文件列表:

Makefile (5572, 2023-08-31)
centos-base (0, 2023-08-31)
centos-base\Dockerfile.in (62, 2023-08-31)
centos-systemd (0, 2023-08-31)
centos-systemd\Dockerfile.in (1978, 2023-08-31)

= The Ribose CentOS base and systemd containers == Purpose Despite the popular "`one-process-per-container`" philosophy there are still numerous use cases that are not adequately satisfied using a single process. This repository provides two separate CentOS containers: * `centos-base`, a base (empty) CentOS 7 container * `centos-systemd`, the base container with `systemd` installed and enabled Why two separate containers? Let's just say everyone could use a different base. The `centos-systemd` container provides full `systemd` functionality based on CentOS 7 without any hacking necessary, and you are free to build directly off it, as long as you don't override the `ENTRYPOINT` (and no `CMD`, of course). == Pulling the container This container is published at the https://hub.docker.com/r/ribose/centos-systemd/[Docker Registry] as `docker.io/ribose/centos-systemd` or `ribose/centos-systemd`, and can be pulled with the following command: [source,sh] ---- docker pull ribose/centos-systemd ---- == Usage The `Makefile` in this repository is rather complicated, but all necessary for enabling quick iteration of the resulting containers. === Running of the `systemd` container via docker So running `systemd` from a CentOS container is rather cumbersome (didn't think that would stop you!). To make `systemd` work, the container needs to be started with `--security-opt` and `--cap-add` arguments, which basically give it `root` access to the host. If that didn't stop you, here are the instructions: [source,sh] ---- # Using cap-add and security-opt instead of --privileged flag docker run --rm \ --security-opt seccomp=unconfined \ --cap-add SYS_ADMIN \ --cap-add NET_ADMIN \ ribose/centos-systemd ---- To get inside the container, you must `docker exec` into it. Remember `systemd` is already running as PID 1 (not `bash`!). === Running the containers (and bash) via the Makefile And the `Makefile` makes life much simpler. To start the `centos-systemd` container and enter it with `bash`, all you need is: [source,sh] ---- make run-centos-systemd ---- Or if you want to run and enter the `centos-base` container: [source,sh] ---- make run-centos-base ---- To kill the container: [source,sh] ---- make kill-centos-systemd ---- The `Makefile` supports the following commands related to running: [source,sh] ---- make {run,kill,rm,rmf}-{container-flavor} ---- == Building the containers yourself For those concerned about security you might not want to use our container but build your own. This `Makefile` allows for such a case (as you can imagine). All you have to set is a couple environment variables. For example, if you use AWS' ECR, you can set this: [source,sh] ---- export NS_REMOTE="${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ACCOUNT_NAME}" export DOCKER_LOGIN_CMD="aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com" ---- If you want to build other containers you can add these: [source,sh] ---- export ITEMS="1 2 3" export IMAGE_TYPES="centos-base centos-systemd centos-special" export VERSIONS="7.9 7.9 7.9" export ROOT_IMAGES="centos:7 \$(NS_REMOTE)/centos-base:7.9.\$(CONTAINER_BRANCH) \$(NS_REMOTE)/centos-special:7.9.\$(CONTAINER_BRANCH)" ---- The environment variables are used for: `NS_REMOTE`:: the namespace for your remote repository (to separate from builds intended for local consumption) `DOCKER_LOGIN_CMD`:: how you authenticate against your repository `ITEMS`:: a sequential number list for iterating `IMAGE_TYPES`, its numbers are indexes to the content in `IMAGE_TYPES` `IMAGE_TYPES`:: the different containers you support. Remember to create a directory for each of these names with a `Dockerfile.in` within. See existing examples. `VERSIONS`:: how you want to tag the resulting image `ROOT_IMAGES`:: the container your new image should be based on === Makefile build targets The `Makefile` supports the following commands for building: [source,sh] ---- make {build,push,tag,squash,clean-remote,clean-local}-{container-flavor} ---- NOTE: The `squash-{container-flavor}` command relies on (and automatically pulls) the https://github.com/riboseinc/docker-squash-container[`docker-squash` container] == Chain commands If you feel tired typing out this: [source,sh] ---- make build-centos-systemd squash-centos-systemd push-centos-systemd ---- We have a list of shortcut targets to save you from repeating fingers. For example: [source,sh] ---- # equivalent to make {build,squash,push}-centos-systemd make bsp-centos-systemd ---- The shortcut targets are: `bsp-{target}`:: build + squash + push `btp-{target}`:: build + tag + push `bs-{target}`:: build + squash `bt-{target}`:: build + tag `sp-{target}`:: squash + push `tp-{target}`:: tag + push

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：