enable lanching vnc with a user account (#5)

* remove unnecessary sed alias

* enable launching vnc with --user and --home

* isolate vnc content from home directory in case it's mounted

* remove unnecessary support file generation

* enforce lxqt-session
otherwise if gnome-session is installed it will try to use that by default

* force lxqt

* prefix arguments with space to avoid collisions

* leverage username override

Author: tfoote

novnc_rocker/novnc.py

@@ -45,7 +45,7 @@ def get_snippet(self, cli_args):
         return em.expand(snippet, self._env_subs)
 
     def get_docker_args(self, cli_args):
-        return '-p %s:%s' % (cli_args['novnc_port'], cli_args['novnc_port'])
+        return ' -p %s:%s' % (cli_args['novnc_port'], cli_args['novnc_port'])
 
     @staticmethod
     def register_arguments(parser, defaults={}):

novnc_rocker/templates/turbovnc.conf

@@ -0,0 +1,5 @@
+[program:turbovnc]
+command=/opt/TurboVNC/bin/vncserver  -SecurityTypes None -fg -nohttpd -geometry 1280x720
+autorestart=true
+user=@(vnc_user)
+environment=USER="@(vnc_user)",HOME="@(vnc_user_home)",TVNC_WM="x-session-manager"

novnc_rocker/templates/turbovnc.conf.em

@@ -15,15 +15,34 @@ RUN cd /tmp && \
     curl -fsSL -O ${SOURCEFORGE}/turbovnc/files/${TURBOVNC_VERSION}/turbovnc_${TURBOVNC_VERSION}_amd64.deb \
         -O ${SOURCEFORGE}/virtualgl/files/${VIRTUALGL_VERSION}/virtualgl_${VIRTUALGL_VERSION}_amd64.deb \
     && dpkg -i *.deb \
-    && rm -f /tmp/*.deb \
-    && sed -i 's/$host:/unix:/g' /opt/TurboVNC/bin/vncserver
+    && rm -f /tmp/*.deb
 
-RUN mkdir -p /root/.vnc
-RUN echo testpass | /opt/TurboVNC/bin/vncpasswd -f > /root/.vnc/passwd && chmod 600 /root/.vnc/passwd
+# Keep vnc content out of
+RUN echo '$vncUserDir = "/tmp/@(vnc_user)-vnc";' >> /etc/turbovncserver.conf
+# One less file in home to avoid cluttering the home directory
+ENV XAUTHORITY "/tmp/@(vnc_user)-vnc/.Xauthority"
+# RUN echo '$xstartup = "/tmp/@(vnc_user)-vnc/xstartup.turbovnc;' >> /etc/turbovncserver.conf
+
+# TODO(tfoote) authentication
+# RUN echo testpass | /opt/TurboVNC/bin/vncpasswd -f > ~/@(vnc_user)-vnc/passwd && chmod -R 600 ~/@(vnc_user)-vnc/passwd
+# TODO(tfoote) needed maybe too? && chown -R @(vnc_user) /tmp/@(vnc_user)-vnc/passwd
 
 RUN mkdir -p /root/.supervisor/conf.d
 
 COPY supervisor.conf /root/.supervisor
 COPY turbovnc.conf /root/.supervisor/conf.d
 
-CMD /usr/bin/supervisord -c /root/.supervisor/supervisor.conf
+## Make sure we're in lxqt. gnome-session will win if it's installed in the image.
+RUN update-alternatives --set x-session-manager /usr/bin/startlxqt
+
+# TODO(tfoote) avoid selecting mutter vs openbox windows manager
+
+# Disable unneeded modules
+
+RUN echo 'Hidden=True' >> /etc/xdg/autostart/lxqt-xscreensaver-autostart.desktop
+RUN echo 'Hidden=True' >> /etc/xdg/autostart/lxqt-powermanagement.desktop
+RUN echo 'Hidden=True' >> /etc/xdg/autostart/upg-notifier-autostart.desktop
+RUN echo 'Hidden=True' >> /etc/xdg/autostart/nm-tray-autostart.desktop
+RUN echo 'Hidden=True' >> /etc/xdg/autostart/nm-applet.desktop
+
+CMD @(vnc_user != 'root' ? 'sudo ' ! '')@ /usr/bin/supervisord -c /root/.supervisor/supervisor.conf

novnc_rocker/templates/turbovnc_snippet.Dockerfile.em

@@ -1,4 +1,6 @@
 import em
+import getpass
+import os
 import pkgutil
 import sys
 from rocker.extensions import RockerExtension, name_to_argument
@@ -15,6 +17,19 @@ def __init__(self):
         self.name = TurboVNC.get_name()
         self.SUPPORTED_CODENAMES = ['focal']
 
+    def compute_env_subs(self, cli_args):
+        # TODO(tfoote) this caches cli_args implicitly
+        if not self._env_subs:
+            # default case
+            # Todo evaluate elsewhere?
+            self._env_subs['vnc_user'] = 'root'
+            self._env_subs['vnc_user_home'] = '/root'
+            if 'user' in cli_args:
+                if cli_args['user']:
+                    self._env_subs['vnc_user'] = cli_args['user_override_name'] if cli_args['user_override_name'] else getpass.getuser()
+                    self._env_subs['vnc_user_home'] = os.path.join('/home/', cli_args['user_override_name']) if cli_args['user_override_name'] else os.path.expanduser('~')
+        return self._env_subs
+
     def precondition_environment(self, cli_args):
         detected_os = detect_os(cli_args['base_image'], print, nocache=cli_args.get('nocache', False))
         if detected_os is None:
@@ -32,19 +47,35 @@ def get_preamble(self, cli_args):
         return ''
 
     def get_files(self, cli_args):
-        file_list = ['supervisor.conf', 'turbovnc.conf']
+        file_list = ['supervisor.conf']
         files = {}
         for f in file_list:
             files['%s' % f] = pkgutil.get_data(
                 'novnc_rocker',
                 'templates/%s' % f).decode('utf-8')
+        template_list = ['turbovnc.conf']
+        self.compute_env_subs(cli_args)
+        for f in template_list:
+            try:
+                files['%s' % f] = em.expand(
+                    pkgutil.get_data(
+                    'novnc_rocker',
+                    'templates/%s.em' % f).decode('utf-8'),
+                    self._env_subs)
+            except (NameError, TypeError) as ex:
+                raise NameError("Failed to evaluate template %s: %s \args are: %s" % (f, ex, self._env_subs))
         return files
 
     def get_snippet(self, cli_args):
+        self.compute_env_subs(cli_args)
         snippet = pkgutil.get_data(
             'novnc_rocker',
             'templates/%s_snippet.Dockerfile.em' % self.name).decode('utf-8')
-        return em.expand(snippet, self._env_subs)
+        try:
+            result = em.expand(snippet, self._env_subs)
+        except (NameError, TypeError) as ex:
+            raise NameError("Failed to evaluate snippet for %s: %s. \nargs are: %s" % (self.name, ex, self._env_subs))
+        return result
 
     def get_docker_args(self, cli_args):
         return ''