红帽全球峰会2.4. Building customized images by using podman build
Starting with RHEL 9.6, you can continue to use RHEL image builder to create edge installation images. You can also use image mode for RHEL to compose container images and create disk images for deployment. If you want to continue to use RHEL image builder, see Composing, installing, and managing RHEL for Edge images.
To use image mode for RHEL to create new disk images, follow the steps:
To build an image mode RHEL for an edge host, create a Containerfile with instructions. Then use bootc-image-builder to install the created edge host by using an anaconda ISO.
Prerequisites
- You have Podman installed on your host machine.
-
You have root access to run the
bootc-image-buildertool, and run the containers in--privilegedmode, to build the images.
Procedure
Create a
Containerfile, for example:$ cat Containerfile FROM registry.redhat.io/rhel9/rhel-bootc:9.6 # Packages RUN dnf install -y zsh && dnf clean all # Group install RUN dnf group -y install "Development Tools" # Hostname RUN echo "rock.paper.scissor" > /etc/hostname # Kernel RUN mkdir -p /usr/lib/bootc/kargs.d RUN cat <<EOF >> /usr/lib/bootc/kargs.d/console.toml kargs = ["console=ttyS0,114800n8","kernel-debug"] match-architectures = ["x86_64"] EOF # Subscription-manager RUN dnf install subscription-manager # RPM config RUN mkdir -p /etc/pki/rpm-gpg/ COPY <host_path>/gpg_key /etc/pki/rpm-gpg/gpg_key # Timezones RUN cat <<EOF >> /etc/localtime Asia/Bangkok EOF # Locale RUN cat <<EOF >> /etc/locale.conf LANG="en_US.UTF-8" EOF && \ cat <<EOF >> /etc/vconsole.conf KEYMAP=us EOF # firewall RUN dnf install -y firewalld && \ mkdir -p /etc/firewalld/zones RUN cat <<EOF >> /etc/firewalld/zones/customzone.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Customzone</short> <description>Custom firewall rules for the container.</description> <!-- Allowed services --> <service name="ftp"/> <service name="ntp"/> <service name="dhcp"/> <!-- Blocked services (not explicitly listed) --> <!-- Removing telnet explicitly is unnecessary if it is not included --> <!-- Open specific ports --> <port protocol="tcp" port="22"/> <port protocol="tcp" port="80"/> <port protocol="tcp" port="53"/> <port protocol="udp" port="53"/> <port protocol="tcp" port="30000-32767"/> <port protocol="udp" port="30000-32767"/> </zone> EOF RUN firewall-offline-cmd --set-default-zone=customzone # systemd services RUN systemctl enable sshd #ignition RUN mkdir -p /usr/lib/bootc/kargs.d && \ cat <<EOF >> /usr/lib/bootc/kargs.d/console.toml kargs = ["ignition.config.url=http://192.168.122.1/fiot.ign","rd.neednet=1"] EOF #fdo RUN dnf install -y fdo-init fdo-client && \ systemctl enable fdo-client-linuxapp.service #Repositories RUN mkdir -p /etc/yum.repos.d COPY custom.repo /etc/yum.repos.d/custom.repo #fips RUN mkdir -p /usr/lib/bootc/kargs.d && \ cat <<EOF >> /usr/lib/bootc/kargs.d/01-fips.toml kargs = ["fips=1"] EOF RUN dnf install -y crypto-policies-scripts && update-crypto-policies --no-reload --set FIPSBuild the
<image>image by usingContainerfilein the current directory:$ podman build -t quay.io/<namespace>/<image>:<tag> .
Verification
List all images:
$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/<namespace>/<image> latest b28cd00741b3 About a minute ago 2.1 GB
From RHEL 10 and later, to create new RHEL for Edge images installations, use bootc, because RHEL image builder no longer supports edge artifacts.
Not all the available RHEL image builder artifacts are available in image mode. That means that you cannot create certain image types by using bootc-image-builder.
-
Notably, the
simplified-installerno longer exists. Instead, use thebootc-image-builderAnaconda ISO for workflows such as FDO.
Prerequisites
- You have Podman installed on your host machine.
-
You have root access to run the
bootc-image-buildertool, and run the containers in--privilegedmode, to build the images.
Procedure
Create a
Containerfile. The following example contains several customizations that you can use as an example, and can be removed in case it does not suit your requirements.$ cat Containerfile FROM registry.redhat.io/rhel10/rhel-bootc:10.0 # Packages RUN dnf install -y zsh && dnf clean all # Group install RUN dnf group -y install "Development Tools" # Kernel RUN mkdir -p /usr/lib/bootc/kargs.d RUN cat <<EOF >> /usr/lib/bootc/kargs.d/console.toml kargs = ["console=ttyS0,114800n8","kernel-debug"] match-architectures = ["x86_64"] EOF # Subscription-manager COPY ./rhsm.conf /etc/rhsm/rhsm.conf # RPM config RUN mkdir -p /etc/pki/rpm-gpg/ COPY <host_path>/gpg_key /etc/pki/rpm-gpg//gpg_key # Additional groups RUN groupadd -g 1001 widget # Timezones RUN ln -sf /usr/share/zoneinfo/Asia/Bangkok /etc/localtime # Locale RUN cat <<EOF >> /etc/locale.conf LANG="en_US.UTF-8" EOF && \ cat <<EOF >> /etc/vconsole.conf KEYMAP=us EOF # firewall RUN dnf install -y firewalld && \ dnf clean all && \ firewall-offline-cmd --new-zone=customzone && \ firewall-offline-cmd --zone=customzone --set-description="Custom firewall rules for the container" && \ firewall-offline-cmd --zone=customzone --add-service=ftp && \ firewall-offline-cmd --zone=customzone --add-service=ntp && \ firewall-offline-cmd --zone=customzone --add-service=dhcp && \ firewall-offline-cmd --zone=customzone --add-port=22/tcp && \ firewall-offline-cmd --zone=customzone --add-port=80/tcp && \ firewall-offline-cmd --zone=customzone --add-port=53/tcp && \ firewall-offline-cmd --zone=customzone --add-port=53/udp && \ firewall-offline-cmd --zone=customzone --add-port=30000-32767/tcp && \ firewall-offline-cmd --zone=customzone --add-port=30000-32767/udp && \ firewall-offline-cmd --set-default-zone=customzone # systemd services RUN systemctl enable httpd sshd && \ systemctl disable telnetd && \ systemctl mask rcpbindBuild the
<image>image by usingContainerfilein the current directory:$ podman build -t quay.io/<namespace>/<image>:<tag> .
Verification
List all images:
$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/<namespace>/<image> latest b28cd00741b3 About a minute ago 2.1 GB
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}