How to run the Engine with Custom Certificate Authorities? | Dagger | Page 1

wise comet Sep 5, 2024, 10:59 PM

#

I've built a custom dagger image with a custom CA, but I don't understand how to run it. If there is another way to add a custom CA to the engine w/o building an image? I would be grateful for your help. Thank You.

white marsh Sep 6, 2024, 12:13 AM

#

👋 hello, @wise comet
You can mount them at runtime under /usr/local/share/ca-certificates

#

See if theese Docs help you run your custom image
https://github.com/dagger/dagger/blob/main/docs/current_docs/manuals/administrator/engine/custom-runner.mdx#connection-interface

GitHub

dagger/docs/current_docs/manuals/administrator/engine/custom-runner...

An engine to run your pipelines in containers. Contribute to dagger/dagger development by creating an account on GitHub.

wise comet Sep 6, 2024, 12:14 PM

#

@white marsh Thanks, yes I read the documentation but it didn't help.

Locally Built Docker Image
FROM registry.dagger.io/engine:v.12.7
COPY ca.crt /usr/local/share/ca-certificates

Execute
dagger init —sdk=go —source=./dagger

How to set variables to use local docker image or remote registry?

bright loom Sep 6, 2024, 12:23 PM

#

doesn't the image have a full path to the image like mcr.microsoft.com/dotnet/runtime:latest it would then pull it from remote or if already on your local, use the downloaded one

#

it's the same behaviour with normal docker I thought, pull if not exists.

#

i wacked a page up somewhere at work when iwas going through this process, let me see if i can dump that conf page stuff onto a gist somewhere

fathom condor Sep 6, 2024, 12:45 PM

#

https://gist.github.com/pjmagee/e508c5fed07fe79cd2ddd76895e75828

Gist

custom-engine.md

GitHub Gist: instantly share code, notes, and snippets.

white marsh Sep 6, 2024, 1:53 PM

#

@fathom condor was faster with the answer daggerfire

bright loom Sep 6, 2024, 1:55 PM

#

tbh, i think the official docs could be a bit more verbose like my gist

wise comet Sep 6, 2024, 2:04 PM

#

Thanks guys.

I figured it out, let's summarize a bit.
By running the following commands, you create your image, run it, and then set a variable to tell dagger cli where to go, which container to use.

cat dagger_engine.containerfile
FROM registry.dagger.io/engine:v0.12.7
COPY ./ca.crt /usr/local/share/ca-certificates

docker build -t your.private.registry/acme/custom-dagger-engine:v0.12.7 -f dagger_engine.containerfile .
docker run -d --rm --name custom-dagger-engine --privileged your.private.registry/acme/custom-dagger-engine:v0.12.7
export _EXPERIMENTAL_DAGGER_RUNNER_HOST=docker-container://custom-dagger-engine
dagger init --sdk=go --source=./dagger

I was thinking of using a pointer to a custom docker image, instead of specifying a running custom container. Otherwise, in a Git Self Runner, you'd have to run the container in addition to the checkout and dagger run. But it doesn't work

export _EXPERIMENTAL_DAGGER_RUNNER_HOST=docker-image://your.private.registry/acme/custom-dagger-engine:v0.12.7

#How to run the Engine with Custom Certificate Authorities?