mirror of https://github.com/coder/coder.git
90 lines
3.0 KiB
Bash
Executable File
90 lines
3.0 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
set -eux
|
|
# Sleep for a good long while before exiting.
|
|
# This is to allow folks to exec into a failed workspace and poke around to
|
|
# troubleshoot.
|
|
waitonexit() {
|
|
echo "=== Agent script exited with non-zero code. Sleeping 24h to preserve logs..."
|
|
sleep 86400
|
|
}
|
|
trap waitonexit EXIT
|
|
BINARY_DIR="${BINARY_DIR:-$(mktemp -d -t coder.XXXXXX)}"
|
|
BINARY_NAME=coder
|
|
BINARY_URL=${ACCESS_URL}bin/coder-linux-${ARCH}
|
|
cd "$BINARY_DIR"
|
|
# Attempt to download the coder agent.
|
|
# This could fail for a number of reasons, many of which are likely transient.
|
|
# So just keep trying!
|
|
while :; do
|
|
# Try a number of different download tools, as we don not know what we
|
|
# will have available.
|
|
status=""
|
|
if command -v curl >/dev/null 2>&1; then
|
|
curl -fsSL --compressed "${BINARY_URL}" -o "${BINARY_NAME}" && break
|
|
status=$?
|
|
elif command -v wget >/dev/null 2>&1; then
|
|
wget -q "${BINARY_URL}" -O "${BINARY_NAME}" && break
|
|
status=$?
|
|
elif command -v busybox >/dev/null 2>&1; then
|
|
busybox wget -q "${BINARY_URL}" -O "${BINARY_NAME}" && break
|
|
status=$?
|
|
else
|
|
echo "error: no download tool found, please install curl, wget or busybox wget"
|
|
exit 127
|
|
fi
|
|
echo "error: failed to download coder agent"
|
|
echo " command returned: ${status}"
|
|
echo "Trying again in 30 seconds..."
|
|
sleep 30
|
|
done
|
|
|
|
if ! chmod +x $BINARY_NAME; then
|
|
echo "Failed to make $BINARY_NAME executable"
|
|
exit 1
|
|
fi
|
|
|
|
haslibcap2() {
|
|
command -v setcap /dev/null 2>&1
|
|
command -v capsh /dev/null 2>&1
|
|
}
|
|
printnetadminmissing() {
|
|
echo "The root user does not have CAP_NET_ADMIN permission. " + \
|
|
"If running in Docker, add the capability to the container for " + \
|
|
"improved network performance."
|
|
echo "This has security implications. See https://man7.org/linux/man-pages/man7/capabilities.7.html"
|
|
}
|
|
|
|
# Attempt to add CAP_NET_ADMIN to the agent binary. This allows us to increase
|
|
# network buffers which improves network transfer speeds.
|
|
if [ -n "${USE_CAP_NET_ADMIN:-}" ]; then
|
|
# If running as root, we do not need to do anything.
|
|
if [ "$(id -u)" -eq 0 ]; then
|
|
echo "Running as root, skipping setcap"
|
|
# Warn the user if root does not have CAP_NET_ADMIN.
|
|
if ! capsh --has-p=CAP_NET_ADMIN; then
|
|
printnetadminmissing
|
|
fi
|
|
|
|
# If not running as root, make sure we have sudo perms and the "setcap" +
|
|
# "capsh" binaries exist.
|
|
elif sudo -nl && haslibcap2; then
|
|
# Make sure the root user has CAP_NET_ADMIN.
|
|
if sudo -n capsh --has-p=CAP_NET_ADMIN; then
|
|
sudo -n setcap CAP_NET_ADMIN=+ep ./$BINARY_NAME || true
|
|
else
|
|
printnetadminmissing
|
|
fi
|
|
|
|
# If we are not running as root, cant sudo, and "setcap" does not exist, we
|
|
# cannot do anything.
|
|
else
|
|
echo "Unable to setcap agent binary. To enable improved network performance, " + \
|
|
"give the agent passwordless sudo permissions and the \"setcap\" + \"capsh\" binaries."
|
|
echo "This has security implications. See https://man7.org/linux/man-pages/man7/capabilities.7.html"
|
|
fi
|
|
fi
|
|
|
|
export CODER_AGENT_AUTH="${AUTH_TYPE}"
|
|
export CODER_AGENT_URL="${ACCESS_URL}"
|
|
exec ./$BINARY_NAME agent
|