How to build and use custom OS images
Remastering an OS image with a custom Dockerfile
Since OS images provided by SUSE® Rancher Prime OS Manager are container images, they can also be used as a base image in a Dockerfile in order to create a new container image.
Imagine some additional packages from an extra repository is required, the following example showcases how this could be added:
# The version of SUSE® Rancher Prime OS Manager to modify
FROM registry.suse.com/suse/sle-micro/5.5:latest
# Custom commands
RUN rpm --import +++<repo-signing-key-url>+++&& \ zypper addrepo --refresh +++<repo_url>+++extra_repo && \ zypper install -y +++<extra_package>++++++</extra_package>++++++</repo_url>++++++</repo-signing-key-url>+++
# IMPORTANT: /etc/os-release is used for versioning/upgrade. The
# values here should reflect the tag of the image currently being built
ARG IMAGE_REPO=norepo
ARG IMAGE_TAG=latest
RUN \
sed -i -e "s/{caret}IMAGE_REPO=._/IMAGE_REPO="$\{IMAGE_REPO}"/g" /etc/os-release && \
sed -i -e "s/{caret}IMAGE_TAG=._/IMAGE_TAG="$\{IMAGE_TAG}"/g" /etc/os-release && \
sed -i -e "s/{caret}IMAGE=.*/IMAGE="$\{IMAGE_REPO}:$\{IMAGE_TAG}"/g" /etc/os-release
# IMPORTANT: it is good practice to recreate the initrd and re-apply `elemental-init`
# command that was used in the base image. This ensures that any eventual change that should
# be synced in initrd included binaries is also applied there and consistent.
RUN elemental init --force immutable-rootfs,grub-config,dracut-config,cloud-config-essentials,elemental-setup
Where latest
is the base version we want to customize.
And then the following commands
docker build --build-arg IMAGE_REPO=myrepo/custom-build \
--build-arg IMAGE_TAG=v1.1.1 \
-t myrepo/custom-build:v1.1.1 .
docker push myrepo/custom-build:v1.1.1
The new customized OS is available as the Docker image myrepo/custom-build:v1.1.1
and it can
be run and verified using docker with
docker run -it myrepo/custom-build:v1.1.1 bash
Create a custom bootable installation ISO
SUSE® Rancher Prime OS Manager leverages container images to build its root filesystems; therefore, it is possible to use it in a multi-stage environment to create custom bootable media that bundles a custom container image.
FROM registry.suse.com/suse/sle-micro/5.5:latest AS os
# Check the previous section on building custom images
# The released OS already includes the toolchain for building ISOs
FROM registry.suse.com/suse/sle-micro/5.5:latest AS builder
ARG TARGETARCH
WORKDIR /iso
COPY --from=os / rootfs
# work around buildah issue: https://github.com/containers/buildah/issues/4242
RUN rm -f rootfs/etc/resolv.conf
RUN elemental build-iso \
dir:rootfs \
--bootloader-in-rootfs \
--squash-no-compression \
-o /output -n "elemental-${TARGETARCH}"
FROM busybox
COPY --from=builder /output /elemental-iso
ENTRYPOINT ["busybox", "sh", "-c"]
Build it with regular docker build
command:
docker build -t myrepo/custom-build:v1.1.1 +
--build-arg IMAGE_REPO=myrepo/custom-build-iso +
--build-arg IMAGE_TAG=v1.1.1 +
.
The resulting container image is actually a container image including the ISO, this container image can be pushed to an OCI registry too. The ISO image can be extracted from the container to the current folder by executing the container as:
docker run --rm -v $(pwd):/host mytest-image "busybox cp /elemental-iso/*.iso /host"
The new customized installation media can be found in elemental-<arch>.iso
.
The above container run is equivalent to what elemental-operator does to extract
the ISO from a container to build a new one including the registration URL,
hence this is also a good check mark to verify the container can be pushed to a
registry and used by the elemental-operator as a baseImage
for a
SeedImage resource.
List custom images as a ManagedOSVersion resource
In SUSE® Rancher Prime OS Manager listing OS container images and ISO container images as ManagedOSVersion resources is not mandatory but handy. Specially from a UI perspective this makes the custom images visible and easy to use from the SUSE® Rancher Prime OS Manager UI extension.
Continuing the example from the previous section a custom OS container referenced as
myrepo/custom-build:v1.1.1
was built and eventually pushed to a registry. Then this
image is ready to be added as a ManagedOSVersion resource with:
apiVersion: elemental.cattle.io/v1beta1
kind: ManagedOSVersion
metadata:
name: v1.1.1-custom-build
namespace: fleet-default
spec:
metadata:
displayName: Custom build image
upgradeImage: myrepo/custom-build:v1.1.1
type: container
version: v1.1.1
Note the type: container
states this is a container OS. This makes the image myrepo/custom-build:v1.1.1
eligible for OS upgrades from the UI.
Finally, the custom container for the ISO myrepo/custom-build-iso:v1.1.1
can also be included
as a ManagedOSVersion resource with:
apiVersion: elemental.cattle.io/v1beta1
kind: ManagedOSVersion
metadata:
name: v1.1.1-custom-build-iso
namespace: fleet-default
spec:
metadata:
displayName: Custom build ISO image
uri: myrepo/custom-build-iso:v1.1.1
type: iso
version: v1.1.1
Note the type: iso
states this is an ISO. This makes the image myrepo/custom-build-iso:v1.1.1
eligible for SeedImages generation from UI.