Skip to content

Commit

Permalink
Containerize semonitor
Browse files Browse the repository at this point in the history
To be able to track dependencies better, make development easier and
have a more reliable means of distributing and managing semonitor, it is
good to put it isolate it within a container.

Everything should still be useable as before, but care needs to be taken
when running pipelines, as if these are not properly passed into the
container, one is piping the outside of the container. The result would
be the same, but either two docker instances would need to be run or the
second command needs to be available on the host. Both are not ideal
solutions.

Signed-off-by: Olliver Schinagl <[email protected]>
  • Loading branch information
oliv3r committed Jun 22, 2023
1 parent 9770679 commit 9d93ec6
Show file tree
Hide file tree
Showing 6 changed files with 272 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.circleci/
.git/
test/
85 changes: 85 additions & 0 deletions .github/workflows/container-build.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
name: Create and publish Container image

on:
push:
branches:
- master
tags:
- 'v*'
pull_request:
branches:
- master

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
TEST_TAG: ${{ github.repository }}:test_tag

jobs:
build-and-push-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: true

- name: Set up QEMU
uses: docker/setup-qemu-action@v2

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to Container registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
images: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=edge
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
flavor: |
latest=auto
- name: Build and export
uses: docker/build-push-action@v4
with:
context: .
file: Containerfile
load: true
tags: ${{ env.TEST_TAG }}

- name: Test
run: >
docker container run \
--rm \
--user 'root:root' \
--volume "$(pwd)/test:/usr/local/src/semonitor/test" \
${{ env.TEST_TAG }} \
'/bin/sh' -c 'runuser --user semonitor -- ./test/test.sh'
- name: Build and push
uses: docker/build-push-action@v4
with:
platforms: linux/amd64,linux/386,linux/arm64,linux/arm/v7,linux/arm/v6
context: .
file: Containerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
36 changes: 36 additions & 0 deletions Containerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
ARG PYTHON_VERSION="3-slim"

FROM index.docker.io/library/python:${PYTHON_VERSION}

COPY requirements.txt /tmp/

RUN ARCH="$(dpkg --print-architecture)" && \
BUILD_DEPS=" \
gcc \
linux-headers-${ARCH} \
" && \
apt-get update && apt-get install --yes ${BUILD_DEPS:+${BUILD_DEPS}} && \
pip --no-cache-dir install --requirement '/tmp/requirements.txt' && \
rm '/tmp/requirements.txt' && \
apt-get purge --yes ${BUILD_DEPS:+${BUILD_DEPS}} && \
apt-get autoremove --yes && \
apt-get clean && \
rm -f -r '/var/lib/apt' && \
install -d -m 775 '/usr/local/src' && \
useradd -d '/usr/local/src/semonitor' -m -r -s '/usr/sbin/nologin' 'semonitor' && \
install -d -m 775 -g 'semonitor' -o 'semonitor' '/var/lib/semonitor'

VOLUME /var/lib/semonitor

WORKDIR /usr/local/src/semonitor/

COPY conversion /usr/local/src/semonitor/conversion
COPY scripts/semonitor.sh /usr/local/bin/semonitor.sh
COPY se /usr/local/src/semonitor/se
COPY semonitor.py /usr/local/src/semonitor/semonitor.py
COPY services/container-entrypoint.sh /init
COPY utilities /usr/local/src/semonitor/utilities

USER semonitor

ENTRYPOINT [ "/init" ]
100 changes: 100 additions & 0 deletions README.Docker.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# Running semonitor in docker
SEMonitor can be run within a Docker container. This provides isolation from
other processes by running it in a containerized environment. As this is not
and in-depth tutorial on docker, those with Docker, containers or cgroups see
[docker.com][docker].

This guide is not a comprehensive guide, but just lists the most basic things!


## Building the container
Building the container is only needed if the official one is not sufficient,
or when developing on semonitor.

To build the image, the following can be used, where `ISSUE-123` is just used
as an example. It is important in that it will be re-used later.

```sh
docker image build \
--file 'Containerfile' \
--rm \
--tag 'semonitor:ISSUE-123' \
'./'
```


## Running tests
The tests are not included in the container image, so we volume mount them to
make them available to the installed semonitor application.

```sh
docker container run \
--interactive \
--rm \
--tty \
--user 'root:root' \
--volume "$(pwd)/test:/usr/local/src/semonitor/test" \
'semonitor:ISSUE-123' \
'/bin/sh' -c 'runuser --user semonitor -- ./test/test.sh'
```


## Running serial device
Running the semonitor on a serial device using the official latest image can
be done as follows.

```sh
docker container run \
--device '/dev/solaredge0:/dev/ttyUSB0' \
--interactive \
--rm \
--tty \
--volume "$(pwd)/semonitor_logs/:/semonitor/" \
'ghcr.io/jbuehl/solaredge:latest' \
semonitor.sh \
-a \
-b 115200 \
-m \
-o "/semonitor/json/$(date +%Y%m%d).json" \
-r "/semonitor/rec/$(date +%Y%m%d).rec" \
-s '1234567' \
-t 4 \
'/dev/ttyUSB0'
```

## Using compose
It is also possible to run the container using `docker compose`. Here an
example. The device used is a udev symlinked serial to USB adapter, whith
the appropriate permissions.

```yaml
networks:
semonitor: {}

volumes:
semonitor:

services:
sslh:
image: ghcr.io/jbuehl/solaredge:master
cap_drop:
- all
ulimits:
nproc: 64
nofile:
soft: 4194304
hard: 16777216
devices:
- /dev/solaredge:/dev/ttyUSB0
env_file:
- common.env
volumes:
- semonitor:/var/lib/semonitor:rw
networks:
- semonitor
expose:
- "80/tcp"
- "22221-22222/tcp"
command: -a -b 115200 -m -o "/var/lib/semonitor/json/__date__.json" -r "/var/lib/semonitor/rec/__date__.rec" -s '1234567' -t 4 '/dev/ttyUSB0'
restart: unless-stopped
```
24 changes: 24 additions & 0 deletions scripts/semonitor.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/bin/sh

set -eu
if [ -n "${DEBUG_TRACE_SH:-}" ] && \
[ "${DEBUG_TRACE_SH:-}" != "${DEBUG_TRACE_SH#*"$(basename "${0}")"*}" ] || \
[ "${DEBUG_TRACE_SH:-}" = 'all' ]; then
set -x
fi

se_date_fmt="${SE_DATE_FMT:-%Y%m%d}"
se_start_year="${SE_START_YEAR:-2023}"

# Wait for a reasonable date to be set
while [ "$(date '+%Y')" -lt "${se_start_year}" ]; do
echo "Date is to far in the past ($(date '+%Y') < ${se_start_year})."
echo 'Override by setting "SE_START_YEAR" environment variable.'
sleep 1
done

args="$(echo "${@}" | sed "s|__date__|$(date "+${se_date_fmt}")|g")"

exec '/usr/local/src/semonitor/semonitor.py' ${args:+${args}}

exit 0
24 changes: 24 additions & 0 deletions services/container-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0-or-later
#
# Copyright (C) 2023 Olliver Schinagl <[email protected]>
#
# A beginning user should be able to docker run image bash (or sh) without
# needing to learn about --entrypoint
# https://github.com/docker-library/official-images#consistency

set -eu

bin='semonitor.sh'

# run command if it is not starting with a "-" and is an executable in PATH
if [ "${#}" -le 0 ] || \
[ "${1#-}" != "${1}" ] || \
[ -d "${1}" ] || \
! command -v "${1}" > '/dev/null' 2>&1; then
entrypoint='true'
fi

exec ${entrypoint:+${bin:?}} "${@}"

exit 0

0 comments on commit 9d93ec6

Please sign in to comment.