feat: Create a initial docker container for FIREWHEEL #68

sdelliot · 2025-02-20T20:42:07Z

This PR provides a working Docker container for FIREWHEEL. We should consider this as a beta-testing phase and remove that label in a future release. This container has been tested in both low-trust and high-trust environments where various permissions/kernel modules were stripped and verified functionality. The associated documentation provides a good overview of the container and how it was created.
Aside from that, there are a few important things to note:

The FIREWHEEL docker container is based on the minimega container image.
Multi-node/containers have not been tested/explored.
This PR does not include a Docker compose environment. This should happen in a different PR.
The container does not contain any VM images and those will need to be added post-launch by users.

Signed-off-by: Steven Elliott <6461548+sdelliot@users.noreply.github.com>

sdelliot · 2025-02-21T13:09:11Z

docker/fsroot/start-minimega.sh

+/usr/share/openvswitch/scripts/ovs-ctl start 1>/var/log/minimega.log 2>/var/log/minimega.log
+if [ $? -ne 0 ]; then
+    echo "Failed to start Open vSwitch" 1> /var/log/minimega.log
+fi
+
+# Check if Minimega is already running
+if pgrep -f "/opt/minimega/bin/minimega" > /dev/null; then
+    echo "Minimega is already running. Exiting script." 1> /var/log/minimega.log
+    exit 0
+fi


@GhostofGoes and @jacdavi do you think that minimega would benefit from these additions to the start-minimega.sh or do you think it would cause a loss of functionality?

Interesting, I see a warning from time to time about minimega already running (when deployed with minimega+phenix). In what circumstances does this happen?

The primary logic change is exiting the when minimega is already running. We call this script to start minimega when clearing our testbed, but if minimega (and miniweb) are still running, that isn't a useful action. Especially as trying to start multiple instances of minimega/miniweb seemed to cause issues (even with -force True).

gregjacobus · 2025-02-24T20:25:41Z

docker/firewheel.dockerfile

+WORKDIR /
+
+# Install discovery
+RUN wget https://github.com/mitchnegus/minimega-discovery/releases/download/firewheel-debian_faed761/discovery.deb && \


Is this where we want to be pulling from?

Eventually, we want to pull from https://github.com/sandia-minimega/discovery/ but a new release hasn't been issued yet. I plan on pinging them on this offline.

sdelliot added 30 commits February 10, 2025 19:43

Testing a new docker workflow for FIREWHEEL

e270842

Fixing a file name

3ab1e28

Fixing the name of the MM container

120303d

Adding path specifications

c4d2faf

Reorganizing

535489b

Reorganizing

2c405bd

Trying backticks for var saving

d36c047

Second attempt

2aed02f

Second attempt

4cd426d

Quotes

90b8a42

Fixing the repository

a739404

Testing a new set of tags for the docker container

418550b

Adding some debugging information

a294e42

Adding a minimega config file

b7792f0

Restarting fw after configurations

bbb4171

Cleaning up output

9497dd6

Debugging

f3a34bf

Just omitting output

50b6569

Getting output

d16f3b9

More testing on container start

40fd8f8

More testing on container start

715aeb5

Fixing container metadata

439c86d

Centeralizing logging

11d4b24

Sourcing prior to starting tmux

0b19c0f

Trying to ignore output

5d00f89

continuing to redirect logs

96b63b7

Adding in completions

99a3eb7

Removing unncessary metadata quotes

483b76c

Removing unncessary metadata quotes

63bc446

Fixing a quote

0eaa84c

sdelliot and others added 21 commits February 13, 2025 14:36

Create Docker README.md

48d1c0e

Signed-off-by: Steven Elliott <6461548+sdelliot@users.noreply.github.com>

Adding the docker docs

2723ced

Testing with checking for a tty

6d7ffa1

Using a sleep rather than a cat

6a0864d

Checking FW in low-priviledged environments

2893779

Adding a new group

7b82c3c

Testing lower permissions and building the right container

cc58c3d

Fixing user permissions

10b7056

Making the container smaller

aeb44f5

Revert to original container for testing

d055cbf

Setting the stage for rootless container

685793d

Dont create user

27e43ce

Adding back in a fw user

6b6c8c0

Updating to prevent large docker containers

7861302

Trying to remove hardcoded instances

0ea53ab

Adding back in the proper group id

b0baee8

Removing testing file

c8fbffa

Collapsing some layers and adding error logging

657a2f5

Updating the documentation

6db125e

Ampersand

b0be9d2

Polishing the documentation

492d7ee

sdelliot added the feature New feature or request label Feb 20, 2025

sdelliot assigned mitchnegus Feb 20, 2025

sdelliot commented Feb 21, 2025

View reviewed changes

gregjacobus reviewed Feb 24, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Create a initial docker container for FIREWHEEL #68

feat: Create a initial docker container for FIREWHEEL #68

sdelliot commented Feb 20, 2025

sdelliot Feb 21, 2025

GhostofGoes Feb 24, 2025

sdelliot Feb 27, 2025

gregjacobus Feb 24, 2025

sdelliot Feb 24, 2025

feat: Create a initial docker container for FIREWHEEL #68

Are you sure you want to change the base?

feat: Create a initial docker container for FIREWHEEL #68

Conversation

sdelliot commented Feb 20, 2025

sdelliot Feb 21, 2025

Choose a reason for hiding this comment

GhostofGoes Feb 24, 2025

Choose a reason for hiding this comment

sdelliot Feb 27, 2025

Choose a reason for hiding this comment

gregjacobus Feb 24, 2025

Choose a reason for hiding this comment

sdelliot Feb 24, 2025

Choose a reason for hiding this comment