lab-base 2.0 (#89)

* add unified entrypoint

* add settings for containerlab

* update build workflow

* fixes and image with uid 1009

* add then

* fix dockerfile

* add aliases back

* remove codespaces check for entrypoint cli

* add defaults to entrypoint

* fix gids

Author: ankudinov

.cp/copier.yml

@@ -103,7 +103,7 @@ ceos_lab_version:
   type: str
   help: Please select the cEOS-lab version.
   when: "{{ 'lab' | _in(templates) }}"
-  choices: ["4.32.3M"]
+  choices: ["4.34.2F"]
 
 clab_version:
   type: str

.devcontainer/cvaas-cvaas-and-avd-demo--evpn-mlag/devcontainer.json

@@ -1,12 +1,13 @@
 {
-    "image": "ghcr.io/${localEnv:GITHUB_REPOSITORY}/lab-base:python3.11-avd-v5.1.0-clab0.65.1-rev1.3",
+    "image": "ghcr.io/${localEnv:GITHUB_REPOSITORY}/lab-base:python3.11-avd-v5.5.1-clab0.69.3-rev2.0",
     // containerEnv set the variables applied to entire container
     "containerEnv": {
         "ARISTA_TOKEN": "${localEnv:ARTOKEN}",
-        "CEOS_LAB_VERSION": "4.32.3M",
+        "CEOS_LAB_VERSION": "4.34.2F",
         "CV_API_TOKEN": "${localEnv:CV_API_TOKEN}",
         "CONTAINERWSF": "${containerWorkspaceFolder}",
-        "GITHUB_REPOSITORY": "${localEnv:GITHUB_REPOSITORY}"
+        "GITHUB_REPOSITORY": "${localEnv:GITHUB_REPOSITORY}",
+        "PASSWORD": "${localEnv:CODER_PASSWORD}"
     },
     "secrets": {
         "CV_API_TOKEN": {
@@ -28,7 +29,7 @@
         "storage": "64gb"
     },
     "onCreateCommand": "chmod +x /cvaas-cvaas-and-avd-demo--evpn-mlag/addAliases.sh; /cvaas-cvaas-and-avd-demo--evpn-mlag/addAliases.sh",
-    "postCreateCommand": "postCreate.sh; make start",
+    "postCreateCommand": "/bin/entrypoint",
     "workspaceMount": "source=${localWorkspaceFolder}/labs/${containerWorkspaceFolder},target=/${containerWorkspaceFolder},type=bind",
     "workspaceFolder": "/cvaas-cvaas-and-avd-demo--evpn-mlag",
     "containerUser": "avd"

.github/workflows/container_build_child.yml

@@ -68,7 +68,11 @@ jobs:
         run: |
           if [ -z "${{ inputs.image_tags }}" ]; then
             echo "No image tags provided. Building tags."
-            echo "image_tags=${{ inputs.from_variant }}-clab${{ inputs.clab_version }}-rev${{ inputs.container_revision }}" >> $GITHUB_OUTPUT
+            if [ "${{ inputs.user_id }}" != "1000" ]; then
+              echo "image_tags=${{ inputs.from_variant }}-clab${{ inputs.clab_version }}-rev${{ inputs.container_revision }}-uid${{ inputs.user_id }}" >> $GITHUB_OUTPUT
+            else
+              echo "image_tags=${{ inputs.from_variant }}-clab${{ inputs.clab_version }}-rev${{ inputs.container_revision }}" >> $GITHUB_OUTPUT
+            fi
           else
             echo "Using provided image tags."
             echo "image_tags=${{ inputs.image_tags }}" >> $GITHUB_OUTPUT
@@ -111,7 +115,7 @@ jobs:
       - name: Pre-build dev container image 🔨
         uses: devcontainers/ci@v0.3
         # Only build and push the image if at least one of the image tags does not exist.
-        if: steps.check-image.outputs.exit_code != 0
+        # if: steps.check-image.outputs.exit_code != 0
         env:
           FROM_IMAGE: ${{ inputs.from_image }}
           FROM_VARIANT: ${{ inputs.from_variant }}

.github/workflows/container_build_parent_matrix.yml

@@ -25,10 +25,18 @@ jobs:
         from_image: ["ghcr.io/aristanetworks/avd/universal"]
         from_variant: ["python3.11-avd-v5.5.1"]
         clab_version: ["0.69.3"]
+        user_id: ["1000", "1009"]
+        include:
+          - user_id: "1000"
+            group_id: "1000"
+          - user_id: "1009"
+            group_id: "1009"
     with:
       from_image: ${{ matrix.from_image }}
       from_variant: ${{ matrix.from_variant }}
       clab_version: ${{ matrix.clab_version }}
+      user_id: ${{ matrix.user_id }}
+      group_id: ${{ matrix.group_id }}
       # the rev number will be updated with each run
       # 1.1 - initial version
       # 1.2:
@@ -49,4 +57,9 @@ jobs:
       # - Add ContainerLab 0.68.0
       # 1.7:
       # - Add ContainerLab 0.69.3
-      container_revision: "1.7"
+      # 2.0:
+      # - Add ARM support
+      # - Add code-server install for VSCode Web UI without supporting tools
+      # - Switch to unified entrypoint
+      # - Add image with UID 1009 for arista.labs
+      container_revision: "2.0"

containers/lab-base/.devcontainer/Dockerfile

@@ -7,12 +7,19 @@ ARG USERNAME
 ARG CLAB_VERSION
 ARG CEOS_LAB_VERSION_ARG
 ARG GIT_INIT_ARG
+ARG UID
+ARG GID
 
 ENV CEOS_LAB_VERSION=${CEOS_LAB_VERSION_ARG}
 ENV GIT_INIT=${GIT_INIT_ARG}
 
 USER root
 
+ENV OLD_GID="1000"
+RUN sed -i -e "s/\(${USERNAME}:[^:]*:\)[^:]*:[^:]*/\1${UID}:${GID}/" /etc/passwd; \
+    sed -i -e "s/\([^:]*:[^:]*:\)${GID}:/\1${GID}:/" /etc/group; \
+    chown -R $UID:$GID /home/$USERNAME
+
 # install some basic tools inside the container
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
@@ -23,11 +30,10 @@ RUN apt-get update \
     && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \
     && apt-get clean
 
-# copy postCreate script
-COPY ./postCreate.sh /bin/postCreate.sh
-RUN chmod +x /bin/postCreate.sh
-# copy terminals script
-COPY ./terminals.sh /bin/terminals.sh
+# copy code-server entrypoint
+COPY ./entrypoint.sh /bin/entrypoint
+RUN chmod +x /bin/entrypoint
+ENTRYPOINT [ "/bin/entrypoint" ]
 
 USER ${USERNAME}
 
@@ -36,3 +42,15 @@ RUN bash -c "$(curl -sL https://get.containerlab.dev)" -- -v ${CLAB_VERSION} \
     && pip3 install --user yamllint \
     && pip install --user "eos-downloader>=0.10.1" \
     && pip install --user passlib
+
+# install coder and extensions
+RUN curl -fsSL https://code-server.dev/install.sh | sh -s -- --version="4.103.1" \
+    && code-server --install-extension srl-labs.vscode-containerlab --force \
+    && code-server --install-extension tuxtina.json2yaml --force
+
+USER root
+# add global workspace settings for code-server
+COPY ./settings.json /home/${USERNAME}/.local/share/code-server/User
+RUN chown ${USERNAME} /home/${USERNAME}/.local/share/code-server/User/settings.json
+
+USER ${USERNAME}

containers/lab-base/.devcontainer/devcontainer.json

@@ -7,7 +7,9 @@
             "USERNAME": "${localEnv:USERNAME}",
             "CLAB_VERSION": "${localEnv:CLAB_VERSION}",
             "CEOS_LAB_VERSION_ARG": "${localEnv:CEOS_LAB_VERSION_ARG}",
-            "GIT_INIT_ARG": "${localEnv:GIT_INIT_ARG}"
+            "GIT_INIT_ARG": "${localEnv:GIT_INIT_ARG}",
+            "UID": "${localEnv:UID}",
+            "GID": "${localEnv:GID}"
         }
     },
     "customizations": {

containers/lab-base/.devcontainer/entrypoint.sh

@@ -0,0 +1,156 @@
+#!/usr/bin/env bash
+
+set +e
+
+# use VSCode script to start Docker
+/usr/local/share/docker-init.sh
+
+# for D-in-D case container engine will be always Docker
+# however we do not want to hardcode it for future cases
+if [ "$(command -v podman)" ]; then
+    CONTAINER_ENGINE="podman"
+elif [ "$(command -v docker)" ]; then
+    CONTAINER_ENGINE="docker"
+else
+    echo "ERROR: Failed to find container engine. Please install docker or podman." >&2
+    exit 1
+fi
+
+# always prune old containers to clean the lab on laptops
+${CONTAINER_ENGINE} container prune -f
+
+if [ -z "${CEOS_IMAGE_FULLPATH}" ]; then
+    CEOS_IMAGE_FULLPATH="${CONTAINERWSF}/cEOS*tar.xz"
+fi
+if [ -z "${CEOS_MD5_FULLPATH}" ]; then
+    CEOS_MD5_FULLPATH="${CONTAINERWSF}/cEOS*tar.xz.sha512sum"
+fi
+# check if ceos-lab image already present
+if [ -z "$(${CONTAINER_ENGINE} image ls | grep 'arista/ceos')" ]; then
+    if [ "${ARISTA_TOKEN}" ]; then
+        # `uname -m` is used to find platform architecture
+        # currently we check for arm64 and aarch64 and expect everything else to be an x86 machine
+        echo "$(uname -m)"
+        if [ "$(uname -m)" = "aarch64" ] || [ "$(uname -m)" = "arm64" ]; then
+            ardl get eos --format cEOSarm --version ${CEOS_LAB_VERSION} --import-docker
+            ${CONTAINER_ENGINE} tag arista/ceos:${CEOS_LAB_VERSION} arista/ceos:latest
+        else
+            ardl get eos --format cEOS --version ${CEOS_LAB_VERSION} --import-docker
+            ${CONTAINER_ENGINE} tag arista/ceos:${CEOS_LAB_VERSION} arista/ceos:latest
+        fi
+        # confirm that cEOS image was deleted just in case ardl failed to do that
+        rm -rf ${CEOS_IMAGE_FULLPATH} >/dev/null 2>&1
+        rm -rf ${CEOS_MD5_FULLPATH} >/dev/null 2>&1
+    else
+        # if ARISTA_TOKEN is not defined - we'll try find image in the workspace cEOS*.tar.xz
+        if [ -e ${CEOS_IMAGE_FULLPATH} ]; then
+            ${CONTAINER_ENGINE} import ${CEOS_IMAGE_FULLPATH} arista/ceos:latest
+            rm ${CEOS_IMAGE_FULLPATH}
+            # also delete SHA if it was copied, currently we do not check if archive was broken
+            rm -rf ${CEOS_MD5_FULLPATH} >/dev/null 2>&1
+            echo "WARNING: cEOS-lab image was successfully imported from the workspace."
+        else
+            echo "WARNING: arista.com token was not defined and cEOS-lab image is not present in container workspace!"
+        fi 2>/dev/null
+    fi
+else
+    echo "WARNING: cEOS-lab image already present. Skipping the image pull/download."
+fi
+
+# add aliases if any were defined
+if [ -f "${CONTAINERWSF}/addAliases.sh" ]; then
+    chmod +x ${CONTAINERWSF}/addAliases.sh
+    ${CONTAINERWSF}/addAliases.sh
+fi
+
+# when running on Codespaces, replace any Github variables in lab files
+if ${CODESPACES}; then
+    # replace all markdown vars in demo directory
+    if [ "${GITHUB_REPOSITORY}" ]; then
+        grep -rl '{{gh.repo_name}}' . --exclude-dir .git | xargs sed -i 's/{{gh.repo_name}}/'"${GITHUB_REPOSITORY##*/}"'/g'
+        grep -rl '{{gh.org_name}}' . --exclude-dir .git | xargs sed -i 's/{{gh.org_name}}/'"${GITHUB_REPOSITORY%%/*}"'/g'
+        grep -rl '{{gh.repository}}' . --exclude-dir .git | xargs sed -i 's@{{gh.repository}}@'"${GITHUB_REPOSITORY}"'@g'
+    else
+        # if not running on Codespaces and GITHUB_REPOSITORY is not set - set aristanetworks/acLabs by default
+        grep -rl '{{gh.repo_name}}' . --exclude-dir .git | xargs sed -i 's/{{gh.repo_name}}/'"acLabs"'/g'
+        grep -rl '{{gh.org_name}}' . --exclude-dir .git | xargs sed -i 's/{{gh.org_name}}/'"aristanetworks"'/g'
+        grep -rl '{{gh.repository}}' . --exclude-dir .git | xargs sed -i 's@{{gh.repository}}@'"aristanetworks/acLabs"'@g'
+    fi
+fi
+
+# update URL in clab init configs if set
+if [ "${CVURL}" ]; then
+    grep -rl '{{cv_url}}' . --exclude-dir .git | xargs sed -i 's@{{cv_url}}@'"${CVURL}"'@g'
+    # check for legacy labs using hardcoded URL
+    grep -rl 'cv-staging.corp.arista.io' . --exclude-dir .git | xargs sed -i 's@cv-staging.corp.arista.io@'"${CVURL}"'@g'
+else
+    # set defaul url to staging if nothing is defined
+    grep -rl '{{cv_url}}' . --exclude-dir .git | xargs sed -i 's@{{cv_url}}@'"cv-staging.corp.arista.io"'@g'
+fi
+
+if [ "${CV_API_TOKEN}" ]; then
+    if [ "${CVURL}" ]; then
+        CVTOKEN=$(curl -H "Authorization: Bearer ${CV_API_TOKEN}" "https://www.${CVURL}/api/v3/services/admin.Enrollment/AddEnrollmentToken" -d '{"enrollmentToken":{"reenrollDevices":["*"],"validFor":"24h"}}' | sed -n 's|.*"token":"\([^"]*\)".*|\1|p')
+    else
+        CVTOKEN=$(curl -H "Authorization: Bearer ${CV_API_TOKEN}" "https://www.cv-staging.corp.arista.io/api/v3/services/admin.Enrollment/AddEnrollmentToken" -d '{"enrollmentToken":{"reenrollDevices":["*"],"validFor":"24h"}}' | sed -n 's|.*"token":"\([^"]*\)".*|\1|p')
+    fi
+    if [ "${CVTOKEN}" ]; then
+        echo "$CVTOKEN" > ${CONTAINERWSF}/clab/cv-onboarding-token
+    else
+        echo "ERROR: failed to generate onboarding token!"
+    fi
+else
+    # add default to avoid clab failing due to missing file
+    echo "CAFECAFE" > ${CONTAINERWSF}/clab/cv-onboarding-token
+fi
+
+if [ -f "${CONTAINERWSF}/postCreate.sh" ]; then
+    chmod +x ${CONTAINERWSF}/postCreate.sh
+    ${CONTAINERWSF}/postCreate.sh
+    # delete postCreate.sh after use to avoid confusing lab user
+    rm ${CONTAINERWSF}/postCreate.sh
+fi
+
+# init demo dir as Git repo if requested for this demo env
+if ${GIT_INIT:-false}; then
+    cd ${CONTAINERWSF}
+    # if not a git repo already - init
+    if [ -z "$(git status 2>/dev/null)" ]; then
+        git init
+        git config --global --add safe.directory ${PWD}
+        if [ -z "$(git config user.name)" ]; then git config user.name "Lab User"; fi
+        if [ -z "$(git config user.email)" ]; then git config user.email user@one-click.lab; fi
+        git add .
+        git commit -m "git init"
+    fi
+fi
+
+if [ -z "${CODE_SERVER_BIND_ADDR}" ]; then
+    CODE_SERVER_BIND_ADDR="0.0.0.0:8080"
+fi
+code-server --bind-addr ${CODE_SERVER_BIND_ADDR} --auth password --disable-telemetry --disable-update-check --disable-workspace-trust "${CONTAINERWSF}" &
+
+# check if image is still missing and print a warning
+if [ -z "$(${CONTAINER_ENGINE} image ls | grep 'arista/ceos')" ]; then
+    echo "WARNING: cEOS-lab image download failed. Try to upload and import it manually."
+    echo "         Please make sure that image is imported with a correct name - arista/ceos:latest"
+    echo "         The lab will not auto start! Run 'make start' when image is ready."
+else
+    cd ${CONTAINERWSF}
+    make start
+fi
+
+# on Codespaces this will not work correctly
+if ! ${CODESPACES:-false}; then
+    # Execute command from docker cli if any.
+    if [ ${@+True} ]; then
+        exec "$@"
+    # Otherwise just enter sh or zsh.
+    else
+        if [ -f "/bin/zsh" ]; then
+            exec zsh
+        else
+            exec sh
+        fi
+    fi
+fi

containers/lab-base/.devcontainer/postCreate.sh

@@ -0,0 +1,3 @@
+{
+    "workbench.startupEditor": "readme"
+}

containers/lab-base/.devcontainer/settings.json

@@ -0,0 +1,10 @@
+{
+    "containerlab": {
+        "showWelcomePage": false,
+        "node": {
+            "sshUserMapping": {
+                "ceos": "arista"
+            }
+        }
+    }
+}