Skip to content
Commits on Source (4)
......@@ -12,7 +12,7 @@ RUN apt-get install net-tools dbus-x11 -y
#----------------------
RUN apt-get update
RUN apt-get install xfce4 xfce4-terminal mousepad ristretto tumbler firefox -y
RUN apt-get install xfce4 xfce4-terminal mousepad ristretto tumbler firefox gnome-flashback -y
#----------------------
......@@ -74,8 +74,10 @@ RUN chmod 755 /bin/runshell.sh
# Fix home permissions
RUN chmod 777 /home
# Set entrypoint command
ENV X11_ENTRYPOINT_COMMAND=":"
# X environment startup
RUN mkdir -p /metauser_home_vanilla/.vnc
COPY files/xstartup /metauser_home_vanilla/.vnc
RUN chmod 755 /metauser_home_vanilla/.vnc/xstartup
# Set user
USER metauser
......
#!/bin/sh
cd /home/metauser
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
export XKL_XMODMAP_DISABLE=1
export XDG_CURRENT_DESKTOP="GNOME-Flashback:GNOME"
export XDG_MENU_PREFIX="gnome-flashback-"
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
xfce4-session &
FROM basicmetadesktop
FROM basicdesktop
USER root
RUN apt-get update
......
......@@ -4,47 +4,27 @@ MAINTAINER Stefano Alberto Russo <stefano.russo@inaf.it>
# Switch to root
USER root
#------------------------
# Supervisord
#------------------------
# In this container we need to use supervisord as we have two servoces (VNC and noVNC)
# Supervisord conf
COPY files/supervisord.conf /etc/supervisor/
# VNC supervisord conf
COPY files/supervisord_vnc.conf /etc/supervisor/conf.d/
COPY files/run_vnc.sh /etc/supervisor/conf.d/
RUN chmod 755 /etc/supervisor/conf.d/run_vnc.sh
# noVNC supervisord conf
COPY files/supervisord_novnc.conf /etc/supervisor/conf.d/
COPY files/run_novnc.sh /etc/supervisor/conf.d/
RUN chmod 755 /etc/supervisor/conf.d/run_novnc.sh
#------------------------
# VNC
# Kasm VNC
#------------------------
# Install xvfb that triggers minimal install of X base packages and xterm as sample application
RUN apt-get install xvfb xterm net-tools -y
# Install xvfb that triggers minimal install of X base packages and xterm as sample application,
# plus Python3 which is required for Kasm VNC
RUN apt-get install xvfb xterm net-tools python3 libjpeg8 libgomp1 -y
# Install base packages for VNC server and headless desktop (2)
COPY files/tigervnc-1.8.0.x86_64.tar.gz /opt/tigervnc-1.8.0.x86_64.tar.gz
RUN cd /opt && tar -zxvf tigervnc-1.8.0.x86_64.tar.gz && mv tigervnc-1.8.0.x86_64 tigervnc
# Web VNC (noVNC) v0.6.1.
# NOTE: this is a custom version from Doro Wu (fcwu.tw@gmail.com).
# TODO: Check differences and maybe move to 0.6.2
COPY files/noVNC.tar.gz /usr/lib/
RUN cd /usr/lib/ && tar -zxvf noVNC.tar.gz
COPY files/index.html /usr/lib/noVNC
# Kasm VNC (modded by gtaffoni to use a socket named by an env var)
COPY files/kasmvnc.ubuntu_focal.tar.gz /tmp
RUN sudo tar xz --strip 1 -C / -f /tmp/kasmvnc.ubuntu_focal.tar.gz && rm /tmp/kasmvnc.ubuntu_focal.tar.gz
# X environment setup/startup
COPY files/xstartup /opt/tigervnc/
RUN chmod 755 /opt/tigervnc/xstartup
RUN mkdir -p /metauser_home_vanilla/.vnc
COPY files/xstartup /metauser_home_vanilla/.vnc
RUN chmod 755 /metauser_home_vanilla/.vnc/xstartup
# KASM VNC startup script
COPY files/run_kasm.sh /usr/local/bin/run_kasm.sh
RUN chmod 755 /usr/local/bin/run_kasm.sh
#------------------------
......@@ -55,7 +35,7 @@ RUN chmod 755 /opt/tigervnc/xstartup
RUN chmod 777 /home
# Set entrypoint command
ENV DEFAULT_ENTRYPOINT_COMMAND="supervisord"
ENV DEFAULT_ENTRYPOINT_COMMAND="/usr/local/bin/run_kasm.sh"
# Set user
USER metauser
......
<html>
<head>
<script type="text/javascript">
function redirecter(){
window.location = "./vnc.html?autoconnect=true&resize=remote"
}
</script>
</head>
<body onLoad="redirecter()">
Access VNC: click <a href="./vnc.html?autoconnect=true&resize=remote">here</a>.
</body>
</html>
\ No newline at end of file
#!/bin/bash
#========================
# Exec KasmVNC server
#========================
# Set port
if [ "x$BASE_PORT" == "x" ]; then
BASE_PORT=8590
DESKTOP_NUMBER=1
else
DESKTOP_NUMBER=$(($BASE_PORT-5900+1))
fi
# We must set a password even if then KASM does not use it for user auth.
VNC_PW='placeholder'
mkdir -p "$HOME/.vnc"
PASSWD_PATH="$HOME/.kasmpasswd"
VNC_PW_HASH=$(python3 -c "import crypt; print(crypt.crypt('${VNC_PW}', '\$5\$kasm\$'));")
echo "kasm_user:${VNC_PW_HASH}:ow" > $PASSWD_PATH
chmod 600 $PASSWD_PATH
# This is used inside our custom KASM build to allow a random socket to support Singularity
if [ "x$KASMSOCK" == "xTrue" ]; then
export SOCKET_PORT=$(( $RANDOM % 50 + 1 ))
fi
# Start Kasm VNC
/usr/local/bin/vncserver :$DESKTOP_NUMBER -depth 24 -geometry 1280x1050 -websocketPort $BASE_PORT -httpd /usr/local/share/kasmvnc/www -disableBasicAuth -FrameRate=24 -interface 0.0.0.0
# Check if the VNC server is running. If not, exit.
while true
do
PSOUT=$(ps -ef | grep /usr/local/bin/Xvnc | grep auth )
if [[ "x$PSOUT" == "x" ]] ; then
exit 1
fi
# Sleep other 10 secs before re-checking
sleep 10
done
#!/bin/bash
# Exec TigerVNC server
if [ "x$BASE_PORT" == "x" ]; then
/usr/lib/noVNC/utils/launch.sh --listen 8590
echo "Running noVNC on port 8590"
else
/usr/lib/noVNC/utils/launch.sh --listen $BASE_PORT --vnc localhost:$(($BASE_PORT+1))
echo "Running noVNC on port $BASE_PORT and connecting to VNC on port $(($BASE_PORT+1))"
fi
#!/bin/bash
# Exec TigerVNC server
# Set port
if [ "x$BASE_PORT" == "x" ]; then
DESKTOP_NUMBER=0
else
DESKTOP_NUMBER=$(($BASE_PORT-5900+1))
fi
# Set password
if [ "x$AUTH_PASS" != "x" ]; then
echo "[INFO] Setting up VNC password..."
mkdir -p /home/metauser/.vnc
/opt/tigervnc/usr/bin/vncpasswd -f <<< $AUTH_PASS > /home/metauser/.vnc/passwd
chmod 600 /home/metauser/.vnc/passwd
export VNC_AUTH=True
else
echo "[INFO] Not setting up any VNC password"
fi
# Run VNC server
if [ "x$VNC_AUTH" == "xTrue" ]; then
/opt/tigervnc/usr/bin/vncserver :$DESKTOP_NUMBER -SecurityTypes vncauth,tlsvnc -xstartup /opt/tigervnc/xstartup
else
/opt/tigervnc/usr/bin/vncserver :$DESKTOP_NUMBER -SecurityTypes None -xstartup /opt/tigervnc/xstartup
fi
# Check if VNC is running. If it is not, exit
while true
do
PSOUT=$(ps -ef | grep /opt/tigervnc/usr/bin/Xvnc | grep SecurityTypes)
if [[ "x$PSOUT" == "x" ]] ; then
exit 1
fi
# Sleep other 10 secs before re-checking
sleep 10
done
; supervisor config file (modified for our own purpose)
[unix_http_server]
file=/home/metauser/.supervisor.sock ; (the path to the socket file)
chmod=0700 ; sockef file mode (default 0700)
[supervisord]
logfile=/home/metauser/.logs/supervisord.log ; (main log file;default $CWD/supervisord.log)
pidfile=/home/metauser/.logs/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
childlogdir=/home/metauser/.logs ; ('AUTO' child log dir, default $TEMP)
nodaemon=true ; Mandatory to run Supervisor in foreground and avoid Docker to exit!
; The below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///home/metauser/.supervisor.sock ; use a unix:// URL for a unix socket
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = /etc/supervisor/conf.d/*.conf
;=======================================
; noVNC service
;=======================================
[program:novnc]
; General
directory = /usr/lib/noVNC/
command = /etc/supervisor/conf.d/run_novnc.sh
numprocs = 1
autostart = true
autorestart = true
startsecs = 10
stopwaitsecs = 30
process_name = novnc
; Standard out / error
stdout_logfile = /home/metauser/.logs/%(program_name)s.log
stdout_logfile_maxbytes = 5MB
stdout_logfile_backups = 10
stderr_logfile = /home/metauser/.logs/%(program_name)s.log
stderr_logfile_maxbytes = 5MB
stderr_logfile_backups = 10
;=======================================
; VNC service
;=======================================
[program:vnc]
; General
directory = /
command = /etc/supervisor/conf.d/run_vnc.sh
numprocs = 1
autostart = true
autorestart = true
startsecs = 10
stopwaitsecs = 30
process_name = vnc
; Standard out / error
stdout_logfile = /home/metauser/.logs/%(program_name)s.log
stdout_logfile_maxbytes = 5MB
stdout_logfile_backups = 10
stderr_logfile = /home/metauser/.logs/%(program_name)s.log
stderr_logfile_maxbytes = 5MB
stderr_logfile_backups = 10
#!/bin/bash
### every exit != 0 fails the script
set -e
DEBUG=true
no_proxy="localhost,127.0.0.1"
# dict to store processes
declare -A KASM_PROCS
# switch passwords to local variables
tmpval=$VNC_VIEW_ONLY_PW
unset VNC_VIEW_ONLY_PW
VNC_VIEW_ONLY_PW=$tmpval
tmpval=$VNC_PW
unset VNC_PW
VNC_PW=$tmpval
STARTUP_COMPLETE=0
######## FUNCTION DECLARATIONS ##########
## print out help
function help (){
echo "
USAGE:
OPTIONS:
-w, --wait (default) keeps the UI and the vncserver up until SIGINT or SIGTERM will received
-s, --skip skip the vnc startup and just execute the assigned command.
example: docker run kasmweb/core --skip bash
-d, --debug enables more detailed startup output
e.g. 'docker run kasmweb/core --debug bash'
-h, --help print out this help
Fore more information see: https://github.com/ConSol/docker-headless-vnc-container
"
}
## correct forwarding of shutdown signal
function cleanup () {
kill -s SIGTERM $!
exit 0
}
function start_kasmvnc (){
if [[ $DEBUG == true ]]; then
echo -e "\n------------------ Start KasmVNC Server ------------------------"
fi
if [ "x$BASE_PORT" == "x" ]; then
BASE_PORT=8590
DESKTOP_NUMBER=1
else
DESKTOP_NUMBER=$(($BASE_PORT-5900+1))
fi
#if [ "x$KASMSOCK" == "xTrue" ]; then
# export SOCKET_PORT=$(( $RANDOM % 50 + 1 ))
#fi
echo "HERE"
/usr/local/bin/vncserver :$DESKTOP_NUMBER -depth 24 -geometry 1280x1050 -websocketPort $BASE_PORT -cert ${HOME}/.vnc/self.pem -httpd /usr/local/share/kasmvnc/www -disableBasicAuth -FrameRate=24 -interface 0.0.0.0
echo "HEREDONE"
KASM_PROCS['kasmvnc']=$(cat $HOME/.vnc/*${DISPLAY_NUM}.pid)
if [[ $DEBUG == true ]]; then
echo -e "\n------------------ Started Websockify ----------------------------"
echo "Websockify PID: ${KASM_PROCS['kasmvnc']}";
fi
}
function start_window_manager (){
echo -e "start window manager\n..."
$STARTUPDIR/window_manager_startup.sh #&> $STARTUPDIR/window_manager_startup.log
}
function start_audio_out_websocket (){
if [[ ${KASM_SVC_AUDIO:-1} == 1 ]]; then
echo 'Starting audio websocket server'
$STARTUPDIR/jsmpeg/kasm_audio_out-linux kasmaudio 8081 4901 ${HOME}/.vnc/self.pem ${HOME}/.vnc/self.pem "kasm_user:$VNC_PW" &
KASM_PROCS['kasm_audio_out_websocket']=$!
if [[ $DEBUG == true ]]; then
echo -e "\n------------------ Started Audio Out Websocket ----------------------------"
echo "Kasm Audio Out Websocket PID: ${KASM_PROCS['kasm_audio_out_websocket']}";
fi
fi
}
function start_audio_out (){
if [[ ${KASM_SVC_AUDIO:-1} == 1 ]]; then
echo 'Starting audio server'
if [ "${START_PULSEAUDIO:-0}" == "1" ] ;
then
echo "Starting Pulse"
pulseaudio --start
fi
if [[ $DEBUG == true ]]; then
echo 'Starting audio service in debug mode'
no_proxy=127.0.0.1 ffmpeg -f pulse -fragment_size ${PULSEAUDIO_FRAGMENT_SIZE:-2000} -ar 44100 -i default -f mpegts -correct_ts_overflow 0 -codec:a mp2 -b:a 128k -ac 1 -muxdelay 0.001 http://127.0.0.1:8081/kasmaudio &
KASM_PROCS['kasm_audio_out']=$!
else
echo 'Starting audio service'
no_proxy=127.0.0.1 ffmpeg -v verbose -f pulse -fragment_size ${PULSEAUDIO_FRAGMENT_SIZE:-2000} -ar 44100 -i default -f mpegts -correct_ts_overflow 0 -codec:a mp2 -b:a 128k -ac 1 -muxdelay 0.001 http://127.0.0.1:8081/kasmaudio > /dev/null 2>&1 &
KASM_PROCS['kasm_audio_out']=$!
echo -e "\n------------------ Started Audio Out ----------------------------"
echo "Kasm Audio Out PID: ${KASM_PROCS['kasm_audio_out']}";
fi
fi
}
function start_audio_in (){
if [[ ${KASM_SVC_AUDIO_INPUT:-1} == 1 ]]; then
echo 'Starting audio input server'
$STARTUPDIR/audio_input/kasm_audio_input_server --ssl --auth-token "kasm_user:$VNC_PW" --cert ${HOME}/.vnc/self.pem --certkey ${HOME}/.vnc/self.pem &
KASM_PROCS['kasm_audio_in']=$!
if [[ $DEBUG == true ]]; then
echo -e "\n------------------ Started Audio Out Websocket ----------------------------"
echo "Kasm Audio In PID: ${KASM_PROCS['kasm_audio_in']}";
fi
fi
}
function start_upload (){
if [[ ${KASM_SVC_UPLOADS:-1} == 1 ]]; then
echo 'Starting upload server'
cd $STARTUPDIR/upload_server/
./kasm_upload_server --ssl --auth-token "kasm_user:$VNC_PW" &
KASM_PROCS['upload_server']=$!
if [[ $DEBUG == true ]]; then
echo -e "\n------------------ Started Audio Out Websocket ----------------------------"
echo "Kasm Audio In PID: ${KASM_PROCS['upload_server']}";
fi
fi
}
############ END FUNCTION DECLARATIONS ###########
if [[ $1 =~ -h|--help ]]; then
help
exit 0
fi
# should also source $STARTUPDIR/generate_container_user
source $HOME/.bashrc
if [[ ${KASM_DEBUG:-0} == 1 ]]; then
echo -e "\n\n------------------ DEBUG KASM STARTUP -----------------"
export DEBUG=true
set -x
fi
trap cleanup SIGINT SIGTERM
## resolve_vnc_connection
VNC_IP=$(hostname -i)
if [[ $DEBUG == true ]]; then
echo "IP Address used for external bind: $VNC_IP"
fi
# Create cert for KasmVNC
#mkdir -p ${HOME}/.vnc
#openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ${HOME}/.vnc/self.pem -out ${HOME}/.vnc/self.pem -subj "/C=US/ST=VA/L=None/O=None/OU=DoFu/CN=kasm/emailAddress=none@none.none"
# first entry is control, second is view (if only one is valid for both)
mkdir -p "$HOME/.vnc"
PASSWD_PATH="$HOME/.kasmpasswd"
if [[ -f $PASSWD_PATH ]]; then
echo -e "\n--------- purging existing VNC password settings ---------"
rm -f $PASSWD_PATH
fi
VNC_PW_HASH=$(python3 -c "import crypt; print(crypt.crypt('${VNC_PW}', '\$5\$kasm\$'));")
#VNC_VIEW_PW_HASH=$(python3 -c "import crypt; print(crypt.crypt('${VNC_VIEW_ONLY_PW}', '\$5\$kasm\$'));")
echo "kasm_user:${VNC_PW_HASH}:ow" > $PASSWD_PATH
#echo "kasm_viewer:${VNC_VIEW_PW_HASH}:" >> $PASSWD_PATH
chmod 600 $PASSWD_PATH
# start processes
echo "Now starting KASM VNC..."
start_kasmvnc
#echo "Now starting window manager..."
#start_window_manager
# The following work only on KASM platform for now
#start_audio_out_websocket
#start_audio_out
#start_audio_in
#start_upload
STARTUP_COMPLETE=1
## log connect options
echo -e "\n\n------------------ KasmVNC environment started ------------------"
# tail vncserver logs
tail -f $HOME/.vnc/*$DISPLAY.log &
KASMIP=$(hostname -i)
echo "Kasm User ${KASM_USER}(${KASM_USER_ID}) started container id ${HOSTNAME} with local IP address ${KASMIP}"
# start custom startup script
custom_startup_script=/dockerstartup/custom_startup.sh
if [ -f "$custom_startup_script" ]; then
if [ ! -x "$custom_startup_script" ]; then
echo "${custom_startup_script}: not executable, exiting"
exit 1
fi
"$custom_startup_script" &
fi
# Monitor Kasm Services
sleep 3
while :
do
for process in "${!KASM_PROCS[@]}"; do
if ! kill -0 "${KASM_PROCS[$process]}" ; then
# If DLP Policy is set to fail secure, default is to be resilient
if [[ ${DLP_PROCESS_FAIL_SECURE:-0} == 1 ]]; then
exit 1
fi
case $process in
kasmvnc)
echo "KasmVNC crashed, exiting container"
exit 1
# TODO: Is there a way to restore gracefully, restarting the container may be the best here
#start_kasmvnc
#/dockerstartup/custom_startup.sh
;;
kasm_audio_out_websocket)
echo "Restarting Audio Out Websocket Service"
start_audio_out_websocket
;;
kasm_audio_out)
echo "Restarting Audio Out Service"
start_audio_out
;;
kasm_audio_in)
echo "Audio In Service Failed"
# TODO: Needs work in python project to support auto restart
# start_audio_in
;;
upload_server)
echo "Restarting Upload Service"
# TODO: This will only work if both processes are killed, requires more work
start_upload
;;
*)
echo "Unknown Service: $process"
;;
esac
fi
done
sleep 3
done
echo "Exiting Kasm container"
\ No newline at end of file
#!/bin/bash
docker run -v$PWD/:/data -p8590:8590 -eBASE_PORT=8590 -eAUTH_PASS=testpass -it x11web
docker run -v$PWD/:/data -p8591:8591 -eBASE_PORT=8591 -eAUTH_PASS=testpass -it x11web
FROM ubuntu:18.04
FROM ubuntu:20.04
MAINTAINER Stefano Alberto Russo <stefano.russo@inaf.it>
#----------------------
......@@ -12,25 +12,25 @@ ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update
# Utilities
RUN apt-get install -y nano telnet unzip wget supervisor build-essential python-dev git-core openjdk-8-jre
RUN apt-get install -y nano telnet unzip wget git-core sudo
# Change APT user to allow some container runtimes properly work (i.e. Podman)
RUN groupadd -g 600 _apt
RUN usermod -g 600 _apt
#------------------------
# "Meta" user
#------------------------
# Add group. We chose GID 65527 to try avoiding conflicts.
RUN groupadd -g 65527 metauser
# Add group. We chose GID 1000 as default.
RUN groupadd -g 1000 metauser
# Add user. We chose UID 65527 to try avoiding conflicts.
RUN useradd metauser -d /home/metauser -u 65527 -g 65527 -m -s /bin/bash
# Add user. We chose UID 1000 as default
RUN useradd metauser -d /home/metauser -u 1000 -g 1000 -m -s /bin/bash
# Add metuaser user to sudoers
RUN adduser metauser sudo
# Install suodo
RUN apt-get install sudo -y
# No pass sudo (for everyone, actually)
COPY files/sudoers /etc/sudoers
......