[ale] Would you mind critiquing a container build HOWTO?

Jim Kinney jim.kinney at gmail.com
Thu Jul 4 09:07:37 EDT 2024 

That's why singularity started and RHEL did their version to also add in
selinux. Container root should not be host root.

On Thu, Jul 4, 2024, 8:46 AM DJPfulio--- via Ale <ale at ale.org> wrote:

> At the risk of showing my ignorance, has docker changed their default so
> that using privileged containers is a hassle and not the default?  That's a
> huge reason I've avoided Docker completely.
>
>
> On 7/4/24 07:18, Leam Hall via Ale wrote:
> > And eventually I remember that docker run has a -d switch...
> >
> > Leam
> >
> >
> > On 6/30/24 21:14, Mark Ulmer wrote:
> >> Leam, I've run into the same issues... I just could not get
> >> systemctl enable and start commands to work.  Here is the final
> >> docker file that works. I added yum update.
> >>
> >> FROM amazonlinux:latest RUN yum update -y RUN yum install -y
> >> iproute sysstat procps-ng httpd EXPOSE 80 CMD
> >> ["httpd","-D","FOREGROUND"]
> >>
> >>
> >> I suggest also adding the docker run example to your HOWTO.
> >>
> >> docker run --name amzl_web -p 8080:80 docker.io/library/amzl_web
> >>
> >>
> >> Regards, Mark Ulmer
> >>
> >>
> >> ------ Original Message ------
> >>> From "Leam Hall via Ale" <ale at ale.org>
> >> To "Atlanta Linux Enthusiasts" <ale at ale.org> Cc "Leam Hall"
> >> <leamhall at gmail.com> Date 6/29/2024 9:09:08 AM Subject [ale] Would
> >> you mind critiquing a container build HOWTO?
> >>
> >>> Hey container-savvy peeps, would you mind critiquing a short
> >>> HOWTO (below) on getting an Amazon Linux container to run
> >>> locally? I'm doing some AWS study and want to put together a more
> >>> concise document that will let folks try out AWS without having
> >>> to reroute through a dozen documents to resolve basic tasks.
> >>>
> >>> Thanks!
> >>>
> >>> Leam -- Site Reliability Engineer  (reuel.net/resume) Scribe: The
> >>> Domici War     (domiciwar.net) General Ne'er-do-well
> >>> (github.com/LeamHall)
> >>>
> >>>
> >>>
> >>>
> >>> My hypothesis is that running Amazon Linux in EC2 would be more
> >>> performant than other Linux versions because the AWS engineers
> >>> could tune their OS distribution to their platform.
> >>>
> >>> To test, I began by building an Amazon Linux container locally.
> >>> This would allow investigating the OS itself, and then knowing
> >>> how to configure it for use and observability. This quickly ran
> >>> into the issue of portablity, while Amazon does have a container
> >>> image on the Docker Hub, it doesn't run in standalone mode and it
> >>> is missing basic sysadmin tools like "ps".
> >>>
> >>> So far a kludge resolves the stand-alone issue, but I'd like to
> >>> find a better solution. Here's the annotated Dockerfile and
> >>> commands used.
> >>>
> >>>
> >>> FROM amazonlinux:latest                    (1) RUN yum install
> >>> iproute sysstat procps-ng httpd -y    (2)(6)(7)(8)(9) # RUN httpd
> >>> -k start                       (3) # RUN systemctl start httpd
> >>> (4) ENTRYPOINT ["/usr/sbin/httpd"]                (5) CMD
> >>> ["-DFOREGROUND"]
> >>>
> >>>
> >>> (1)
> >>> https://docs.aws.amazon.com/linux/al2023/ug/base-container.html
> >>> (2)  Adding some observability tools and httpd to keep the thing
> >>> up. (3)  This just exits out. (4)  This fails with:
> >>>> [3/4] RUN systemctl start httpd:
> >>> 0.976 System has not been booted with systemd as init system (PID
> >>> 1). Can't operate. 0.976 Failed to connect to bus: Host is down
> >>> (5)  This ENTRYPOINT and CMD pair works. (6)  iproute gives the
> >>> "ip" command. (7)  sysstat gives the sar, pidstat, vmstat,
> >>> iostat, and mpstat commands. (8)  procps-ng gives the "ps"
> >>> command. (9)  httpd is required to have a running process,
> >>> otherwise the container shuts down.
> >>>
> >>>
> >>> Commands:
> >>>
> >>> Get the container image (https://hub.docker.com/_/amazonlinux).
> >>> docker pull amazonlinux
> >>>
> >>> In the directory with the Dockerfile. Note the ending ".". docker
> >>> build -t amzl_web .
> >>>
> >>> You must also start it with "&" to regain your terminal window.
> >>> docker run amzl_web &
> >>>
> >>> Connect to the container. docker exec -it <container_name>
> >>> /bin/bash
> >>>
> >>> _______________________________________________ Ale mailing list
> >>> Ale at ale.org https://mail.ale.org/mailman/listinfo/ale See JOBS,
> >>> ANNOUNCE and SCHOOLS lists at
> >>> http://mail.ale.org/mailman/listinfo
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20240704/c3102d1a/attachment.htm>

More information about the Ale mailing list