1
0
mirror of https://github.com/AlmaLinux/ks2rootfs.git synced 2024-11-21 09:13:09 +00:00

Adding dockerfile generation, some cleanup

Signed-off-by: Bala Raman <srbala@gmail.com>
This commit is contained in:
Bala Raman 2021-06-24 12:06:32 -04:00
parent 3d66eab421
commit d7ab737cc6
No known key found for this signature in database
GPG Key ID: 23A07BF21B5D6625
4 changed files with 226 additions and 114 deletions

View File

@ -16,18 +16,22 @@ docker build -t srbala/ks2rootfs:alma .
Following command under `tests` folder. Run command uses the `kickstarts/almalinux-8-default.x86_64.ks` file to build.
Use command below to create `default` docker files
```sh
docker run --rm --privileged -v "$PWD:/build:z" \
-e BUILD_KICKSTART=kickstarts/almalinux-8-default.x86_64.ks \
-e BUILD_ROOTFS=almalinux-8-default-docker.x86_64.tar.gz \
-e BUILD_ROOTFS=almalinux-8-docker-default.x86_64.tar.gz \
-e BUILD_OUTDIR=default \
srbala/ks2rootfs:alma
```
Use command below to create `minimal` docker files
```sh
docker run --rm --privileged -v "$PWD:/build:z" \
-e BUILD_KICKSTART=kickstarts/almalinux-8-minimal.x86_64.ks \
-e BUILD_ROOTFS=almalinux-8-minimal-docker.x86_64.tar.gz \
-e BUILD_ROOTFS=almalinux-8-docker-minimal.x86_64.tar.gz \
-e BUILD_OUTDIR=minimal \
srbala/ks2rootfs:alma
```

View File

@ -1,7 +1,7 @@
#!/bin/bash -e
# description: build rootfs
# description: CI/CD Utility helper. Builds linux rootfs file from kickstart input file in docker/podman enviroment
# param: 1. kickstart file and 2. rootfs file name to be generated
# license: MIT.
usage() {
cat 1>&2 <<EOF
@ -149,3 +149,12 @@ if [ ${BUILD_FLAG_RETAIN_LOG} == 'true' ]; then
else
echo 'Skip copying logs data based on configuration (default). '
fi
cat << _EOF > "${BUILD_OUTDIR}/Dockerfile"
# This file auto generated from 'ks2rootfs' script, any changes will be over-written
FROM scratch
ADD ${BUILD_ROOTFS} /
CMD ["/bin/bash"]
_EOF
echo "Generating '${BUILD_OUTDIR}/Dockerfile' completed."

View File

@ -0,0 +1,143 @@
# This is a minimal CentOS kickstart for containers.
# It will not produce a bootable system
# To use this kickstart, run the following command
# livemedia-creator --make-tar --ks="centos8-minimal.ks" --image-name="centos8-minimal.tar.xz" --no-virt
#
# Based on:
# https://github.com/CentOS/sig-cloud-instance-build/blob/master/docker/centos-8.ks
# https://pagure.io/fedora-kickstarts/raw/master/f/fedora-container-base-minimal.ks
# https://catalog.redhat.com/software/containers/detail/5c359a62bed8bd75a2c3fba8
# Basic setup information
# install
url --url https://repo.almalinux.org/almalinux/8/BaseOS/x86_64/os/
bootloader --disabled
timezone --isUtc --nontp Etc/UTC
rootpw --lock --iscrypted locked
keyboard us
network --bootproto=dhcp --device=link --activate
reboot
# Disk setup
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
# Package setup
%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps
almalinux-release
bash
coreutils-single
glibc-minimal-langpack
libusbx
microdnf
rootfiles
-dosfstools
-e2fsprogs
-fuse-libs
-gnupg2-smime
-kernel
-libss
-pinentry
-qemu-guest-agent
-shared-mime-info
-trousers
-xfsprogs
-xkeyboard-config
%end
%addon com_redhat_kdump --disable
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
set -eux
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
echo "LANG=C.utf8" > /etc/locale.conf
# generate build time file for compatibility with CentOS
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
# set DNF infra variable to container for compatibility with CentOS
echo 'container' > /etc/dnf/vars/infra
# import AlmaLinux PGP key
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
# Remove network configuration files leftover from anaconda installation
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089
rm -f /etc/sysconfig/network-scripts/ifcfg-*
# Remove machine-id on pre generated images
rm -f /etc/machine-id
touch /etc/machine-id
%end
%post --logfile /root/anaconda-post.log --erroronfail
# remove some random help txt files
rm -fv usr/share/gnupg/help*.txt
# Pruning random things
rm usr/lib/rpm/rpm.daily
rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported
# Statically linked crap
rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln}
ln usr/bin/ln usr/sbin/sln
# Remove some dnf info
rm -rfv /var/lib/dnf
# don't need icons
rm -rfv /usr/share/icons/*
#some random not-that-useful binaries
rm -fv /usr/bin/pinky
# we lose presets by removing /usr/lib/systemd but we do not care
rm -rfv /usr/lib/systemd
# if you want to change the timezone, bind-mount it from the host or reinstall tzdata
rm -fv /etc/localtime
mv /usr/share/zoneinfo/UTC /etc/localtime
rm -rfv /usr/share/zoneinfo
# Final pruning
rm -rfv /var/cache/* /var/log/* /tmp/*
# remove the original RHEL8 EULA
# TODO: This affects the integrity of the installed rpm. Find a better way.
rm -f /usr/share/redhat-release/EULA
%end
%post --nochroot --erroronfail --log=/mnt/sysimage/root/anaconda-post-nochroot.log
set -eux
# https://bugzilla.redhat.com/show_bug.cgi?id=1343138
# Fix /run/lock breakage since it's not tmpfs in docker
# This unmounts /run (tmpfs) and then recreates the files
# in the /run directory on the root filesystem of the container
# NOTE: run this in nochroot because "umount" does not exist in chroot
umount /mnt/sysimage/run
# The file that specifies the /run/lock tmpfile is
# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd
# rpm that isn't included in this image. We'll create the /run/lock
# file here manually with the settings from legacy.conf
# NOTE: chroot to run "install" because it is not in anaconda env
chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root
# workarount error /mnt/sysimage/run cannot be unmounted
mount -t bind -o bind,defaults /run /mnt/sysimage/run
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816
# NOTE: run this in nochroot because "find" does not exist in chroot
KEEPLANG=en_US
for dir in locale i18n; do
find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} +
done
%end

View File

@ -1,63 +1,67 @@
# This is a minimal CentOS kickstart for containers.
# It will not produce a bootable system
# To use this kickstart, run the following command
# livemedia-creator --make-tar --ks="centos8-minimal.ks" --image-name="centos8-minimal.tar.xz" --no-virt
#
# Based on:
# https://github.com/CentOS/sig-cloud-instance-build/blob/master/docker/centos-8.ks
# https://pagure.io/fedora-kickstarts/raw/master/f/fedora-container-base-minimal.ks
# https://catalog.redhat.com/software/containers/detail/5c359a62bed8bd75a2c3fba8
# AlmaLinux 8 kickstart file for x86_64 base Docker image
# Basic setup information
# install
url --url https://repo.almalinux.org/almalinux/8/BaseOS/x86_64/os/
bootloader --disabled
timezone --isUtc --nontp Etc/UTC
rootpw --lock --iscrypted locked
keyboard us
network --bootproto=dhcp --device=link --activate
reboot
# Disk setup
lang en_US.UTF-8
keyboard us
timezone --nontp --utc UTC
network --activate --bootproto=dhcp --device=link --onboot=on
firewall --disabled
selinux --disabled
bootloader --disable
zerombr
clearpart --all --initlabel
autopart --noboot --nohome --noswap --nolvm --fstype=ext4
autopart --fstype=ext4 --type=plain --nohome --noboot --noswap
# Package setup
%packages --excludedocs --instLangs=en --nocore --excludeWeakdeps
rootpw --iscrypted --lock almalinux
shutdown
%packages --ignoremissing --excludedocs --instLangs=en --nocore --excludeWeakdeps
almalinux-release
bash
coreutils-single
glibc-minimal-langpack
libusbx
microdnf
rootfiles
-dosfstools
-e2fsprogs
-fuse-libs
-binutils
-brotli
-dnf
-findutils
-hostname
-iputils
-less
-tar
-vim-minimal
-yum
-crypto-policies-scripts
-firewalld
-diffutils
-elfutils-debuginfod-client
-gettext*
-glibc-langpack-en
-gnupg2-smime
-grub\*
-iptables
-kernel
-libss
-libevent
-openssl
-os-prober
-open-vm-tools
-pinentry
-qemu-guest-agent
-platform-python-pip
-shared-mime-info
-trousers
-xfsprogs
-unbound-libs
-xkeyboard-config
-xz
%end
%addon com_redhat_kdump --disable
%end
%post --erroronfail --log=/root/anaconda-post.log
# container customizations inside the chroot
set -eux
# Limit languages to help reduce size.
LANG="en_US"
echo "%_install_langs $LANG" > /etc/rpm/macros.image-language-conf
echo "LANG=C.utf8" > /etc/locale.conf
# generate build time file for compatibility with CentOS
/bin/date +%Y%m%d_%H%M > /etc/BUILDTIME
@ -67,77 +71,29 @@ echo 'container' > /etc/dnf/vars/infra
# import AlmaLinux PGP key
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
# Remove network configuration files leftover from anaconda installation
# https://bugzilla.redhat.com/show_bug.cgi?id=1713089
rm -f /etc/sysconfig/network-scripts/ifcfg-*
# install only en_US.UTF-8 locale files, see
# https://fedoraproject.org/wiki/Changes/Glibc_locale_subpackaging for details
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf
# Remove machine-id on pre generated images
rm -f /etc/machine-id
touch /etc/machine-id
%end
%post --logfile /root/anaconda-post.log --erroronfail
# remove some random help txt files
rm -fv usr/share/gnupg/help*.txt
# Pruning random things
rm usr/lib/rpm/rpm.daily
rm -rfv usr/lib64/nss/unsupported-tools/ # unsupported
# Statically linked crap
rm -fv usr/sbin/{glibc_post_upgrade.x86_64,sln}
ln usr/bin/ln usr/sbin/sln
# Remove some dnf info
rm -rfv /var/lib/dnf
# don't need icons
rm -rfv /usr/share/icons/*
#some random not-that-useful binaries
rm -fv /usr/bin/pinky
# we lose presets by removing /usr/lib/systemd but we do not care
rm -rfv /usr/lib/systemd
# if you want to change the timezone, bind-mount it from the host or reinstall tzdata
rm -fv /etc/localtime
mv /usr/share/zoneinfo/UTC /etc/localtime
rm -rfv /usr/share/zoneinfo
# Final pruning
rm -rfv /var/cache/* /var/log/* /tmp/*
# remove the original RHEL8 EULA
# TODO: This affects the integrity of the installed rpm. Find a better way.
rm -f /usr/share/redhat-release/EULA
%end
%post --nochroot --erroronfail --log=/mnt/sysimage/root/anaconda-post-nochroot.log
set -eux
# https://bugzilla.redhat.com/show_bug.cgi?id=1343138
# Fix /run/lock breakage since it's not tmpfs in docker
# This unmounts /run (tmpfs) and then recreates the files
# in the /run directory on the root filesystem of the container
# NOTE: run this in nochroot because "umount" does not exist in chroot
umount /mnt/sysimage/run
# The file that specifies the /run/lock tmpfile is
# /usr/lib/tmpfiles.d/legacy.conf, which is part of the systemd
# rpm that isn't included in this image. We'll create the /run/lock
# file here manually with the settings from legacy.conf
# NOTE: chroot to run "install" because it is not in anaconda env
chroot /mnt/sysimage install -d /run/lock -m 0755 -o root -g root
# workarount error /mnt/sysimage/run cannot be unmounted
mount -t bind -o bind,defaults /run /mnt/sysimage/run
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1051816
# NOTE: run this in nochroot because "find" does not exist in chroot
KEEPLANG=en_US
for dir in locale i18n; do
find /mnt/sysimage/usr/share/${dir} -mindepth 1 -maxdepth 1 -type d -not \( -name "${KEEPLANG}" -o -name POSIX \) -exec rm -rfv {} +
done
# force each container to have a unique machine-id
> /etc/machine-id
# create tmp directories because there is no tmpfs support in Docker
umount /run
systemd-tmpfiles --create --boot
# disable login prompt and mounts
systemctl mask console-getty.service \
dev-hugepages.mount \
getty.target \
systemd-logind.service \
sys-fs-fuse-connections.mount \
systemd-remount-fs.service
# remove unnecessary files
rm -f /var/lib/dnf/history.* \
/run/nologin
rm -fr /var/log/* \
/tmp/* /tmp/.* \
/boot || true
%end