Let's have a look how we can easily get to such an environment.
The procedure is similar to the script creating base images for SLES and RHEL. Let's assume we are root and create our environment in /root:
mkdir debian
mkdir debtarget
cd debian
First, get the archive with all the keys for verification of the packages:
wget http://ftp.de.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2014.3_all.debThen, download the debootstrap code which does the heavy lifting:
ar -x debian-archive-keyring_2014.3_all.deb
tar xJf data.tar.xz
(Updates since initial posting: at the time of writing, I used version 1.0.71 of debootstrap. For some reason, this is a moving target. Please check for the latest version 1.0.xx in that http directory and replace the 1.0.78 below with it)
wget http://ftp.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.78_all.debNow the build of the base environment starts (make sure it is all in one line):
ar -x debootstrap_1.0.78_all.deb
tar xzf data.tar.gz
PATH=$PATH:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin DEBOOTSTRAP_DIR=/root/debian/usr/share/debootstrap usr/sbin/debootstrap --keyring=usr/share/keyrings/debian-archive-keyring.gpg --arch s390x jessie /root/debtarget http://ftp.us.debian.org/debian
This long line contains: the PATH setting is adjusted (so that the chroot which happens inside debootstrap is happy). The DEBOOTSTRAP_DIR variable is required since we do everything in a directory under /root. The keyring points to the file we've downloaded. We're building on s390x as the architecture, and we are building the Debian release "jessie". All that goes into /root/debtarget. And we take all of the files from the specified Debian server.
For the keyring to provide security value add, it makes sense to have the keyring downloaded from a different site (mirror) than the specified Debian server. If you are paranoid (planning for the case that several Debian servers are compromised), you need to check the keyring manually for integrity.
Update 7/29 for clarification, thanks Matthias:
Instead of jessie, we also can build the wheezy release -- as used in the following blog post. Wheezy is also widely used as Docker base image, and it might be closer to Ubuntu 14.04. So the wheezy build would be kicked of by:
PATH=$PATH:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin DEBOOTSTRAP_DIR=/root/debian/usr/share/debootstrap usr/sbin/debootstrap --keyring=usr/share/keyrings/debian-archive-keyring.gpg --arch s390x wheezy /root/debtarget http://ftp.us.debian.org/debian
Now we only have to import the image into docker:
cd ../debtarget/(Use "debian:wheezy" if you have built wheezy.) This will get us a Debian image:
tar cf - . | docker import - debian:jessie
[root@r1745034 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED VIRTUAL SIZE
debian jessie 789de184d56e 31 seconds ago 282.6 MB
Everything should be set up so that even package installation works out of the box:
docker run -t -i debian:jessie bashapt-get update refreshes the package list, and apt-get install performs package installation.
root@17c697029ff3:/# apt-get update
Get:1 http://ftp.us.debian.org jessie InRelease [134 kB]
Get:2 http://ftp.us.debian.org jessie/main s390x Packages [6539 kB]
Get:3 http://ftp.us.debian.org jessie/main Translation-en [4585 kB]
Fetched 11.3 MB in 14s (764 kB/s)
Reading package lists... Done
root@17c697029ff3:/# apt-get install vim
Reading package lists... Done
Building dependency tree... Done
The following extra packages will be installed:
libgpm2 vim-runtime
Suggested packages:
gpm ctags vim-doc vim-scripts
The following NEW packages will be installed:
libgpm2 vim vim-runtime
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 6015 kB of archives.
After this operation, 29.0 MB of additional disk space will be used.
Do you want to continue? [Y/n]
[...]
Disclaimer: you might be used professional support on your SLES or RHEL image -- and you might now have the same kind of support contract for Debian.
In the next post, we'll tackle more of the challenges when (im)porting container setups.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.