Status (master branch)
This repository holds an opinionated centos (version 7) docker image to be used as a base docker image. Some inspiration sources are given at the end of this file.
Features:
- Updated image (at build time)
- Reasonable size (< 100 MB on the docker hub), reasonable number of layers (8) with a squashed Dockerfile
- Don't add too many packages by installing just what's needed
- Don't break the upstream system
- Init system and multiple processes launcher/supervisor (S6)
- (optional) complete cron/anacron daemon (cronie)
- (optional) SSH server
Not really usefull (because it's mainly a base image to use in the FROM keyword) but you can play with it with (for example):
docker run -i -t metwork/centos7-opinionated:latest bash
Available environnement variables:
DCO_CRONIE_START(if "1" (default) then start the cron daemon)DCO_SSHD_START(if "0" (default) then do not start the sshd daemon)
If you set DCO_SSHD_START=1, you can also use following environnement variables:
DCO_SSHD_FORCE_RSA_HOST_KEYDCO_SSHD_FORCE_RSA_HOST_PUB_KEYDCO_SSHD_FORCE_ECDSA_HOST_KEYDCO_SSHD_FORCE_ECDSA_HOST_PUB_KEYDCO_SSHD_FORCE_ED25519_HOST_KEYDCO_SSHD_FORCE_ED25519_HOST_PUB_KEY
to force sshd host keys.
You can also use:
DCO_SSHD_ADD_ROOT_AUTHORIZED_KEYto add the given public key to/root/.ssh/authorized_keysDCO_FORCE_ROOT_PASSWORDto force the root password
If you prefer, you can also use a volume mounted in /force in the container with:
/force/root_password(instead ofDCO_FORCE_ROOT_PASSWORD)/force/ssh_host_rsa_key/force/ssh_host_rsa_key.pub/force/ssh_host_ed25519_key/force/ssh_host_ed25519_key.pub/force/ssh_host_ecdsa_key/force/ssh_host_ecdsa_key.pub(instead of correspondingDCO_SSHD_FORCE_*_KEY)/force/root_authorized_keys(the content of this file will be appended to/root/.ssh/authorized_keys)
When you start this image with the default "entrypoint" (/init), it launch the S6 process supervisor (see links at the end)
provided by the s6-overlay.
First, it executes /etc/cont-init.d/* initialization (short) tasks. Then, it launchs /etc/services.d/*/run script. This script
must execute your daemon in a long-lived way and will have to deal with signals. If this "run script" exits, it will be automatically
restarted. An easy way to write a such script is to use the "exec" bash builtin with the "foreground mode" startup command of your service.
For example:
#!/bin/sh
exec /sbin/rsyslogd -nBecause of "exec", the script will be replaced by the launched command. So you won't have to deal with signals by yourself.
So a complete example to override this image with a new service on top of it can be:
$ find my_image
my_image/
my_image/Dockerfile
my_image/root
my_image/root/etc
my_image/root/etc/cont-init.d
my_image/root/etc/cont-init.d/my_initialization_script
my_image/root/etc/services.d
my_image/root/etc/services.d/myapp
my_image/root/etc/services.d/myapp/run
With my_image/Dockerfile like:
FROM metwork/centos7-opinionated
COPY root /
And that's all ! Your custom service will be executed as well as sshd, cron services provides by the base image.
Yes, quotted from the s6-overlay README:
Using CMD is a really convenient way to take advantage of the s6-overlay. Your CMD can be given at build-time in the Dockerfile, or at runtime on the command line, either way is fine - it will be run under the s6 supervisor, and when it fails or exits, the container will exit. You can even run interactive programs under the s6 supervisor!
Please consult s6-overlay REAME for examples and more details.
- the-5-most-important-things-ive-learned-from-using-docker
- docker-and-s6-my-new-favorite-process-supervisor
- baseimage-docker
- s6-overlay
- s6
- cronie
See CONTRIBUTING.md file.
See CODE_OF_CONDUCT.md file.
(If you are officially paid to work on MetWork Framework, please contact us to add your company logo here!)
