From 043bdcef8d7f3754208e55c5e973ff98091fce96 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 26 Sep 2017 21:23:35 -0500 Subject: [PATCH] add kickstarts for modular containers Signed-off-by: Dennis Gilmore --- fedora-modular-container-base-minimal.ks | 70 ++++++++++++++++++++++++ fedora-modular-container-base.ks | 38 +++++++++++++ fedora-modular-container-common.ks | 68 +++++++++++++++++++++++ 3 files changed, 176 insertions(+) create mode 100644 fedora-modular-container-base-minimal.ks create mode 100644 fedora-modular-container-base.ks create mode 100644 fedora-modular-container-common.ks diff --git a/fedora-modular-container-base-minimal.ks b/fedora-modular-container-base-minimal.ks new file mode 100644 index 0000000..3a44c86 --- /dev/null +++ b/fedora-modular-container-base-minimal.ks @@ -0,0 +1,70 @@ +# See docker-base-common.ks for details on how to hack on docker image kickstarts +# This base is a stripped back Fedora image without python3/dnf. +# If you need that use the standard base image. + +%include fedora-modular-container-common.ks + +%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps +microdnf + +%end + +%post --erroronfail --log=/root/anaconda-post.log +# remove some random help txt files +rm -fv usr/share/gnupg/help*.txt + +# Pruning random things +rm usr/lib/rpm/rpm.daily +rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported + +# Statically linked crap +rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln} +ln usr/bin/ln usr/sbin/sln + +# Remove some dnf info +rm -rfv /var/lib/dnf + +# don't need icons +rm -rfv /usr/share/icons/* + +#some random not-that-useful binaries +rm -fv /usr/bin/pinky + +# we lose presets by removing /usr/lib/systemd but we do not care +rm -rfv /usr/lib/systemd + +# if you want to change the timezone, bind-mount it from the host or reinstall tzdata +rm -fv /etc/localtime +mv /usr/share/zoneinfo/UTC /etc/localtime +rm -rfv /usr/share/zoneinfo + +# Final pruning +rm -rfv /var/cache/* /var/log/* /tmp/* + +%end + +%post --nochroot --erroronfail --log=/mnt/sysimage/root/anaconda-post-nochroot.log +set -eux + +# https://bugzilla.redhat.com/show_bug.cgi?id=1343138 +# Fix /run/lock breakage since it's not tmpfs in docker +# This unmounts /run (tmpfs) and then recreates the files +# in the /run directory on the root filesystem of the container +# NOTE: run this in nochroot because "umount" does not exist in chroot +umount /mnt/sysimage/run +# The file that specifies the /run/lock tmpfile is +# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd +# rpm that isn't included in this image. We'll create the /run/lock +# file here manually with the settings from legacy.conf +# NOTE: chroot to run "install" because it is not in anaconda env +chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root + + +# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816 +# NOTE: run this in nochroot because "find" does not exist in chroot +KEEPLANG=en_US +for dir in locale i18n; do + find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} + +done + +%end diff --git a/fedora-modular-container-base.ks b/fedora-modular-container-base.ks new file mode 100644 index 0000000..ef8d1c7 --- /dev/null +++ b/fedora-modular-container-base.ks @@ -0,0 +1,38 @@ +# See docker-base-common.ks for details on how to hack on docker image kickstarts +# This base is a standard Fedora image with python3 and dnf + +%include fedora-modular-container-common.ks + +%packages --excludedocs --instLangs=en --nocore +rootfiles +tar # https://bugzilla.redhat.com/show_bug.cgi?id=1409920 +vim-minimal +dnf +dnf-yum # https://pagure.io/fesco/ticket/1312#comment:29 +sssd-client + +%end + +%post --erroronfail --log=/root/anaconda-post.log +# remove some extraneous files +rm -rf /var/cache/dnf/* +rm -rf /tmp/* + +#Mask mount units and getty service so that we don't get login prompt +systemctl mask systemd-remount-fs.service dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service getty.target console-getty.service + +# https://bugzilla.redhat.com/show_bug.cgi?id=1343138 +# Fix /run/lock breakage since it's not tmpfs in docker +# This unmounts /run (tmpfs) and then recreates the files +# in the /run directory on the root filesystem of the container +# +# We ignore the return code of the systemd-tmpfiles command because +# at this point we have already removed the /etc/machine-id and all +# tmpfiles lines with %m in them will fail and cause a bad return +# code. Example failure: +# [/usr/lib/tmpfiles.d/systemd.conf:26] Failed to replace specifiers: /run/log/journal/%m +# +umount /run +systemd-tmpfiles --prefix=/run/ --prefix=/var/run/ --create --boot || true + +%end diff --git a/fedora-modular-container-common.ks b/fedora-modular-container-common.ks new file mode 100644 index 0000000..69a5a40 --- /dev/null +++ b/fedora-modular-container-common.ks @@ -0,0 +1,68 @@ +# This is the common bits between Fedora Docker base image. +# +# To keep this image minimal it only installs English language. You need to change +# dnf configuration in order to enable other languages. +# +# ## Hacking on this image ### +# This kickstart is processed using Anaconda-in-ImageFactory (via Koji typically), +# but you can run imagefactory locally too. +# +# To do so, testing local changes, first you'll need a TDL file. I store one here: +# https://git.fedorahosted.org/cgit/fedora-atomic.git/tree/fedora-atomic-rawhide.tdl +# +# Then, once you have imagefactory and imagefactory-plugins installed, run: +# +# ksflatten -c fedora-docker-base[-minimal].ks -o fedora-docker-base-test.ks +# imagefactory --debug target_image --template /path/to/fedora-atomic-rawhide.tdl --parameter offline_icicle true --file-parameter install_script $(pwd)/fedora-docker-base-test.ks docker +# + +text # don't use cmdline -- https://github.com/rhinstaller/anaconda/issues/931 +bootloader --disabled +timezone --isUtc --nontp Etc/UTC +rootpw --lock --iscrypted locked +keyboard us +network --bootproto=dhcp --device=link --activate --onboot=on +reboot + +# boot partitions are irrelevant as the final docker image is a tarball +zerombr +clearpart --all +autopart --noboot --nohome --noswap --nolvm + +%packages --excludedocs --instLangs=en --nocore +fedora-modular-release +bash +-kernel +-dosfstools +-e2fsprogs +-fuse-libs +-gnupg2-smime +-libss # used by e2fsprogs +-libusbx +-pinentry +-shared-mime-info +-trousers +-xkeyboard-config + +%end + +%post --erroronfail --log=/root/anaconda-post.log +set -eux + +# Set install langs macro so that new rpms that get installed will +# only install langs that we limit it to. +LANG="en_US" +echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf + +# https://bugzilla.redhat.com/show_bug.cgi?id=1400682 +echo "Import RPM GPG key" +releasever=$(rpm -q --qf '%{version}\n' fedora-release) +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-primary + +echo "# fstab intentionally empty for containers" > /etc/fstab + +# Remove machine-id on pre generated images +rm -f /etc/machine-id +touch /etc/machine-id + +%end