根据 Docker 容器映像构建一个自定义 Clear Linux* OS

本指南包含构建自定义容器映像的步骤。官方基础版 Clear Linux* OS 容器映像发布在 Docker* Hub 上，而且会定期更新。

必备条件

• 您必须在 Clear Linux OS 系统上执行这些步骤，因为系统使用 swupd 管理容器中的捆绑包。
• 您必须在 Clear Linux OS 系统上安装 containers-basic 捆绑包，否则 Docker 将无法运行。
• 您需要对 Docker 有基本了解。

构建基础容器映像

1. 登录并获得 root 特权。

   sudo -s
   

2. 确认 Docker 已安装且正在运行。

   docker info
   

   如果 Docker 已安装且正在运行，输出类似于以下示例：

   Containers: 0
    Running: 0
    Paused: 0
    Stopped: 0
   Images: 4
   Server Version: 17.05.0-ce
   Storage Driver: overlay
    Backing Filesystem: extfs
    Supports d_type: true
   Logging Driver: json-file
   Cgroup Driver: cgroupfs
   Plugins:
    Volume: local
    Network: bridge host macvlan null overlay
   Swarm: inactive
   Runtimes: runc
   Default Runtime: runc
   Init Binary: docker-init
   containerd version:  (expected: 9048e5e50717ea4497b757314bad98ea3763c145)
   runc version: N/A (expected: 9c2d8d184e5da67c95d601382adf14862e4f2228)
   init version: N/A (expected: )
   Kernel Version: 4.12.7-377.native
   Operating System: Clear Linux OS for Intel Architecture
   OSType: linux
   Architecture: x86_64
   CPUs: 4
   Total Memory: 15.62GiB
   Name: clr-os
   ID: XQHJ:DYEM:3Q4D:DKLM:JOA4:RUSF:GAFR:DLPA:HOJP:W5FF:ULEE:7HZ3
   Docker Root Dir: /var/lib/docker
   Debug Mode (client): false
   Debug Mode (server): false
   Registry: https://index.docker.io/v1/
   Experimental: false
   Insecure Registries:
    127.0.0.0/8
   Live Restore Enabled: false
   

   如果 Docker 未安装，请输入以下命令：

   swupd bundle-add containers-basic
   systemctl start docker
   

3. 使用 os-install 下载并安装捆绑包。

   swupd os-install --url https://cdn.download.clearlinux.org/update --statedir "$PWD"/swupd-state --no-boot-update --version 29790 -B os-core-update,editors,network-basic base
   

   swupd 示例使用以下标志：

   • os-install 指示 swupd 执行下载和安装。
   • -V / --version 指定 Clear Linux OS 捆绑包版本。
   • --url 指定捆绑包存储库的 URL。
   • --statedir 指定用来存储下载的捆绑包和任何状态信息的状态目录。
   • --no-boot-update 指示 swupd 跳过更新引导文件，因为容器不需要引导文件。

   有关 swupd 标志的详细信息，请输入 swupd os-install -h 命令。

   结果示例：

   swupd-client software verify 3.12.2
   Copyright (C) 2012-2017 Intel Corporation
   
   Verifying version 17870
   Attempting to download version string to memory
   Downloading packs...
   
   Extracting python-basic pack for version 17820
     ...14%
   Extracting perl-basic pack for version 17790
     ...28%
   Extracting openssh-server pack for version 17660
     ...42%
   Extracting editors pack for version 17850
     ...57%
   Extracting network-basic pack for version 17650
     ...71%
   Extracting os-core pack for version 17870
     ...85%
   Extracting os-core-update pack for version 17870
     ...100%
   Adding any missing files
     ...88%
   Inspected 33982 files
     33974 files were missing
       33974 of 33974 missing files were replaced
       0 of 33974 missing files were not replaced
   Calling post-update helper scripts.
   WARNING: boot files update skipped due to --no-boot-update argument
   Fix successful
   

   注解

   警告消息是意料之中的，可以忽略。

4. 创建一个 tarball 并压缩它。

   tar -C base -cf base.tar .
   xz -v -T0 base.tar
   

5. 创建 Dockerfile 来构建映像。

   cat > Dockerfile << EOF
   FROM scratch
   MAINTAINER First Last <first.last@example.com>
   ADD base.tar.xz /
   CMD ["/bin/bash"]
   EOF
   

6. 构建 Clear Linux OS 容器映像。

   docker build -t my-custom-clear-linux-container .
   

   结果示例：

   Sending build context to Docker daemon  806.5MB
   Step 1/4 : FROM scratch
     --->
   Step 2/4 : MAINTAINER First Last <first.last@example.com>
     ---> Running in 7238f35abcd0
     ---> ec5064287c60
   Removing intermediate container 7238f35abcd0
   Step 3/4 : ADD base.tar.xz /
     ---> 2723b7d20716
   Removing intermediate container 16e3ed0df8da
   Step 4/4 : CMD /bin/bash
     ---> Running in efa893350647
     ---> 5414c3a12993
   Removing intermediate container efa893350647
   Successfully built 5414c3a12993
   Successfully tagged my-custom-clear-linux-container:latest
   

7. 列出新创建的 Clear Linux OS 容器映像。

   docker images
   

   结果示例：

   REPOSITORY                        TAG                 IMAGE ID            CREATED              SIZE
   my-custom-clear-linux-container   latest              5414c3a12993        About a minute ago   616MB
   

8. 启动已构建的 Clear Linux OS 容器。

   docker run -it my-custom-clear-linux-container
   

管理容器中的捆绑包

您可以使用 Dockerfile 中的 RUN swupd 命令在 Clear Linux OS 容器中添加和移除捆绑包。

添加捆绑包

本示例 Dockerfile 将 pxe-server 捆绑添加到现有 Clear Linux OS Docker 映像：

cat > Dockerfile << EOF
FROM my-customer-clear-linux-container
MAINTAINER First Last <first.last@example.com>
RUN swupd bundle-add pxe-server
CMD ["/bin/bash/bash"]
EOF

结果示例：

docker build -t my-clearlinux-with-pxe-server-bundle .

Sending build context to Docker daemon  806.5MB
Step 1/4 : FROM my-custom-clear-linux-container
 ---> 5414c3a12993
Step 2/4 : MAINTAINER First Last <first.last@example.com>
 ---> Running in 19b4411cf4bd
 ---> 08d400baffde
Removing intermediate container 19b4411cf4bd
Step 3/4 : RUN swupd bundle-add pxe-server
 ---> Running in 3e634d6e0792
swupd-client bundle adder 3.12.2
   Copyright (C) 2012-2017 Intel Corporation

Attempting to download version string to memory
Downloading packs...

Extracting pxe-server pack for version 17820
.
Installing bundle(s) files...
..............................................................................
..............................................................................
..............................................................................
..............................................................................
..............................................................................
..............................................................................
Calling post-update helper scripts.
WARNING: systemctl not operable, unable to run systemd update triggers
Bundle(s) installation done.
 ---> 8ead5f2c0c33
Removing intermediate container 3e634d6e0792
Step 4/4 : CMD /bin/bash
 ---> Running in 0ceae320279b
 ---> dcd9adb40611
Removing intermediate container 0ceae320279b
Successfully built dcd9adb40611
Successfully tagged my-clearlinux-with-pxe-server-bundle:latest

注解

警告消息可以忽略，因为 systemd 不在容器内运行。

移除捆绑包

本示例 Dockerfile 从现有的 Clear Linux OS Docker 映像中移除 pxe-server 捆绑包：

cat > Dockerfile << EOF
FROM my-clearlinux-with-pxe-server-bundle
MAINTAINER First Last <first.last@example.com>
RUN swupd bundle-remove pxe-server
CMD ["/bin/bash/bash"]
EOF

结果示例：

docker build -t my-clearlinux-remove-pxe-server-bundle .

Sending build context to Docker daemon  806.5MB
Step 1/4 : FROM my-clearlinux-with-pxe-server-bundle
 ---> dcd9adb40611
Step 2/4 : MAINTAINER First Last <first.last@example.com>
 ---> Running in 71b60f15003e
 ---> 742192751c1a
Removing intermediate container 71b60f15003e
Step 3/4 : RUN swupd bundle-remove pxe-server
 ---> Running in ad28a3390ecc
swupd-client bundle remover 3.12.2
   Copyright (C) 2012-2017 Intel Corporation

Removing bundle: pxe-server
Deleting bundle files...
Total deleted files: 92
Untracking bundle from system...
Success: Bundle removed
1 bundle(s) were removed successfully
 ---> d6ee7903e14d
Removing intermediate container ad28a3390ecc
Step 4/4 : CMD /bin/bash
 ---> Running in 7694989e97de
 ---> ec23189ef954
Removing intermediate container 7694989e97de
Successfully built ec23189ef954
Successfully tagged my-clearlinux-remove-pxe-server-bundle:latest