7.2. Containerfiles 示例

RHCOS 镜像分层允许您使用以下类型的镜像来创建自定义分层镜像：

OpenShift 容器平台 Hotfixes.您可以使用客户体验和参与(CEE)在 RHCOS 镜像之上获取并应用 Hotfix 软件包。在某些情况下，您可能需要在一个官方的 OpenShift Container Platform 发行版本中包括程序错误修复或功能增强。RHCOS 镜像分层允许您在正式发布前轻松添加 Hotfix，并在底层 RHCOS 镜像包含修复时删除 Hotfix。

重要

有些 Hotfixes 需要红帽支持例外，且不在 OpenShift Container Platform 支持覆盖范围或生命周期政策之外。

根据 Red Hat Hotfix 策略为您提供修补程序。将它应用到基础镜像的顶部，并测试在非生产环境中的新的自定义分层镜像。当您满足自定义分层镜像在生产环境中安全使用时，您可以将其按您自己的计划部署到特定的节点池。因此，您可以轻松地回滚自定义分层镜像，并使用默认 RHCOS 返回。

应用 Hotfix 的 on-cluster Containerfile 示例

containerfileArch: noarch
content: |-
  FROM configs AS final
  #Install hotfix package
  RUN dnf update -y https://example.com/files/systemd-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-journal-remote-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-libs-252-46.el9_4.x86_64.rpm  \
                    https://example.com/files/systemd-pam-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-udev-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-rpm-macros-252-46.el9_4.noarch.rpm && \
      dnf clean all && \
      ostree container commit

containerfileArch: noarch
content: |-
  FROM configs AS final
  #Install hotfix package
  RUN dnf update -y https://example.com/files/systemd-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-journal-remote-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-libs-252-46.el9_4.x86_64.rpm  \
                    https://example.com/files/systemd-pam-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-udev-252-46.el9_4.x86_64.rpm \
                    https://example.com/files/systemd-rpm-macros-252-46.el9_4.noarch.rpm && \
      dnf clean all && \
      ostree container commit

Copy to Clipboard

Toggle word wrap

用于应用 Hotfix 的 out-of-cluster Containerfile 示例

FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...
#Install hotfix package
RUN dnf update -y https://example.com/files/systemd-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-journal-remote-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-libs-252-46.el9_4.x86_64.rpm  \
                  https://example.com/files/systemd-pam-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-udev-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-rpm-macros-252-46.el9_4.noarch.rpm && \
    dnf clean all && \
    ostree container commit

FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...
#Install hotfix package
RUN dnf update -y https://example.com/files/systemd-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-journal-remote-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-libs-252-46.el9_4.x86_64.rpm  \
                  https://example.com/files/systemd-pam-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-udev-252-46.el9_4.x86_64.rpm \
                  https://example.com/files/systemd-rpm-macros-252-46.el9_4.noarch.rpm && \
    dnf clean all && \
    ostree container commit

Copy to Clipboard

Toggle word wrap

RHEL 软件包.您可以从红帽客户门户网站下载 Red Hat Enterprise Linux (RHEL) 软件包，如 chrony, firewalld, and iputils。

应用 rsyslog 工具的 out-of-cluster Containerfile 示例

# Using a 4.18.0 image
FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...
# Install rsyslog package
RUN dnf install -y rsyslog && \
    ostree container commit
# Copy your custom configuration in
ADD remote.conf /etc/rsyslog.d/remote.conf

# Using a 4.18.0 image
FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...
# Install rsyslog package
RUN dnf install -y rsyslog && \
    ostree container commit
# Copy your custom configuration in
ADD remote.conf /etc/rsyslog.d/remote.conf

Copy to Clipboard

Toggle word wrap

第三方软件包。您可以从第三方机构下载并安装 RPM，如以下类型的软件包：

增强边缘驱动程序和内核增强，以提高性能或添加功能。
用于调查可能和实际分类的客户端工具。
安全代理。
提供整个集群一致的视图的清单代理。
SSH 密钥管理软件包。

使用 EPEL 应用第三方软件包的集群 Containerfile 示例

FROM configs AS final

#Enable EPEL (more info at https://docs.fedoraproject.org/en-US/epel/ ) and install htop
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
    dnf install -y htop && \
    dnf clean all && \
    ostree container commit

FROM configs AS final

#Enable EPEL (more info at https://docs.fedoraproject.org/en-US/epel/ ) and install htop
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
    dnf install -y htop && \
    dnf clean all && \
    ostree container commit

Copy to Clipboard

Toggle word wrap

集群外文件示例应用来自 EPEL 的第三方软件包

# Get RHCOS base image of target cluster `oc adm release info --image-for rhel-coreos`
FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...

#Enable EPEL (more info at https://docs.fedoraproject.org/en-US/epel/ ) and install htop
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
    dnf install -y htop && \
    dnf clean all && \
    ostree container commit

# Get RHCOS base image of target cluster `oc adm release info --image-for rhel-coreos`
FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...

#Enable EPEL (more info at https://docs.fedoraproject.org/en-US/epel/ ) and install htop
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
    dnf install -y htop && \
    dnf clean all && \
    ostree container commit

Copy to Clipboard

Toggle word wrap

这个 Containerfile 安装 RHEL fish 程序。由于 fish 需要额外的 RHEL 软件包，所以必须在授权的 RHEL 主机上构建镜像。要使 RHEL 权利正常工作，您必须将 etc-pki-entitlement secret 复制到 openshift-machine-config-operator 命名空间中。

cluster Containerfile 示例，以应用具有 RHEL 依赖项的第三方软件包

FROM configs AS final

# RHEL entitled host is needed here to access RHEL packages
# Install fish as third party package from EPEL
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/f/fish-3.3.1-3.el9.x86_64.rpm && \
    dnf clean all && \
    ostree container commit

FROM configs AS final

# RHEL entitled host is needed here to access RHEL packages
# Install fish as third party package from EPEL
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/f/fish-3.3.1-3.el9.x86_64.rpm && \
    dnf clean all && \
    ostree container commit

Copy to Clipboard

Toggle word wrap

集群外的 Containerfile 示例，以应用具有 RHEL 依赖项的第三方软件包

# Get RHCOS base image of target cluster `oc adm release info --image-for rhel-coreos`
FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...

# RHEL entitled host is needed here to access RHEL packages
# Install fish as third party package from EPEL
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/f/fish-3.3.1-3.el9.x86_64.rpm && \
    dnf clean all && \
    ostree container commit

# Get RHCOS base image of target cluster `oc adm release info --image-for rhel-coreos`
FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...

# RHEL entitled host is needed here to access RHEL packages
# Install fish as third party package from EPEL
RUN dnf install -y https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/f/fish-3.3.1-3.el9.x86_64.rpm && \
    dnf clean all && \
    ostree container commit

Copy to Clipboard

Toggle word wrap

创建机器配置后，Machine Config Operator (MCO) 执行以下步骤：

为指定池呈现新机器配置。
对池中的节点执行 cordon 和 drain 操作。
将其余机器配置参数写入节点。
将自定义分层镜像应用到节点。
使用新镜像重启节点。

重要

强烈建议您在推出集群前测试生产环境中的镜像。

返回顶部

7.2. Containerfiles 示例

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links