opendut icon indicating copy to clipboard operation
opendut copied to clipboard
verified publisher icon eclipse-opendut

Create Docker image for EDGAR

Open mbfm opened this issue 3 months ago • 0 comments

For an easy distribution on different machines we want to use Docker.

There is already a docker image for EDGAR in the test environment here.
To make this fit for production usage, the following needs to be done:

  • [x] #397

  • [ ] #398

  • [ ] Configuration via environment variables, for example:

    • [x] EDGAR Setup-String
    • [ ] Later: mTLS Certificate

  • EDGAR depends on systemd for lifecycle management (restart on failure, start at system boot). This requires the Python script for the SystemD shim to be able to run systemctl commands.

    • Potential solution 1: Start NetBird as subprocess in EDGAR. (Would prefer this solution, if there's no major problems.)
      • [ ] Use EDGAR's AsyncProcessManager to run SystemD.
      • [ ] Remove the EDGAR Setup code to start NetBird.
    • Potential solution 2: Introduce other lifecycle management (e.g. s6-overlay) to start both processes: netbird and opendut-edgar
      • [ ] Check that there are no conflicts, e.g. when EDGAR restarts NetBird via systemctl, does s6-overlay recognize this and tries to restart it, too?
      • [ ] Investigate if there are SystemD issues since the container does not run as a real service and EDGAR is dependent on SystemD to some extent.

  • [x] #393

  • [ ] Remove Docker-in-Docker, used for Executor feature.

    • [x] Create separate EDGAR Docker image for Testenv with this feature still active.
    • [ ] Allow disabling Executor feature via configuration.

  • [ ] Build Docker image in CI/CD and provide it in Docker Registry.

Notes

  • Use --network=host to bring network interfaces into container and share openDuT network with host OS (e.g. testing via vETH, vCAN).

  • Will attempt to run EDGAR off the Setup-String everytime during Container startup.

    • Pass Setup-String via env
    • Is Setup-String reusable?
    • Alternative:
      • Run Setup only once initially, not on Container restart (e.g. check volumes for files created during setup)
      • Volume for everything that's created during the EDGAR Setup:
        • /etc/netbird
        • /etc/opendut
        • Certificates
        • /opt/opendut/ → Could bake this into Container image instead
        • /etc/systemd/ → Could bake this into Container image instead

mbfm avatar Sep 16 '25 09:09 mbfm