CentOS 7 Linux Base Docker Image
For more information on Docker, visit docker.com
Description:
This instruction set will show how to build a base container image using CentOS Linux 7. This container image is the image used for many of the appcontainers images found on the docker hub.
CentOS 7 Linux Base Minimal Install - 176 MB (tags: 7) CentOS 7 Linux Base with Ansible - 229 MB (tags: ansible-7)
This container is built from centos:7, (242/295 MB Before Flatification)
Installation Steps:
Install official CentOS 7 GPG Key:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Install the Epel Repository:
yum install -y epel-release
rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
Install the Remi Repository:
cd /etc/yum.repos.d/;
wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm;
rpm -Uvh remi-release-7*.rpm;
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
Modify Remi Repo to enable remi base and PHP 7.1:
sed -ie '/\[remi\]/,/^\[/s/enabled=0/enabled=1/' /etc/yum.repos.d/remi.repo;
sed -ie '/\[remi-php71\]/,/^\[/s/enabled=0/enabled=1/' /etc/yum.repos.d/remi-php71.repo
Update the OS:
yum clean all;
yum --exclude=systemd*,util-linux*,libblkid*,libuuid*,libmount*,iputils* -y update
The following packages are also installed on the :ansible variant only
yum update ansible
The following configuration is also set on the ansible variant only
curl "https://bootstrap.pypa.io/get-pip.py" -o "/tmp/get-pip.py" && \
python /tmp/get-pip.py && \
pip install pip --upgrade && \
rm -fr /tmp/get-pip.py && \
mkdir -p /etc/ansible/roles || exit 0 && \
echo localhost ansible_connection=local > /etc/ansible/hosts
mkdir -p /etc/ansible/roles || exit 0 && \
echo localhost ansible_connection=local > /etc/ansible/hosts
CentOS recommended systemd fixes:
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done) && \
rm -f /lib/systemd/system/multi-user.target.wants/* && \
rm -f /etc/systemd/system/*.wants/* && \
rm -f /lib/systemd/system/local-fs.target.wants/* && \
rm -f /lib/systemd/system/sockets.target.wants/*udev* && \
rm -f /lib/systemd/system/sockets.target.wants/*initctl* && \
rm -f /lib/systemd/system/basic.target.wants/* && \
rm -f /lib/systemd/system/anaconda.target.wants/*
Cleanup:
Remove the contents of /var/cache/ after a yum update or yum install will save about 150MB from the image size
rm -f /etc/yum.repos.d/*.rpm; rm -fr /var/cache/*
Cleanup Locales:
for x in `ls /usr/share/locale | grep -v -i en | grep -v -i local`;do rm -fr /usr/share/locale/$x; done && \
for x in `ls /usr/share/i18n/locales/ | grep -v en_`; do rm -fr /usr/share/i18n/locales/$x; done && \
rm -fr /usr/share/locale/ca* /usr/share/locale/den /usr/share/locale/men /usr/share/locale/wen /usr/share/locale/zen && \
cd /usr/lib/locale;
localedef --list-archive | grep -v -i ^en | xargs localedef --delete-from-archive
mv -f locale-archive locale-archive.tmpl;
build-locale-archive
Set the default Timezone to EST:
cp /etc/localtime /root/old.timezone && \
rm -f /etc/localtime && \
ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
Remove Man Pages and Docs to preserve Space:
rm -fr /usr/share/doc/* /usr/share/man/* /usr/share/groff/* /usr/share/info/*;
rm -rf /usr/share/lintian/* /usr/share/linda/* /var/cache/man/*
Set the Terminal CLI Prompt:
Copy the included Terminal CLI Color Scheme file to /etc/profile.d so that the terminal color will be included in all child images
#!/bin/bash
if [ "$PS1" ]; then
set_prompt () {
Last_Command=$? # Must come first!
Blue='\[\e[01;34m\]'
White='\[\e[01;37m\]'
Red='\[\e[01;31m\]'
YellowBack='\[\e[01;43m\]'
Green='\[\e[01;32m\]'
Yellow='\[\e[01;33m\]'
Black='\[\e[01;30m\]'
Reset='\[\e[00m\]'
FancyX='\342\234\227'
Checkmark='\342\234\223'
# If it was successful, print a green check mark. Otherwise, print a red X.
if [[ $Last_Command == 0 ]]; then
PS1="$Green$Checkmark "
else
PS1="$Red$FancyX "
fi
# If root, just print the host in red. Otherwise, print the current user
# and host in green.
if [[ $EUID == 0 ]]; then
PS1+="$Black $YellowBack $TERMTAG $Reset $Red \\u@\\h"
else
PS1+="$Black $YellowBack $TERMTAG $Reset $Green \\u@\\h"
fi
# Print the working directory and prompt marker in blue, and reset
# the text color to the default.
PS1+="$Blue\\w \\\$$Reset "
}
PROMPT_COMMAND='set_prompt'
fi
Prevent the .bashrc from being executed via SSH or SCP sessions:
echo -e "\nif [[ -n \"\$SSH_CLIENT\" || -n \"\$SSH_TTY\" ]]; then\n\treturn;\nfi\n" >> /root/.bashrc && \
echo -e "\nif [[ -n \"\$SSH_CLIENT\" || -n \"\$SSH_TTY\" ]]; then\n\treturn;\nfi\n" >> /etc/skel/.bashrc
Set Dockerfile Runtime command:
Default command to run when lauched via docker run
CMD /usr/sbin/init && /bin/bash
Dockerfile:
###########################################################
# Dockerfile to build the CentOS 7 Base Container
# Based on: centos:7.3
# DATE: 06/11/16
# COPYRIGHT: Appcontainers.com
###########################################################
# Set the base image in namespace/repo format.
# To use repos that are not on the docker hub use the example.com/namespace/repo format.
FROM library/centos:7
# File Author / Maintainer
MAINTAINER Rich Nason rnason@appcontainers.com
###########################################################
#********************* APP VERSIONS *********************
###########################################################
###########################################################
#*********** OVERRIDE ENABLED ENV VARIABLES *************
###########################################################
ENV TERMTAG CentOS7Base
###########################################################
#************** ADD REQUIRED APP FILES ******************
###########################################################
# Import keys and fix passwd issue.
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
###########################################################
#*************** UPDATES & PRE-REQS *********************
###########################################################
# Clean, Update, and Install... then clear non English local data.
# NOTE: If building on any box other than a CentOS 7 docker host, then iputils.x86 will fail with:
# unpacking of archive failed on file /usr/bin/ping: cpio: cap_set_file
RUN yum clean all && \
# Install required packages
yum -y install epel-release && \
rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 && \
# Download and install Epel, and Remi repositories.
cd /etc/yum.repos.d/ && \
curl -O http://rpms.famillecollet.com/enterprise/remi-release-7.rpm && \
rpm -Uvh remi-release-7*.rpm && \
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi && \
rm -fr *.rpm && \
#Enable the remi repo
sed -ie '/\[remi\]/,/^\[/s/enabled=0/enabled=1/' /etc/yum.repos.d/remi.repo && \
# sed -ie '/\[remi-php55\]/,/^\[/s/enabled=0/enabled=1/' /etc/yum.repos.d/remi.repo && \
sed -ie '/\[remi-php71\]/,/^\[/s/enabled=0/enabled=1/' /etc/yum.repos.d/remi-php71.repo && \
# Update the OS,
# Exclude systemd, and its dependant libs as centos installs a fake systemd for the container.
yum clean all && \
yum --exclude=systemd*,util-linux*,libblkid*,libuuid*,libmount* -y update && \
# yum -y install ansible && \
# Remove yum cache this bad boy can be 150MBish
yum clean all && \
rm -fr /var/cache/*
# The following actions are recommended by the official centos7 maintainers when constructing
# a base container image.
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done) && \
rm -f /lib/systemd/system/multi-user.target.wants/* && \
rm -f /etc/systemd/system/*.wants/* && \
rm -f /lib/systemd/system/local-fs.target.wants/* && \
rm -f /lib/systemd/system/sockets.target.wants/*udev* && \
rm -f /lib/systemd/system/sockets.target.wants/*initctl* && \
rm -f /lib/systemd/system/basic.target.wants/* && \
rm -f /lib/systemd/system/anaconda.target.wants/*
VOLUME [ "/sys/fs/cgroup" ]
###################################################################
#******************* APPLICATION INSTALL ************************
###################################################################
# Install pip and configure ansible
# RUN curl "https://bootstrap.pypa.io/get-pip.py" -o "/tmp/get-pip.py" && \
# python /tmp/get-pip.py && \
# pip install pip --upgrade && \
# rm -fr /tmp/get-pip.py && \
# mkdir -p /etc/ansible/roles || exit 0 && \
# echo localhost ansible_connection=local > /etc/ansible/hosts
###################################################################
#****************** POST DEPLOY CLEAN UP ************************
###################################################################
# Remove locales other than english
RUN for x in `ls /usr/share/locale | grep -v -i en | grep -v -i local`;do rm -fr /usr/share/locale/$x; done && \
for x in `ls /usr/share/i18n/locales/ | grep -v en_`; do rm -fr /usr/share/i18n/locales/$x; done && \
rm -fr /usr/share/locale/ca* /usr/share/locale/den /usr/share/locale/men /usr/share/locale/wen /usr/share/locale/zen && \
cd /usr/lib/locale && \
localedef --list-archive | grep -v -i ^en | xargs localedef --delete-from-archive && \
mv -f locale-archive locale-archive.tmpl && \
build-locale-archive
# Set the default Timezone to EST
RUN cp /etc/localtime /root/old.timezone && \
rm -f /etc/localtime && \
ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
# Remove random un-necessary crap
RUN rm -fr /usr/share/doc/* /usr/share/man/* /usr/share/groff/* /usr/share/info/* && \
rm -rf /usr/share/lintian/* /usr/share/linda/* /var/cache/man/*
# Rebuild the RPM Database
RUN rm -f /var/lib/rpm/__db* && \
rpm --rebuilddb
# Add the following to prevent any additions to the .bashrc from being executed via SSH or SCP sessions
RUN echo -e "\nif [[ -n \"\$SSH_CLIENT\" || -n \"\$SSH_TTY\" ]]; then\n\treturn;\nfi\n" >> /root/.bashrc && \
echo -e "\nif [[ -n \"\$SSH_CLIENT\" || -n \"\$SSH_TTY\" ]]; then\n\treturn;\nfi\n" >> /etc/skel/.bashrc
###################################################################
#***************** CONFIGURE START ITEMS ************************
###################################################################
ADD termcolor.sh /etc/profile.d/PS1.sh
RUN chmod +x /etc/profile.d/PS1.sh
CMD /usr/sbin/init && /bin/bash
###################################################################
#**************** EXPOSE APPLICATION PORTS **********************
###################################################################
###################################################################
#******************* OPTIONAL / LEGACY **************************
###################################################################
Building the image from the Dockerfile:
docker build -t build/centos .
Packaging the final image:
Because we want to make this image as light weight as possible in terms of size, the image is flattened in order to remove the docker build tree, removing any intermediary build containers from the image. In order to remove the reversion history, the image needs to be ran, and then exported/imported. Note that just saving the image will not remove the revision history, In order to remove the revision history, the running container must be exported and then re-imported.
Run the container build:
docker run -it -d \
--name centos \
build/centos \
/bin/bash
The run statement should start a detached container, however if you are attached, detach from the container
CTL P + CTL Q
Export and Re-import the Container:
Note that because we started the build container with the name of centos, we will use that in the export statement instead of the container ID.
docker export centos | docker import - appcontainers/centos:latest
Verify:
Issuing a docker images should now show a newly saved appcontainers/centos image, which can be pushed to the docker hub.
Run the container:
docker run -it -d -v /sys/fs/cgroup:/sys/fs/cgroup:ro appcontainers/centos:latest
Dockerfile Change-log:
05/19/2017 - Update to 7.3 lastest, PHP 7.1
03/25/2017 - Created separate build/tags for raw base and base with ansible installed
03/24/2017 - Updated to CentOS 7.3
11/28/2016 - Updated and ansible added to replace custom runconfig
06/11/2016 - Updated to latest 7.2.1511 build.
12/14/2015 - Updated to CentOS 7.2
07/07/2015 - First Build