projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 1e59de90 TL |
1 | # stable/Dockerfile |
| 2 | # | |
| 3 | # Build a Podman container image from the latest | |
| 4 | # stable version of Podman on the Fedoras Updates System. | |
| 5 | # https://bodhi.fedoraproject.org/updates/?search=podman | |
| 6 | # This image can be used to create a secured container | |
| 7 | # that runs safely with privileges within the container. | |
| 8 | # | |
| 9 | FROM fedora:34 | |
| 10 | ||
| 11 | ENV CEPHADM_PATH=/usr/local/sbin/cephadm | |
| 12 | RUN ln -s /ceph/src/cephadm/cephadm.py $CEPHADM_PATH # NOTE: assume path of ceph volume | |
| 13 | ||
| 14 | # Don't include container-selinux and remove | |
| 15 | # directories used by yum that are just taking | |
| 16 | # up space. | |
| 17 | RUN dnf -y update; rpm --restore shadow-utils 2>/dev/null; \ | |
| 18 | yum -y install podman fuse-overlayfs --exclude container-selinux; \ | |
| 19 | rm -rf /var/cache /var/log/dnf* /var/log/yum.* | |
| 20 | ||
| 21 | RUN dnf install which firewalld chrony procps systemd openssh openssh-server openssh-clients sshpass lvm2 -y | |
| 22 | ||
| 23 | ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf | |
| 24 | ADD https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable/podman-containers.conf /root/.config/containers/containers.conf | |
| 25 | ||
| 26 | RUN mkdir -p /root/.local/share/containers; # chown podman:podman -R /home/podman | |
| 27 | ||
| 28 | # Note VOLUME options must always happen after the chown call above | |
| 29 | # RUN commands can not modify existing volumes | |
| 30 | VOLUME /var/lib/containers | |
| 31 | VOLUME /root/.local/share/containers | |
| 32 | ||
| 33 | # chmod containers.conf and adjust storage.conf to enable Fuse storage. | |
| 34 | RUN chmod 644 /etc/containers/containers.conf; sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' -e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' /etc/containers/storage.conf | |
| 35 | RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers /var/lib/shared/vfs-images /var/lib/shared/vfs-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock; touch /var/lib/shared/vfs-images/images.lock; touch /var/lib/shared/vfs-layers/layers.lock | |
| 36 | ||
| 37 | RUN echo 'root:root' | chpasswd | |
| 38 | ||
| 39 | RUN dnf install -y adjtimex # adjtimex syscall doesn't exist in fedora 35+ therefore we have to install it manually | |
| 40 | # so chronyd works | |
| 41 | RUN dnf install -y strace sysstat # debugging tools | |
| 42 | RUN dnf -y install hostname iproute udev | |
| 43 | ENV _CONTAINERS_USERNS_CONFIGURED="" | |
| 44 | ||
| 45 | RUN useradd podman; \ | |
| 46 | echo podman:0:5000 > /etc/subuid; \ | |
| 47 | echo podman:0:5000 > /etc/subgid; \ | |
| 48 | echo root:0:65535 > /etc/subuid; \ | |
| 49 | echo root:0:65535 > /etc/subgid; | |
| 50 | ||
| 51 | VOLUME /home/podman/.local/share/containers | |
| 52 | ||
| 53 | ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/containers.conf /etc/containers/containers.conf | |
| 54 | ADD https://raw.githubusercontent.com/containers/libpod/master/contrib/podmanimage/stable/podman-containers.conf /home/podman/.config/containers/containers.conf | |
| 55 | ||
| 56 | RUN chown podman:podman -R /home/podman | |
| 57 | ||
| 58 | RUN echo 'podman:podman' | chpasswd | |
| 59 | RUN touch /.box_container # empty file to check if inside a container | |
| 60 | ||
| 61 | EXPOSE 8443 | |
| 62 | EXPOSE 22 | |
| 63 | ||
| 64 | ENTRYPOINT ["/usr/sbin/init"] |