trusted-sandbox 0.0.7.pre → 0.0.8.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +19 -18
- data/lib/trusted_sandbox/config/trusted_sandbox.yml +9 -8
- data/lib/trusted_sandbox/config.rb +8 -5
- data/lib/trusted_sandbox/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c7b64a3255a3beeac10c6a8866473acff1efae09
|
4
|
+
data.tar.gz: e8f26b14b22e0b850e3b46988ba7075d9b5a6270
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 373a6cb32b03fcc0a111b21948bb6dde39db93454c07fcc969bd70d9d6b9c784ad8d415d4cd17cb36258b0eb9df6f9a202140f45442c3eac130e54c216fe43b0
|
7
|
+
data.tar.gz: 251425a9574927a6e691cf78bfbb26f325e118f1a05fc0641bf4e55f9f14b00c7db748e8327f1527091874eaae8492fcc694fb0f4c16db174e28962dd08edaa1
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -55,7 +55,7 @@ $ gem install trusted-sandbox
|
|
55
55
|
|
56
56
|
### Step 2
|
57
57
|
Install Docker. Refer to the Docker documentation to see how to install Docker on your environment.
|
58
|
-
Note that on a
|
58
|
+
Note that on a Linux server the docker daemon runs as root and owns the socket used to connect to it.
|
59
59
|
To give your app user access to that socket you will need to add the user to the docker group.
|
60
60
|
```
|
61
61
|
$ sudo gpasswd -a ${USER} docker
|
@@ -76,7 +76,7 @@ Run the following command which will copy the `trusted_sandbox.yml` file into yo
|
|
76
76
|
$ trusted_sandbox install
|
77
77
|
```
|
78
78
|
|
79
|
-
|
79
|
+
Then follow the configuration instructions below. Once you're done configuring, test your installation by running:
|
80
80
|
```
|
81
81
|
$ trusted_sandbox test
|
82
82
|
```
|
@@ -105,14 +105,23 @@ Follow the instructions in the relevant sections of the configuration guide.
|
|
105
105
|
|
106
106
|
Let's go over the sections of the YAML configuration file you created in step 3 above.
|
107
107
|
|
108
|
-
### Docker
|
108
|
+
### Docker connection
|
109
|
+
|
110
|
+
Trusted Sandbox uses the `docker-api` gem to communicate with docker. `docker-api`'s default work quite well for a
|
111
|
+
Linux host, and you should be good by omitting `docker_url` and `docker_cert_path` all together.
|
112
|
+
|
109
113
|
```ruby
|
110
|
-
# ENV['DOCKER_HOST'] is used
|
114
|
+
# If omitted ENV['DOCKER_HOST'] is used. If it is not set, docker-api defaults are used
|
111
115
|
docker_url: https://192.168.59.103:2376
|
112
116
|
|
113
|
-
# ENV['DOCKER_CERT_PATH'] is used
|
117
|
+
# If omitted ENV['DOCKER_CERT_PATH'] is used. If it is not set, docker-api defaults are used
|
114
118
|
docker_cert_path: ~/.boot2docker/certs/boot2docker-vm
|
119
|
+
```
|
120
|
+
If you need finer control of `docker-api` configuration, you can add a `docker_options` hash entry to the
|
121
|
+
YAML file which will override any configuration and passed through to `Docker.options`.
|
115
122
|
|
123
|
+
In addition, these docker-related configuration parameters can be used:
|
124
|
+
```ruby
|
116
125
|
docker_image_name: vaharoni/trusted_sandbox:2.1.2.v1
|
117
126
|
|
118
127
|
# Optional authentication
|
@@ -123,9 +132,6 @@ Let's go over the sections of the YAML configuration file you created in step 3
|
|
123
132
|
|
124
133
|
```
|
125
134
|
|
126
|
-
Trusted Sandbox uses the `docker-api` gem to communicate with docker. Some of the parameters above are used to setup
|
127
|
-
the global `Docker` class. For finer control of its configuration, you can add a `docker_options` hash entry to the
|
128
|
-
YAML file which will override any configuration and passed through to `Docker.options`.
|
129
135
|
|
130
136
|
### Limiting resources
|
131
137
|
CPU:
|
@@ -160,21 +166,16 @@ Note that controlling memory swap limits and user quotas requires additional ste
|
|
160
166
|
|
161
167
|
### Execution parameters
|
162
168
|
|
163
|
-
A temporary directory under which sub directories are created and mounted to containers.
|
164
|
-
The code and args exchange between the host and containers is done via these sub directories.
|
165
|
-
|
166
169
|
```ruby
|
170
|
+
# A temporary folder under which sub folders are created and mounted to containers.
|
171
|
+
# The code and args exchange between the host and containers is done via these sub folders.
|
167
172
|
host_code_root_path: tmp/code_dirs
|
168
|
-
```
|
169
173
|
|
170
|
-
When set to true, the temporary sub
|
171
|
-
troubleshoot issues as explained in the "Troubleshooting" section.
|
172
|
-
```ruby
|
174
|
+
# When set to true, the temporary sub folders will not be erased. This allows you to login
|
175
|
+
# to the container to troubleshoot issues as explained in the "Troubleshooting" section.
|
173
176
|
keep_code_folders: false
|
174
|
-
```
|
175
177
|
|
176
|
-
A
|
177
|
-
```ruby
|
178
|
+
# A folder used by the UID-pool to handle locks.
|
178
179
|
host_uid_pool_lock_path: tmp/uid_pool_lock
|
179
180
|
```
|
180
181
|
|
@@ -1,12 +1,13 @@
|
|
1
1
|
development:
|
2
|
-
# Optional login information
|
3
|
-
docker_login:
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
2
|
+
# # Optional login information
|
3
|
+
# docker_login:
|
4
|
+
# user: my_user
|
5
|
+
# password: my_password
|
6
|
+
# email: email@email.com
|
7
|
+
|
8
|
+
# # For a linux host these can remain empty
|
9
|
+
# docker_url: https://192.168.59.103:2376
|
10
|
+
# docker_cert_path: ~/.boot2docker/certs/boot2docker-vm
|
10
11
|
|
11
12
|
docker_image_name: vaharoni/trusted_sandbox:2.1.2.v1
|
12
13
|
|
@@ -52,11 +52,11 @@ module TrustedSandbox
|
|
52
52
|
|
53
53
|
def docker_cert_path=(value)
|
54
54
|
@docker_cert_path = File.expand_path(value)
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
}
|
55
|
+
@docker_options_for_cert = {
|
56
|
+
private_key_path: "#{@docker_cert_path}/key.pem",
|
57
|
+
certificate_path: "#{@docker_cert_path}/cert.pem",
|
58
|
+
ssl_verify_peer: false
|
59
|
+
}
|
60
60
|
end
|
61
61
|
|
62
62
|
def host_code_root_path=(path)
|
@@ -81,6 +81,8 @@ module TrustedSandbox
|
|
81
81
|
# Called to do any necessary setup to allow staged configuration
|
82
82
|
# @return [Config] self for chaining
|
83
83
|
def finished_configuring
|
84
|
+
Docker.options = @docker_options_for_cert.merge(docker_options)
|
85
|
+
|
84
86
|
return self unless @docker_auth_needed
|
85
87
|
Docker.authenticate! username: @docker_auth_user, password: @docker_auth_password, email: @docker_auth_email
|
86
88
|
@docker_auth_needed = false
|
@@ -93,6 +95,7 @@ module TrustedSandbox
|
|
93
95
|
# contain a value for the requested configuration options
|
94
96
|
# @params params [Hash] hash containing configuration options
|
95
97
|
def initialize(other_config, params={})
|
98
|
+
@docker_options_for_cert = {}
|
96
99
|
@other_config = other_config
|
97
100
|
params.each do |key, value|
|
98
101
|
send "#{key}=", value
|