-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathrhel10-ubi-init-smallest.Containerfile
More file actions
87 lines (68 loc) · 2.63 KB
/
rhel10-ubi-init-smallest.Containerfile
File metadata and controls
87 lines (68 loc) · 2.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
ARG REGISTRY=registry.access.redhat.com
ARG TAG=latest
FROM ${REGISTRY}/ubi10/ubi-init:${TAG}
LABEL org.opencontainers.image.authors="Pablo Mendez Hernandez <pablomh@redhat.com>"
ARG INSTALL_PKGS="\
containers-common \
dbus-daemon \
flatpak \
fuse-overlayfs \
hostname \
iputils \
less \
openssh-server \
podman \
skopeo \
"
RUN dnf install -y ${INSTALL_PKGS} && \
rpm -V --nosize --nofiledigest --nomtime --nomode ${INSTALL_PKGS} && \
dnf clean all
RUN echo 'root:1:65535' >/etc/subuid && \
echo 'root:1:65535' >/etc/subgid
ARG CONTAINER_RUNTIME=crun
COPY src/containers.conf.${CONTAINER_RUNTIME} /etc/containers/containers.conf
RUN chmod 644 /etc/containers/containers.conf
# Copy & modify the defaults to provide reference if runtime changes needed.
# Changes here are required for running with fuse-overlay storage inside container.
RUN sed \
-e 's|^#mount_program|mount_program|g' \
-e '/additionalimage.*/a "/var/lib/shared",' \
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
/usr/share/containers/storage.conf \
>/etc/containers/storage.conf
# Note VOLUME options must always happen after the chown call above
# RUN commands can not modify existing volumes
VOLUME /var/lib/containers
RUN mkdir -p /var/lib/shared/overlay-images \
/var/lib/shared/overlay-layers \
/var/lib/shared/vfs-images \
/var/lib/shared/vfs-layers && \
touch /var/lib/shared/overlay-images/images.lock \
/var/lib/shared/overlay-layers/layers.lock \
/var/lib/shared/vfs-images/images.lock \
/var/lib/shared/vfs-layers/layers.lock
ARG ROOT_PASSWORD
ARG ROOT_PUBLIC_KEY
RUN echo 'PermitRootLogin yes' >/etc/ssh/sshd_config.d/01-local.conf && \
if [[ -n "${ROOT_PUBLIC_KEY}" ]]; then \
mkdir -m 700 /root/.ssh && \
install -m 600 /dev/null /root/.ssh/authorized_keys && \
echo "${ROOT_PUBLIC_KEY}" >/root/.ssh/authorized_keys; \
fi && \
if [[ -n "${ROOT_PASSWORD}" ]]; then \
echo "root:${ROOT_PASSWORD}" | chpasswd; \
fi && \
systemctl enable sshd.service
RUN dnf list installed | wc -l
# rhsmcertd does not run in containers so /var/lock/subsys is never created.
# Without it, the subscription-manager dnf plugin tracebacks on Python 3.12
# with AttributeError: 'SubscriptionManager' has no attribute 'cp' during
# post-transaction profile upload. Registration succeeds but the traceback
# pollutes output and confuses tooling that parses it.
RUN mkdir -p /var/lock/subsys
RUN sed -i.orig \
's#\(def in_container()\)\(.*:\)#\1\2\n return False#g' \
/usr/lib64/python*/*-packages/rhsm/config.py
WORKDIR /root
EXPOSE 22
CMD ["/sbin/init"]