bundles/docker-engine: support different user, arbitrary mapped volumes, custom command

2025-02-16 18:35:54 +01:00 · 2025-02-16 18:35:54 +01:00 · f04149b4a7
commit f04149b4a7
parent e0903ffa50
2 changed files with 25 additions and 9 deletions
--- a/bundles/docker-engine/files/docker-wrapper
+++ b/bundles/docker-engine/files/docker-wrapper
@ -12,8 +12,8 @@ then
    exit 1
 fi

-PUID="$(id -u "docker-${name}")"
-PGID="$(id -g "docker-${name}")"
+PUID="$(id -u "${user}")"
+PGID="$(id -g "${user}")"

 if [ "$ACTION" == "start" ]
 then
@ -32,10 +32,19 @@ then
        --publish "127.0.0.1:${host_port}:${container_port}" \
 % endfor
 % for host_path, container_path in sorted(volumes.items()):
+%  if host_path.startswith('/'):
+        --volume "${host_path}:${container_path}" \
+%  else:
        --volume "/var/opt/docker-engine/${name}/${host_path}:${container_path}" \
+%  endif
 % endfor
        --restart unless-stopped \
+% if command:
+        "${image}" \
+        "${command}"
+% else:
        "${image}"
+% endif

 elif [ "$ACTION" == "stop" ]
 then
--- a/bundles/docker-engine/items.py
+++ b/bundles/docker-engine/items.py
@ -45,16 +45,19 @@ actions['docker_create_nondefault_network'] = {

 for app, config in node.metadata.get('docker-engine/containers', {}).items():
    volumes = config.get('volumes', {})
+    user = config.get('user', f'docker-{app}')

    files[f'/opt/docker-engine/{app}'] = {
        'source': 'docker-wrapper',
        'content_type': 'mako',
        'context': {
+            'command': config.get('command'),
            'environment': config.get('environment', {}),
            'image': config['image'],
            'name': app,
            'ports': config.get('ports', {}),
            'timezone': node.metadata.get('timezone'),
+            'user': user,
            'volumes': volumes,
        },
        'mode': '0755',
@ -63,8 +66,7 @@ for app, config in node.metadata.get('docker-engine/containers', {}).items():
        },
    }

-    users[f'docker-{app}'] = {
-        'home': f'/var/opt/docker-engine/{app}',
+    users[user] = {
        'groups': {
            'docker',
        },
@ -73,6 +75,8 @@ for app, config in node.metadata.get('docker-engine/containers', {}).items():
            'svc_systemd:docker',
        },
    }
+    if user == f'docker-{app}':
+        users[user]['home'] = f'/var/opt/docker-engine/{app}'

    files[f'/usr/local/lib/systemd/system/docker-{app}.service'] = {
        'source': 'docker-wrapper.service',
@ -95,20 +99,23 @@ for app, config in node.metadata.get('docker-engine/containers', {}).items():
            *deps,
            f'file:/opt/docker-engine/{app}',
            f'file:/usr/local/lib/systemd/system/docker-{app}.service',
-            f'user:docker-{app}',
+            f'user:{user}',
            'svc_systemd:docker',
            *set(config.get('needs', set())),
        },
    }

    for volume in volumes:
-        directories[f'/var/opt/docker-engine/{app}/{volume}'] = {
-            'owner': f'docker-{app}',
-            'group': f'docker-{app}',
+        if not volume.startswith('/'):
+            volume = f'/var/opt/docker-engine/{app}/{volume}'
+
+        directories[volume] = {
+            'owner': user,
+            'group': user,
            'needed_by': {
                f'svc_systemd:docker-{app}',
            },
            # don't do anything if the directory exists, docker images
            # mangle owners
-            'unless': f'test -d /var/opt/docker-engine/{app}/{volume}',
+            'unless': f'test -d {volume}',
        }