mrva/mrva-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set up lima and get mrva/docker-compose running

Browse Source
This commit is contained in:
Michael Hohn
2025-07-28 14:23:59 -07:00
committed by =Michael Hohn
parent cb24af65c1
commit 654ea40520
3 changed files with 137 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
README.org
View File

@@ -23,108 +23,121 @@
#+HTML_HEAD: } #+HTML_HEAD: }
#+HTML_HEAD: </style> #+HTML_HEAD: </style>
* lima vm for running docker * Lima VM for running Docker with full control
#+BEGIN_SRC sh Docker Desktop restricts low-level control, especially for tracing inter-container
limactl create -h network traffic. To regain full visibility and system-level access, we run Docker
# Create an instance of Lima inside a Lima VM instead.
limactl create --list-templates
# create deb12 ** lima vm setup
limactl create \ #+BEGIN_SRC sh
--arch aarch64 \ brew install lima
--cpus 8 \
--disk 20 \
--memory 8.0 \
--name deb12 \
template://debian-12
# admin # create
limactl list cd ~/work-gh/mrva/mrva-docker/lima
limactl create --name=ubu ubu-docker.yaml
# start deb12 # setup
limactl start deb12 cd ~/work-gh/mrva/mrva-docker/lima
limactl start ubu
limactl shell ubu
# enter deb12 # in vm
limactl shell deb12 sudo systemctl enable --now docker
sudo systemctl restart docker
sudo usermod -aG docker hohn
newgrp docker
ln -s /Users/hohn/work-gh /home/hohn.linux/
sudo apt install golang-go
#+END_SRC
** docker setup and run
#+BEGIN_SRC sh
#
#* Build the containers
#
limactl shell ubu
# install docker cd ~/work-gh/mrva/mrva-docker/containers/ghmrva/
# 1. Prerequisites sudo docker build -t client-ghmrva-container:0.4.0 .
sudo apt update
sudo apt install -y ca-certificates curl gnupg lsb-release
# 2. Add Dockers official GPG key
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | \
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# 3. Add Dockers APT repo
echo \
"deb [arch=$(dpkg --print-architecture) \
signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/debian \
$(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# 4. Install Docker packages
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# enable daemons
sudo systemctl enable docker
sudo systemctl start docker
# add self to docker group
sudo usermod -aG docker $USER
limactl stop deb12
limactl start deb12
limactl shell deb12
groups # should now show "docker"
# Build container images cd ~/work-gh/mrva/mrva-docker/containers/vscode/
export MAG_VERSION=0.4.0 docker build -t code-server-initialized:0.4.0 .
{
# ghmrva
cd /Users/hohn/work-gh/mrva/mrva-docker/containers/ghmrva/
docker build --no-cache -t client-ghmrva-container:${MAG_VERSION} .
}
{
# code-server
cd /Users/hohn/work-gh/mrva/mrva-docker/containers/vscode/
docker build --no-cache -t code-server-initialized:${MAG_VERSION} .
}
{
# hepc
cd /Users/hohn/work-gh/mrva/mrva-docker/containers/hepc
rm -fR ./mrvahepc && cp -r ../../../mrvahepc .
# Usual build cd ~/work-gh/mrva/mrva-docker/containers/hepc &&\
docker build --no-cache -t mrva-hepc-container:${MAG_VERSION} . rm -fR ./mrvahepc && cp -r ../../../mrvahepc .
} docker build -t mrva-hepc-container:0.4.0 -f Dockerfile .
{
# server
cd /Users/hohn/work-gh/mrva/mrva-docker/containers/server
docker build --no-cache --network host -t mrva-server:${MAG_VERSION} .
}
{
# Agent
cd /Users/hohn/work-gh/mrva/mrva-docker/containers/agent/
MAG_TARGET=mrva-agent:0.4.0
docker build --no-cache --network host -t ${MAG_TARGET} .
}
# list images
docker image ls
# run containers cd ~/work-gh/mrva/mrva-docker/containers/server/
cd /Users/hohn/work-gh/mrva/mrva-docker docker build -t mrva-server:0.4.0 .
docker compose -f docker-compose-demo.yml up
#+END_SRC
cd ~/work-gh/mrva/mrva-docker/containers/agent/
docker build -t mrva-agent:0.4.0 .
#
#* Start the containers
cd ~/work-gh/mrva/mrva-docker/
docker-compose -f docker-compose-demo.yml down
docker ps
docker-compose -f docker-compose-demo.yml up
#
#* update the binaries in a running container
#** compile server locally
cd /Users/hohn/work-gh/mrva/mrvaserver
go build
# Check for running containers
docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
# Copy the new binary
cd /Users/hohn/work-gh/mrva/mrvaserver
docker cp mrvaserver mrva-server:/usr/local/bin/mrvaserver
# Restart the binary
docker exec mrva-server pkill mrvaserver
#** recompile agent
# compile locally
cd /Users/hohn/work-gh/mrva/mrvaagent
go build
# Look for the agent's name in the process table
docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
# Copy the new binary
cd /Users/hohn/work-gh/mrva/mrvaagent
docker cp mrvaagent mrva-agent:/usr/local/bin/mrvaagent
# Restart the binary
docker exec mrva-agent pkill mrvaagent
#** gh-mrva
# compile locally
cd /Users/hohn/work-gh/mrva/gh-mrva
go mod edit -replace="github.com/GitHubSecurityLab/gh-mrva=/Users/hohn/work-gh/mrva/gh-mrva"
go mod tidy
GOOS=linux GOARCH=arm64 go build
# Look for the gh-mrva name in the process table
docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
# Copy the new binary
cd /Users/hohn/work-gh/mrva/gh-mrva
docker cp gh-mrva mrva-ghmrva:/usr/local/bin/gh-mrva
#+END_SRC
* TODO lima vm * TODO lima vm
** intro ** intro

16
docker-compose-demo.yml
View File

@@ -17,9 +17,7 @@ services:
- mrvastore - mrvastore
networks: networks:
- backend - backend
env_file: env_file: .env.container
- path: .env.container
required: true
# entrypoint: ["tail", "-f", "/dev/null"] # entrypoint: ["tail", "-f", "/dev/null"]
entrypoint: > entrypoint: >
/bin/sh -c " /bin/sh -c "
@@ -37,9 +35,7 @@ services:
ports: ports:
- "9000:9000" - "9000:9000"
- "9001:9001" - "9001:9001"
env_file: env_file: .env.container
- path: .env.container
required: true
command: server /data/mrvacommander/mrvastore-data --console-address ":9001" command: server /data/mrvacommander/mrvastore-data --console-address ":9001"
networks: networks:
backend: backend:
@@ -113,9 +109,7 @@ services:
- rabbitmq - rabbitmq
- mrvastore - mrvastore
- postgres - postgres
env_file: env_file: ./.env.container
- path: ./.env.container
required: true
environment: environment:
POSTGRES_USER: mrva POSTGRES_USER: mrva
POSTGRES_PASSWORD: mrvapg POSTGRES_PASSWORD: mrvapg
@@ -151,9 +145,7 @@ services:
depends_on: depends_on:
- rabbitmq - rabbitmq
- mrvastore - mrvastore
env_file: env_file: ./.env.container
- path: ./.env.container
required: true
environment: environment:
- MRVA_HEPC_ENDPOINT=http://hepc:8070 - MRVA_HEPC_ENDPOINT=http://hepc:8070
- MRVA_HEPC_CACHE_DURATION=60 - MRVA_HEPC_CACHE_DURATION=60

32
lima/ubu-docker.yaml Normal file
View File

@@ -0,0 +1,32 @@
# ubu-docker.yaml
arch: "aarch64"
cpus: 4
memory: "32GiB"
disk: "64GiB"
images:
- location: "https://cloud-images.ubuntu.com/releases/25.04/release/ubuntu-25.04-server-cloudimg-arm64.img"
arch: "aarch64"
mounts:
- location: "/Users/hohn"
writable: true
provision:
- mode: system
script: |
apt-get update
apt-get install -y docker.io docker-compose tcpdump iproute2 net-tools
usermod -aG docker ubuntu
ssh:
localPort: 0
containerd:
system: false
user: false
firmware:
legacyBIOS: false