Skip to content

Commit

Permalink
fix(shaka-lab-github-runner): Make nested container support configura…
Browse files Browse the repository at this point in the history
…ble (shaka-project#69)

Running nested container setup on a host with multiple runner instances causes them to conflict with each other, because they each try to control certain locations on the host.  By making nested container support configurable, we can avoid it on hosts with multiple instances.
  • Loading branch information
joeyparrish authored Nov 8, 2024
1 parent a6e54a4 commit 9e39f8a
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 38 deletions.
9 changes: 3 additions & 6 deletions shaka-lab-github-runner/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,15 @@ echo deb https://shaka-project.github.io/shaka-lab/ stable main | \
sudo apt update

# Configure your GitHub details before installation to avoid prompting.
# Note that support_nested_containers is incompatible with number_of_runners
# greater than 1.
cat << EOF | sudo debconf-set-selections
shaka-lab-github-runner shaka-lab-github-runner/scope select SCOPE
shaka-lab-github-runner shaka-lab-github-runner/scope_name string SCOPE_NAME
shaka-lab-github-runner shaka-lab-github-runner/access_token password ACCESS_TOKEN
shaka-lab-github-runner shaka-lab-github-runner/labels string LABELS
shaka-lab-github-runner shaka-lab-github-runner/number_of_runners string NUMBER
shaka-lab-github-runner shaka-lab-github-runner/support_nested_containers boolean TRUE_OR_FALSE
EOF

# Install the package, which will not have to prompt for anything thanks to
Expand Down Expand Up @@ -119,12 +122,6 @@ them in text files inside `/etc/shaka-lab-github-runner.args.d/`.
To add Docker command line arguments that apply to specific runner instances,
add them in text files inside `/etc/shaka-lab-github-runner@$INSTANCE.args.d/`.

To support nested containers, put this in
`/etc/shaka-lab-github-runner.args.d/docker-nested`:

```
-v /var/run/docker.sock:/var/run/docker.sock
```

## Updates

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ db_go
db_input high shaka-lab-github-runner/access_token || true
db_input high shaka-lab-github-runner/labels || true
db_input high shaka-lab-github-runner/number_of_runners || true
db_input high shaka-lab-github-runner/support_nested_containers || true
db_go

# Now we should have all necessary configuration.
Expand All @@ -87,6 +88,8 @@ db_get shaka-lab-github-runner/labels
LABELS="$RET"
db_get shaka-lab-github-runner/number_of_runners
NUMBER_OF_RUNNERS="$RET"
db_get shaka-lab-github-runner/support_nested_containers
SUPPORT_NESTED_CONTAINERS="$RET"


### INSTALLATION ###
Expand Down
6 changes: 6 additions & 0 deletions shaka-lab-github-runner/linux/debian/templates
Original file line number Diff line number Diff line change
Expand Up @@ -35,3 +35,9 @@ Template: shaka-lab-github-runner/number_of_runners
Type: string
Description: Number of runner instances
The number of runner instances to launch in parallel.

Template: shaka-lab-github-runner/support_nested_containers
Type: boolean
Description: Support nested containers?
If true, support nested containers. Incompatible with multiple runner
instances on the same host.
80 changes: 48 additions & 32 deletions shaka-lab-github-runner/linux/start-runner.sh
Original file line number Diff line number Diff line change
Expand Up @@ -86,43 +86,59 @@ if dpkg -s shaka-lab-cert-generator &>/dev/null || \
extra_docker_args+=(--mount type=bind,src=/etc/letsencrypt,dst=/etc/letsencrypt,ro)
fi

# To support nested containers in self-hosted workflows, certain folders
# expected by GitHub Actions must be consistently mapped from the outer host to
# the first container. To keep workflows ephemeral, we also wipe these before
# every run.
# This matches what GitHub runner expects, and is the necessary value for
# nested container support.
RUNNER_WORKDIR=/home/runner/work
MAPPED_FOLDERS=(
$RUNNER_WORKDIR
/opt/hostedtoolcache
)
for i in "${MAPPED_FOLDERS[@]}"; do
rm -rf "$i"
mkdir -p "$i"
extra_docker_args+=(--mount type=bind,src="$i",dst="$i")
done

# This folder already exists inside the container image, but we want to keep our
# own copy of it at the host level. This will allow it to be correctly mapped
# to nested containers, and modified if necessary.
EXTERNALS=/actions-runner/externals
rm -rf "$EXTERNALS"
mkdir -p "$EXTERNALS"

# Create a temporary docker container to extract these files.
# Make sure we have the required Docker image/tag, and the latest version of it.
docker pull "$DOCKER_IMAGE"
docker container create --name "$CONTAINER_NAME" "$DOCKER_IMAGE"

# Copy "$EXTERNALS" itself from the container into the local parent of the same.
# This is because "docker cp" doesn't do wildcards, so you can't copy "e/* e/".
docker cp "$CONTAINER_NAME":"$EXTERNALS" "$EXTERNALS"/..

# Clean up the temporary container.
docker container rm "$CONTAINER_NAME"

# Create a special mount for this folder.
extra_docker_args+=(--mount type=bind,src="$EXTERNALS",dst="$EXTERNALS",ro)
# Extract the value of shaka-lab-github-runner/support_nested_containers from
# debian package configuration.
SUPPORT_NESTED_CONTAINERS=$(debconf-get-selections 2>/dev/null | grep shaka-lab-github-runner/support_nested_containers | awk '{print $4}')

# Add extra arguments necessary for nested containers, if requested.
if [[ "$SUPPORT_NESTED_CONTAINERS" == "true" ]]; then
# To support nested containers in self-hosted workflows, certain folders
# expected by GitHub Actions must be consistently mapped from the outer host
# to the first container. To keep workflows ephemeral, we also wipe these
# before every run.
MAPPED_FOLDERS=(
$RUNNER_WORKDIR
/opt/hostedtoolcache
)
for i in "${MAPPED_FOLDERS[@]}"; do
rm -rf "$i"
mkdir -p "$i"
extra_docker_args+=(--mount type=bind,src="$i",dst="$i")
done

# This folder already exists inside the container image, but we want to keep
# our own copy of it at the host level. This will allow it to be correctly
# mapped to nested containers, and modified if necessary.
EXTERNALS=/actions-runner/externals
rm -rf "$EXTERNALS"
mkdir -p "$EXTERNALS"

# Create a temporary docker container to extract these files.
docker container create --name "$CONTAINER_NAME" "$DOCKER_IMAGE"

# Copy "$EXTERNALS" itself from the container into the local parent of the
# same. This is because "docker cp" doesn't do wildcards, so you can't copy
# "e/* e/".
docker cp "$CONTAINER_NAME":"$EXTERNALS" "$EXTERNALS"/..

# Clean up the temporary container.
docker container rm "$CONTAINER_NAME"

# Create a special mount for this folder.
extra_docker_args+=(--mount type=bind,src="$EXTERNALS",dst="$EXTERNALS",ro)

# Create a special bind for the docker socket.
extra_docker_args+=(-v /var/run/docker.sock:/var/run/docker.sock)
fi

# Start a docker container.
# Start the docker container.
# --rm: Remove the container when it shuts down.
# --name: The name of the container.
# --network host: Use the host directly for networking, rather than NAT.
Expand Down

0 comments on commit 9e39f8a

Please sign in to comment.