In subsequent explaination podman and podman-compose are used, but one can substitute them with docker and docker compose as a drop-in replacement in terms of usage.
The main idea behind the initialization of a CDE service is the bootstrapping functionality that can configure the newly downloaded CDE in any environment with the only requirement of a correctly functioning containerization platform.
cde-bootstrap is a service in the stack declared in compose.yml that usually gets built and run before others to execute some configuration scripts usually located in scripts/tools.
version: '3'
services:
cde-bootstrap:
env-file: ".env"
build:
# ...
context: ./
dockerfile: "$HOST_DOCKERFILES_DIR/vscde-bootstrap"
# HOST_DOCKERFILES_DIR="dockerfiles" in .env
# ...
cde:
# ...
cde-deploy:
# ...
# ...
In this concrete case it performs two duties:
-
Generate an ssh keypair in
secrets/ssh/for public-key authentication between VSCodium client and container -
Generate encrypted strings with user passwords in
secrets/users/to store them safely without need to re-input passwords every rebuild of acdeorcde-deploy
They can be seen in the Dockerfile dockerfiles/vscde-bootstrap that contains the "recipe" to build cde-deploy
# ...
ENTRYPOINT ["/bin/bash", "-c"]
CMD ["$CDE_HOST_SCRIPTS_DIR/tools/generate_ssh_keypair.bash && $CDE_HOST_SCRIPTS_DIR/tools/generate_user_passwords.bash"]
# ...To understand better the usage of files during build and execution here is a diagram:
┌─ dockerfiles/vscde-bootstrap ─┬─ scripts/container/ ...
│ └─ scripts/tools/ ...
│
compose.yml ─┼─ dockerfiles/vscde-default ───── scripts/container/ ...
│
└─ dockerfiles/vscde-deploy ────── scripts/container/ ...
scripts/container/* scripts are required to build containers, so they perform duties like:
- Package installation
- User creation
- Directory creation with right ownership and ACLs
- Conditional configuration files copy with optional string substitution
By the way, bootstrapping process can be executed baremetal on systems that already have installed required dependencies, but for now there is no sure way to know how the script will behave on missing dependency, this feature will be added in future with bash library called libbsrc.
Environment variables are used to present a user and/or a developer with a quick and clean way to interact with CDE and tweak its behaviour that will apply to all services at the same time using already existing widespread format specifications like compose and Dockerfile.
Variables get forwarded from .env to compose.yml, partially used there, partially forwarded to Dockerfiles in dockerfiles/ and from there used in conjunction with ARG to read them, with ENV to export them inside container shell environment and with RUN to use them inside commands and build-time scripts located under scripts/container/.
Documentation for what variables are available, their usage, function and tips on using them correctly can be seen here.
Variable forwarding mechanism is linear, but taking into account the directory structure, compose.yml and Dockerfile argument passing method overlapping redundancy, can lead to human errors during CDE development and tweaking, so better automatization is clearly required: it's planned to release a standalone project to help with that by generating variable lists directly-insertable inside undelying files and displaying what variables are missing to be forwarded.