zabbix-agent.service; -podman rm -f zabbix-agent; -rm -f /etc/systemd/system/zabbix-agent.service; - podman run --restart no \ --network host --pid host --ipc host --no-hosts --ulimit host --userns host \ --privileged \ @@ -172,3 +168,88 @@ restorecon -v /etc/systemd/system/zabbix-agent.service; systemctl daemon-reload; systemctl enable --now zabbix-agent.service; ``` + +## gitea-runner + +An image for running double-container setup - one with podman system service, +and the other with gitea act_runner which will use podman service as +docker runner. + +Example uses root, but it should be very similar to setup under non-root user. + +Build image setting proper platform architecture `amd64`, `arm64`, etc... +```bash +podman build --no-cache -t gitea-runner \ + --build-arg ARCH="arm64" \ + ./ContainersWorkspace/gitea-runner/ +``` + + +Create dirs for runner config, and for podman socket shared between containers. +```bash +mkdir -p /root/act-runner/{runner,podman} +``` + +Generate example config +```bash +podman run --rm -it gitea-runner:latest generate-config > /root/act-runner/runner/config.yaml +``` + +Update registration file path in config and privileged mode. +```bash +sed -i 's`file: .runner`file: /etc/runner/registration.json`g' /root/act-runner/runner/config.yaml; +sed -i 's`privileged: false`privileged: true`g' act-runner/runner/config.yaml; +sed -i 's`docker_host: ""`docker_host: "-"`g' act-runner/runner/config.yaml; +``` +Currently you **need** to set `docker_host: "-"` in "container" section +to make this setup with mounted docker.sock work. + +Fix perms on those dirs: +```bash +podman run --rm -it \ + -v /root/act-runner/:/data \ + --privileged \ + --entrypoint bash \ + gitea-runner:latest \ + -c "chown -R podman /data" +``` + +Register runner. +example value for labels can be `ubuntu-latest:docker://quay.io/podman/stable`. +```bash +podman run --rm -it \ + -v /root/act-runner/runner/:/etc/runner \ + --privileged \ + gitea-runner:latest \ + --config /etc/runner/config.yaml register +``` + +Start container acting as podman/docker (use `--init` to get rid of zombies): +```bash +podman run --rm -d --privileged --name gitea-podman \ + --init \ + --entrypoint podman \ + -v /root/act-runner/podman:/podman \ + gitea-runner:latest \ + system service --time=0 unix:///podman/docker.sock +``` + +Now start container with runner (it will fail if docker.sock is missing) +```bash +podman run --rm -d --name gitea-runner \ + -v /root/act-runner/runner/:/etc/runner:ro,Z \ + -v /root/act-runner/podman/docker.sock:/var/run/docker.sock:rw,z \ + gitea-runner:latest \ + daemon -c /etc/runner/config.yaml +``` + +Now generate systemd services for these containers +```bash +podman generate systemd --new --name gitea-podman > /etc/systemd/system/gitea-podman.service; +podman generate systemd --new --name gitea-runner > /etc/systemd/system/gitea-runner.service; +restorecon -v /etc/systemd/system/gitea-podman.service; +restorecon -v /etc/systemd/system/gitea-runner.service; +systemctl daemon-reload; +systemctl enable --now gitea-podman.service; +systemctl enable --now gitea-runner.service; +```` diff --git a/gitea-runner/Dockerfile b/gitea-runner/Dockerfile new file mode 100644 index 0000000..bd26afa --- /dev/null +++ b/gitea-runner/Dockerfile @@ -0,0 +1,12 @@ +FROM quay.io/podman/stable + +ENV VERSION="0.2.6" +ARG ARCH="amd64" + +RUN curl -o /act_runner https://gitea.com/gitea/act_runner/releases/download/v0.2.6/act_runner-${VERSION}-linux-${ARCH} && \ + chmod +x /act_runner && \ + chown podman /act_runner + +USER podman + +ENTRYPOINT [ "/act_runner" ]