docker-centos-systemd
所属分类:Docker
开发工具:Makefile
文件大小:7KB
下载次数:0
上传日期:2019-04-26 23:53:36
上 传 者:
sh-1993
说明: 运行systemd的CentOS容器;来源:hub.docker.com r核糖中心-systemd
(CentOS container that runs systemd; source of hub.docker.com r ribose centos- systemd)
文件列表:
Makefile (5572, 2023-08-31)
centos-base (0, 2023-08-31)
centos-base\Dockerfile.in (62, 2023-08-31)
centos-systemd (0, 2023-08-31)
centos-systemd\Dockerfile.in (1978, 2023-08-31)
= The Ribose CentOS base and systemd containers
== Purpose
Despite the popular "`one-process-per-container`" philosophy there are
still numerous use cases that are not adequately satisfied using
a single process.
This repository provides two separate CentOS containers:
* `centos-base`, a base (empty) CentOS 7 container
* `centos-systemd`, the base container with `systemd` installed and
enabled
Why two separate containers? Let's just say everyone could use a
different base.
The `centos-systemd` container provides full `systemd` functionality
based on CentOS 7 without any hacking necessary, and you are
free to build directly off it, as long as you don't override the
`ENTRYPOINT` (and no `CMD`, of course).
== Pulling the container
This container is published at the https://hub.docker.com/r/ribose/centos-systemd/[Docker Registry] as `docker.io/ribose/centos-systemd` or `ribose/centos-systemd`,
and can be pulled with the following command:
[source,sh]
----
docker pull ribose/centos-systemd
----
== Usage
The `Makefile` in this repository is rather complicated, but
all necessary for enabling quick iteration of the resulting
containers.
=== Running of the `systemd` container via docker
So running `systemd` from a CentOS container is rather cumbersome
(didn't think that would stop you!).
To make `systemd` work, the container needs to be started with
`--security-opt` and `--cap-add` arguments, which basically give it
`root` access to the host.
If that didn't stop you, here are the instructions:
[source,sh]
----
# Using cap-add and security-opt instead of --privileged flag
docker run --rm \
--security-opt seccomp=unconfined \
--cap-add SYS_ADMIN \
--cap-add NET_ADMIN \
ribose/centos-systemd
----
To get inside the container, you must `docker exec` into it.
Remember `systemd` is already running as PID 1 (not `bash`!).
=== Running the containers (and bash) via the Makefile
And the `Makefile` makes life much simpler.
To start the `centos-systemd` container and enter it with `bash`,
all you need is:
[source,sh]
----
make run-centos-systemd
----
Or if you want to run and enter the `centos-base` container:
[source,sh]
----
make run-centos-base
----
To kill the container:
[source,sh]
----
make kill-centos-systemd
----
The `Makefile` supports the following commands related to running:
[source,sh]
----
make {run,kill,rm,rmf}-{container-flavor}
----
== Building the containers yourself
For those concerned about security you might not want to use
our container but build your own.
This `Makefile` allows for such a case (as you can imagine).
All you have to set is a couple environment variables.
For example, if you use AWS' ECR, you can set this:
[source,sh]
----
export NS_REMOTE="${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ACCOUNT_NAME}"
export DOCKER_LOGIN_CMD="aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com"
----
If you want to build other containers you can add these:
[source,sh]
----
export ITEMS="1 2 3"
export IMAGE_TYPES="centos-base centos-systemd centos-special"
export VERSIONS="7.9 7.9 7.9"
export ROOT_IMAGES="centos:7 \$(NS_REMOTE)/centos-base:7.9.\$(CONTAINER_BRANCH) \$(NS_REMOTE)/centos-special:7.9.\$(CONTAINER_BRANCH)"
----
The environment variables are used for:
`NS_REMOTE`:: the namespace for your remote repository
(to separate from builds intended for local consumption)
`DOCKER_LOGIN_CMD`:: how you authenticate against your repository
`ITEMS`:: a sequential number list for iterating `IMAGE_TYPES`,
its numbers are indexes to the content in `IMAGE_TYPES`
`IMAGE_TYPES`:: the different containers you support. Remember
to create a directory for each of these names with a `Dockerfile.in`
within. See existing examples.
`VERSIONS`:: how you want to tag the resulting image
`ROOT_IMAGES`:: the container your new image should be based on
=== Makefile build targets
The `Makefile` supports the following commands for building:
[source,sh]
----
make {build,push,tag,squash,clean-remote,clean-local}-{container-flavor}
----
NOTE: The `squash-{container-flavor}` command relies on
(and automatically pulls) the
https://github.com/riboseinc/docker-squash-container[`docker-squash` container]
== Chain commands
If you feel tired typing out this:
[source,sh]
----
make build-centos-systemd squash-centos-systemd push-centos-systemd
----
We have a list of shortcut targets to save you from repeating fingers.
For example:
[source,sh]
----
# equivalent to make {build,squash,push}-centos-systemd
make bsp-centos-systemd
----
The shortcut targets are:
`bsp-{target}`:: build + squash + push
`btp-{target}`:: build + tag + push
`bs-{target}`:: build + squash
`bt-{target}`:: build + tag
`sp-{target}`:: squash + push
`tp-{target}`:: tag + push
近期下载者:
相关文件:
收藏者: