Updating the base docker image to not have the docker in docker featu…

…re enabled

ReadMe.md

@@ -10,7 +10,7 @@ There are four images to help get you started.
 - `tentacle`: this is the base image which includes just enough to run the tentacle.  Based on `mcr.microsoft.com/dotnet/core/runtime-deps`.
 - `tentacle-worker`: includes a variety of software to get started using this tentacle as a worker.  Based on `tentacle`.
 - `tentacle-k8sworker`: similar to the `tentacle-worker` but only includes the software useful for kubernetes deployments.  Based on `tentacle`.
-- `tentacle-executioncontainer`: only includes the necessary software to run the [execution container feature](https://octopus.com/docs/deployment-process/execution-containers-for-workers) in Octopus Deploy.  Based on `tentacle`.
+- `tentacle-executioncontainer`: only includes the necessary software to run the [execution container feature](https://octopus.com/docs/deployment-process/execution-containers-for-workers) in Octopus Deploy.  Based on `mcr.microsoft.com/dotnet/core/runtime-deps`.
 
 ## Tentacle
 This is the bare bones to run a tentacle as a docker container.  It is based on the latest .NET Core runtime dependencies `3.1-bionic` image provided by Microsoft.  
@@ -95,7 +95,7 @@ The docker container has a few self-imposed limitations.
 - **SPACE**: The name of the [space](https://octopus.com/docs/administration/spaces) to register the tentacle with.  Default is Default.
 - **COMMUNICATION_TYPE**: Whether you are using [polling tentacles or listening tentacles](https://octopus.com/docs/infrastructure/deployment-targets/windows-targets/tentacle-communication).  Default is Polling.
 - **MACHINE_POLICY_NAME**: The name of the [machine policy](https://octopus.com/docs/infrastructure/deployment-targets/machine-policies) to associate the container with.  Defaults to `Default Machine Policy.`
-- **DISABLE_DIND**: Indicates if docker in docker should be disabled.  Defaults to N.
+- **DISABLE_DIND**: Indicates if docker in docker should be disabled.  Defaults to N.  Only for `tentacle-executioncontainer` image only.
 - **ACCEPT_EULA**: You must accept the [Octopus Deploy EULA](https://octopus.com/legal/customer-agreement).
 
 ## Ports

base/Dockerfile

@@ -29,7 +29,6 @@ ENV SPACE="Default"
 ENV TARGET_WORKER_POOL=""
 ENV MACHINE_POLICY_NAME="Default Machine Policy"
 ENV COMMUNICATION_TYPE="Polling"
-ENV DISABLE_DIND=N
 ENV ACCEPT_EULA=N
 
 CMD /scripts/configure-tentacle.sh && /scripts/run-tentacle.sh

base/scripts/run-tentacle.sh

@@ -1,11 +1,4 @@
 #!/bin/bash
 set -eux
 
-if [[ "$DISABLE_DIND" == "Y" ]]; then
-    echo Docker-in-Docker is disabled.
-else
-    echo "Starting Docker-in-Docker daemon. This requires that this container be run in privileged mode."
-    nohup /usr/local/bin/dockerd-entrypoint.sh dockerd &
-fi
-
 tentacle agent --instance Tentacle --noninteractive

tentacle-executioncontainer/Dockerfile

@@ -1,17 +1,54 @@
-FROM octopuslabs/tentacle:latest
+FROM mcr.microsoft.com/dotnet/core/runtime-deps:3.1-bionic
+
+RUN apt-get update && \
+    apt-get install -y wget unzip apt-utils curl software-properties-common  
 
 RUN apt-get update && \
     apt-get install -y curl sudo dos2unix && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+EXPOSE 10933
+
 WORKDIR /tmp
 
+COPY ./scripts/* /scripts/
+RUN chmod +x /scripts/*.sh
+
 COPY ./install-scripts/* /install-scripts/
 RUN chmod +x /install-scripts/*.sh
 
 # Install Docker daemon and CLI
 COPY ./scripts/dockerd-entrypoint.sh /usr/local/bin/
 RUN /install-scripts/install-docker.sh
 
-VOLUME /var/lib/docker
+# Install Tentacle
+RUN apt-key adv --fetch-keys https://apt.octopus.com/public.key && \
+    add-apt-repository "deb https://apt.octopus.com/ stretch main" && \
+    apt-get update && \
+    apt-get install tentacle
+
+WORKDIR /
+
+# We know this won't reduce the image size at all. It's just to make the filesystem a little tidier.
+RUN rm -rf /tmp/*
+
+ENV DISABLE_DIND=N
+ENV SERVER_URL="https://octopus.example.com/"
+ENV SERVER_PORT=10943
+ENV SERVER_API_KEY="API-SOURCE-THIS-FROM-YOUR-OCTOPUS-SERVER"
+ENV ServerThumbprint=""
+ENV SERVER_USERNAME=""
+ENV SERVER_PASSWORD=""
+ENV TARGET_ENVIRONMENT=""
+ENV TARGET_ROLE=""
+ENV REGISTRATION_NAME=""
+ENV SPACE="Default"
+ENV TARGET_WORKER_POOL=""
+ENV MACHINE_POLICY_NAME="Default Machine Policy"
+ENV COMMUNICATION_TYPE="Polling"
+ENV ACCEPT_EULA=N
+
+VOLUME /var/lib/docker
+
+CMD /scripts/configure-tentacle.sh && /scripts/run-tentacle.sh

tentacle-executioncontainer/scripts/configure-tentacle.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+set -eux
+
+function splitAndGetArgs {
+    finalstring=""
+    IFS=','
+    #Convert string to array
+    read -ra strarr <<< "$2"
+    for i in "${strarr[@]}"; do
+        finalstring+="--$1 \"$(echo $i | xargs)\" "
+    done
+    echo $finalstring
+}
+
+if [[ "$ACCEPT_EULA" != "Y" ]]; then
+    echo "ERROR: You must accept the EULA at https://octopus.com/company/legal by passing an environment variable 'ACCEPT_EULA=Y'"
+    exit 1
+fi
+
+if [ -f "/usr/bin/tentacle" ]; then
+    echo "Octopus Tentacle is already configured."
+    return
+fi
+
+ln -s /opt/octopus/tentacle/Tentacle /usr/bin/tentacle
+
+# Tentacle Docker images only support once instance per container. Running multiple instances can be achieved by running multiple containers.
+instanceName=Tentacle
+configurationDirectory=/etc/octopus
+applicationsDirectory=/home/Octopus/Applications
+
+mkdir -p $configurationDirectory
+mkdir -p $applicationsDirectory
+
+tentacle create-instance --instance "$instanceName" --config "$configurationDirectory/tentacle.config"
+tentacle new-certificate --instance "$instanceName" --if-blank
+
+registerName=$HOSTNAME
+if [[ "$REGISTRATION_NAME" != "" ]]; then
+    registerName=$REGISTRATION_NAME
+fi
+
+workerPoolString=$(splitAndGetArgs "workerpool" "$TARGET_WORKER_POOL")
+
+if [[ "$COMMUNICATION_TYPE" != "Polling" ]]; then    
+    tentacle configure --instance "$instanceName" --app "$applicationsDirectory" --noListen "False" --reset-trust --port "$LISTENING_PORT"
+    tentacle configure --trust "$ServerThumbprint"    
+    eval tentacle register-worker --instance \"$instanceName\" --server \"$SERVER_URL\" --name \"$registerName\" --comms-style \"TentaclePassive\" --tentacle-comms-port $LISTENING_PORT --username \"$SERVER_USERNAME\" --password \"$SERVER_PASSWORD\" --apiKey \"$SERVER_API_KEY\" --space \"$SPACE\" --policy=\"$MACHINE_POLICY_NAME\" $workerPoolString --force    
+else
+    tentacle configure --instance "$instanceName" --app "$applicationsDirectory" --noListen "True" --reset-trust     
+    eval tentacle register-worker --instance \"$instanceName\" --server \"$SERVER_URL\" --name \"$registerName\" --comms-style \"TentacleActive\" --server-comms-port $SERVER_PORT --username \"$SERVER_USERNAME\" --password \"$SERVER_PASSWORD\" --apiKey \"$SERVER_API_KEY\" --space \"$SPACE\" --policy=\"$MACHINE_POLICY_NAME\" $workerPoolString --force    
+fi

tentacle-executioncontainer/scripts/run-tentacle.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -eux
+
+if [[ "$DISABLE_DIND" == "Y" ]]; then
+    echo Docker-in-Docker is disabled.
+else
+    echo "Starting Docker-in-Docker daemon. This requires that this container be run in privileged mode."
+    nohup /usr/local/bin/dockerd-entrypoint.sh dockerd &
+fi
+
+tentacle agent --instance Tentacle --noninteractive