Support for enabling the docker init system and specifying a custom b…

…astion image.

app/controllers/admin/container_images_controller.rb

@@ -150,14 +150,14 @@ def container_params
       :parent_image_id, :registry_username, :registry_password, :registry_custom, :registry_image_path,
       :registry_image_tag, :registry_auth, :container_image_provider_id, :min_cpu, :min_memory, :user_id,
       :general_block_id, :remote_block_id, :domains_block_id, :ssh_block_id, :tag_list, :is_load_balancer,
-      :is_free, :force_local_volume, :product_id, :override_autoremove, :shm_size, variant_pos: []
+      :docker_init, :is_free, :force_local_volume, :product_id, :override_autoremove, :shm_size, variant_pos: []
     )
   end
 
   def new_container_params
     params.require(:container_image).permit(
       :container_image_provider_id, :registry_image_path, :registry_image_tag,
-      :parent_image_id, :tag_list, :is_load_balancer, :is_free, :force_local_volume, :product_id
+      :docker_init, :parent_image_id, :tag_list, :is_load_balancer, :is_free, :force_local_volume, :product_id
     )
   rescue ActionController::ParameterMissing
     nil

app/controllers/admin/deployments_controller.rb

@@ -72,7 +72,7 @@ def destroy
     )
     @deployment.mark_trashed!
     event.deployments << @deployment
-    ProjectWorkers::TrashProjectWorker.perform_async @deployment.global_id, event.global_id
+    ProjectWorkers::TrashProjectWorker.perform_async @deployment.global_id.to_s, event.global_id
     redirect_to "/admin/deployments", notice: 'Project queued for destruction.'
   end
 

app/controllers/api/container_images_controller.rb

@@ -54,6 +54,7 @@ class Api::ContainerImagesController < Api::ApplicationController
   #     * `required_containers`: `Array<Integer>`
   #     * `required_by`: `Array<Integer`
   #     * `product`: Object | admin only
+  #     * `docker_init`: Boolean | If true, use docker's init system.
   #     * `image_variants`: Array
   #         * `id`: Integer
   #         * `label`: String
@@ -189,6 +190,7 @@ def update
   #     * `shm_size`: Integer (Admin) | Override docker's default SHM Size
   #     * `product_id`: Integer (Admin only)
   #     * `override_autoremove`: Boolean (Admin)
+  #     * `docker_init`: Boolean | If true, use docker's init system.
   #     * `env_params_attributes`: Array
   #         * `name`: String
   #         * `label`: String
@@ -321,6 +323,7 @@ def image_params
       :registry_image_path,
       :registry_image_tag,
       :role,
+      :docker_init,
       :category,
       :tag_list,
       dependency_parents:        [:requires_container_id],
@@ -363,6 +366,7 @@ def admin_image_params
       :registry_image_path,
       :registry_image_tag,
       :is_free,
+      :docker_init,
       :override_autoremove,
       :role,
       :category,

app/controllers/container_images_controller.rb

@@ -115,7 +115,7 @@ def container_params
       :label, :description, :command, :role, :category, :can_scale, :active, :enable_sftp,
       :parent_image_id, :registry_username, :registry_password, :registry_custom, :registry_image_path,
       :registry_image_tag, :registry_auth, :container_image_provider_id, :min_cpu, :min_memory, :tag_list,
-      :force_local_volume, variant_pos: []
+      :docker_init, :force_local_volume, variant_pos: []
     )
   end
 
@@ -124,12 +124,12 @@ def admin_container_params
       :label, :description, :command, :role, :category, :can_scale, :active, :enable_sftp,
       :parent_image_id, :registry_username, :registry_password, :registry_custom, :registry_image_path,
       :registry_image_tag, :registry_auth, :container_image_provider_id, :min_cpu, :min_memory, :tag_list,
-      :force_local_volume, :override_autoremove, :is_free, :shm_size, variant_pos: []
+      :docker_init, :force_local_volume, :override_autoremove, :is_free, :shm_size, variant_pos: []
     )
   end
 
   def new_container_params
-    params.require(:container_image).permit(:container_image_provider_id, :registry_image_path, :registry_image_tag, :parent_image_id, :tag_list, :force_local_volume)
+    params.require(:container_image).permit(:docker_init, :container_image_provider_id, :registry_image_path, :registry_image_tag, :parent_image_id, :tag_list, :force_local_volume)
   rescue ActionController::ParameterMissing
     nil
   end

app/models/concerns/containers/container_runtime.rb

@@ -42,6 +42,10 @@ def runtime_config(audit = nil)
         }
       }
 
+      if container_image.docker_init
+        c['HostConfig']['Init'] = true
+      end
+
       unless health_check_config.nil?
         c['Healthcheck'] = health_check_config
       end

app/models/container_image.rb

@@ -50,6 +50,11 @@
 # @!attribute registry_image_tag
 #   @return [String]
 #
+# @!attribute docker_init
+#   If true, will use docker's process manager (`--init`).
+#   Default is false.
+#   @return [Boolean]
+#
 # @!attribute role
 #   @return [String] Used for generating variable names
 #

app/models/deployment/sftp.rb

@@ -126,7 +126,7 @@ def can_trash?
   end
 
   def image
-    "ghcr.io/computestacks/cs-docker-bastion:#{Rails.env.production? ? 'v2' : 'latest'}"
+    Setting.computestacks_bastion_image
   end
 
   def reset_password!
@@ -216,7 +216,8 @@ def build_command
         'Binds' => volume_binds,
         'NanoCPUs' => (0.5 * 1e9).to_i, # 1/2 Core
         'Memory' => mem_value,
-        'MemorySwap' => mem_value
+        'MemorySwap' => mem_value,
+        'Init' => true
       },
       'NetworkingConfig' => {
         'EndpointsConfig' => {

app/models/setting.rb

@@ -422,6 +422,22 @@ def computestacks_cr_le
       s
     end
 
+    ##
+    # ComputeStacks Bastion Image
+    def computestacks_bastion_image
+      s = Setting.find_by(name: 'cs_bastion_image', category: 'computestacks')
+      if s.nil?
+        s = Setting.create!(
+          name: 'cs_bastion_image',
+          category: 'computestacks',
+          description: 'ComputeStacks Bastion Image',
+          value: 'ghcr.io/computestacks/cs-docker-bastion:v2',
+          encrypted: false
+        )
+      end
+      s.value
+    end
+
     # LetsEncrypt
     def le
       s = Setting.find_by(name: 'le', category: 'lets_encrypt')

app/views/api/admin/container_images/_container_image.rabl

@@ -17,6 +17,7 @@ attributes :id,
            :category,
            :labels,
            :override_autoremove,
+           :docker_init,
            :created_at,
            :updated_at
 

app/views/api/container_images/_container_image.rabl

@@ -19,6 +19,7 @@ attributes :id,
            :validated_tag,
            :validated_tag_updated,
            :shm_size,
+           :docker_init,
            :created_at,
            :updated_at
 

app/views/container_images/_form.html.erb

@@ -84,24 +84,34 @@
   </div>
 
   <div class="row">
-    <div class="col-sm-4 col-xs-6">
+    <div class="col-xs-6">
       <div class="form-group">
         <%= f.label :min_cpu, t('container_images.form.min_cpu') %>
         <%= f.text_field :min_cpu, class: 'form-control' %>
       </div>
     </div>
-    <div class="col-sm-4 col-xs-6">
+    <div class="col-xs-6">
       <div class="form-group">
         <%= f.label :min_memory, t('container_images.form.min_mem') %>
         <%= f.text_field :min_memory, class: 'form-control' %>
       </div>
     </div>
-    <div class="col-sm-4 col-xs-6">
+  </div>
+
+  <div class="row">
+    <div class="col-xs-6">
       <div class="form-group">
         <%= f.label :can_scale, t('container_images.form.scaling') %>
         <%= f.check_box :can_scale, class: 'form-control' %>
       </div>
     </div>
+    <div class="col-xs-6">
+      <div class="form-group">
+        <%= f.label :docker_init, 'Use Docker Init?' %>
+        <%= f.check_box :docker_init, class: 'form-control' %>
+        <span class="help-block">If true, use tini as the parent process. See <a href="https://docs.docker.com/engine/reference/run/#specify-an-init-process" target="_blank">Docker Init</a> for more details.</span>
+      </div>
+    </div>
   </div>
 
   <% if current_user.can_force_local_storage? %>

db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2023_09_05_194226) do
+ActiveRecord::Schema[7.0].define(version: 2023_09_21_015955) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
   enable_extension "uuid-ossp"
@@ -391,6 +391,7 @@
     t.string "category"
     t.bigint "product_id"
     t.bigint "shm_size", default: 0, null: false
+    t.boolean "docker_init", default: false, null: false
     t.index ["category"], name: "index_container_images_on_category"
     t.index ["container_image_provider_id"], name: "index_container_images_on_container_image_provider_id"
     t.index ["is_load_balancer"], name: "index_container_images_on_is_load_balancer"

db/seeds.rb

@@ -230,6 +230,7 @@
 Setting.find_by(name: 'registry_node').update value: '127.0.0.1'
 Setting.find_by(name: 'registry_ssh_port').update value: '22'
 Setting.find_by(name: 'le_validation_server').update value: '127.0.0.1:3005'
+Setting.find_by(name: 'cs_bastion_image').update value: 'ghcr.io/computestacks/cs-docker-bastion:latest'
 
 puts "Creating log & metric clients..."
 mc = MetricClient.create! endpoint: 'http://127.0.0.1:9090'
@@ -313,3 +314,4 @@
 user.skip_confirmation!
 user.save
 
+