Creating a Docker Image and Starting a Container
This section uses HCE 2.0 as an example to describe how to create a Docker image of HCE and start the container on HCE.
Constraints
- The version of HCE running the container image must be the same as that of the created container image.
Creating an Image Archive File
- Confirm that the repository is configured correctly.
    Check whether the parameters in the /etc/yum.repos.d/hce.repo file are configured correctly. The correct configuration is as follows: [base] name=HCE $releasever base baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2 [updates] name=HCE $releasever updates baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/updates/RPM-GPG-KEY-HCE-2 [debuginfo] name=HCE $releasever debuginfo baseurl=https://repo.huaweicloud.com/hce/$releasever/debuginfo/$basearch/ enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/debuginfo/RPM-GPG-KEY-HCE-2 
- Create a new directory as the root file system of Docker images, for example, /tmp/docker_rootfs. Install the software package in this directory.
    mkdir -p /tmp/docker_rootfs yum --setopt=install_weak_deps=False --installroot /tmp/docker_rootfs --releasever 2.0 install bash yum coreutils security-tool procps-ng vim-minimal tar findutils filesystem hce-repos hce-rootfiles cronie -y   By default, the yum command installs the software package of the current HCE version. To install the software package of other HCE version, you can use --releasever to specify the version. For example, the command above is used to install the software package of HCE 2.0. 
- Use chroot to go to the temporary directory.
    chroot /tmp/docker_rootfs 
- Configure the temporary directory.
    - Execute security-tool.sh to disable unnecessary services.
      export EULEROS_SECURITY=0 echo "export TMOUT=300" >> /etc/bashrc /usr/sbin/security-tool.sh -d / -c /etc/hce_security/hwsecurity/hce_security_install.conf -u /etc/hce_security/usr-security.conf -l /var/log/hce-security.log -s During the execution, it is normal if the errors similar to Figure 1 are displayed. The errors can be: - The service file was not found. The service is not started in the chroot file system.
- The /etc/sysconfig/init file for booting the system was not found. The tool disables services during system startup. The image rootfs is not involved in system startup.
- The /proc/sys/kernel/sysrq file was not found. This file is used for calling after the system is started and does not exist in the chroot file system.
 
- Uninstall the security-tool, cronie, and systemd software packages and their dependent software packages.
      cp -af /etc/pam.d /etc/pam.d.bak rm -f /etc/yum/protected.d/sudo.conf /etc/yum/protected.d/systemd.conf yum remove -y security-tool cronie systemd rpm -e --nodeps logrotate crontabs rm -rf /etc/pam.d mv /etc/pam.d.bak /etc/pam.d sh -c 'shopt -s globstar; for f in $(ls /**/*.rpmsave); do rm -f $f; done' &> /dev/null [ -d /var/lib/dnf ] && rm -rf /var/lib/dnf/* [ -d /var/lib/rpm ] && rm -rf /var/lib/rpm/__db.* 
- Remove the /boot directory.
      rm -rf /boot 
- Set the container image language to en_US.
      cd /usr/lib/locale;rm -rf $(ls | grep -v en_US | grep -vw C.utf8 ) rm -rf /usr/share/locale/* 
- Remove shared files man, doc, info, and mime.
      rm -rf /usr/share/{man,doc,info,mime}
- Remove the cached log files.
      rm -rf /etc/ld.so.cache [ -d /var/cache/ldconfig ] && rm -rf /var/cache/ldconfig/* [ -d /var/cache/dnf ] && rm -rf /var/cache/dnf/* [ -d /var/log ] && rm -rf /var/log/*.log 
- Remove the Java security certificate.
      rm -rf /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/java/cacerts 
- Remove /etc/machine-id.
      rm -rf /etc/machine-id 
- Remove /etc/mtab.
      rm -rf /etc/mtab 
 
- Execute security-tool.sh to disable unnecessary services.
      
- Exit from the chroot file system.
    exit 
- Compress the temporary directory and generate the Docker image archive file hce-docker.x86_64.tar.xz.
    The archive path is /tmp/docker_rootfs/hce-docker.x86_64.tar.xz.pushd /tmp/docker_rootfs/ tar cvf hce-docker.x86_64.tar . xz hce-docker.x86_64.tar popd 
Starting a Container Using an Image Archive File
- Confirm that the repository is configured correctly.
    Check whether the parameters in the /etc/yum.repos.d/hce.repo file are configured correctly. The correct configuration is as follows: [base] name=HCE $releasever base baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2 [updates] name=HCE $releasever updates baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/updates/RPM-GPG-KEY-HCE-2 [debuginfo] name=HCE $releasever debuginfo baseurl=https://repo.huaweicloud.com/hce/$releasever/debuginfo/$basearch/ enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/debuginfo/RPM-GPG-KEY-HCE-2 
- Install the Docker software package.
    yum install docker -y 
- Use the image archive file to create a container image.
    mv /tmp/docker_rootfs/hce-docker.x86_64.tar.xz . docker import hce-docker.x86_64.tar.xz Run docker images to check the container image ID. In this example, the container image ID is 6cfefae3a541. Figure 2 Checking the container image ID    To create an image, you can run the following command to specify the REPOSITORY and TAG parameters: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]] 
- Use the image to run containers and enter the bash environment.
    If the shell view changes after you run the following command, you have entered the bash environment of the containers: 6cfefae3a541 is the image ID. docker run -it 6cfefae3a541 bash 
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot 
     
      