docker: restore the support for fixed UID/GID and standalone container

docker/build/standalone.x86_64.dockerfile

@@ -3,27 +3,54 @@ ARG TARGET_ARCH=x86_64
 ARG IMAGE_VERSION=18.04-20210517_1712
 ARG BASE_IMAGE=${DOCKER_REPO}:runtime-${TARGET_ARCH}-${IMAGE_VERSION}
 
+ARG DOCKER_USER
+ARG DOCKER_USER_ID
+ARG DOCKER_GRP
+ARG DOCKER_GRP_ID
+
 FROM ${DOCKER_REPO}:data_volume-audio_model-${TARGET_ARCH}-latest as apollo_audio_volume
 FROM ${DOCKER_REPO}:yolov4_volume-emergency_detection_model-${TARGET_ARCH}-latest as apollo_yolov4_volume
 FROM ${DOCKER_REPO}:faster_rcnn_volume-traffic_light_detection_model-${TARGET_ARCH}-latest as apollo_faster_rcnn_volume
 FROM ${DOCKER_REPO}:smoke_volume-yolo_obstacle_detection_model-${TARGET_ARCH}-latest as apollo_smoke_volume
 
 FROM ${BASE_IMAGE}
 
-COPY output /apollo
+ENV DOCKER_USER=${DOCKER_USER:-apollo}
+ENV DOCKER_USER_ID=${DOCKER_USER_ID:-1001}
+ENV DOCKER_GRP=${DOCKER_GRP:-apollo}
+ENV DOCKER_GRP_ID=${DOCKER_GRP_ID:-1001}
+
+# We need to copy output first to make sure that the top-level /apollo directory is also owned by ${DOCKER_USER_ID}:${DOCKER_GRP_ID},
+# because COPY --chown creates target directory as root and only chowns the files it copies.
+# If we copy some volume first then /apollo is owned by root and different user will fail to create e.g.
+# nohup.out or /apollo/data there (in runtime image it's overlayed by a volume from host, so it doesn't harm)
+COPY \
+    --chown=${DOCKER_USER_ID}:${DOCKER_GRP_ID} \
+    output \
+    /apollo
 
-COPY --from=apollo_audio_volume \
+COPY \
+    --from=apollo_audio_volume \
+    --chown=${DOCKER_USER_ID}:${DOCKER_GRP_ID} \
     /apollo/modules/audio \
     /apollo/modules/audio
 
-COPY --from=apollo_yolov4_volume \
+COPY \
+    --from=apollo_yolov4_volume \
+    --chown=${DOCKER_USER_ID}:${DOCKER_GRP_ID} \
     /apollo/modules/perception/camera/lib/obstacle/detector/yolov4 \
     /apollo/modules/perception/camera/lib/obstacle/detector/yolov4
 
-COPY --from=apollo_faster_rcnn_volume \
+COPY \
+    --from=apollo_faster_rcnn_volume \
+    --chown=${DOCKER_USER_ID}:${DOCKER_GRP_ID} \
     /apollo/modules/perception/production/data/perception/camera/models/traffic_light_detection \
     /apollo/modules/perception/production/data/perception/camera/models/traffic_light_detection
 
-COPY --from=apollo_smoke_volume \
+COPY \
+    --from=apollo_smoke_volume \
+    --chown=${DOCKER_USER_ID}:${DOCKER_GRP_ID} \
     /apollo/modules/perception/production/data/perception/camera/models/yolo_obstacle_detector \
     /apollo/modules/perception/production/data/perception/camera/models/yolo_obstacle_detector
+
+RUN /apollo/scripts/docker_start_user.sh

docker/build/standalone.x86_64.sh

@@ -3,6 +3,10 @@
 # Copyright (c) 2021 LG Electronics, Inc. All Rights Reserved
 
 DOCKER_REPO=apolloauto/apollo
+DOCKER_USER=apollo
+DOCKER_USER_ID=1001
+DOCKER_GRP=apollo
+DOCKER_GRP_ID=1001
 TARGET_ARCH=x86_64
 IMAGE_VERSION=18.04-20210517_1712
 DEV_IMAGE=${DOCKER_REPO}:dev-${TARGET_ARCH}-${IMAGE_VERSION}
@@ -47,15 +51,25 @@ rm -f docker/build/syspkgs.txt
 
 mv output docker/build
 
+mkdir -p docker/build/output/standalone-scripts/docker/scripts
+cp docker/scripts/{runtime_start.sh,runtime_into_standalone.sh,docker_base.sh} docker/build/output/standalone-scripts/docker/scripts
+mkdir -p docker/build/output/standalone-scripts/scripts
+cp scripts/{common.bashrc,apollo_base.sh,apollo.bashrc} docker/build/output/standalone-scripts/scripts
+
 docker build \
     --build-arg BASE_IMAGE=${RUNTIME_IMAGE} \
+    --build-arg DOCKER_USER=${DOCKER_USER} \
+    --build-arg DOCKER_USER_ID=${DOCKER_USER_ID} \
+    --build-arg DOCKER_GRP=${DOCKER_GRP} \
+    --build-arg DOCKER_GRP_ID=${DOCKER_GRP_ID} \
     -f docker/build/standalone.x86_64.dockerfile \
     docker/build/ \
     -t ${STANDALONE_IMAGE}
 
 docker tag ${STANDALONE_IMAGE} ${STANDALONE_IMAGE_LATEST}
 
 /bin/echo -e "Docker image with prebuilt files was built and tagged as ${STANDALONE_IMAGE}, you can start it with: \n\
-  bash docker/scripts/runtime_start.sh --standalone --local --tag standalone-${TARGET_ARCH}-${IMAGE_VERSION}\n\
+  cd docker/build/output/standalone-scripts
+  RUNTIME_STANDALONE_USER=${DOCKER_USER} RUNTIME_STANDALONE_GROUP=${DOCKER_GRP} RUNTIME_STANDALONE_UID=${DOCKER_USER_ID} RUNTIME_STANDALONE_GID=${DOCKER_GRP_ID} docker/scripts/runtime_start.sh --standalone --local --tag standalone-${TARGET_ARCH}-${IMAGE_VERSION}\n\
 and switch into it with:\n\
-  bash docker/scripts/runtime_into_standalone.sh"
+  RUNTIME_STANDALONE_USER=${DOCKER_USER} docker/scripts/runtime_into_standalone.sh"

docker/scripts/runtime_into_standalone.sh

@@ -15,11 +15,13 @@
 # limitations under the License.
 ###############################################################################
 
+DOCKER_USER="${USER}"
 RUNTIME_CONTAINER="apollo_runtime_standalone_${USER}"
+[ -n "${RUNTIME_STANDALONE_USER}" ] && DOCKER_USER="${RUNTIME_STANDALONE_USER}"
 
 xhost +local:root 1>/dev/null 2>&1
 
-docker exec -u "${USER}" \
+docker exec -u "${DOCKER_USER}" \
     -it "${RUNTIME_CONTAINER}" \
     /bin/bash
 

docker/scripts/runtime_start.sh

@@ -155,6 +155,12 @@ function check_host_environment() {
         warning "Apollo Runtime Docker supports x86_64 ONLY!"
         exit 2
     fi
+
+    if [[ -f "${CURR_DIR}/dev_start.sh" ]]; then
+        warning "${CURR_DIR}/dev_start.sh detected."
+        warning "Apollo Runtime Docker is expected to run with release builds."
+        exit 3
+    fi
 }
 
 function setup_devices_and_mount_local_volumes() {
@@ -164,14 +170,7 @@ function setup_devices_and_mount_local_volumes() {
     setup_device
 
     local volumes=""
-    if $RUNTIME_STANDALONE; then
-        volumes="-v ${APOLLO_ROOT_DIR}/data:/apollo/data \
-                 -v ${APOLLO_ROOT_DIR}/modules/calibration/data:/apollo/modules/calibration/data \
-                 -v ${APOLLO_ROOT_DIR}/modules/map/data:/apollo/modules/map/data \
-                 -v ${APOLLO_ROOT_DIR}/output:/apollo/output"
-    else
-        volumes="-v ${APOLLO_ROOT_DIR}:/apollo"
-    fi
+    $RUNTIME_STANDALONE || volumes="-v ${APOLLO_ROOT_DIR}:/apollo"
 
     local os_release="$(lsb_release -rs)"
     case "${os_release}" in
@@ -329,7 +328,7 @@ function main() {
     local local_volumes=
     setup_devices_and_mount_local_volumes local_volumes
 
-    mount_map_volumes
+    $RUNTIME_STANDALONE || mount_map_volumes
     $RUNTIME_STANDALONE || mount_other_volumes
 
     info "Starting docker container \"${RUNTIME_CONTAINER}\" ..."
@@ -341,6 +340,12 @@ function main() {
     local docker_group="$(id -g -n)"
     local docker_gid="$(id -g)"
 
+    if $RUNTIME_STANDALONE; then
+        [ -n "${RUNTIME_STANDALONE_USER}" ] && docker_user="${RUNTIME_STANDALONE_USER}"
+        [ -n "${RUNTIME_STANDALONE_UID}" ] && docker_uid="${RUNTIME_STANDALONE_UID}"
+        [ -n "${RUNTIME_STANDALONE_GROUP}" ] && docker_group="${RUNTIME_STANDALONE_GROUP}"
+        [ -n "${RUNTIME_STANDALONE_GID}" ] && docker_gid="${RUNTIME_STANDALONE_GID}"
+    fi
     set -x
     ${DOCKER_RUN_CMD} -itd \
         --privileged \
@@ -357,6 +362,7 @@ function main() {
         -e NVIDIA_DRIVER_CAPABILITIES=compute,video,graphics,utility \
         ${MAP_VOLUMES_CONF} \
         ${OTHER_VOLUMES_CONF} \
+        ${LOCAL_VOLUMES_CONF} \
         ${local_volumes} \
         --net host \
         -w /apollo \
@@ -377,8 +383,6 @@ function main() {
 
     postrun_start_user ${RUNTIME_CONTAINER}
 
-    $RUNTIME_STANDALONE && docker exec -u root "${RUNTIME_CONTAINER}" bash -c "chown -R ${docker_uid}:${docker_gid} /apollo"
-
     ok "Congratulations! You have successfully finished setting up Apollo Runtime Environment."
     ok "To login into the newly created ${RUNTIME_CONTAINER} container, please run the following command:"
     $RUNTIME_STANDALONE || ok "  bash docker/scripts/runtime_into.sh"

modules/dreamview/BUILD

@@ -40,10 +40,13 @@ install(
         ":dreamview_conf",
         ":frontend",
     ],
+    runtime_dest = "modules/dreamview",
     targets = ["dreamview"],
     deps = [
         ":pb_dreamview",
         "//cyber:install",
+        "//modules/calibration:install",
+        "//modules/common/data:install",
     ],
 )