Help Center/ Huawei Cloud EulerOS/ User Guide/ Creating a Docker Image and Starting a Container

Updated on 2025-09-19 GMT+08:00

View PDF

Creating a Docker Image and Starting a Container

This section uses HCE 2.0 as an example to describe how to create a Docker image of HCE and start the container on HCE.

Constraints

The version of HCE running the container image must be the same as that of the created container image.

Creating an Image Archive File

Confirm that the repository is configured correctly.

Check whether the parameters in the /etc/yum.repos.d/hce.repo file are configured correctly. The correct configuration is as follows:

[base]
name=HCE $releasever base
baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2

[updates]
name=HCE $releasever updates
baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/updates/RPM-GPG-KEY-HCE-2
 
[debuginfo]
name=HCE $releasever debuginfo
baseurl=https://repo.huaweicloud.com/hce/$releasever/debuginfo/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/debuginfo/RPM-GPG-KEY-HCE-2

Create a new directory as the root file system of Docker images, for example, /tmp/docker_rootfs. Install the software package in this directory.
```
mkdir -p /tmp/docker_rootfs 
yum --setopt=install_weak_deps=False --installroot /tmp/docker_rootfs --releasever 2.0 install bash yum coreutils security-tool procps-ng vim-minimal tar findutils filesystem hce-repos hce-rootfiles cronie -y
```
By default, the yum command installs the software package of the current HCE version. To install the software package of other HCE version, you can use --releasever to specify the version. For example, the command above is used to install the software package of HCE 2.0.
Use chroot to go to the temporary directory.
```
chroot /tmp/docker_rootfs
```

Configure the temporary directory.

Execute security-tool.sh to disable unnecessary services.
```
export EULEROS_SECURITY=0
echo "export TMOUT=300" >> /etc/bashrc
/usr/sbin/security-tool.sh -d / -c /etc/hce_security/hwsecurity/hce_security_install.conf -u /etc/hce_security/usr-security.conf -l /var/log/hce-security.log -s
```
During the execution, it is normal if the errors similar to Figure 1 are displayed. The errors can be:
- The service file was not found. The service is not started in the chroot file system.
- The /etc/sysconfig/init file for booting the system was not found. The tool disables services during system startup. The image rootfs is not involved in system startup.
- The /proc/sys/kernel/sysrq file was not found. This file is used for calling after the system is started and does not exist in the chroot file system.
Figure 1 Error messages

Uninstall the security-tool, cronie, and systemd software packages and their dependent software packages.

cp -af /etc/pam.d /etc/pam.d.bak
rm -f /etc/yum/protected.d/sudo.conf /etc/yum/protected.d/systemd.conf
yum remove -y security-tool cronie systemd
rpm -e --nodeps logrotate crontabs
rm -rf /etc/pam.d
mv /etc/pam.d.bak /etc/pam.d
sh -c 'shopt -s globstar; for f in $(ls /**/*.rpmsave); do rm -f $f; done' &> /dev/null 
[ -d /var/lib/dnf ] && rm -rf /var/lib/dnf/*
[ -d /var/lib/rpm ] && rm -rf /var/lib/rpm/__db.*

Remove the /boot directory.
```
rm -rf /boot
```

Set the container image language to en_US.

cd /usr/lib/locale;rm -rf $(ls | grep -v en_US | grep -vw C.utf8 )
rm -rf /usr/share/locale/*

Remove shared files man, doc, info, and mime.
```
rm -rf /usr/share/{man,doc,info,mime}
```

Remove the cached log files.

rm -rf /etc/ld.so.cache
[ -d /var/cache/ldconfig ] && rm -rf /var/cache/ldconfig/*
[ -d /var/cache/dnf ] && rm -rf /var/cache/dnf/*
[ -d /var/log ] && rm -rf /var/log/*.log

Remove the Java security certificate.

rm -rf /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/java/cacerts

Remove /etc/machine-id.
```
rm -rf /etc/machine-id
```
Remove /etc/mtab.
```
rm -rf /etc/mtab
```

Exit from the chroot file system.
```
exit
```
Compress the temporary directory and generate the Docker image archive file hce-docker.x86_64.tar.xz.
The archive path is /tmp/docker_rootfs/hce-docker.x86_64.tar.xz.
```
pushd /tmp/docker_rootfs/
tar cvf hce-docker.x86_64.tar .
xz hce-docker.x86_64.tar
popd
```

Starting a Container Using an Image Archive File

Confirm that the repository is configured correctly.

Check whether the parameters in the /etc/yum.repos.d/hce.repo file are configured correctly. The correct configuration is as follows:

[base]
name=HCE $releasever base
baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2

[updates]
name=HCE $releasever updates
baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/updates/RPM-GPG-KEY-HCE-2
 
[debuginfo]
name=HCE $releasever debuginfo
baseurl=https://repo.huaweicloud.com/hce/$releasever/debuginfo/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/debuginfo/RPM-GPG-KEY-HCE-2

Install the Docker software package.
```
yum install docker -y
```
Use the image archive file to create a container image.
```
mv /tmp/docker_rootfs/hce-docker.x86_64.tar.xz .
docker import hce-docker.x86_64.tar.xz
```
Run docker images to check the container image ID. In this example, the container image ID is 6cfefae3a541.

Figure 2 Checking the container image ID

To create an image, you can run the following command to specify the REPOSITORY and TAG parameters:

docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
Use the image to run containers and enter the bash environment.
If the shell view changes after you run the following command, you have entered the bash environment of the containers: 6cfefae3a541 is the image ID.
```
docker run -it 6cfefae3a541 bash
```