Fedora UBI micro コンテナ生成¶

In [1]:

import json
import sys

RELEASE_VER = '41'
WK_CTN_NAME = 'wk-con'
#NEW_CTN_NAME = f'fedora{RELEASE_VER}-micro'
NEW_CTN_NAME = f'fedora{RELEASE_VER}-minimal'
DNF_CMD = 'dnf'
DNF_CACHE = f'dnfcache/{RELEASE_VER}'
DNF_DOWNLOAD_PROGRESS_OUTPUT = False

LF_DNF_CMD_DISTRO_SYNC = lambda wk_mnt, dnf_repos : \
f'''{DNF_CMD} distro-sync \\
    --use-host-config \\
    --releasever {RELEASE_VER} \\
    --installroot '{wk_mnt}/' \\
    --setopt install_weak_deps=false \\
    --nodocs \\
    --setopt cachedir='{DNF_CACHE}' \\
    --disablerepo='*' --enablerepo='{" ".join(dnf_repos)}'{' 2>/dev/null' if not DNF_DOWNLOAD_PROGRESS_OUTPUT else ''}
'''

SEP = '=' * 10

dnf_repos = set((
    'fedora',
#    'fedora-cisco-openh264',
    'updates',
))
#dnf_repos = set((
#    'fedora.enabled=1',
#    'fedora-cisco-openh264.enabled=0',
#    'updates.enabled=1',
#))

if NEW_CTN_NAME.endswith('-micro'):
    inst_pkgs = set((
        'coreutils-single',
    #    'glibc-all-langpacks',
    #    'glibc-langpack-en',
        'glibc-minimal-langpack',
    #    'systemd',
    #    'python311', 'python3-pip',
    #    'zsh', 'util-linux', 'util-linux-user', 'which', 'git',
    #    'util-linux-core', # mount
    #    'iputils', # ping
    #    'net-tools', 'bind-utils', 'rsync', 'curl', 'sudo',
    ))
elif NEW_CTN_NAME.endswith('-minimal'):
    inst_pkgs = set((
        'coreutils-single',
    #    'glibc-all-langpacks',
    #    'glibc-langpack-en',
        'glibc-minimal-langpack',
        'bash',
        'curl' if int(RELEASE_VER) >= 41 
            else 'curl-minimal', # https://fedoraproject.org/wiki/Changes/CurlMinimal_as_Default
        'libcurl-minimal',
        'libusbx',
        'dnf',
    #    'systemd',
    #    'python311', 'python3-pip',
    #    'zsh', 'util-linux', 'util-linux-user', 'which', 'git',
    #    'util-linux-core', # mount
    #    'iputils', # ping
    #    'net-tools', 'bind-utils', 'rsync', 'curl', 'sudo',
    ))
    reinst_pkgs = set((
        'krb5-libs',
    ))

ctns_json = !buildah containers --json
ctns = json.loads(ctns_json.n) if ctns_json.n != 'null' else []

if len(ctns) != 0 and \
   len([ctn['containername'] for ctn in ctns if ctn['containername'] == WK_CTN_NAME]) != 0:
    # Deal with directory not empty error
    wk_mnt = !buildah unshare buildah mount {WK_CTN_NAME}
    !buildah unshare rm -rf {wk_mnt.n}
    _ = !buildah rm {WK_CTN_NAME}

!mkdir -p {DNF_CACHE}

##### dnf5 distro-sync #####
print('\n', f'{SEP} Run dnf distro-sync ... {SEP}')
_ = !buildah unshare buildah from --name {WK_CTN_NAME} scratch
wk_mnt = !buildah unshare buildah mount {WK_CTN_NAME}
print(wk_mnt.s, '\n')

dnf_cmd_distro_sync = LF_DNF_CMD_DISTRO_SYNC(wk_mnt.s, dnf_repos)
print(dnf_cmd_distro_sync)
!{dnf_cmd_distro_sync}

!buildah unshare rm -rf {wk_mnt.n}
_ = !buildah rm {WK_CTN_NAME}
#####

buildah_script_sh = \
f'''#!/bin/sh
#set -x;
#id;

ctn=$(buildah from --name {WK_CTN_NAME} scratch)
wk_mnt=$(buildah mount {WK_CTN_NAME})

{DNF_CMD} install -y \\
    --use-host-config \\
    --installroot ${{wk_mnt}} \\
    --releasever {RELEASE_VER} \\
    --setopt install_weak_deps=false \\
    --nodocs \\
    --setopt cachedir='{DNF_CACHE}' \\
    --disablerepo='*' --enablerepo='{" ".join(dnf_repos)}' \\
    {" ".join(inst_pkgs)}{' 2>/dev/null' if not DNF_DOWNLOAD_PROGRESS_OUTPUT else ''};
'''
if NEW_CTN_NAME.endswith('-minimal'):
    buildah_script_sh += \
    f'''
echo '%_install_langs en_US.UTF-8' > /etc/rpm/macros.image-language-conf;
{DNF_CMD} reinstall -y \\
    --use-host-config \\
    --installroot ${{wk_mnt}} \\
    --releasever {RELEASE_VER} \\
    --setopt install_weak_deps=false \\
    --nodocs \\
    --setopt cachedir='{DNF_CACHE}' \\
    --disablerepo='*' --enablerepo='{" ".join(dnf_repos)}' \\
    {" ".join(reinst_pkgs)}{' 2>/dev/null' if not DNF_DOWNLOAD_PROGRESS_OUTPUT else ''};
    '''
buildah_script_sh += \
f'''
{DNF_CMD} clean all --installroot ${{wk_mnt}};

rm -rf ${{wk_mnt}}/var/cache/dnf ${{wk_mnt}}/var/log/dnf* ${{wk_mnt}}/var/lib/dnf;
#rm -rf ${{wk_mnt}}/var/log/yum.*;
/bin/date +%Y%m%d_%H%M > ${{wk_mnt}}/etc/BUILDTIME;
#echo '%_install_langs C.utf8' > ${{wk_mnt}}/etc/rpm/macros.image-language-conf;
echo 'LANG="C.utf8"' >  ${{wk_mnt}}/etc/locale.conf;
#echo 'container' > ${{wk_mnt}}/etc/dnf/vars/infra;
rm -f ${{wk_mnt}}/etc/machine-id;
touch ${{wk_mnt}}/etc/machine-id;
touch ${{wk_mnt}}/etc/resolv.conf;
touch ${{wk_mnt}}/etc/hostname;
touch ${{wk_mnt}}/etc/.pwd.lock;
chmod 600 ${{wk_mnt}}/etc/.pwd.lock;

#rm -rf ${{wk_mnt}}/usr/share/locale/en* ${{wk_mnt}}/boot ${{wk_mnt}}/dev/null ${{wk_mnt}}/var/log/hawkey.log;
rm -rf ${{wk_mnt}}/boot ${{wk_mnt}}/dev/null ${{wk_mnt}}/var/log/hawkey.log;
find ${{wk_mnt}}/usr/share/locale/* -maxdepth 0 -type d -exec rm -r {{}} \\; ;
find ${{wk_mnt}}/etc/pki/rpm-gpg/* -not -regex '.*\\(3[4-9]\\|4[0-1]\\)\\(-.*\\)?' -exec rm -f {{}} \\; ;

echo '0.0 0 0.0' > ${{wk_mnt}}/etc/adjtime;
echo '0' >> ${{wk_mnt}}/etc/adjtime;
echo 'UTC' >> ${{wk_mnt}}/etc/adjtime;
echo '# This file has been generated by the Anaconda Installer.' > ${{wk_mnt}}/etc/sysconfig/sshd-permitrootlogin;
echo '# Allow root to log in using ssh. Remove this file to opt-out.' >> ${{wk_mnt}}/etc/sysconfig/sshd-permitrootlogin;
echo 'PERMITROOTLOGIN="-oPermitRootLogin=yes"' >> ${{wk_mnt}}/etc/sysconfig/sshd-permitrootlogin;
echo 'KEYMAP="us"' > ${{wk_mnt}}/etc/vconsole.conf;
echo 'FONT="eurlatgr"' >> ${{wk_mnt}}/etc/vconsole.conf;
mkdir -p ${{wk_mnt}}/run/lock;
cd ${{wk_mnt}}/etc;
ln -s ../usr/share/zoneinfo/UTC localtime;
du -hs ${{wk_mnt}};

buildah unmount {WK_CTN_NAME};
buildah config --cmd sh {WK_CTN_NAME};
buildah commit {WK_CTN_NAME} localhost/{NEW_CTN_NAME};
'''

# https://github.com/containers/buildah/blob/main/docs/buildah-unshare.1.md
# https://github.com/containers/buildah/blob/main/docs/tutorials/01-intro.md
print('\n', f'{SEP} Run buildah_script.sh ... {SEP}')
%store buildah_script_sh >buildah_script.sh
#sys.exit(0)
!buildah unshare sh buildah_script.sh
!buildah rm {WK_CTN_NAME}

print('\n', f'{SEP} Container details {SEP}')
!podman image tree localhost/{NEW_CTN_NAME}
!podman run --rm -ti localhost/{NEW_CTN_NAME} sh -c 'cat /etc/redhat-release'

 ========== Run dnf distro-sync ... ==========
/home/tomoyan/.local/share/containers/storage/overlay/b84529a43ac99c53391bf1343fd330084b3c7e424f23a7cb08f115e37e29e22f/merged 

dnf distro-sync \
    --use-host-config \
    --releasever 41 \
    --installroot '/home/tomoyan/.local/share/containers/storage/overlay/b84529a43ac99c53391bf1343fd330084b3c7e424f23a7cb08f115e37e29e22f/merged/' \
    --setopt install_weak_deps=false \
    --nodocs \
    --setopt cachedir='dnfcache/41' \
    --disablerepo='*' --enablerepo='fedora updates' 2>/dev/null

Nothing to do.

 ========== Run buildah_script.sh ... ==========
Writing 'buildah_script_sh' (str) to file 'buildah_script.sh'.
Package                        Arch   Version                 Reposito      Size
Installing:
 bash                          x86_64 5.2.32-1.fc41           fedora     8.2 MiB
 coreutils-single              x86_64 9.5-11.fc41             updates    1.3 MiB
 curl                          x86_64 8.9.1-3.fc41            updates  793.5 KiB
 dnf5                          x86_64 5.2.10.0-2.fc41         updates    2.2 MiB
 glibc-minimal-langpack        x86_64 2.40-21.fc41            updates    0.0   B
 libcurl-minimal               x86_64 8.9.1-3.fc41            updates  641.2 KiB
 libusb1                       x86_64 1.0.27-9.fc41           updates  170.3 KiB
Installing dependencies:
 alternatives                  x86_64 1.31-1.fc41             updates   64.8 KiB
 audit-libs                    x86_64 4.0.3-1.fc41            updates  351.3 KiB
 basesystem                    noarch 11-21.fc41              fedora     0.0   B
 bzip2-libs                    x86_64 1.0.8-19.fc41           fedora    80.7 KiB
 ca-certificates               noarch 2024.2.69_v8.0.401-1.0. fedora     2.4 MiB
 crypto-policies               noarch 20250124-1.git4d262e7.f updates  137.4 KiB
 fedora-gpg-keys               noarch 41-1                    fedora   126.4 KiB
 fedora-release                noarch 41-29                   updates    0.0   B
 fedora-release-common         noarch 41-29                   updates   19.7 KiB
 fedora-release-identity-basic noarch 41-29                   updates  682.0   B
 fedora-repos                  noarch 41-1                    fedora     4.9 KiB
 filesystem                    x86_64 3.18-23.fc41            fedora   106.0   B
 findutils                     x86_64 1:4.10.0-4.fc41         fedora     1.8 MiB
 fmt                           x86_64 11.0.2-2.fc41           fedora   264.1 KiB
 gawk                          x86_64 5.3.0-4.fc41            fedora     1.7 MiB
 glib2                         x86_64 2.82.2-1.fc41           updates   14.7 MiB
 glibc                         x86_64 2.40-21.fc41            updates    6.7 MiB
 glibc-common                  x86_64 2.40-21.fc41            updates    1.0 MiB
 gmp                           x86_64 1:6.3.0-2.fc41          fedora   811.4 KiB
 gnutls                        x86_64 3.8.8-3.fc41            updates    3.2 MiB
 grep                          x86_64 3.11-9.fc41             fedora     1.0 MiB
 json-c                        x86_64 0.17-4.fc41             fedora    82.4 KiB
 keyutils-libs                 x86_64 1.6.3-4.fc41            fedora    54.4 KiB
 krb5-libs                     x86_64 1.21.3-4.fc41           updates    2.3 MiB
 libacl                        x86_64 2.3.2-2.fc41            fedora    40.0 KiB
 libarchive                    x86_64 3.7.4-4.fc41            updates  926.6 KiB
 libattr                       x86_64 2.5.2-4.fc41            fedora    28.5 KiB
 libblkid                      x86_64 2.40.4-1.fc41           updates  257.2 KiB
 libcap                        x86_64 2.70-4.fc41             fedora   220.2 KiB
 libcap-ng                     x86_64 0.8.5-3.fc41            fedora    69.2 KiB
 libcom_err                    x86_64 1.47.1-6.fc41           fedora    67.2 KiB
 libdnf5                       x86_64 5.2.10.0-2.fc41         updates    3.5 MiB
 libdnf5-cli                   x86_64 5.2.10.0-2.fc41         updates  878.8 KiB
 libeconf                      x86_64 0.6.2-3.fc41            fedora    58.0 KiB
 libffi                        x86_64 3.4.6-3.fc41            fedora    86.4 KiB
 libgcc                        x86_64 14.2.1-7.fc41           updates  270.9 KiB
 libidn2                       x86_64 2.3.7-2.fc41            fedora   329.1 KiB
 libmodulemd                   x86_64 2.15.0-14.fc41          fedora   717.2 KiB
 libmount                      x86_64 2.40.4-1.fc41           updates  348.8 KiB
 libnghttp2                    x86_64 1.62.1-2.fc41           fedora   166.1 KiB
 librepo                       x86_64 1.19.0-1.fc41           updates  244.5 KiB
 libselinux                    x86_64 3.7-5.fc41              fedora   181.0 KiB
 libsepol                      x86_64 3.7-2.fc41              fedora   817.8 KiB
 libsmartcols                  x86_64 2.40.4-1.fc41           updates  176.2 KiB
 libsolv                       x86_64 0.7.31-1.fc41           updates  944.3 KiB
 libstdc++                     x86_64 14.2.1-7.fc41           updates    2.7 MiB
 libtasn1                      x86_64 4.19.0-9.fc41           fedora   175.7 KiB
 libunistring                  x86_64 1.1-8.fc41              fedora     1.7 MiB
 libuuid                       x86_64 2.40.4-1.fc41           updates   39.9 KiB
 libverto                      x86_64 0.3.2-9.fc41            fedora    29.5 KiB
 libxml2                       x86_64 2.12.9-1.fc41           updates    1.7 MiB
 libyaml                       x86_64 0.2.5-15.fc41           fedora   134.4 KiB
 libzstd                       x86_64 1.5.6-2.fc41            fedora   795.9 KiB
 lua-libs                      x86_64 5.4.6-6.fc41            fedora   285.0 KiB
 lz4-libs                      x86_64 1.10.0-1.fc41           fedora   145.5 KiB
 mpfr                          x86_64 4.2.1-5.fc41            fedora   832.1 KiB
 ncurses-base                  noarch 6.5-2.20240629.fc41     fedora   326.3 KiB
 ncurses-libs                  x86_64 6.5-2.20240629.fc41     fedora   975.2 KiB
 nettle                        x86_64 3.10-3.fc41             fedora   793.0 KiB
 openssl-libs                  x86_64 1:3.2.4-1.fc41          updates    7.8 MiB
 p11-kit                       x86_64 0.25.5-3.fc41           fedora     2.2 MiB
 p11-kit-trust                 x86_64 0.25.5-3.fc41           fedora   391.4 KiB
 pam-libs                      x86_64 1.6.1-7.fc41            updates  139.0 KiB
 pcre2                         x86_64 10.44-1.fc41.1          fedora   653.5 KiB
 pcre2-syntax                  noarch 10.44-1.fc41.1          fedora   251.6 KiB
 popt                          x86_64 1.19-7.fc41             fedora   136.9 KiB
 readline                      x86_64 8.2-10.fc41             fedora   493.2 KiB
 rpm                           x86_64 4.20.0-1.fc41           fedora     3.1 MiB
 rpm-libs                      x86_64 4.20.0-1.fc41           fedora   725.9 KiB
 rpm-sequoia                   x86_64 1.7.0-5.fc41            updates    2.4 MiB
 sdbus-cpp                     x86_64 1.5.0-3.fc41            fedora   320.5 KiB
 sed                           x86_64 4.9-3.fc41              fedora   861.5 KiB
 setup                         noarch 2.15.0-8.fc41           updates  720.7 KiB
 sqlite-libs                   x86_64 3.46.1-2.fc41           updates    1.5 MiB
 systemd-libs                  x86_64 256.11-1.fc41           updates    2.0 MiB
 xz-libs                       x86_64 1:5.6.2-2.fc41          fedora   214.4 KiB
 zchunk-libs                   x86_64 1.5.1-1.fc41            fedora   101.2 KiB
 zlib-ng-compat                x86_64 2.2.3-1.fc41            updates  138.5 KiB

Transaction Summary:
 Installing:        85 packages

buildah_script.sh: line 18: /etc/rpm/macros.image-language-conf: Permission denied
Package                  Arch    Version                  Repository        Size
Reinstalling:
 krb5-libs               x86_64  1.21.3-4.fc41            updates        2.3 MiB
   replacing krb5-libs   x86_64  1.21.3-4.fc41            updates        2.3 MiB

Transaction Summary:
 Reinstalling:       1 package
 Replacing:          1 package

Cache directory "/home/tomoyan/.local/share/containers/storage/overlay/7c710b0cf067348c33543b7d03a503264a6fede4dc2c30e0c02197ce90169e27/merged/var/cache/libdnf5" does not exist. Nothing to clean.
79M	/home/tomoyan/.local/share/containers/storage/overlay/7c710b0cf067348c33543b7d03a503264a6fede4dc2c30e0c02197ce90169e27/merged
76ff18911bacf30f77837602069c0e88b9aa9e111ec1ade42335b2f16a91d1f4
Getting image source signatures
Copying blob d3fe3883bd07 [=>-------------------] 8.0MiB / 74.7MiB | 133.3 MiB/s
Copying blob d3fe3883bd07 [====>---------------] 17.4MiB / 74.7MiB | 131.1 MiB/s
Copying blob d3fe3883bd07 [======>-------------] 26.8MiB / 74.7MiB | 130.4 MiB/s
Copying blob d3fe3883bd07 [=========>----------] 36.2MiB / 74.7MiB | 130.6 MiB/s
Copying blob d3fe3883bd07 [===========>--------] 45.5MiB / 74.7MiB | 132.4 MiB/s
Copying blob d3fe3883bd07 [==============>-----] 54.9MiB / 74.7MiB | 133.7 MiB/s
Copying blob d3fe3883bd07 [================>---] 63.8MiB / 74.7MiB | 131.8 MiB/s
Copying blob d3fe3883bd07 [===================>] 73.2MiB / 74.7MiB | 127.8 MiB/s
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying blob d3fe3883bd07 done   | 
Copying config 6dcec62dc3 done   | 
Copying config 6dcec62dc3 done   | 
Copying config 6dcec62dc3 done   | 
Copying config 6dcec62dc3 done   | 
Copying config 6dcec62dc3 done   | 
Copying config 6dcec62dc3 done   | 
Writing manifest to image destination
6dcec62dc3850938ed6387ce4cd02740c79cbcaead61743a1dd6ec3cd226ce33
76ff18911bacf30f77837602069c0e88b9aa9e111ec1ade42335b2f16a91d1f4

 ========== Container details ==========
Image ID: 6dcec62dc385
Tags:     [localhost/fedora41-minimal:latest]
Size:     78.28MB
Image Layers
└── ID: d3fe3883bd07 Size: 78.28MB Top Layer of: [localhost/fedora41-minimal:latest]

Fedora release 41 (Forty One)

コンテナサイズ確認¶

In [2]:

import json

imgs_json = !buildah images --json
imgs = json.loads(imgs_json.n) if imgs_json.n != 'null' else []

if NEW_CTN_NAME.endswith('-micro'):
    for ctn_name in [f'fedora{releasever}-micro' for releasever in range(41, 38-1, -1)]:
        if len(imgs) != 0 and \
           len([img['names'] for img in imgs if img['names'] is not None and ctn_name in img['names'][0]]) != 0:
            !podman run --rm -ti localhost/{ctn_name} sh -c 'cat /etc/redhat-release'
            !podman image tree localhost/{ctn_name}
if NEW_CTN_NAME.endswith('-minimal'):
    for ctn_name in [f'fedora{releasever}-minimal' for releasever in range(41, 38-1, -1)]:
        if len(imgs) != 0 and \
           len([img['names'] for img in imgs if img['names'] is not None and ctn_name in img['names'][0]]) != 0:
            !podman run --rm -ti localhost/{ctn_name} sh -c 'cat /etc/redhat-release'
            !podman image tree localhost/{ctn_name}

Fedora release 41 (Forty One)
Image ID: 6dcec62dc385
Tags:     [localhost/fedora41-minimal:latest]
Size:     78.28MB
Image Layers
└── ID: d3fe3883bd07 Size: 78.28MB Top Layer of: [localhost/fedora41-minimal:latest]

Fedora release 40 (Forty)
Image ID: e29204e1fe80
Tags:     [localhost/fedora40-minimal:latest]
Size:     160.3MB
Image Layers
└── ID: ac4ff3598b6f Size: 160.3MB Top Layer of: [localhost/fedora40-minimal:latest]

Fedora release 39 (Thirty Nine)
Image ID: e30b8b6cc8b7
Tags:     [localhost/fedora39-minimal:latest]
Size:     160MB
Image Layers
└── ID: 851efb51f80a Size:   160MB Top Layer of: [localhost/fedora39-minimal:latest]

Fedora release 38 (Thirty Eight)
Image ID: 3a9c351e3ee5
Tags:     [localhost/fedora38-minimal:latest]
Size:     161.7MB
Image Layers
└── ID: 75cca47c1f42 Size: 161.7MB Top Layer of: [localhost/fedora38-minimal:latest]

In [ ]: