]>
Commit | Line | Data |
---|---|---|
1e59de90 TL |
1 | # stable/Dockerfile |
2 | # | |
3 | # Build a Podman container image from the latest | |
4 | # stable version of Podman on the Fedoras Updates System. | |
5 | # https://bodhi.fedoraproject.org/updates/?search=podman | |
6 | # This image can be used to create a secured container | |
7 | # that runs safely with privileges within the container. | |
8 | # | |
9 | FROM fedora:34 | |
10 | ||
11 | ENV CEPHADM_PATH=/usr/local/sbin/cephadm | |
12 | RUN ln -s /ceph/src/cephadm/cephadm.py $CEPHADM_PATH # NOTE: assume path of ceph volume | |
13 | ||
14 | # Don't include container-selinux and remove | |
15 | # directories used by yum that are just taking | |
16 | # up space. | |
17 | RUN dnf -y update; rpm --restore shadow-utils 2>/dev/null; \ | |
18 | yum -y install podman fuse-overlayfs --exclude container-selinux; \ | |
19 | rm -rf /var/cache /var/log/dnf* /var/log/yum.* | |
20 | ||
21 | RUN dnf install which firewalld chrony procps systemd openssh openssh-server openssh-clients sshpass lvm2 -y | |
22 | ||
23 | ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf | |
24 | ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /root/.config/containers/containers.conf | |
25 | ||
26 | RUN mkdir -p /root/.local/share/containers; # chown podman:podman -R /home/podman | |
27 | ||
28 | # Note VOLUME options must always happen after the chown call above | |
29 | # RUN commands can not modify existing volumes | |
30 | VOLUME /var/lib/containers | |
31 | VOLUME /root/.local/share/containers | |
32 | ||
33 | # chmod containers.conf and adjust storage.conf to enable Fuse storage. | |
34 | RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf | |
35 | RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock | |
36 | ||
37 | RUN echo 'root:root' | chpasswd | |
38 | ||
39 | RUN dnf install -y adjtimex # adjtimex syscall doesn't exist in fedora 35+ therefore we have to install it manually | |
40 | # so chronyd works | |
41 | RUN dnf install -y strace sysstat # debugging tools | |
42 | RUN dnf -y install hostname iproute udev | |
43 | ENV _CONTAINERS_USERNS_CONFIGURED="" | |
44 | ||
45 | RUN useradd podman; \ | |
46 | echo podman:0:5000 > /etc/subuid; \ | |
47 | echo podman:0:5000 > /etc/subgid; \ | |
48 | echo root:0:65535 > /etc/subuid; \ | |
49 | echo root:0:65535 > /etc/subgid; | |
50 | ||
51 | VOLUME /home/podman/.local/share/containers | |
52 | ||
53 | ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf | |
54 | ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf | |
55 | ||
56 | RUN chown podman:podman -R /home/podman | |
57 | ||
58 | RUN echo 'podman:podman' | chpasswd | |
59 | RUN touch /.box_container # empty file to check if inside a container | |
60 | ||
61 | EXPOSE 8443 | |
62 | EXPOSE 22 | |
63 | ||
64 | ENTRYPOINT ["/usr/sbin/init"] |