From 385a0372bb7b6c46196487b3bbd242093652a1d3 Mon Sep 17 00:00:00 2001 From: Stiv Abdullwahed Date: Thu, 13 Jun 2024 12:54:18 +0200 Subject: [PATCH 1/8] Add dockumentation for setting proxy Change-Id: I0ad7263cfc4921059dda637014308a3ba6630360 --- README.md | 32 +++++++++++++++- docker-acap-set-proxy-in-daemon-json.sh | 49 +++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 docker-acap-set-proxy-in-daemon-json.sh diff --git a/README.md b/README.md index 411d965..1105f32 100644 --- a/README.md +++ b/README.md @@ -362,7 +362,7 @@ Make sure the application, using TLS, is running, then pull and run the $ docker --tlsverify --host tcp://:2376 pull hello-world Using default tag: latest latest: Pulling from library/hello-world -70f5ac315c5a: Pull complete +70f5ac315c5a: Pull complete Digest: sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d Status: Downloaded newer image for hello-world:latest docker.io/library/hello-world:latest @@ -391,6 +391,35 @@ For more examples and ideas, visit: ``` +#### Proxy Setup + +> [!NOTE] +> **From AXIS OS 12.0** +> +> To use the shell script provided to set proxy, [developer mode](#developermode) certificate has to be set on camera, to be able use acap-dockerdwrapper ssh user instead of root ssh user. + +**Using provided shell script** +- Modify the docker-acap-set-proxy-in-daemon-json.sh at +- Call the shell script and then restart the docker acap if already running : + +```sh + sh docker-acap-set-proxy-in-daemon-json.sh +``` + +**Setting proxy without developer mode**\ +It is possible to set proxy by creating deamon.json file with the settings needed. + +```json +{ + "proxies": { + "http-proxy": "http://:", + "https-proxy": "http://:", + "no-proxy": "localhost,127.0.0.0/8,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,." + } +} +``` +Instead of the creation of empty daemon.json file in post install script, copy in the daemon.json file you have created. + #### Loading images onto a device If you have images in a local repository that you want to transfer to a device, or @@ -460,6 +489,7 @@ Take a look at the [CONTRIBUTING.md](CONTRIBUTING.md) file. [2.0.0-release]: https://github.com/AxisCommunications/docker-acap/releases/tag/2.0.0 [buildx]: https://docs.docker.com/build/install-buildx/ [devices]: https://axiscommunications.github.io/acap-documentation/docs/axis-devices-and-compatibility#sdk-and-device-compatibility +[developermode]: http://axiscommunications.github.io/acap-documentation/docs/get-started/set-up-developer-environment/set-up-device-advanced [dockerDesktop]: https://docs.docker.com/desktop/ [docker_protect-access]: https://docs.docker.com/engine/security/protect-access/ [dockerEngine]: https://docs.docker.com/engine/ diff --git a/docker-acap-set-proxy-in-daemon-json.sh b/docker-acap-set-proxy-in-daemon-json.sh new file mode 100644 index 0000000..832c68a --- /dev/null +++ b/docker-acap-set-proxy-in-daemon-json.sh @@ -0,0 +1,49 @@ +#!/bin/bash +[ $# -eq 3 ] || { + printf "Error: Missing arguments\n$0" + exit 0 +} + +HOSTIP=$1 +SSHUSER=$2 +PASS=$3 +scriptfilename=docker-acap-proxy-append.sh + +# Log function +logger() { printf "\n# $*\n" ; } + +logger "Create temporary local script file to copy to device" +echo '#!/bin/sh + +appname=dockerdwrapper +daemonfile=/usr/local/packages/$appname/localdata/daemon.json + +if [ "$(grep proxies $daemonfile)" ] ;then + printf "===>> Proxy already set in docker-acap daemon file\n" +else + printf "===>> Set proxy in docker-acap daemon file\n" + cat > $daemonfile <:", + "https-proxy": "http://:", + "no-proxy": "localhost,127.0.0.0/8,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,." + } +} +EOF + + echo "Content of $daemonfile:" + cat $daemonfile +fi' > $scriptfilename +chmod +x $scriptfilename + +logger "Copy script file to device /tmp folder" +sshpass -v -p $PASS scp -o StrictHostKeyChecking=no $scriptfilename acap-dockerdwrapper@$HOSTIP:/tmp/ + +logger "Run script file on device to append proxy, if it doesn't exist" +sshpass -v -p $PASS ssh -o StrictHostKeyChecking=no acap-dockerdwrapper@$HOSTIP "/tmp/$scriptfilename && rm /tmp/$scriptfilename" + +logger "Remove local script file" +rm -f $scriptfilename + +logger "Restart Docker ACAP for changes to take effect" From 4c321252756c3ac2ef5d248288d75730c8025a17 Mon Sep 17 00:00:00 2001 From: Stiv Abdullwahed Date: Mon, 17 Jun 2024 14:32:38 +0200 Subject: [PATCH 2/8] Update for received comments Change-Id: I309da850391a4a20e6170f2515f2f4ba6a97ce37 --- README.md | 20 +++------- docker-acap-set-proxy-in-daemon-json.sh | 49 ------------------------- 2 files changed, 5 insertions(+), 64 deletions(-) delete mode 100644 docker-acap-set-proxy-in-daemon-json.sh diff --git a/README.md b/README.md index 1105f32..8e9dedb 100644 --- a/README.md +++ b/README.md @@ -393,21 +393,10 @@ For more examples and ideas, visit: #### Proxy Setup -> [!NOTE] -> **From AXIS OS 12.0** -> -> To use the shell script provided to set proxy, [developer mode](#developermode) certificate has to be set on camera, to be able use acap-dockerdwrapper ssh user instead of root ssh user. - -**Using provided shell script** -- Modify the docker-acap-set-proxy-in-daemon-json.sh at -- Call the shell script and then restart the docker acap if already running : - -```sh - sh docker-acap-set-proxy-in-daemon-json.sh -``` +If the device is located behind a corporate proxy you may need to set the correct environment variables. This is done by configuring proxy behavior for dockerd in the daemon.json file as described in ['Configure the Docker daemon to use a proxy server'][docker-proxy]. -**Setting proxy without developer mode**\ -It is possible to set proxy by creating deamon.json file with the settings needed. +To do this for the application you can either use [developer mode][developermode] or build the application manually with a pre-created daemon.json that is copied onto the device by the postinstall script. +daemon.json file should be located at /usr/local/packages/dockerdwrapper/localdata/daemon.json on the device and should include the fallowing properties. ```json { @@ -418,7 +407,7 @@ It is possible to set proxy by creating deamon.json file with the settings neede } } ``` -Instead of the creation of empty daemon.json file in post install script, copy in the daemon.json file you have created. +If developer mode is used, after downloading the application, ssh user will be created. Update the password of the ssh user. Then the application ssh user can be used to write in the daemon.json file, application has to be restarted once updated #### Loading images onto a device @@ -495,6 +484,7 @@ Take a look at the [CONTRIBUTING.md](CONTRIBUTING.md) file. [dockerEngine]: https://docs.docker.com/engine/ [docker-hello-world]: https://hub.docker.com/_/hello-world [docker-rootless-mode]: https://docs.docker.com/engine/security/rootless/ +[docker-proxy]: https://docs.docker.com/config/daemon/systemd/#httphttps-proxy [latest-release]: https://github.com/AxisCommunications/docker-acap/releases/latest [object-detector-python]: https://github.com/AxisCommunications/acap-computer-vision-sdk-examples/tree/main/object-detector-python [product-selector]: https://www.axis.com/support/tools/product-selector diff --git a/docker-acap-set-proxy-in-daemon-json.sh b/docker-acap-set-proxy-in-daemon-json.sh deleted file mode 100644 index 832c68a..0000000 --- a/docker-acap-set-proxy-in-daemon-json.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -[ $# -eq 3 ] || { - printf "Error: Missing arguments\n$0" - exit 0 -} - -HOSTIP=$1 -SSHUSER=$2 -PASS=$3 -scriptfilename=docker-acap-proxy-append.sh - -# Log function -logger() { printf "\n# $*\n" ; } - -logger "Create temporary local script file to copy to device" -echo '#!/bin/sh - -appname=dockerdwrapper -daemonfile=/usr/local/packages/$appname/localdata/daemon.json - -if [ "$(grep proxies $daemonfile)" ] ;then - printf "===>> Proxy already set in docker-acap daemon file\n" -else - printf "===>> Set proxy in docker-acap daemon file\n" - cat > $daemonfile <:", - "https-proxy": "http://:", - "no-proxy": "localhost,127.0.0.0/8,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,." - } -} -EOF - - echo "Content of $daemonfile:" - cat $daemonfile -fi' > $scriptfilename -chmod +x $scriptfilename - -logger "Copy script file to device /tmp folder" -sshpass -v -p $PASS scp -o StrictHostKeyChecking=no $scriptfilename acap-dockerdwrapper@$HOSTIP:/tmp/ - -logger "Run script file on device to append proxy, if it doesn't exist" -sshpass -v -p $PASS ssh -o StrictHostKeyChecking=no acap-dockerdwrapper@$HOSTIP "/tmp/$scriptfilename && rm /tmp/$scriptfilename" - -logger "Remove local script file" -rm -f $scriptfilename - -logger "Restart Docker ACAP for changes to take effect" From 2bc5e95da9ba4fed8cb478c3a86595bc16b7c399 Mon Sep 17 00:00:00 2001 From: Stiv Abdullwahed Date: Tue, 18 Jun 2024 15:08:27 +0200 Subject: [PATCH 3/8] wip Change-Id: I70d9c7643f9cd042ca4579a16328abf3badbe24f --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8e9dedb..49f489c 100644 --- a/README.md +++ b/README.md @@ -407,7 +407,7 @@ daemon.json file should be located at /usr/local/packages/dockerdwrapper/localda } } ``` -If developer mode is used, after downloading the application, ssh user will be created. Update the password of the ssh user. Then the application ssh user can be used to write in the daemon.json file, application has to be restarted once updated +If [developer mode][developermode] is used, after downloading the application SSH user acap-dockerdwrapper will be created. Update the password of acap-dockerdwrapper. SSH user acap-dockerdwrapper can be used to write in the daemon.json file, application has to be restarted once daemon.json is updated. #### Loading images onto a device From 4d52b910c73b4f565aa0c6c6ed70cf4c6bca219a Mon Sep 17 00:00:00 2001 From: Stiv Abdullwahed Date: Thu, 20 Jun 2024 10:48:29 +0200 Subject: [PATCH 4/8] Resolving comments Change-Id: I61abdb32e48586dd5a4007989e4d4c85f3100443 --- README.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 49f489c..2031456 100644 --- a/README.md +++ b/README.md @@ -395,19 +395,18 @@ For more examples and ideas, visit: If the device is located behind a corporate proxy you may need to set the correct environment variables. This is done by configuring proxy behavior for dockerd in the daemon.json file as described in ['Configure the Docker daemon to use a proxy server'][docker-proxy]. -To do this for the application you can either use [developer mode][developermode] or build the application manually with a pre-created daemon.json that is copied onto the device by the postinstall script. -daemon.json file should be located at /usr/local/packages/dockerdwrapper/localdata/daemon.json on the device and should include the fallowing properties. +The daemon.json file should be located at `/usr/local/packages/dockerdwrapper/localdata/daemon.json` on the device and should include the following properties. ```json { "proxies": { - "http-proxy": "http://:", - "https-proxy": "http://:", - "no-proxy": "localhost,127.0.0.0/8,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12,." - } + "http-proxy": "http://proxy.example.com:3128", + "https-proxy": "https://proxy.example.com:3129", + "no-proxy": "*.test.example.com,.example.org,127.0.0.0/8" + } } ``` -If [developer mode][developermode] is used, after downloading the application SSH user acap-dockerdwrapper will be created. Update the password of acap-dockerdwrapper. SSH user acap-dockerdwrapper can be used to write in the daemon.json file, application has to be restarted once daemon.json is updated. +Setting the contents of the daemon.json file can be done either by adding it to the source code and rebuilding the application or by ssh:ing into the device with an already installed application. In the latter case [developer mode][developermode] is needed, see that documentation for further details. Also note that, if the application is running when the file is updated, it needs to be restarted for the change to take effect. #### Loading images onto a device From eb7030d5e87dac2037194058132d60c4e99be4fc Mon Sep 17 00:00:00 2001 From: Stiv Abdullwahed Date: Thu, 20 Jun 2024 10:59:22 +0200 Subject: [PATCH 5/8] lint Change-Id: I17cf6325fbfda3f9ebaf71f6b259f37535186d75 --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2031456..094c3e2 100644 --- a/README.md +++ b/README.md @@ -406,7 +406,9 @@ The daemon.json file should be located at `/usr/local/packages/dockerdwrapper/lo } } ``` -Setting the contents of the daemon.json file can be done either by adding it to the source code and rebuilding the application or by ssh:ing into the device with an already installed application. In the latter case [developer mode][developermode] is needed, see that documentation for further details. Also note that, if the application is running when the file is updated, it needs to be restarted for the change to take effect. +Setting the contents of the daemon.json file can be done either by adding it to the source code and rebuilding the application or by ssh:ing into the device with an already installed application. +In the latter case [developer mode][developermode] is needed, see that documentation for further details. +Also note that, if the application is running when the file is updated, it needs to be restarted for the change to take effect. #### Loading images onto a device From 463c8b50af570c4594aff6d2146aefb16a284fcb Mon Sep 17 00:00:00 2001 From: madelen-at-work Date: Mon, 24 Jun 2024 08:39:23 +0200 Subject: [PATCH 6/8] fixed some formatting issues --- README.md | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 094c3e2..8eaafac 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ a compatible Axis device. - [Using an SD card as storage](#using-an-sd-card-as-storage) - [Using the application](#using-the-application) - [Building the application](#building-the-application) + - [Build options](#build-options) - [Contributing](#contributing) - [License](#license) @@ -393,9 +394,12 @@ For more examples and ideas, visit: #### Proxy Setup -If the device is located behind a corporate proxy you may need to set the correct environment variables. This is done by configuring proxy behavior for dockerd in the daemon.json file as described in ['Configure the Docker daemon to use a proxy server'][docker-proxy]. +If the device is located behind a corporate proxy you may need to set the correct environment variables. +This is done by configuring proxy behavior for dockerd in the daemon.json file as described in +['Configure the Docker daemon to use a proxy server'][docker-proxy]. -The daemon.json file should be located at `/usr/local/packages/dockerdwrapper/localdata/daemon.json` on the device and should include the following properties. +The daemon.json file should be located at `/usr/local/packages/dockerdwrapper/localdata/daemon.json` +on the device and should include the following properties: ```json { @@ -406,9 +410,13 @@ The daemon.json file should be located at `/usr/local/packages/dockerdwrapper/lo } } ``` -Setting the contents of the daemon.json file can be done either by adding it to the source code and rebuilding the application or by ssh:ing into the device with an already installed application. + +Setting the contents of the daemon.json file can be done either by adding it to the source code and +rebuilding the application or by ssh:ing into the device with an already installed application and updating +the file. In the latter case [developer mode][developermode] is needed, see that documentation for further details. -Also note that, if the application is running when the file is updated, it needs to be restarted for the change to take effect. +Also note that, if the application is running when the file is updated, it needs to be restarted for +the change to take effect. #### Loading images onto a device @@ -456,8 +464,8 @@ in the ``. ### Build options -In order to build with debug symbols and sanitizing instrumentation for detecting memory leaks and undefined behavior, -add the option +In order to build with debug symbols and sanitizing instrumentation for detecting memory leaks and +undefined behavior, add the option ```sh --build-arg BUILD_WITH_SANITIZERS=1 From ae2a8f0aafdfb0d5fd29da860102700d3e716d5f Mon Sep 17 00:00:00 2001 From: Stiv Abdullwahed Date: Wed, 3 Jul 2024 09:48:21 +0200 Subject: [PATCH 7/8] update to comments Change-Id: I537672ab8be0eeec902a7c9a3c8212a67e370998 --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8eaafac..c7beadb 100644 --- a/README.md +++ b/README.md @@ -394,7 +394,7 @@ For more examples and ideas, visit: #### Proxy Setup -If the device is located behind a corporate proxy you may need to set the correct environment variables. +If the device is located behind a proxy the Docker daemon needs to be configured. This is done by configuring proxy behavior for dockerd in the daemon.json file as described in ['Configure the Docker daemon to use a proxy server'][docker-proxy]. @@ -412,9 +412,9 @@ on the device and should include the following properties: ``` Setting the contents of the daemon.json file can be done either by adding it to the source code and -rebuilding the application or by ssh:ing into the device with an already installed application and updating +rebuilding the application or by logging into the device over SSH with an already installed application and updating the file. -In the latter case [developer mode][developermode] is needed, see that documentation for further details. +In the latter case [Developer Mode][developermode] is needed, see that documentation for further details. Also note that, if the application is running when the file is updated, it needs to be restarted for the change to take effect. From 9be95f89dcf864e0d4c893f3ef3e0157927c5315 Mon Sep 17 00:00:00 2001 From: Stiv Abdullwahed Date: Wed, 3 Jul 2024 13:03:19 +0200 Subject: [PATCH 8/8] Update Developer Mode doc link Change-Id: I4d8e3939dca7a65285aca26227a25120770fc43e --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c7beadb..382f08a 100644 --- a/README.md +++ b/README.md @@ -487,7 +487,7 @@ Take a look at the [CONTRIBUTING.md](CONTRIBUTING.md) file. [2.0.0-release]: https://github.com/AxisCommunications/docker-acap/releases/tag/2.0.0 [buildx]: https://docs.docker.com/build/install-buildx/ [devices]: https://axiscommunications.github.io/acap-documentation/docs/axis-devices-and-compatibility#sdk-and-device-compatibility -[developermode]: http://axiscommunications.github.io/acap-documentation/docs/get-started/set-up-developer-environment/set-up-device-advanced +[developermode]: http://axiscommunications.github.io/acap-documentation/docs/get-started/set-up-developer-environment/set-up-device-advanced.html#developer-mode [dockerDesktop]: https://docs.docker.com/desktop/ [docker_protect-access]: https://docs.docker.com/engine/security/protect-access/ [dockerEngine]: https://docs.docker.com/engine/