Containerizing applications¶
An alternative to packaging your software with RPM is to install your application or service in a Linux container. Deploying applications as containers can be advantageous because the container isolates the application from the OS, as well as from other containers. This means that you can build the application against a different base OS that is not necessarily compatible with AutoSD, with the exception of the kernel application binary interface (ABI). With this framework, you can have multiple applications that use different environments running on a single system.
In addition, containers have other advantages, such as the ability for each container to use different versions of dependencies and the improved robustness, security, and flexibility that comes from the kernel-level application isolation. This isolation forms the mixed-criticality architecture of the AutoSD application environment.
Mixed-criticality workloads
Building a container image for your software¶
A container image is a lightweight, standalone software package that includes the code, tools, libraries, and settings required to run a piece of
software. The configuration for a container image is stored in a file called a Containerfile
.
Prerequisites
- Podman
- An RPM package (
auto-apps
) in an RPM package repository (/var/tmp/my_repo
)
Procedure
-
Create a
Containerfile
that includes the RPM package that you created in Packaging your application source code with RPM:FROM centos:stream9 COPY /var/tmp/my_repo /tmp/my_repo RUN dnf install -y /tmp/my_repo/auto-apps.rpm && dnf clean all
-
Run
podman build
in the same directory as yourContainerfile
to build the container image, and name the container imageauto-apps
:podman build -t auto-apps .
-
Start a container from your
auto-apps
container image, and verify that your RPM package is present:podman run -it auto-apps rpm -q auto-apps
The output of the
rpm -q
command displays the version of your package:auto-apps-0.1
Now that you have a functional auto-apps
container image, you can embed your
containerized applications in the AutoSD image with OSBuild.
Embedding containerized applications in the AutoSD image¶
OSBuild pulls containers from an image registry at build time and embeds them in the AutoSD image. Using container image IDs, which you must add to
the sources
section of the manifest, the org.osbuild.skopeo
pipeline stage installs the container images in the operating system (OS) image in
the default read-write location for containers, /var/lib/containers/storage
. However, you can also use the containers-storage
option to install
your container in /usr/share/containers/storage
.
Generally, the /usr/share/containers/storage
directory is for containers that you want to add during the OS image build, and the
/var/lib/containers/storage
directory is for containers that you want to install later in the running environment.
Prerequisites
- A container image named
auto-apps
that contains your application built according to Building a container image for your software - A custom manifest file, such as the manifest file that you created in Embedding RPM packages in the QM partition
- JSON command line processor (jq)
Procedure
-
Retrieve the ID of the
auto-apps
container image:podman image inspect auto-apps | jq -r '.[0].Id'
-
Include the ID of the container image in a new
org.osbuild.containers-storage
object in a newsources
section of your manifest file:sources: org.osbuild.containers-storage: items: sha256:<your-container-image-ID>: {}
-
Configure your OSBuild manifest to pull the container image into your OS image at build time:
-
Include the ID of the container image in a new
org.osbuild.skopeo
stage in therootfs
pipeline of your manifest file:- type: org.osbuild.skopeo inputs: images: type: org.osbuild.containers-storage origin: org.osbuild.source references: sha256:<your-container-image-ID>: name: localhost/auto-apps:latest
-
Include the
containers-storage
option to place the container image in/usr/share/containers/storage
, rather than the default,/var/lib/containers/storage
:- type: org.osbuild.skopeo inputs: images: type: org.osbuild.containers-storage origin: org.osbuild.source references: sha256:<your-container-image-ID>: name: localhost/auto-apps:latest options: destination: type: containers-storage storage-path: mpp-eval: containers_extra_store
-
When you build your OS image, OSBuild copies the auto-apps
container image to your OS image. Your containerized auto-apps
application is
available at localhost/auto-apps
. You must also create container configuration files and configure OSBuild to copy these files to the
/etc/containers/systemd
directory in your OS image. For more information about these container configuration files, see
Running containers from systemd
.
Next steps
- Now that you have included your containerized application in your OSBuild manifest, you can build your AutoSD image. For more information, see Building an AutoSD image.
- Alternatively, you can continue customizing your image. For more information,
see Running containers from
systemd
, Configuring communication between ASIL containers, and Deploying applications in the QM partition.
Additional resources
Running containers from systemd
¶
When you embed a container in an operating system (OS) image, you can start the container manually in the booted system with the podman run
command. However, the container does not start automatically at boot time. To configure a container to start at boot time, you must create a
systemd
service that starts the container at the right time, in the right way.
Quadlet is a tool that optimally runs Podman containers under systemd
. Rather than creating the systemd
service manually, use Quadlet to
automatically generate the corresponding systemd
service unit file at boot time. In this example, create Quadlet files for the sample applications
that are available in the AutoSD sample apps repository. If you want to use your own
containerized software, see the Podman documentation for more information
about creating your own Quadlet configuration files.
Prerequisites
- A container image available inside your OS image at
localhost/auto-apps
embedded according to Embedding containerized applications in the AutoSD image - A custom manifest file, such as the manifest file you created in Embedding RPM packages in the AutoSD image
Procedure
-
Create Quadlet unit files for the
radio-service
andengine-service
services in your sample applicationauto-apps
:radio.container
file[Unit] Description=Demo radio service container Requires=routingmanagerd.socket Wants=engine.service [Container] Image=localhost/auto-apps Volume=/run/vsomeip:/run/vsomeip Exec=/usr/bin/radio-service [Service] Restart=always [Install] WantedBy=multi-user.target
engine.container
file[Unit] Description=Demo engine service container Requires=routingmanagerd.socket [Container] Image=localhost/auto-apps Volume=/run/vsomeip:/run/vsomeip Exec=/usr/bin/engine-service Image=localhost/auto-apps Volume=/run/vsomeip:/run/vsomeip Exec=/usr/bin/engine-service [Service] Restart=always Restart=always [Install] WantedBy=multi-user.target
-
Configure your OSBuild manifest to copy the Quadlet unit files to the
/etc/containers/systemd/
directory during the OS image build process. Modify the manifest file and include a neworg.osbuild.copy
stage in therootfs
pipeline that contains the paths to your Quadlet unit files:- type: org.osbuild.copy inputs: inlinefile1: type: org.osbuild.files origin: org.osbuild.source mpp-embed: id: radio.container path: ../files/radio.container inlinefile2: type: org.osbuild.files origin: org.osbuild.source mpp-embed: id: engine.container path: ../files/engine.container options: paths: - from: mpp-format-string: input://inlinefile1/{embedded['radio.container']} to: tree:///etc/containers/systemd/radio.container - from: mpp-format-string: input://inlinefile2/{embedded['engine.container']} to: tree:///etc/containers/systemd/engine.container
Note
The
path:
option resolves a relative path. In this example, your Quadlet unit files are in the../files
directory.
Additional resources