[inner-loop] run Isolated docker in debug workspace

Author: iQQBot

components/docker-up/docker-up/main.go

@@ -46,6 +46,8 @@ var opts struct {
 	UserAccessibleSocket bool
 	Verbose              bool
 	DontWrapNetNS        bool
+	ContainerIf          string
+	DataRoot             string
 }
 
 //go:embed docker.tgz
@@ -59,7 +61,6 @@ var aptUpdated = false
 const (
 	dockerSocketFN = "/var/run/docker.sock"
 	gitpodUserId   = 33333
-	containerIf    = "ceth0"
 )
 
 func main() {
@@ -71,6 +72,8 @@ func main() {
 	pflag.BoolVarP(&opts.Verbose, "verbose", "v", false, "enables verbose logging")
 	pflag.BoolVar(&opts.RuncFacade, "runc-facade", true, "enables the runc-facade to handle rootless idiosyncrasies")
 	pflag.StringVar(&opts.BinDir, "bin-dir", filepath.Dir(self), "directory where runc-facade is found")
+	pflag.StringVar(&opts.ContainerIf, "iface", "ceth0", "container iface name")
+	pflag.StringVar(&opts.ContainerIf, "data-root", "/workspace/.docker-root", "dockerd data root folder")
 	pflag.BoolVar(&opts.AutoInstall, "auto-install", true, "auto-install prerequisites (docker)")
 	pflag.BoolVar(&opts.UserAccessibleSocket, "user-accessible-socket", true, "chmod the Docker socket to make it user accessible")
 	pflag.BoolVar(&opts.DontWrapNetNS, "dont-wrap-netns", os.Getenv("WORKSPACEKIT_WRAP_NETNS") == "true", "wrap the Docker daemon in a network namespace")
@@ -103,7 +106,7 @@ func runWithinNetns() (err error) {
 	listenFDs, _ := strconv.Atoi(os.Getenv("LISTEN_FDS"))
 
 	args := []string{
-		"--data-root=/workspace/.docker-root",
+		"--data-root=" + opts.DataRoot,
 	}
 
 	unified, err := cgroups.IsUnifiedCgroupSetup()
@@ -136,9 +139,9 @@ func runWithinNetns() (err error) {
 	}
 	args = append(args, userArgs...)
 
-	netIface, err := netlink.LinkByName(containerIf)
+	netIface, err := netlink.LinkByName(opts.ContainerIf)
 	if err != nil {
-		return xerrors.Errorf("cannot get container network device %s: %w", containerIf, err)
+		return xerrors.Errorf("cannot get container network device %s: %w", opts.ContainerIf, err)
 	}
 
 	args = append(args, fmt.Sprintf("--mtu=%v", netIface.Attrs().MTU))

components/gitpod-cli/cmd/rebuild.go

@@ -262,8 +262,10 @@ func runRebuild(ctx context.Context, supervisorClient *supervisor.SupervisorClie
 		// volumes
 		"-v", "/workspace:/workspace",
 		"-v", "/.supervisor:/.supervisor",
-		"-v", "/var/run/docker.sock:/var/run/docker.sock",
 		"-v", "/ide:/ide",
+		"-v", "/usr/bin/docker-up:/usr/bin/docker-up",
+		"-v", "/usr/bin/runc-facade:/usr/bin/runc-facade",
+		"-v", "/usr/local/bin/docker-compose:/usr/local/bin/docker-compose",
 		// "-v", "/ide-desktop:/ide-desktop", // TODO fix desktop IDEs later
 		// "-v", "/ide-desktop-plugins:/ide-desktop-plugins", // TODO refactor to keep all IDE deps under ide or ide-desktop
 

components/supervisor/pkg/supervisor/supervisor.go

@@ -398,9 +398,9 @@ func Run(options ...RunOption) {
 	tasksSuccessChan := make(chan taskSuccess, 1)
 	go taskManager.Run(ctx, &wg, tasksSuccessChan)
 
-	if !opts.RunGP && !cfg.isDebugWorkspace() {
+	if !opts.RunGP {
 		wg.Add(1)
-		go socketActivationForDocker(ctx, &wg, termMux)
+		go socketActivationForDocker(ctx, &wg, termMux, cfg.isDebugWorkspace())
 	}
 
 	if cfg.isHeadless() {
@@ -1499,7 +1499,7 @@ func recordInitializerMetrics(path string, metrics *metrics.SupervisorMetrics) {
 	}
 }
 
-func socketActivationForDocker(ctx context.Context, wg *sync.WaitGroup, term *terminal.Mux) {
+func socketActivationForDocker(ctx context.Context, wg *sync.WaitGroup, term *terminal.Mux, isDebugWorkspace bool) {
 	defer wg.Done()
 
 	fn := "/var/run/docker.sock"
@@ -1521,6 +1521,10 @@ func socketActivationForDocker(ctx context.Context, wg *sync.WaitGroup, term *te
 			cmd := exec.Command("/usr/bin/docker-up")
 			cmd.Env = append(os.Environ(), "LISTEN_FDS=1")
 			cmd.ExtraFiles = []*os.File{socketFD}
+			if isDebugWorkspace {
+				cmd.Args = append(cmd.Args, "--iface", "eth0")
+				cmd.Args = append(cmd.Args, "--data-root", "/workspace/.docker-root-debug")
+			}
 			alias, err := term.Start(cmd, terminal.TermOptions{
 				Annotations: map[string]string{
 					"gitpod.supervisor": "true",