From d7ab737cc6f55681de3efc44644c8daad07f0ebf Mon Sep 17 00:00:00 2001 From: Bala Raman Date: Thu, 24 Jun 2021 12:06:32 -0400 Subject: [PATCH] Adding dockerfile generation, some cleanup Signed-off-by: Bala Raman --- README.md | 8 +- scripts/ks2rootfs | 15 +- .../almalinux-8-minimal-alt.x86_64.ks | 143 ++++++++++++++ .../kickstarts/almalinux-8-minimal.x86_64.ks | 174 +++++++----------- 4 files changed, 226 insertions(+), 114 deletions(-) create mode 100644 tests/kickstarts/almalinux-8-minimal-alt.x86_64.ks diff --git a/README.md b/README.md index de9d876..2dab4cd 100644 --- a/README.md +++ b/README.md @@ -16,18 +16,22 @@ docker build -t srbala/ks2rootfs:alma . Following command under `tests` folder. Run command uses the `kickstarts/almalinux-8-default.x86_64.ks` file to build. +Use command below to create `default` docker files + ```sh docker run --rm --privileged -v "$PWD:/build:z" \ -e BUILD_KICKSTART=kickstarts/almalinux-8-default.x86_64.ks \ - -e BUILD_ROOTFS=almalinux-8-default-docker.x86_64.tar.gz \ + -e BUILD_ROOTFS=almalinux-8-docker-default.x86_64.tar.gz \ -e BUILD_OUTDIR=default \ srbala/ks2rootfs:alma ``` +Use command below to create `minimal` docker files + ```sh docker run --rm --privileged -v "$PWD:/build:z" \ -e BUILD_KICKSTART=kickstarts/almalinux-8-minimal.x86_64.ks \ - -e BUILD_ROOTFS=almalinux-8-minimal-docker.x86_64.tar.gz \ + -e BUILD_ROOTFS=almalinux-8-docker-minimal.x86_64.tar.gz \ -e BUILD_OUTDIR=minimal \ srbala/ks2rootfs:alma ``` diff --git a/scripts/ks2rootfs b/scripts/ks2rootfs index bfb9796..58c5b27 100755 --- a/scripts/ks2rootfs +++ b/scripts/ks2rootfs @@ -1,7 +1,7 @@ #!/bin/bash -e -# description: build rootfs -# param: 1. kickstart file and 2. rootfs file name to be generated - +# description: CI/CD Utility helper. Builds linux rootfs file from kickstart input file in docker/podman enviroment +# param: 1. kickstart file and 2. rootfs file name to be generated +# license: MIT. usage() { cat 1>&2 < "${BUILD_OUTDIR}/Dockerfile" +# This file auto generated from 'ks2rootfs' script, any changes will be over-written +FROM scratch +ADD ${BUILD_ROOTFS} / + +CMD ["/bin/bash"] +_EOF +echo "Generating '${BUILD_OUTDIR}/Dockerfile' completed." diff --git a/tests/kickstarts/almalinux-8-minimal-alt.x86_64.ks b/tests/kickstarts/almalinux-8-minimal-alt.x86_64.ks new file mode 100644 index 0000000..4f4c13e --- /dev/null +++ b/tests/kickstarts/almalinux-8-minimal-alt.x86_64.ks @@ -0,0 +1,143 @@ +# This is a minimal CentOS kickstart for containers. +# It will not produce a bootable system +# To use this kickstart, run the following command +# livemedia-creator --make-tar --ks="centos8-minimal.ks" --image-name="centos8-minimal.tar.xz" --no-virt +# +# Based on: +# https://github.com/CentOS/sig-cloud-instance-build/blob/master/docker/centos-8.ks +# https://pagure.io/fedora-kickstarts/raw/master/f/fedora-container-base-minimal.ks +# https://catalog.redhat.com/software/containers/detail/5c359a62bed8bd75a2c3fba8 + +# Basic setup information +# install +url --url https://repo.almalinux.org/almalinux/8/BaseOS/x86_64/os/ +bootloader --disabled +timezone --isUtc --nontp Etc/UTC +rootpw --lock --iscrypted locked +keyboard us +network --bootproto=dhcp --device=link --activate +reboot + +# Disk setup +zerombr +clearpart --all --initlabel +autopart --noboot --nohome --noswap --nolvm --fstype=ext4 + +# Package setup +%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps +almalinux-release +bash +coreutils-single +glibc-minimal-langpack +libusbx +microdnf +rootfiles +-dosfstools +-e2fsprogs +-fuse-libs +-gnupg2-smime +-kernel +-libss +-pinentry +-qemu-guest-agent +-shared-mime-info +-trousers +-xfsprogs +-xkeyboard-config +%end + +%addon com_redhat_kdump --disable +%end + +%post --erroronfail --log=/root/anaconda-post.log +# container customizations inside the chroot +set -eux + +# Limit languages to help reduce size. +LANG="en_US" +echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf +echo "LANG=C.utf8" > /etc/locale.conf + +# generate build time file for compatibility with CentOS +/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME + +# set DNF infra variable to container for compatibility with CentOS +echo 'container' > /etc/dnf/vars/infra + +# import AlmaLinux PGP key +rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux + +# Remove network configuration files leftover from anaconda installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1713089 +rm -f /etc/sysconfig/network-scripts/ifcfg-* + +# Remove machine-id on pre generated images +rm -f /etc/machine-id +touch /etc/machine-id + +%end + +%post --logfile /root/anaconda-post.log --erroronfail +# remove some random help txt files +rm -fv usr/share/gnupg/help*.txt + +# Pruning random things +rm usr/lib/rpm/rpm.daily +rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported + +# Statically linked crap +rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln} +ln usr/bin/ln usr/sbin/sln + +# Remove some dnf info +rm -rfv /var/lib/dnf + +# don't need icons +rm -rfv /usr/share/icons/* + +#some random not-that-useful binaries +rm -fv /usr/bin/pinky + +# we lose presets by removing /usr/lib/systemd but we do not care +rm -rfv /usr/lib/systemd + +# if you want to change the timezone, bind-mount it from the host or reinstall tzdata +rm -fv /etc/localtime +mv /usr/share/zoneinfo/UTC /etc/localtime +rm -rfv /usr/share/zoneinfo + +# Final pruning +rm -rfv /var/cache/* /var/log/* /tmp/* + +# remove the original RHEL8 EULA +# TODO: This affects the integrity of the installed rpm. Find a better way. +rm -f /usr/share/redhat-release/EULA +%end + +%post --nochroot --erroronfail --log=/mnt/sysimage/root/anaconda-post-nochroot.log +set -eux + +# https://bugzilla.redhat.com/show_bug.cgi?id=1343138 +# Fix /run/lock breakage since it's not tmpfs in docker +# This unmounts /run (tmpfs) and then recreates the files +# in the /run directory on the root filesystem of the container +# NOTE: run this in nochroot because "umount" does not exist in chroot +umount /mnt/sysimage/run +# The file that specifies the /run/lock tmpfile is +# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd +# rpm that isn't included in this image. We'll create the /run/lock +# file here manually with the settings from legacy.conf +# NOTE: chroot to run "install" because it is not in anaconda env +chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root + +# workarount error /mnt/sysimage/run cannot be unmounted +mount -t bind -o bind,defaults /run /mnt/sysimage/run + +# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816 +# NOTE: run this in nochroot because "find" does not exist in chroot +KEEPLANG=en_US +for dir in locale i18n; do + find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} + +done + +%end \ No newline at end of file diff --git a/tests/kickstarts/almalinux-8-minimal.x86_64.ks b/tests/kickstarts/almalinux-8-minimal.x86_64.ks index 4f4c13e..059410c 100644 --- a/tests/kickstarts/almalinux-8-minimal.x86_64.ks +++ b/tests/kickstarts/almalinux-8-minimal.x86_64.ks @@ -1,63 +1,67 @@ -# This is a minimal CentOS kickstart for containers. -# It will not produce a bootable system -# To use this kickstart, run the following command -# livemedia-creator --make-tar --ks="centos8-minimal.ks" --image-name="centos8-minimal.tar.xz" --no-virt -# -# Based on: -# https://github.com/CentOS/sig-cloud-instance-build/blob/master/docker/centos-8.ks -# https://pagure.io/fedora-kickstarts/raw/master/f/fedora-container-base-minimal.ks -# https://catalog.redhat.com/software/containers/detail/5c359a62bed8bd75a2c3fba8 +# AlmaLinux 8 kickstart file for x86_64 base Docker image -# Basic setup information # install url --url https://repo.almalinux.org/almalinux/8/BaseOS/x86_64/os/ -bootloader --disabled -timezone --isUtc --nontp Etc/UTC -rootpw --lock --iscrypted locked -keyboard us -network --bootproto=dhcp --device=link --activate -reboot -# Disk setup +lang en_US.UTF-8 +keyboard us +timezone --nontp --utc UTC + +network --activate --bootproto=dhcp --device=link --onboot=on +firewall --disabled +selinux --disabled + +bootloader --disable zerombr clearpart --all --initlabel -autopart --noboot --nohome --noswap --nolvm --fstype=ext4 +autopart --fstype=ext4 --type=plain --nohome --noboot --noswap -# Package setup -%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps +rootpw --iscrypted --lock almalinux + +shutdown + +%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps almalinux-release -bash coreutils-single glibc-minimal-langpack -libusbx microdnf rootfiles --dosfstools --e2fsprogs --fuse-libs + +-binutils +-brotli +-dnf +-findutils +-hostname +-iputils +-less +-tar +-vim-minimal +-yum +-crypto-policies-scripts +-firewalld +-diffutils +-elfutils-debuginfod-client +-gettext* +-glibc-langpack-en -gnupg2-smime +-grub\* +-iptables -kernel --libss +-libevent +-openssl +-os-prober +-open-vm-tools -pinentry --qemu-guest-agent +-platform-python-pip -shared-mime-info -trousers --xfsprogs +-unbound-libs -xkeyboard-config +-xz %end -%addon com_redhat_kdump --disable -%end %post --erroronfail --log=/root/anaconda-post.log -# container customizations inside the chroot -set -eux - -# Limit languages to help reduce size. -LANG="en_US" -echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf -echo "LANG=C.utf8" > /etc/locale.conf - # generate build time file for compatibility with CentOS /bin/date +%Y%m%d_%H%M > /etc/BUILDTIME @@ -67,77 +71,29 @@ echo 'container' > /etc/dnf/vars/infra # import AlmaLinux PGP key rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux -# Remove network configuration files leftover from anaconda installation -# https://bugzilla.redhat.com/show_bug.cgi?id=1713089 -rm -f /etc/sysconfig/network-scripts/ifcfg-* +# install only en_US.UTF-8 locale files, see +# https://fedoraproject.org/wiki/Changes/Glibc_locale_subpackaging for details +echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf -# Remove machine-id on pre generated images -rm -f /etc/machine-id -touch /etc/machine-id +# force each container to have a unique machine-id +> /etc/machine-id +# create tmp directories because there is no tmpfs support in Docker +umount /run +systemd-tmpfiles --create --boot + +# disable login prompt and mounts +systemctl mask console-getty.service \ + dev-hugepages.mount \ + getty.target \ + systemd-logind.service \ + sys-fs-fuse-connections.mount \ + systemd-remount-fs.service + +# remove unnecessary files +rm -f /var/lib/dnf/history.* \ + /run/nologin +rm -fr /var/log/* \ + /tmp/* /tmp/.* \ + /boot || true %end - -%post --logfile /root/anaconda-post.log --erroronfail -# remove some random help txt files -rm -fv usr/share/gnupg/help*.txt - -# Pruning random things -rm usr/lib/rpm/rpm.daily -rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported - -# Statically linked crap -rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln} -ln usr/bin/ln usr/sbin/sln - -# Remove some dnf info -rm -rfv /var/lib/dnf - -# don't need icons -rm -rfv /usr/share/icons/* - -#some random not-that-useful binaries -rm -fv /usr/bin/pinky - -# we lose presets by removing /usr/lib/systemd but we do not care -rm -rfv /usr/lib/systemd - -# if you want to change the timezone, bind-mount it from the host or reinstall tzdata -rm -fv /etc/localtime -mv /usr/share/zoneinfo/UTC /etc/localtime -rm -rfv /usr/share/zoneinfo - -# Final pruning -rm -rfv /var/cache/* /var/log/* /tmp/* - -# remove the original RHEL8 EULA -# TODO: This affects the integrity of the installed rpm. Find a better way. -rm -f /usr/share/redhat-release/EULA -%end - -%post --nochroot --erroronfail --log=/mnt/sysimage/root/anaconda-post-nochroot.log -set -eux - -# https://bugzilla.redhat.com/show_bug.cgi?id=1343138 -# Fix /run/lock breakage since it's not tmpfs in docker -# This unmounts /run (tmpfs) and then recreates the files -# in the /run directory on the root filesystem of the container -# NOTE: run this in nochroot because "umount" does not exist in chroot -umount /mnt/sysimage/run -# The file that specifies the /run/lock tmpfile is -# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd -# rpm that isn't included in this image. We'll create the /run/lock -# file here manually with the settings from legacy.conf -# NOTE: chroot to run "install" because it is not in anaconda env -chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root - -# workarount error /mnt/sysimage/run cannot be unmounted -mount -t bind -o bind,defaults /run /mnt/sysimage/run - -# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816 -# NOTE: run this in nochroot because "find" does not exist in chroot -KEEPLANG=en_US -for dir in locale i18n; do - find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} + -done - -%end \ No newline at end of file