Merge pull request #21 from wheelos/auto_service

feat: add autostart service

Author: daohu527

docker/scripts/dev_into.sh

@@ -16,88 +16,95 @@
 # limitations under the License.
 ###############################################################################
 
-set -euo pipefail # Added for robustness
+set -euo pipefail
 
 # --- Constants ---
 DEV_CONTAINER_PREFIX='apollo_dev_'
-DEV_INSIDE="in-dev-docker" # Consistent with start_container.sh
+DEV_INSIDE="in-dev-docker"
 
-# --- Global Variables (will be set by parse_arguments) ---
-# DOCKER_USER will be the username used for 'docker exec -u'
-# Default to host's USER, can be overridden by --user
+# --- Global Variables ---
 DOCKER_USER="${USER}"
-# DEV_CONTAINER will be the name of the container to connect to
-# Default to apollo_dev_host_user, can be overridden by --user or -n
-DEV_CONTAINER="${DEV_CONTAINER_PREFIX}${USER}" # Initialize with default
-
-# Placeholder for user-specified container name via -n
+DEV_CONTAINER="${DEV_CONTAINER_PREFIX}${USER}"
 USER_EXPLICIT_CONTAINER_NAME=""
+#
+# === [MODIFICATION 1]: Add a new global variable for the command ===
+#
+NON_INTERACTIVE_CMD=""
 
 # --- Helper Functions ---
 function show_usage() {
     cat <<EOF
 Usage: $0 [options]
 Connects to a running Apollo development Docker container.
 
+MODES:
+  Interactive (default): If no command is provided, starts an interactive bash session.
+  Non-Interactive:       If a command is provided, executes it inside the container and exits.
+
 OPTIONS:
-    -h, --help              Display this help and exit.
-    -n, --name <container_name> Specify the *full* name of the docker container to connect to.
-                            Overrides default naming based on user.
-    --user <username>       Specify the username to log into inside the container.
-                            This also influences the container name if -n is not used.
-                            (Default: current host user for both container name and login user).
+    -h, --help                  Display this help and exit.
+    -n, --name <container_name> Specify the *full* name of the container to connect to.
+    -c, --command <"command">   Specify a command to execute in non-interactive mode.
+    --user <username>           Specify the username for the container session.
+                                Influences default container name if -n is not used.
 EOF
 }
 
 function parse_arguments() {
     local opt_n_value=""
     local opt_user_value=""
 
+    #
+    # === [MODIFICATION 2]: Update argument parsing logic ===
+    # Using a while loop to process options, allowing a command to be passed at the end.
+    # The previous logic would fail if options and commands were mixed.
+    #
     while [[ $# -gt 0 ]]; do
-        local opt="$1"
-        shift
-        case "${opt}" in
+        case "$1" in
             -h | --help)
                 show_usage
                 exit 0
                 ;;
             -n | --name)
-                opt_n_value="$1"
                 shift
-                if [[ -z "${opt_n_value}" ]]; then
-                    echo "Error: Missing argument for -n/--name." >&2
-                    exit 1
+                if [[ -z "${1-}" ]]; then
+                    echo "Error: Missing argument for -n/--name." >&2; exit 1
                 fi
-                USER_EXPLICIT_CONTAINER_NAME="${opt_n_value}" # <-- Here's the change: no prefixing
+                USER_EXPLICIT_CONTAINER_NAME="$1"
+                shift
                 ;;
             --user)
-                opt_user_value="$1"
                 shift
-                if [[ -z "${opt_user_value}" ]]; then
-                    echo "Error: Missing argument for --user." >&2
-                    exit 1
+                if [[ -z "${1-}" ]]; then
+                    echo "Error: Missing argument for --user." >&2; exit 1
                 fi
-                DOCKER_USER="${opt_user_value}"
+                DOCKER_USER="$1"
+                shift
+                ;;
+            -c | --command)
+                shift
+                if [[ -z "${1-}" ]]; then
+                    echo "Error: Missing argument for -c/--command." >&2; exit 1
+                fi
+                NON_INTERACTIVE_CMD="$1"
+                shift
                 ;;
             *)
-                echo "Error: Unknown option: ${opt}" >&2
-                show_usage
-                exit 1
+                # If an unknown option is found, assume it's the start of the command
+                NON_INTERACTIVE_CMD="$*"
+                break # Exit the loop, the rest of the arguments are the command
                 ;;
         esac
     done
 
+
     # --- Determine the final DEV_CONTAINER name ---
-    # Priority: -n (explicit full name) > --user (implied prefixed name) > host USER (default prefixed name)
     if [[ -n "${USER_EXPLICIT_CONTAINER_NAME}" ]]; then
         DEV_CONTAINER="${USER_EXPLICIT_CONTAINER_NAME}"
-    elif [[ -n "${opt_user_value}" ]]; then
-        # If --user was provided, but -n was not, use --user's value for container name suffix
-        DEV_CONTAINER="${DEV_CONTAINER_PREFIX}${opt_user_value}"
-    else
-        # Fallback to host's USER for container name suffix (default)
-        DEV_CONTAINER="${DEV_CONTAINER_PREFIX}${USER}"
-    fi
+    elif [[ "${DOCKER_USER}" != "${USER}" ]]; then
+        # If --user was provided AND it's different from the host user, use it for the container name
+        DEV_CONTAINER="${DEV_CONTAINER_PREFIX}${DOCKER_USER}"
+    fi # Otherwise, the default DEV_CONTAINER="${DEV_CONTAINER_PREFIX}${USER}" is used
 }
 
 function restart_stopped_container() {
@@ -120,23 +127,43 @@ function restart_stopped_container() {
 
 # --- Main Script Execution ---
 
-xhost +local:root 1>/dev/null 2>&1 || { echo "Warning: xhost command failed. Display may not work." >&2; }
-
 parse_arguments "$@"
 
 restart_stopped_container # Ensures the target container is running
 
-echo "Connecting to container '${DEV_CONTAINER}' as user '${DOCKER_USER}'..."
-
-# Execute bash inside the container
-docker exec \
-    -u "${DOCKER_USER}" \
-    -e HISTFILE=/apollo/.dev_bash_hist \
-    -it "${DEV_CONTAINER}" \
-    /bin/bash
-
-# Cleanup xhost (execute only if docker exec was successful, or cleanup anyway)
-# The `|| true` ensures the cleanup command runs even if docker exec fails.
-xhost -local:root 1>/dev/null 2>&1 || true
 
-echo "Disconnected from container."
+#
+# === [MODIFICATION 3]: Add the core logic to switch between modes ===
+#
+if [[ -n "${NON_INTERACTIVE_CMD}" ]]; then
+    # === NON-INTERACTIVE MODE ===
+    echo "Executing command in container '${DEV_CONTAINER}':"
+    echo "  ${NON_INTERACTIVE_CMD}"
+
+    # Use 'docker exec' without '-it'. The command is passed as arguments to /bin/bash -c
+    docker exec \
+        -u "${DOCKER_USER}" \
+        "${DEV_CONTAINER}" \
+        /bin/bash -c "${NON_INTERACTIVE_CMD}"
+
+    echo "Command execution finished."
+
+else
+    # === INTERACTIVE MODE ===
+    echo "Connecting to container '${DEV_CONTAINER}' as user '${DOCKER_USER}'..."
+
+    # Add display access for GUI applications
+    xhost +local:root &>/dev/null || true
+
+    # Use 'docker exec' with '-it' for an interactive terminal.
+    docker exec \
+        -u "${DOCKER_USER}" \
+        -e HISTFILE=/apollo/.dev_bash_hist \
+        -it \
+        "${DEV_CONTAINER}" \
+        /bin/bash
+
+    # Clean up display access after session ends
+    xhost -local:root &>/dev/null || true
+    echo "Disconnected from container."
+fi

docker/setup_host/config_system.sh

@@ -17,7 +17,7 @@ set -euo pipefail
 # --- Global Variables ---
 # Determine the absolute path to Apollo root directory.
 # Assumes this script is located at <APOLLO_ROOT_DIR>/docker/setup_host/config_system.sh
-APOLLO_ROOT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
+APOLLO_ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
 # use relative path for multiple instances
 CORE_DUMP_DIR="data/core"
 CORE_DUMP_CONF_FILE="/etc/sysctl.d/99-core-dump.conf"
@@ -26,6 +26,13 @@ UVCVIDEO_CONF_FILE="/etc/modprobe.d/uvcvideo.conf"
 UDEV_RULES_SRC_DIR="${APOLLO_ROOT_DIR}/docker/setup_host/etc/udev/rules.d"
 UDEV_RULES_DEST_DIR="/etc/udev/rules.d"
 
+# Source path of the service file within the project
+AUTOSERVICE_SRC_FILE="${APOLLO_ROOT_DIR}/docker/setup_host/etc/systemd/system/autostart.service"
+# Destination path for systemd services
+AUTOSERVICE_DEST_FILE="/etc/systemd/system/autostart.service"
+# User who will run the autonomous driving stack. SUDO_USER is the user who invoked sudo.
+WHL_HOST_USER="${SUDO_USER:-$(whoami)}"
+
 # --- Color Definitions for Output ---
 BOLD='\033[1m'
 RED='\033[0;31m'
@@ -57,8 +64,8 @@ check_host_setup_pre_conditions() {
 
   # 1. Check for root privileges
   if [ "$(id -u)" -ne 0 ]; then
-      error "This script must be run with root privileges (sudo)."
-      return 1
+    error "This script must be run with root privileges (sudo)."
+    return 1
   fi
 
   # 2. Check if APOLLO_ROOT_DIR exists
@@ -87,6 +94,14 @@ check_host_setup_pre_conditions() {
   fi
   info "Udev rules source directory detected."
 
+  # 5. Check for existence of autostart service file
+  if [ ! -f "${AUTOSERVICE_SRC_FILE}" ]; then
+    error "Autostart service file not found at '${AUTOSERVICE_SRC_FILE}'."
+    error "Please ensure the service definition file is present."
+    return 1
+  fi
+  info "Autostart service source file detected."
+
   success "All host setup pre-conditions met."
   return 0
 }
@@ -96,8 +111,8 @@ setup_core_dump() {
   info "Setting up core dump format..."
 
   # Check if core dump configuration is already applied
-  if [ -f "${CORE_DUMP_CONF_FILE}" ] && grep -q "kernel.core_pattern = ${CORE_DUMP_DIR}/core_%e.%p" "${CORE_DUMP_CONF_FILE}" && \
-     [[ "$(sudo sysctl -n kernel.core_pattern)" == "${CORE_DUMP_DIR}/core_%e.%p" ]]; then
+  if [ -f "${CORE_DUMP_CONF_FILE}" ] && grep -q "kernel.core_pattern = ${CORE_DUMP_DIR}/core_%e.%p" "${CORE_DUMP_CONF_FILE}" &&
+    [[ "$(sudo sysctl -n kernel.core_pattern)" == "${CORE_DUMP_DIR}/core_%e.%p" ]]; then
     info "Core dump configuration already detected and active. Skipping."
     return 0
   fi
@@ -113,10 +128,13 @@ setup_core_dump() {
   fi
 
   # Ensure the directory has appropriate permissions for core dumps
-  sudo chmod 0777 "${CORE_DUMP_DIR}" || { error "Failed to set permissions for core dump directory: ${CORE_DUMP_DIR}."; return 1; }
+  sudo chmod 0777 "${CORE_DUMP_DIR}" || {
+    error "Failed to set permissions for core dump directory: ${CORE_DUMP_DIR}."
+    return 1
+  }
 
   info "Writing core dump configuration to ${CORE_DUMP_CONF_FILE}..."
-  sudo tee "${CORE_DUMP_CONF_FILE}" > /dev/null <<EOF
+  sudo tee "${CORE_DUMP_CONF_FILE}" > /dev/null << EOF
 kernel.core_pattern = ${CORE_DUMP_DIR}/core_%e.%p
 EOF
   if [ $? -ne 0 ]; then
@@ -152,7 +170,10 @@ setup_bazel_cache_dir() {
   fi
 
   # Ensure permissions are appropriate for a shared cache
-  sudo chmod a+rwx "${BAZEL_CACHE_DIR}" || { error "Failed to set permissions for Bazel cache directory."; return 1; }
+  sudo chmod a+rwx "${BAZEL_CACHE_DIR}" || {
+    error "Failed to set permissions for Bazel cache directory."
+    return 1
+  }
 
   success "Bazel cache directory configured."
   return 0
@@ -263,7 +284,7 @@ configure_uvcvideo_module() {
   if [ -f "${UVCVIDEO_CONF_FILE}" ] && grep -q "options uvcvideo clock=realtime" "${UVCVIDEO_CONF_FILE}"; then
     info "uvcvideo clock configuration already detected. Skipping write."
   else
-    sudo tee "${UVCVIDEO_CONF_FILE}" > /dev/null <<EOF
+    sudo tee "${UVCVIDEO_CONF_FILE}" > /dev/null << EOF
 options uvcvideo clock=realtime
 EOF
     if [ $? -ne 0 ]; then
@@ -323,6 +344,82 @@ add_user_to_docker_group() {
   success "User '${user}' added to the Docker group. Please log out and back in for changes to take effect."
 }
 
+# Installs and enables the autostart systemd service.
+install_autostart_service() {
+  info "Installing and configuring the autostart systemd service..."
+
+  # 1: Hard Fail on Root Installation (Security Best Practice) ---
+  # Running the main AD stack as root is a major security risk.
+  # We now block this by default and require an explicit, intentional override.
+  if [[ "${WHL_HOST_USER}" == "root" ]]; then
+     error "Running the autonomous driving stack as 'root' is not allowed for security reasons."
+     error "To override this critical check, set the environment variable ALLOW_ROOT_INSTALL=yes and re-run."
+     if [[ "${ALLOW_ROOT_INSTALL:-no}" != "yes" ]]; then
+         return 1 # Hard fail, aborting the installation.
+     else
+         info "ALLOW_ROOT_INSTALL=yes detected. Proceeding with installation as root. THIS IS NOT RECOMMENDED."
+     fi
+  fi
+
+  # 2: Input Validation for Username (Prevent Command Injection) ---
+  # Ensure the username consists only of safe, alphanumeric characters.
+  if ! [[ "${WHL_HOST_USER}" =~ ^[a-zA-Z0-9_][a-zA-Z0-9_-]*$ ]]; then
+    error "Invalid username detected: '${WHL_HOST_USER}'. Usernames must be alphanumeric (with _ or -)."
+    error "Aborting installation to prevent potential command injection."
+    return 1
+  fi
+  info "Target user '${WHL_HOST_USER}' validated."
+
+  # 3: Input Validation for Path (Prevent Command Injection) ---
+  # Ensure the path is a valid absolute path and does not contain characters
+  # that could break the sed command or be interpreted by the shell.
+  if ! [[ "${APOLLO_ROOT_DIR}" =~ ^/[a-zA-Z0-9_/.-]+$ ]]; then
+    error "Invalid APOLLO_ROOT_DIR detected: '${APOLLO_ROOT_DIR}'."
+    error "Path must be absolute and contain only safe characters (alphanumeric, /, _, ., -)."
+    error "Aborting installation to prevent potential command injection."
+    return 1
+  fi
+  info "Apollo root directory '${APOLLO_ROOT_DIR}' validated."
+
+  info "Copying '${AUTOSERVICE_SRC_FILE}' to '${AUTOSERVICE_DEST_FILE}'..."
+  if ! cp "${AUTOSERVICE_SRC_FILE}" "${AUTOSERVICE_DEST_FILE}"; then
+    error "Failed to copy service file. Check permissions."
+    return 1
+  fi
+
+  # 4: Safer Replacement Method ---
+  # By using a different delimiter for sed (like '#'), we make the replacement
+  # robust even if the path contains the default '/' delimiter.
+  # The validation above already mitigates this, but this is a defense-in-depth measure.
+  info "Customizing service file with user='${WHL_HOST_USER}' and path='${APOLLO_ROOT_DIR}'..."
+  if ! sed -i "s#__USER__#${WHL_HOST_USER}#g" "${AUTOSERVICE_DEST_FILE}"; then
+    error "Failed to replace user placeholder in service file."
+    return 1
+  fi
+  if ! sed -i "s#__APOLLO_ROOT_DIR__#${APOLLO_ROOT_DIR}#g" "${AUTOSERVICE_DEST_FILE}"; then
+    error "Failed to replace path placeholder in service file."
+    return 1
+  fi
+
+  # Reload the systemd daemon
+  info "Reloading systemd daemon..."
+  if ! systemctl daemon-reload; then
+    error "Failed to reload systemd daemon. Run 'journalctl -xe' for details."
+    return 1
+  fi
+
+  # Enable the service
+  info "Enabling 'autostart.service' to run on boot..."
+  if ! systemctl enable autostart.service; then
+    error "Failed to enable autostart.service."
+    return 1
+  fi
+
+  success "Autostart service installed and enabled successfully."
+  info "The autonomous driving system will now start automatically on the next boot."
+  return 0
+}
+
 # --- Main Host Setup Orchestration Function ---
 # This is the primary entry point for setting up the host machine.
 setup_host_machine() {
@@ -370,6 +467,12 @@ setup_host_machine() {
     return 1
   fi
 
+  # 8. Install and enable the autostart service
+  if ! install_autostart_service; then
+    error "Failed to install the autostart service. Host setup is incomplete."
+    return 1
+  fi
+
   success "Host machine setup completed successfully!"
   return 0 # Final success
 }
@@ -382,7 +485,7 @@ main() {
   # Any other argument will result in an error message.
   if [ "$#" -eq 0 ] || [ "$1" == "install" ]; then
     if [ "$#" -eq 0 ]; then
-        info "No argument provided. Defaulting to 'install' mode."
+      info "No argument provided. Defaulting to 'install' mode."
     fi
     setup_host_machine
   else