From d4f8ab4aa9b8f918e31d85802dad62a225bbe775 Mon Sep 17 00:00:00 2001
From: pmikus <peter.mikus@protonmail.ch>
Date: Fri, 5 May 2023 08:10:29 +0000
Subject: [PATCH] fix(ansible): Docker image roles

Signed-off-by: pmikus <peter.mikus@protonmail.ch>
Change-Id: Ic9f9044ffd7ba1a8720fc029aaf2bd154eb043a5
---
 .../roles/cleanup/tasks/kill_containers.yaml       |  2 +-
 .../roles/docker_images/files/base/Dockerfile      |  8 +++-
 .../files/csit-initialize-docker-tg.sh             | 43 ----------------------
 .../templates/docker-compose-sut.yaml.j2           | 18 ++++++---
 .../templates/docker-compose-tg.yaml.j2            | 18 ++++++---
 5 files changed, 32 insertions(+), 57 deletions(-)
 delete mode 100755 fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh

diff --git a/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml b/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml
index 2c01b95a15..22239b1ebb 100644
--- a/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml
+++ b/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml
@@ -4,7 +4,7 @@
 - name: Kill Docker Containers
   block:
     - name: Kill Container - Get Running Docker Containers
-      ansible.builtin.shell: "docker ps -aq"
+      ansible.builtin.shell: "docker ps -a --filter name=DUT -q"
       register: running_containers
       changed_when: false
       tags:
diff --git a/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile
index 0a17bf6404..cbbaf35f6f 100644
--- a/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile
+++ b/fdio.infra.ansible/roles/docker_images/files/base/Dockerfile
@@ -67,6 +67,7 @@ RUN apt-get -q update \
         vim \
         wget \
         zlib1g-dev \
+ && ln -s -f /usr/lib/x86_64-linux-gnu/libc.a /usr/lib/x86_64-linux-gnu/liblibc.a \
  && curl -fsSL https://get.docker.com | sh \
  && rm -rf /var/lib/apt/lists/*
 
@@ -146,7 +147,12 @@ RUN pip3 install \
         snowballstemmer==2.2.0 \
         urllib3==1.26.10
 
-RUN useradd -rm -d /home/testuser -s /bin/bash -g root -G sudo -u 1000 testuser \
+RUN groupadd -g 1000 testuser \
+ && useradd -rm -d /home/testuser -s /bin/bash -g testuser -G sudo -u 1000 testuser \
  && echo 'testuser:Csit1234' | chpasswd
 
+RUN echo 'root:Csit1234' | chpasswd \
+ && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
+ && echo "export VISIBLE=now" >> /etc/profile
+
 RUN service ssh start
\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh b/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh
deleted file mode 100755
index 0f93def8b5..0000000000
--- a/fdio.infra.ansible/roles/docker_images/files/csit-initialize-docker-tg.sh
+++ /dev/null
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-case "${1:-start}" in
-    "start" )
-        # Run TG
-        for cnt in $(seq 1 ${2:-1}); do
-            docker network create --driver bridge csit-nw-tg${cnt} || true
-            # If the IMAGE is not already loaded then docker run will pull the
-            # IMAGE, and all image dependencies, before it starts the container.
-            dcr_image="base-ubuntu2204:local"
-            # Run the container in the background and print the new container
-            # ID.
-            dcr_stc_params="--detach=true "
-            # Give extended privileges to this container. A "privileged"
-            # container is given access to all devices and able to run nested
-            # containers.
-            dcr_stc_params+="--privileged "
-            # Publish all exposed ports to random ports on the host interfaces.
-            dcr_stc_params+="--publish 600${cnt}:2222 "
-            # Automatically remove the container when it exits.
-            dcr_stc_params+="--rm "
-            # Size of /dev/shm.
-            dcr_stc_params+="--shm-size 4G "
-            # Mount vfio to be able to bind to see binded interfaces. We cannot
-            # use --device=/dev/vfio as this does not see newly binded
-            # interfaces.
-            dcr_stc_params+="--volume /dev:/dev "
-            # Mount /opt/boot/ where VM kernel and initrd are located.
-            dcr_stc_params+="--volume /opt:/opt "
-            # Mount host hugepages for VMs.
-            dcr_stc_params+="--volume /dev/hugepages:/dev/hugepages "
-
-            params=(${dcr_stc_params} --name csit-tg-"${cnt}" "${dcr_image}")
-            docker run --network=csit-nw-tg${cnt} "${params[@]}"
-        done
-        ;;
-    "stop" )
-        docker rm --force $(docker ps --all --quiet --filter name=csit)
-        docker network rm $(docker network ls --filter name=csit --quiet)
-        ;;
-esac
diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2
index bcb29f1ae0..be0ffcd9f4 100644
--- a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2
+++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-sut.yaml.j2
@@ -12,10 +12,13 @@ services:
     privileged: true
     restart: "always"
     shm_size: "4G"
-    devices:
-      - "/dev/hugepages:/dev/hugepages"
-      - "/dev/vfio:/dev/vfio"
     volumes:
+      - type: "bind"
+        source: "/dev/hugepages"
+        target: "/dev/hugepages"
+      - type: "bind"
+        source: "/dev/vfio"
+        target: "/dev/vfio"
       - type: "bind"
         source: "/etc/sudoers"
         target: "/etc/sudoers"
@@ -43,10 +46,13 @@ services:
     privileged: true
     restart: "always"
     shm_size: "4G"
-    devices:
-      - "/dev/hugepages:/dev/hugepages"
-      - "/dev/vfio:/dev/vfio"
     volumes:
+      - type: "bind"
+        source: "/dev/hugepages"
+        target: "/dev/hugepages"
+      - type: "bind"
+        source: "/dev/vfio"
+        target: "/dev/vfio"
       - type: "bind"
         source: "/etc/sudoers"
         target: "/etc/sudoers"
diff --git a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2 b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2
index 0cbe6c5590..1fd365eec0 100644
--- a/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2
+++ b/fdio.infra.ansible/roles/docker_images/templates/docker-compose-tg.yaml.j2
@@ -15,10 +15,13 @@ services:
       - "6001:6001"
     restart: "always"
     shm_size: "4G"
-    devices:
-      - "/dev/hugepages:/dev/hugepages"
-      - "/dev/vfio:/dev/vfio"
     volumes:
+      - type: "bind"
+        source: "/dev/hugepages"
+        target: "/dev/hugepages"
+      - type: "bind"
+        source: "/dev/vfio"
+        target: "/dev/vfio"
       - type: "bind"
         source: "/etc/sudoers"
         target: "/etc/sudoers"
@@ -43,10 +46,13 @@ services:
       - "6002:6002"
     restart: "always"
     shm_size: "4G"
-    devices:
-      - "/dev/hugepages:/dev/hugepages"
-      - "/dev/vfio:/dev/vfio"
     volumes:
+      - type: "bind"
+        source: "/dev/hugepages"
+        target: "/dev/hugepages"
+      - type: "bind"
+        source: "/dev/vfio"
+        target: "/dev/vfio"
       - type: "bind"
         source: "/etc/sudoers"
         target: "/etc/sudoers"
-- 
2.16.6