From 5a84fdd9ce4cb4e9869a9a3752658f19944483a4 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Fri, 28 Mar 2014 07:41:46 -0400 Subject: [PATCH 1/3] Add minimal kickstart for docker images This produces a super-minimal, 125Mb image suitable for importing into Docker. --- docker/docker-6.ks | 95 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 docker/docker-6.ks diff --git a/docker/docker-6.ks b/docker/docker-6.ks new file mode 100644 index 0000000..51cc75f --- /dev/null +++ b/docker/docker-6.ks @@ -0,0 +1,95 @@ +install +url --url=http://mirrors.karan.org/centos/6/os/x86_64/ +lang en_US.UTF-8 +keyboard uk +network --device eth0 --bootproto dhcp +rootpw --iscrypted $1$UKLtvLuY$kka6S665oCFmU7ivSDZzU. +firewall --service=ssh +authconfig --enableshadow --passalgo=sha512 --enablefingerprint +selinux --enforcing +timezone --utc Europe/London +repo --name="CentOS" --baseurl=http://mirrors.karan.org/centos/6/os/x86_64/ --cost=100 +clearpart --all --initlabel +part / --fstype ext4 --size=1024 --grow +reboot +%packages --excludedocs --nobase +@Core +-MAKEDEV +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-cronie +-dhclient +-efibootmgr +-ethtool +-initscripts +-iproute +-iptables +-iptables-ipv6 +-iputils +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-kbd +-kernel-firmware +-libertas-usb8388-firmware +-openssh-server +-postfix +-policycoreutils +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-redhat-logos +-rsyslog +-rt61pci-firmware +-rt73usb-firmware +-selinux-policy +-selinux-policy-targeted +-sudo +-upstart +-vim-minimal +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +# cleanup unwanted stuff + +# ami-creator requires grub during the install, so we remove it (and +# its dependencies) in %post +rpm -e grub redhat-logos +rm -rf /boot + +# some packages get installed even though we ask for them not to be, +# and they don't have any external dependencies that should make +# anaconda install them +rpm -e MAKEDEV ethtool upstart initscripts iputils policycoreutils iptables \ + iproute + +# locales +rm -rf /usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive} +# docs +rm -rf /usr/share/{man,doc,info,gnome/help} +# cracklib +rm -rf /usr/share/cracklib +# i18n +rm -rf /usr/share/i18n +# sln +rm -rf /sbin/sln +# ldconfig +rm -rf /etc/ld.so.cache +rm -rf /var/cache/ldconfig/* + +%end From c78d46f6ee8510641be51cf26577aa0d45ed001f Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Fri, 28 Mar 2014 07:49:53 -0400 Subject: [PATCH 2/3] added script to import raw images to docker --- docker/img2docker.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100755 docker/img2docker.sh diff --git a/docker/img2docker.sh b/docker/img2docker.sh new file mode 100755 index 0000000..9249915 --- /dev/null +++ b/docker/img2docker.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# +# This script imports a raw image into Docker. It takes two +# arguments: the name of the image file, and the tag to assign to the +# Docker image that it creates. + +usage() { + echo "usage: $(basename $0) " + exit 1 +} + +image="$1" +tag="$2" + +if [[ -z $1 || -z $2 ]]; then + usage +fi + +mount="$(mktemp -d --tmpdir)" +mount -o loop "$image" "$mount" + +cd "$mount" +tar -cpSf - --acls --selinux --xattrs * | docker import - "$tag" +cd - +umount "$mount" +rmdir "$mount" From c3ffcf91146527f668c0d61b329548631423ae3b Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Fri, 28 Mar 2014 09:00:33 -0400 Subject: [PATCH 3/3] docker: randomize root password and lock root account in %post --- docker/docker-6.ks | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/docker-6.ks b/docker/docker-6.ks index 51cc75f..d71e81d 100644 --- a/docker/docker-6.ks +++ b/docker/docker-6.ks @@ -65,6 +65,10 @@ reboot %end %post +# randomize root password and lock root account +tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1 | passwd --stdin root +passwd -l root + # cleanup unwanted stuff # ami-creator requires grub during the install, so we remove it (and