Help Center/ Huawei Cloud EulerOS/ User Guide/ Creating a Docker Image and Starting a Container
Updated on 2025-07-21 GMT+08:00
View PDF
Share

Creating a Docker Image and Starting a Container

This section describes how to create a Docker image for HCE and start the container on HCE.

Constraints

  • The version of HCE running the container image must be the same as that of the created container image.

Creating an Image Archive File

  1. Confirm that the repository is configured correctly.

    Check whether the parameters in the /etc/yum.repos.d/hce.repo file are configured correctly. The correct configuration is as follows:

    [base]
name=HCE $releasever base
baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2

[updates]
name=HCE $releasever updates
baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/
......
  2. Create a temporary directory as the root file system of Docker images and install the software package in the temporary directory. 
    rm -rf /tmp/docker_rootfs 
mkdir -p /tmp/docker_rootfs 
yum --setopt=install_weak_deps=False --installroot /tmp/docker_rootfs --releasever 2.0 install bash yum coreutils security-tool procps-ng vim-minimal tar findutils filesystem hce-repos hce-rootfiles cronie -y

    By default, the yum command installs the software package of the current HCE version. To install the software package of other HCE version, you can use --releasever to specify the version. For example, the command above is used to install the software package of HCE 2.0.

  3. Use chroot to go to the temporary directory. 
    chroot /tmp/docker_rootfs
  4. Configure the temporary directory.
    1. Execute security-tool.sh to disable unnecessary services. 
      export EULEROS_SECURITY=0
echo "export TMOUT=300" >> /etc/bashrc
/usr/sbin/security-tool.sh -d / -c /etc/hce_security/hwsecurity/hce_security_install.conf -u /etc/hce_security/usr-security.conf -l /var/log/hce-security.log -s

      During the execution, it is normal if the errors similar to Figure 1 are displayed. The errors can be:

      • The service file was not found. The service is not started in the chroot file system.
      • The /etc/sysconfig/init file for booting the system was not found. The tool disables services during system startup. The image rootfs is not involved in system startup.
      • The /proc/sys/kernel/sysrq file was not found. This file is used for calling after the system is started and does not exist in the chroot file system.
      Figure 1 Error messages
    2. Uninstall the security-tool, cronie, and systemd software packages and their dependent software packages. 
      cp -af /etc/pam.d /etc/pam.d.bak
rm -f /etc/yum/protected.d/sudo.conf /etc/yum/protected.d/systemd.conf
yum remove -y security-tool cronie systemd
rpm -e --nodeps logrotate crontabs
rm -rf /etc/pam.d
mv /etc/pam.d.bak /etc/pam.d
sh -c 'shopt -s globstar; for f in $(ls /**/*.rpmsave); do rm -f $f; done'
[ -d /var/lib/dnf ] && rm -rf /var/lib/dnf/*
[ -d /var/lib/rpm ] && rm -rf /var/lib/rpm/__db.*
    3. Remove the /boot directory. 
      rm -rf /boot
    4. Set the container image language to en_US. 
      cd /usr/lib/locale;rm -rf $(ls | grep -v en_US | grep -vw C.utf8 )
rm -rf /usr/share/locale/*
    5. Remove shared files man, doc, info, and mime. 
      rm -rf /usr/share/{man,doc,info,mime}
    6. Remove the cached log files. 
      rm -rf /etc/ld.so.cache
[ -d /var/cache/ldconfig ] && rm -rf /var/cache/ldconfig/*
[ -d /var/cache/dnf ] && rm -rf /var/cache/dnf/*
[ -d /var/log ] && rm -rf /var/log/*.log
    7. Remove the Java security certificate. 
      rm -rf /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/java/cacerts
    8. Remove /etc/machine-id. 
      rm -rf /etc/machine-id
    9. Remove /etc/mtab. 
      rm -rf /etc/mtab
  5. Exit from the chroot file system. 
    exit
  6. Compress the temporary directory and generate the Docker image archive file hce-docker.x86_64.tar.xz.
    The archive path is /tmp/docker_rootfs/hce-docker.x86_64.tar.xz. 
    pushd /tmp/docker_rootfs/
tar cvf hce-docker.x86_64.tar .
xz hce-docker.x86_64.tar
popd

Starting a Container Using an Image Archive File

  1. Confirm that the repository is configured correctly.

    Check whether the parameters in the /etc/yum.repos.d/hce.repo file are configured correctly. The correct configuration is as follows:

    [base]
name=HCE $releasever base
baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2

[updates]
name=HCE $releasever updates
baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/
......
  2. Install the Docker software package. 
    yum install docker -y
  3. Use the image archive file to create a container image. 
    mv /tmp/docker_rootfs/hce-docker.x86_64.tar.xz .
docker import hce-docker.x86_64.tar.xz

    Run the docker images command to check the container image ID. In this example, the container image ID is 6cfefae3a541.

    Figure 2 Checking the container image ID

    To create an image, you can run the following command to specify the REPOSITORY and TAG parameters:

    docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]

  4. Use the image to run containers and enter the bash environment.

    If the shell view changes after you run the following command, you have entered the bash environment of the containers: 6cfefae3a541 is the image ID.

    docker run -it 6cfefae3a541 bash