add proxy support

2021-07-31 10:06:38 +00:00 · 2021-07-31 10:06:38 +00:00 · 532a0475bf
parent 5f239bfb4c
commit 532a0475bf
9 changed files with 84 additions and 7 deletions
--- a/images/github-runner/Dockerfile
+++ b/images/github-runner/Dockerfile
@ -23,7 +23,7 @@ RUN mkdir -p /run/systemd && echo 'docker' > /run/systemd/container
 RUN apt-get update && \
    apt-get install -y --no-install-recommends \
      systemd systemd-sysv libsystemd0 ca-certificates dbus \
-      iptables iproute2 kmod locales sudo udev && \
+      iptables iproute2 kmod locales sudo udev socat && \
    echo "ReadKMsg=no" >> /etc/systemd/journald.conf && \
    apt-get clean -y && \
    rm -rf /var/cache/debconf/* /var/lib/apt/lists/* /var/log/* /tmp/* /var/tmp/* \
@ -50,7 +50,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y openssh-server
    mkdir /home/admin/.ssh && \
    chown admin:admin /home/admin/.ssh

-EXPOSE 22
+#EXPOSE 22

 # Extra deps for GHA Runner
 ENV DEBIAN_FRONTEND=noninteractive
@ -63,7 +63,7 @@ RUN apt-get update \
    wget \
    zip \
    git \
-    pigz \
+    pigz nano \
    && rm -rf /var/lib/apt/list/*

 # Add and config runner user as sudo
@ -77,7 +77,7 @@ RUN useradd -m runner \

 # Build args
 ARG TARGETPLATFORM=amd64
-ARG RUNNER_VERSION=2.302.1
+ARG RUNNER_VERSION=2.302.4
 WORKDIR /runner

 # Runner download supports amd64 as x64
@ -109,5 +109,12 @@ RUN chmod +x ./patched/runsvc.sh /usr/local/bin/startup.sh

 USER runner

+ENV HTTP_PROXY="http://127.0.0.1:8118"
+ENV HTTPS_PROXY="http://127.0.0.1:8118"
+ENV http_proxy="http://127.0.0.1:8118"
+ENV https_proxy="http://127.0.0.1:8118"
+COPY docker.default /etc/default/docker
+COPY proxy.conf /etc/apt/apt.conf.d/proxy.conf
+
 ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
 CMD ["startup.sh"]
--- a/images/github-runner/docker.default
+++ b/images/github-runner/docker.default
@ -0,0 +1,2 @@
+export http_proxy="http://127.0.0.1:8118"
+export https_proxy="http://127.0.0.1:8118"
--- a/images/github-runner/proxy.conf
+++ b/images/github-runner/proxy.conf
@ -0,0 +1 @@
+Acquire::http::Proxy "http://127.0.0.1:8118";
--- a/images/github-runner/startup.sh
+++ b/images/github-runner/startup.sh
@ -1,8 +1,15 @@
 #!/bin/bash

+echo "Starting Proxy Support"
+socat TCP-LISTEN:8118,reuseaddr,fork UNIX-CLIENT:/tmp/forward-proxy/proxy.sock &
+sudo iptables -A INPUT -p tcp -s localhost --dport 8118 -j ACCEPT
+sudo iptables -A INPUT -p tcp --dport 8118 -j DROP
+
 echo "Starting supervisor (Docker)"
 sudo service docker start

+#bash
+
 if [ -n "${GITHUB_REPOSITORY}" ]
 then
  auth_url="https://api.github.com/repos/${GITHUB_OWNER}/${GITHUB_REPOSITORY}/actions/runners/registration-token"
--- a/images/goma-server/start-goma-server.sh
+++ b/images/goma-server/start-goma-server.sh
@ -7,9 +7,6 @@ NC='\033[0m' # No Color

 echo -e ${RED} -------- start goma-server ${NC}

-#test -f /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
-#socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
-
 socat TCP-LISTEN:50051,reuseaddr,fork UNIX-CLIENT:/tmp/proxy/bots.sock &

 cd ./goma-server/
--- a/images/privoxy/Dockerfile
+++ b/images/privoxy/Dockerfile
@ -0,0 +1,13 @@
+FROM alpine:3.14
+
+ARG REMOTEEXEC_ADDR
+
+COPY user.action .
+COPY privoxy.conf .
+COPY start-proxy.sh .
+
+RUN apk update && apk add privoxy bash sudo socat
+
+CMD sudo chmod +x ./start-proxy.sh &&\
+    REMOTEEXEC_ADDR=$REMOTEEXEC_ADDR &&\
+    ./start-proxy.sh
--- a/images/privoxy/privoxy.conf
+++ b/images/privoxy/privoxy.conf
@ -0,0 +1,18 @@
+#confdir /etc/privoxy
+logdir /var/log/privoxy
+
+#listen-address 127.0.0.1:8118
+listen-address 0.0.0.0:8118
+
+debug 1024
+#debug 32768 # log all data read from the network
+#debug 65536 # Log the applying actions
+
+toggle 1
+enable-remote-toggle 0
+enable-edit-actions 1
+enable-remote-http-toggle 0
+enforce-blocks 1
+
+actionsfile user.action
+
--- a/images/privoxy/start-proxy.sh
+++ b/images/privoxy/start-proxy.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+test -e /tmp/forward-proxy/proxy.sock && sudo rm /tmp/forward-proxy/proxy.sock
+test -e /tmp/proxy/bots.sock && sudo rm /tmp/proxy/bots.sock
+
+socat UNIX-LISTEN:/tmp/forward-proxy/proxy.sock,reuseaddr,fork TCP:127.0.0.1:8118 &
+socat UNIX-LISTEN:/tmp/proxy/bots.sock,reuseaddr,fork TCP4:$REMOTEEXEC_ADDR &
+
+sudo chmod 777 /tmp/forward-proxy/proxy.sock
+sudo chmod 777 /tmp/proxy/bots.sock
+
+privoxy --no-daemon privoxy.conf
--- a/images/privoxy/user.action
+++ b/images/privoxy/user.action
@ -0,0 +1,20 @@
+{ +block{blocked} } 
+/ # Block all URLs
+
+{ -block }
+.github.com
+.docker.io
+.docker.com
+.githubusercontent.com
+.ubuntu.com
+
+# for buildeps
+chromium.googlesource.com
+
+# for chr-source
+chrome-infra-packages.appspot.com
+.googleapis.com
+.googlesource.com
+
+# for goma client
+chrome-infra-packages.appspot.com
				`@ -0,0 +1 @@`
				`Acquire::http::Proxy "http://127.0.0.1:8118";`