Resin Base Images/ DHCP server

Product support
1

Are resin base images still supported? I tried balena push to a fleet Dockerfile with a the following base image:
FROM resin/%%RESIN_MACHINE_NAME%%-debian:buster
but it no longer works.
I changed it to use balenalib:
balenalib/%%RESIN_MACHINE_NAME%%-debian:buster
and apt-get systemd systemd-sysv instead of ENV INITSYSTEM

But now, the DHCP Server container is no longer able to operate:
dhcp-server Set static IP address
dhcp-server System has not been booted with systemd as init system (PID 1). Can’t operate.
dhcp-server Failed to connect to bus: Host is down
dhcp-server Start dnsmasq
dhcp-server System has not been booted with systemd as init system (PID 1). Can’t operate.
dhcp-server Failed to connect to bus: Host is down
dhcp-server Set static IP address
dhcp-server System has not been booted with systemd as init system (PID 1). Can’t operate.
dhcp-server Failed to connect to bus: Host is down

Is something missing/wrong with the Dockerfile?

Dockerfile:
FROM balenalib/%%RESIN_MACHINE_NAME%%-debian:buster

ENV DBUS_SYSTEM_BUS_ADDRESS unix:path=/host/run/dbus/system_bus_socket

RUN export DEBIAN_FRONTEND=noninteractive; apt-get update && apt-get upgrade && apt-get install -yq --no-install-recommends
systemd
systemd-sysv
dnsmasq
tcpdump
&& apt-get -y autoremove
&& apt-get -y autoclean
&& apt-get -y clean
&& rm -rf /var/lib/apt/lists/*
&& systemctl mask dnsmasq

WORKDIR /usr/src/app

COPY ./dhcp-server/dhcpcd.conf /etc/dhcpcd.conf
COPY ./dhcp-server/dnsmasq.conf /etc/dnsmasq.conf
COPY ./dhcp-server/start.sh .
COPY ./dhcp-server/eth0 .

CMD [“bash”, “start.sh”]

eth0
auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0

start.sh
#!/usr/bin/env bash

echo ‘Set static IP address’
cat eth0 >> /etc/network/interfaces
systemctl restart networking

echo ‘Start dnsmasq’
systemctl unmask dnsmasq
systemctl restart dnsmasq

2

Hi,

The %%RESIN_MACHINE_NAME%% mechanism and a lot of the old names still work, but in general support targets the balenalib images rather than resin.
As far as I’m aware the resin images are no longer being updated.

Regarding DHCP not working, this has to do with systemd being removed.
You should be fine if you add it to yourself as explained below.
Note that this includes changing the ENTRYPOINT of your Dockerfile.

3

I changed the following following files but the could not the services to fully install Screen Shot 2021-11-19 at 8.24.33 AM

Here is the Dockerfile and associated files:

Dockerfile
FROM balenalib/%%RESIN_MACHINE_NAME%%-debian:buster

ENV DBUS_SYSTEM_BUS_ADDRESS unix:path=/host/run/dbus/system_bus_socket

RUN export DEBIAN_FRONTEND=noninteractive; apt-get update && apt-get upgrade && apt-get install -yq --no-install-recommends
systemd
systemd-sysv
dnsmasq
tcpdump
&& apt-get -y autoremove
&& apt-get -y autoclean
&& apt-get -y clean
&& rm -rf /var/lib/apt/lists/*

ENV container docker
RUN systemctl mask dnsmasq

WORKDIR /usr/src/app

COPY ./dhcp-server/dhcpcd.conf /etc/dhcpcd.conf
COPY ./dhcp-server/dnsmasq.conf /etc/dnsmasq.conf
COPY ./dhcp-server/start.sh .
COPY ./dhcp-server/eth0 .

COPY ./dhcp-server/entry.sh /usr/bin/entry.sh
COPY ./dhcp-server/balena.service /etc/systemd/system/balena.service

RUN systemctl enable /etc/systemd/system/balena.service

STOPSIGNAL 37
ENTRYPOINT ["/usr/bin/entry.sh"]
CMD [“bash”, “start.sh”]

balena.service
[Unit]
Description=Resin.io User Application

[Service]
EnvironmentFile=/etc/docker.env
ExecStart=/etc/resinApp.sh
StandardOutput=tty
StandardError=tty
TTYPath=/dev/console
Restart=on-failure

[Install]
WantedBy=basic.target

entry.sh
#!/bin/bash

set -m

if ip link add dummy0 type dummy &> /dev/null; then
PRIVILEGED=true
ip link delete dummy0 &> /dev/null
else
PRIVILEGED=false
fi

function signal_handler()
{
kill “$pid”
}

function start_udev()
{
if [ “$UDEV” == “on” ]; then
if [ “$INITSYSTEM” != “on” ]; then
if command -v udevd &>/dev/null; then
unshare --net udevd --daemon &> /dev/null
else
unshare --net /lib/systemd/systemd-udevd --daemon &> /dev/null
fi
udevadm trigger &> /dev/null
fi
else
if [ “$INITSYSTEM” == “on” ]; then
systemctl mask systemd-udevd
fi
fi
}

function mount_dev()
{
tmp_dir=’/tmp/tmpmount’
mkdir -p “$tmp_dir”
mount -t devtmpfs none “$tmp_dir”
mkdir -p “$tmp_dir/shm”
mount --move /dev/shm “$tmp_dir/shm”
mkdir -p “$tmp_dir/mqueue”
mount --move /dev/mqueue “$tmp_dir/mqueue”
mkdir -p “$tmp_dir/pts”
mount --move /dev/pts “$tmp_dir/pts”
touch “$tmp_dir/console”
mount --move /dev/console “$tmp_dir/console”
umount /dev || true
mount --move “$tmp_dir” /dev

ln -sf /dev/pts/ptmx /dev/ptmx
mount -t debugfs nodev /sys/kernel/debug

}

function init_systemd()
{
GREEN=’\033[0;32m’
echo -e “${GREEN}Systemd init system enabled.”
for var in $(compgen -e); do
printf ‘%q=%q\n’ “$var” “${!var}”
done > /etc/docker.env
echo ‘source /etc/docker.env’ >> ~/.bashrc

printf '#!/bin/bash\n exec ' > /etc/resinApp.sh
printf '%q ' "$@" >> /etc/resinApp.sh
chmod +x /etc/resinApp.sh

mkdir -p /etc/systemd/system/resin.service.d
cat <<-EOF > /etc/systemd/system/resin.service.d/override.conf
	[Service]
	WorkingDirectory=$(pwd)
EOF

sleep infinity &
exec env DBUS_SYSTEM_BUS_ADDRESS=unix:path=/run/dbus/system_bus_socket SYSTEMD_LOG_LEVEL=info /sbin/init quiet systemd.show_status=0

}

function init_non_systemd()
{
# trap the stop signal then send SIGTERM to user processes
trap signal_handler SIGRTMIN+3 SIGTERM

if CMD=$(command -v "$1" 2>/dev/null); then
	shift
	"$CMD" "$@" &
	pid=$!
	wait "$pid"
	exit_code=$?
	fg &> /dev/null || exit "$exit_code"
else
	echo "Command not found: $1"
	exit 1
fi

}

INITSYSTEM=$(echo “$INITSYSTEM” | awk ‘{print tolower($0)}’)

case “$INITSYSTEM” in
‘1’ | ‘true’)
INITSYSTEM=‘on’
;;
esac

UDEV=$(echo “$UDEV” | awk ‘{print tolower($0)}’)

case “$UDEV” in
‘1’ | ‘true’)
UDEV=‘on’
;;
esac

if $PRIVILEGED; then
# Only run this in privileged container
mount_dev
start_udev
fi

if [ “$INITSYSTEM” = “on” ]; then
init_systemd “$@”
else
init_non_systemd “$@”
fi

4

When I try pushing to a fleet my old Dockerfile with a resin base image (that used to work), it will not install. 3 months ago, the same Dockerfile did not have a problem. It appears that the image is not longer accessible without a key. How can I get this Dockerfile to work?
I get the following errors:
^[[2K^M^[[34m[dhcp-server]^[[39m ^[[91mW: GPG error: Index of /debian-security buster/updates InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 112695A0E562B32A NO_PUBKEY 54404762BBB6E853
^[[2K^M^[[34m[dhcp-server]^[[39m E: The repository ‘Index of /debian-security buster/updates InRelease’ is not signed.
^[[2K^M^[[34m[dhcp-server]^[[39m W: GPG error: Index of /debian buster InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY DCC9EFBF77E11517
^[[2K^M^[[34m[dhcp-server]^[[39m E: The repository ‘Index of /debian buster InRelease’ is not signed.
^[[2K^M^[[34m[dhcp-server]^[[39m W: GPG error: Index of /debian buster-updates InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
^[[2K^M^[[34m[dhcp-server]^[[39m E: The repository ‘Index of /debian buster-updates InRelease’ is not signed.

^[[2K^M^[[31m[Error]^[[39m Some services failed to build:
^[[2K^M^[[31m[Error]^[[39m Service: dhcp-server
^[[2K^M^[[31m[Error]^[[39m Error: The command ‘/bin/sh -c export DEBIAN_FRONTEND=noninteractive; apt-get update && apt-get upgrade && apt-get install -yq --no-install-recommends dnsmasq tcpdump && apt-get -y autoremove && apt-get -y autoclean && apt-get -y clean && rm -rf /var/lib/apt/lists/* && systemctl mask dnsmasq’ returned a non-zero code: 100
^[[2K^M^[[36m[Info]^[[39m Built on arm04
^[[2K^M^[[31m[Error]^[[39m Not deploying release.

balena_push.txt (696.8 KB)

Dockerfile
FROM resin/%%RESIN_MACHINE_NAME%%-debian:buster

ENV DBUS_SYSTEM_BUS_ADDRESS unix:path=/host/run/dbus/system_bus_socket

ENV INITSYSTEM on

RUN export DEBIAN_FRONTEND=noninteractive; apt-get update && apt-get upgrade && apt-get install -yq --no-install-recommends
dnsmasq
tcpdump
&& apt-get -y autoremove
&& apt-get -y autoclean
&& apt-get -y clean
&& rm -rf /var/lib/apt/lists/*
&& systemctl mask dnsmasq

WORKDIR /usr/src/app

COPY ./dhcp-server/dhcpcd.conf /etc/dhcpcd.conf
COPY ./dhcp-server/dnsmasq.conf /etc/dnsmasq.conf
COPY ./dhcp-server/start.sh .
COPY ./dhcp-server/eth0 .

CMD [“bash”, “start.sh”]

5

Hey @ronlevine, can you help explain the use case for a full systemd installation in a container? Generally it is not advised to use systemd in a container but instead run something more portable like supervisord for managing services, or just dbus for interacting with the host dbus socket.

Regarding the GPG errors, that could be due to debian changing their upstream apt repos and the old base image is no longer compatible. I would strongly recommend moving to a more recent balenalib base image to continue getting security updates.

6

Also I see you copied an older version of our systemd example that still uses resin in a few places. Have you tried the most recent version and what are you providing in your balenaApp.sh/resinApp.sh start script being called by the example service file?