feat: change to user to non-root

Author: mqjinwon

docker/Dockerfile.isaacsim-humble

@@ -21,7 +21,7 @@ RUN curl -sSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc | a
 RUN apt-get update && apt-get install -y \
     ros-$ROS_DISTRO-desktop \
     python3-colcon-common-extensions \
-    ros-$ROS_DISTRO-cyclonedds* \
+    ros-$ROS_DISTRO-rmw-cyclonedds-cpp \
     && rm -rf /var/lib/apt/lists/*
 
 # Source ROS 2 setup file

docker/Dockerfile.stridesim

@@ -1,55 +1,34 @@
 FROM isaac-sim-ros2:humble-4.0.0
 
-# Set working directory to root
-WORKDIR /
+# 빌드 인자 선언
+ARG USERNAME
+ARG USERPASSWORD
 
-# Update apt-get and install necessary packages
+# Update apt-get, install necessary packages, and set up build tools
 RUN apt-get update && \
-    apt-get install -y git curl git-lfs cmake && \
-    git lfs install
-
-# install build tools
-RUN apt-get install -y build-essential gcc g++ sudo wget unzip software-properties-common
-
-# Clone the required repositories
-RUN git clone https://github.com/AuTURBO/StrideSim.git && \
-    git clone https://github.com/isaac-sim/IsaacLab.git -b v1.0.0
+    apt-get install -y \
+    git curl git-lfs cmake \
+    build-essential gcc g++ sudo wget unzip software-properties-common python3-pip && \
+    git lfs install && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
-# pull lfs files in StrideSim
-WORKDIR /StrideSim
-
-RUN git lfs fetch && \
-    git lfs pull
+RUN git clone https://github.com/isaac-sim/IsaacLab.git -b v1.0.0
 
 # Set up IsaacLab
 WORKDIR /IsaacLab
+RUN TERM=xterm-256color ln -s /isaac-sim _isaac_sim && \
+    TERM=xterm-256color /bin/bash -c "./isaaclab.sh --install"
 
-# Create symbolic link
-RUN ln -s /isaac-sim _isaac_sim
-
-# Install IsaacLab
-ENV TERM=xterm-256color
-RUN /bin/bash -c "./isaaclab.sh --install"
+RUN useradd -m $USERNAME
 
-# Set up StrideSim
-WORKDIR /StrideSim/rl
+# 인자로 받은 USERPASSWORD 로 비밀번호 설정
+RUN echo "$USERNAME:$USERPASSWORD" | chpasswd
 
-RUN apt-get install -y python3-pip
+RUN usermod -aG sudo $USERNAME
 
-# Create symbolic link for python3 to python
-RUN ln -s /usr/bin/python3 /usr/bin/python
-
-RUN /bin/bash -c "python -m pip install -e ."
-
-WORKDIR /isaac-sim
-
-# Create a non-root admin user
-RUN useradd -m -s /bin/bash -G sudo user && \
-    echo "user ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
-    chown -R user:user /isaac-sim /StrideSim /IsaacLab
-
-# Switch to user
-USER user
+USER $USERNAME
+WORKDIR /
 
 # Set default shell to bash
-SHELL ["/bin/bash", "-c"]
+SHELL ["/bin/bash", "-c"]

docker/README.md

@@ -89,20 +89,33 @@ docker pull nvcr.io/nvidia/isaac-sim:4.0.0
 
 ## Run StrideSim Docker Container
 
+First, set the environment variables to build Docker Image.
+
+```bash
+export StrideSim_DIR=${PWD}
+export StrideSim_NAME=$(whoami)-docker
+export StrideSim_PASSWORD=a
+```
+
 1. Build Docker Image
 
 First, you need to make base image.
 
 ```bash
 cd ${StrideSim_DIR}
-docker build -t isaac-sim-ros2:humble-4.0.0 -f docker/Dockerfile.isaacsim-humble .
+docker build -t isaac-sim-ros2:humble-4.0.0 \
+    --build-arg ROS_DISTRO=humble \
+    -f docker/Dockerfile.isaacsim-humble .
 ```
 
 Then, build StrideSim Docker Image.
 
 ```bash
 cd ${StrideSim_DIR}
-docker build -t stride-sim:v0.0.2 -f docker/Dockerfile.stridesim .
+docker build -t stride-sim:v0.0.3 \
+    --build-arg USERNAME=${StrideSim_NAME} \
+    --build-arg USERPASSWORD=${StrideSim_PASSWORD} \
+    -f docker/Dockerfile.stridesim .
 ```
 
 > The reason why we need to build base image is to reduce the build time.
@@ -112,7 +125,7 @@ docker build -t stride-sim:v0.0.2 -f docker/Dockerfile.stridesim .
 Then, you can run StrideSim Docker Container.
 
 ```bash
-docker run --name stride-sim-0.0.2 --entrypoint bash -it --runtime=nvidia --gpus all -e "ACCEPT_EULA=Y" --network=host --privileged \
+docker run --name stride-sim-0.0.3 --entrypoint bash -it --runtime=nvidia --gpus all -e "ACCEPT_EULA=Y" --network=host --privileged \
     -e DISPLAY=$DISPLAY \
     -e OMNI_KIT_ALLOW_ROOT=1 \
     -e RMW_IMPLEMENTATION=rmw_cyclonedds_cpp \
@@ -128,8 +141,14 @@ docker run --name stride-sim-0.0.2 --entrypoint bash -it --runtime=nvidia --gpus
     -v ~/docker/isaac-sim/logs:/root/.nvidia-omniverse/logs:rw \
     -v ~/docker/isaac-sim/data:/root/.local/share/ov/data:rw \
     -v ~/docker/isaac-sim/documents:/root/Documents:rw \
+    -v ${StrideSim_DIR}:/StrideSim:rw \
     -v /dev/shm:/dev/shm \
-    stride-sim:v0.0.2
+    stride-sim:v0.0.3
+```
+
+```bash
+# It takes a long time to run the first time about 3 minutes.
+sudo chmod 777 -R /isaac-sim
 ```
 
 Now you can run StrideSim Docker Container.
@@ -140,25 +159,7 @@ You can run the following command to run isaac-sim.
 
 ```bash
 cd /isaac-sim
-./isaac-sim.sh --allow-root
-```
-
-1. Get ROS2 Topic from StrideSim
-
-The StrideSim container runs with administrative privileges. To receive ROS2 messages published by processes within this container, administrative permissions are required. You can choose one of the following methods, command below in host environment:
-
-* Use an administrator prompt.
-
-```
-$ sudo su
-# source /opt/ros/humble/setup.bash
-# ros2 topic list
-```
-
-* Set permissions for /dev/shm.
-
-```
-$ sudo chmod -R 777 /dev/shm
+./isaac-sim.sh
 ```
 
 ENJOY!
@@ -206,7 +207,28 @@ rm -rf ~/docker/isaac-sim/cache/*
 
 2. Run with reduced graphics settings:
 ```bash
-./isaac-sim.sh --allow-root --headless
+./isaac-sim.sh --headless
 ```
 
 *Back to [README](../README.md)*
+
+
+## Deprecated
+
+1. Get ROS2 Topic from StrideSim
+
+The StrideSim container runs with administrative privileges. To receive ROS2 messages published by processes within this container, administrative permissions are required. You can choose one of the following methods, command below in host environment:
+
+* Use an administrator prompt.
+
+```
+$ sudo su
+# source /opt/ros/humble/setup.bash
+# ros2 topic list
+```
+
+* Set permissions for /dev/shm.
+
+```
+$ sudo chmod -R 777 /dev/shm
+```