Packaging for Mageia Linux with Docker containers Bruno Cornec – FLOSSITA January 2019 Introducing myself ● Software engineering and Unices since 19!!" – #ost$y Configuration #anage%ent Systems (C#S), Bui$d sy te% ( qua$ity tool , on %u$ti*$e com%ercia$ Uni+ syste% – ,isco-ered O*en Source & Linux &OSL) . made first contri/utions in 1990 – Fu$$ ti%e on OSL since 1991 ● Current$y" – OSL Tec2no$ogy Strategist , Grenob$e, France – FLOSSITA board chair – 4OSS conference, OpenStac56fr, AFUL previous board member. – Conferences at 77 le-e$ at LinuxCon, Linu+6conf.au, Fosde%, ... – #ondoRescue, 4roject-Bui$der6org( pyt2on:redfi 2, UUWL and PUS; Project Lead – Linu+CO<, mre*o, te$$ico, rinse, fosso$ogy, col$ect$, Ironic contributor – FOSSBa=aar>S4,X and OSL overnance ent2usiast – #andri-a( #ageia packager ● And a$so" – A%ateur singer (A$to / Tenor), recorder p$ayer since 19@A and C2oir director since 19!@, C, col$ector &A000B', Concert ( 42otogra*2y Some reminders Bare"Metal vs VM vs Container Bare metal #irtualized $ontainerized application layer application layer application layer &machine virtuali%ation' &process virtualization' )pps )pps $ o n t )pps )pps uest OS )pps )pps a i n e *ost"+S *ypervisor *ost"OS r Server Server Server Infra Storage structure Storage Storage (etwork (etwork (etwork ,hat is Docker value"add ? 8un a**lications in a neutra$( lightweight and *orta/$e way !undle. E-eryt2ing packed toget2er for a new de$i-ery %ode$ )pproch. One *roce s =C One container Layers: I%ages (ro) & containers (rw) using a union FS /egistry: pu/$ic/*ri-ate registry of shared images Dockerfile" descri*ti-e /ui$d of an image #olumes: loo*/ack %ounting host FS into container Ports: e+*o e container services *ort to t2e host Portable: created once, run e-erywhere (on a gi-en OS' $omposition. Si%*$e DA#L fi$es *). Swarm and>or K! Management: 8<ST A4I>CLI Language. Go and some pyt2on Solomon Hyke ( ,oc5er « creator G6 License: A*ache v260 A layered approach $ontainer (rw' Instance Scripts Images (ro' Pkgs Instance $ontainer (rw' Mageia !usybox Image (ro' 0ernel *ost 1 application B it de* == 1 container Images $ontainers Loca$ or remote reference content Last layer providing rw access to to initiate a container t2e cu%u$ated set of images #u$ti*$e i%ages can /e layered adding content at each ti%e using Copy on Write FS Cache to speed u* re*eated operation ,hy building distribution packages with Containers vs VMs- $ontainers like VMs bring isolation Ho pol$ution of your running environment <asi$y scratc2 and redo if *rob$e% <asier refinement & automation of the bui$d environment with the Docker fi$e $ontainers like VMs bring multi"distribution support <a y to bui$d for another distri/ution than your Usefu$ a$so for your own distro: not e-erybody uses an unsta/$e distro $ontainers can use natively your home directory A$$ow 2aring of your *ackage sources for loca$ and in container /ui$d A$$ow 2aring of your .rp%macros, .rpmrc fi$es, #ageia SSE 5eys (or Fedora cert ' #Ms are mandatory if you need a di1erent kernel Basic Docker workflow to build distribution packages Images Mageia Cauldron Mageia 6 ... Fedora Rawhide Docker registry Dockerfiles Fedora 29 ... Distri/ution 8epository Containers Mageia Cauldron Mageia 6 ... Fedora Rawhide Fedora 29 ... Loca$ ,oc5er <ngine SIH > Git sources Loca$ co%*uter 4ackage %ngt Building distribution images with a Dockerfile mkdir -p $TMPDM cd $TMPDM MUID=`getent passwd $USER | cut -d: -f3` MGID=`getent passwd $USER | cut -d: -f4` # Build the Dockerfile cat > Dockerfile << EOF FROM mageiaofficial:$MGAVER MAINTAINER [email protected] RUN urpmi.update -a -c -f # Not useful if using mageiaofficial:$MGAVER #RUN urpmi.removemedia -a #RUN urpmi.addmedia --probe-hdlist --distrib mga $MGAMIRROR/$MGAVER/$MGAARCH RUN urpmi --auto --auto-select --no-recommends RUN urpmi --auto bm subversion mgarepo colordiff sudo RUN useradd $USER -u $MUID -g $MGID -N -M -d $HOME RUN echo "$USER ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers RUN mkdir -p $HOME WORKDIR $WORKDIR USER $USER CMD /bin/bash EOF fi /unning distribution containers with a Docker stat=0 docker inspect pb:mageiabuild$MGAVER 2>&1 > /dev/null if [ $? -eq 0 ]; then if [ "$FORCE" = "1" ]; then docker rmi pb:mageiabuild$MGAVER fi else docker build --file=Dockerfile -t pb:mageiabuild$MGAVER . stat=$? fi if [ $stat -eq 0 ]; then docker run --rm -v "$SSH_AUTH_SOCK":/ssh-agent -v $HOME:$HOME -e SSH_AUTH_SOCK=/ssh- agent -ti pb:mageiabuild$MGAVER fi 8eference scri*t: htt* ">>git2u/6co%>/cornec/mageia:docker>/$ob>%aster>run-mageia Show Time ! $ontinuous Packaging with Docker & project"builder5org 4ac5agers Loca$ Bui$d Server Docker Containers 4ro9ect Bui$d + 8epository %etadata 4roject Local build ,e-elopers FLOSSCon 2019 - 03/02/2019 Contact" bruno@flossita5org THANK YOU Linus Tor-a$ds, Richard Sta$$%an( <ric Raymond, Hat #a5are-itch( 8ené Cougnenc( <ric ,u%as, RJ%y Card, Bda$e Garbee, So$omon Hykes, Bryan Gartner, Andree Leidenfro t, Phi$ Ro//, Bo/ 3o/ei$$e, Martin #ic2$mayr among ot2ers, for their work and de-otion to the O*en Source Software cause... and %y fami$y for their patience :-).