-
Notifications
You must be signed in to change notification settings - Fork 228
Expand file tree
/
Copy pathContainerfile.bootc-rhel9
More file actions
49 lines (44 loc) · 1.9 KB
/
Containerfile.bootc-rhel9
File metadata and controls
49 lines (44 loc) · 1.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
FROM registry.redhat.io/rhel9-eus/rhel-9.6-bootc:9.6
ARG USHIFT_VER=4.18
# hadolint ignore=SC1091
RUN . /etc/os-release && dnf upgrade -y --releasever="${VERSION_ID}" && \
dnf config-manager \
--set-enabled "rhocp-${USHIFT_VER}-for-rhel-9-$(uname -m)-rpms" \
--set-enabled "fast-datapath-for-rhel-9-$(uname -m)-rpms" && \
dnf install -y firewalld jq microshift microshift-release-info && \
systemctl enable microshift && \
dnf clean all
# Create a default 'redhat' user with the specified password.
# Add it to the 'wheel' group to allow for running sudo commands.
ARG USER_PASSWD
RUN if [ -z "${USER_PASSWD}" ] ; then \
echo USER_PASSWD is a mandatory build argument && exit 1 ; \
fi
# hadolint ignore=DL4006
RUN useradd -m -d /var/home/redhat -G wheel redhat && \
echo "redhat:${USER_PASSWD}" | chpasswd
# Mandatory firewall configuration
RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 && \
firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 && \
firewall-offline-cmd --zone=trusted --add-source=fd01::/48
# Application-specific firewall configuration
RUN firewall-offline-cmd --zone=public --add-port=80/tcp && \
firewall-offline-cmd --zone=public --add-port=443/tcp && \
firewall-offline-cmd --zone=public --add-port=30000-32767/tcp && \
firewall-offline-cmd --zone=public --add-port=30000-32767/udp
# Create a systemd unit to recursively make the root filesystem subtree
# shared as required by OVN images
RUN cat > /usr/lib/systemd/system/microshift-make-rshared.service <<'EOF'
[Unit]
Description=Make root filesystem shared
Before=microshift.service
ConditionVirtualization=container
[Service]
Type=oneshot
ExecStart=/usr/bin/mount --make-rshared /
[Install]
WantedBy=multi-user.target
EOF
# hadolint ignore=DL3059
RUN systemctl enable microshift-make-rshared.service