[ale] Would you mind critiquing a container build HOWTO?

DjPfulio at jdpfu.com DjPfulio at jdpfu.com
Thu Jul 4 09:19:10 EDT 2024


Does that mean that Docker doesn't still by default use privilege containers?
I didn't see that question answered.

On July 4, 2024 9:07:37 AM EDT, Jim Kinney via Ale <ale at ale.org> wrote:
>That's why singularity started and RHEL did their version to also add in
>selinux. Container root should not be host root.
>
>On Thu, Jul 4, 2024, 8:46 AM DJPfulio--- via Ale <ale at ale.org> wrote:
>
>> At the risk of showing my ignorance, has docker changed their default so
>> that using privileged containers is a hassle and not the default?  That's a
>> huge reason I've avoided Docker completely.
>>
>>
>> On 7/4/24 07:18, Leam Hall via Ale wrote:
>> > And eventually I remember that docker run has a -d switch...
>> >
>> > Leam
>> >
>> >
>> > On 6/30/24 21:14, Mark Ulmer wrote:
>> >> Leam, I've run into the same issues... I just could not get
>> >> systemctl enable and start commands to work.  Here is the final
>> >> docker file that works. I added yum update.
>> >>
>> >> FROM amazonlinux:latest RUN yum update -y RUN yum install -y
>> >> iproute sysstat procps-ng httpd EXPOSE 80 CMD
>> >> ["httpd","-D","FOREGROUND"]
>> >>
>> >>
>> >> I suggest also adding the docker run example to your HOWTO.
>> >>
>> >> docker run --name amzl_web -p 8080:80 docker.io/library/amzl_web
>> >>
>> >>
>> >> Regards, Mark Ulmer
>> >>
>> >>
>> >> ------ Original Message ------
>> >>> From "Leam Hall via Ale" <ale at ale.org>
>> >> To "Atlanta Linux Enthusiasts" <ale at ale.org> Cc "Leam Hall"
>> >> <leamhall at gmail.com> Date 6/29/2024 9:09:08 AM Subject [ale] Would
>> >> you mind critiquing a container build HOWTO?
>> >>
>> >>> Hey container-savvy peeps, would you mind critiquing a short
>> >>> HOWTO (below) on getting an Amazon Linux container to run
>> >>> locally? I'm doing some AWS study and want to put together a more
>> >>> concise document that will let folks try out AWS without having
>> >>> to reroute through a dozen documents to resolve basic tasks.
>> >>>
>> >>> Thanks!
>> >>>
>> >>> Leam -- Site Reliability Engineer  (reuel.net/resume) Scribe: The
>> >>> Domici War     (domiciwar.net) General Ne'er-do-well
>> >>> (github.com/LeamHall)
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> My hypothesis is that running Amazon Linux in EC2 would be more
>> >>> performant than other Linux versions because the AWS engineers
>> >>> could tune their OS distribution to their platform.
>> >>>
>> >>> To test, I began by building an Amazon Linux container locally.
>> >>> This would allow investigating the OS itself, and then knowing
>> >>> how to configure it for use and observability. This quickly ran
>> >>> into the issue of portablity, while Amazon does have a container
>> >>> image on the Docker Hub, it doesn't run in standalone mode and it
>> >>> is missing basic sysadmin tools like "ps".
>> >>>
>> >>> So far a kludge resolves the stand-alone issue, but I'd like to
>> >>> find a better solution. Here's the annotated Dockerfile and
>> >>> commands used.
>> >>>
>> >>>
>> >>> FROM amazonlinux:latest                    (1) RUN yum install
>> >>> iproute sysstat procps-ng httpd -y    (2)(6)(7)(8)(9) # RUN httpd
>> >>> -k start                       (3) # RUN systemctl start httpd
>> >>> (4) ENTRYPOINT ["/usr/sbin/httpd"]                (5) CMD
>> >>> ["-DFOREGROUND"]
>> >>>
>> >>>
>> >>> (1)
>> >>> https://docs.aws.amazon.com/linux/al2023/ug/base-container.html
>> >>> (2)  Adding some observability tools and httpd to keep the thing
>> >>> up. (3)  This just exits out. (4)  This fails with:
>> >>>> [3/4] RUN systemctl start httpd:
>> >>> 0.976 System has not been booted with systemd as init system (PID
>> >>> 1). Can't operate. 0.976 Failed to connect to bus: Host is down
>> >>> (5)  This ENTRYPOINT and CMD pair works. (6)  iproute gives the
>> >>> "ip" command. (7)  sysstat gives the sar, pidstat, vmstat,
>> >>> iostat, and mpstat commands. (8)  procps-ng gives the "ps"
>> >>> command. (9)  httpd is required to have a running process,
>> >>> otherwise the container shuts down.
>> >>>
>> >>>
>> >>> Commands:
>> >>>
>> >>> Get the container image (https://hub.docker.com/_/amazonlinux).
>> >>> docker pull amazonlinux
>> >>>
>> >>> In the directory with the Dockerfile. Note the ending ".". docker
>> >>> build -t amzl_web .
>> >>>
>> >>> You must also start it with "&" to regain your terminal window.
>> >>> docker run amzl_web &
>> >>>
>> >>> Connect to the container. docker exec -it <container_name>
>> >>> /bin/bash
>> >>>
>> >>> _______________________________________________ Ale mailing list
>> >>> Ale at ale.org https://mail.ale.org/mailman/listinfo/ale See JOBS,
>> >>> ANNOUNCE and SCHOOLS lists at
>> >>> http://mail.ale.org/mailman/listinfo
>> >
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20240704/a071e630/attachment.htm>


More information about the Ale mailing list