Despite the popular “one-process-per-container” philosophy there are still numerous use cases that are not adequately satisfied using a single process.
This repository provides two separate CentOS containers:
-
centos-base, a base (empty) CentOS 7 container -
centos-systemd, the base container withsystemdinstalled and enabled
Why two separate containers? Let’s just say everyone could use a different base.
The centos-systemd container provides full systemd functionality
based on CentOS 7 without any hacking necessary, and you are
free to build directly off it, as long as you don’t override the
ENTRYPOINT (and no CMD, of course).
This container is published at the Docker Registry as docker.io/ribose/centos-systemd or ribose/centos-systemd,
and can be pulled with the following command:
docker pull ribose/centos-systemdThe Makefile in this repository is rather complicated, but
all necessary for enabling quick iteration of the resulting
containers.
So running systemd from a CentOS container is rather cumbersome
(didn’t think that would stop you!).
To make systemd work, the container needs to be started with
--security-opt and --cap-add arguments, which basically give it
root access to the host.
If that didn’t stop you, here are the instructions:
# Using cap-add and security-opt instead of --privileged flag
docker run --rm \
--security-opt seccomp=unconfined \
--cap-add SYS_ADMIN \
--cap-add NET_ADMIN \
ribose/centos-systemdTo get inside the container, you must docker exec into it.
Remember systemd is already running as PID 1 (not bash!).
And the Makefile makes life much simpler.
To start the centos-systemd container and enter it with bash,
all you need is:
make run-centos-systemdOr if you want to run and enter the centos-base container:
make run-centos-baseTo kill the container:
make kill-centos-systemdThe Makefile supports the following commands related to running:
make {run,kill,rm,rmf}-{container-flavor}For those concerned about security you might not want to use
our container but build your own.
This Makefile allows for such a case (as you can imagine).
All you have to set is a couple environment variables.
For example, if you use AWS' ECR, you can set this:
export NS_REMOTE="${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ACCOUNT_NAME}"
export DOCKER_LOGIN_CMD="aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com"If you want to build other containers you can add these:
export ITEMS="1 2 3"
export IMAGE_TYPES="centos-base centos-systemd centos-special"
export VERSIONS="7.9 7.9 7.9"
export ROOT_IMAGES="centos:7 \$(NS_REMOTE)/centos-base:7.9.\$(CONTAINER_BRANCH) \$(NS_REMOTE)/centos-special:7.9.\$(CONTAINER_BRANCH)"The environment variables are used for:
NS_REMOTE-
the namespace for your remote repository (to separate from builds intended for local consumption)
DOCKER_LOGIN_CMD-
how you authenticate against your repository
ITEMS-
a sequential number list for iterating
IMAGE_TYPES, its numbers are indexes to the content inIMAGE_TYPES IMAGE_TYPES-
the different containers you support. Remember to create a directory for each of these names with a
Dockerfile.inwithin. See existing examples. VERSIONS-
how you want to tag the resulting image
ROOT_IMAGES-
the container your new image should be based on
The Makefile supports the following commands for building:
make {build,push,tag,squash,clean-remote,clean-local}-{container-flavor}|
Note
|
The squash-{container-flavor} command relies on
(and automatically pulls) the
docker-squash container
|
If you feel tired typing out this:
make build-centos-systemd squash-centos-systemd push-centos-systemdWe have a list of shortcut targets to save you from repeating fingers. For example:
# equivalent to make {build,squash,push}-centos-systemd
make bsp-centos-systemdThe shortcut targets are:
bsp-{target}-
build + squash + push
btp-{target}-
build + tag + push
bs-{target}-
build + squash
bt-{target}-
build + tag
sp-{target}-
squash + push
tp-{target}-
tag + push