Embedding container images in the root partition from a remote registry¶
You can download and embed containerized applications from a remote container image registry when you build an AutoSD operating system (OS) image. Doing so makes the containerized application available for use from within the AutoSD OS after the system boots.
When you use this method, OSBuild pulls a container from a remote container image registry at build time and embeds it in the AutoSD image.
Important
If you want to include containerized applications in an OS image, pulling containers from a secure remote registry is the only reliable, reproducible, and recommended method for production OS image builds. Although you can also containerize applications locally and embed them from local storage when building an OS image, doing so is not the method recommended for building the OS image and is meant only for development or experimental purposes.
Prerequisites
- You are running a Linux-based host on your local machine.
- You have installed the following software on your local machine:
- You have network access to a remote container image registry.
- You can access a containerized application image on the remote registry. This image can be the
auto-apps
image you built according to Building a container image for your software and then added to the registry. You can also use any other containerized application images available in the registry. - You have installed the
automotive-image-builder
tool. For more information, see Installing Automotive image builder.
Procedure
This procedure explains how to create an automotive image builder manifest and build an AutoSD operating system image in the qcow2
format
that you can boot in a QEMU virtual machine.
The resulting AutoSD OS image will include a containerized CentOS 10 application image pulled from the quay.io remote container image registry
and installed to /usr/share/containers/storage
in the AutoSD OS.
Note that you can customize the script and the manifest to pull your own containerized application images from any image registry to which you have access.
-
Create a build manifest file named
container_remote.aib.yml
: -
Open the
container_remote.aib.yml
file in a text editor, add the following YAML code, and save the file:Sample manifest for embedding remote container images# hosted in a remote container registry name: container_remote content: repos: - id: epel baseurl: https://dl.fedoraproject.org/pub/epel/9/Everything/$arch/ rpms: - podman # For testing the image only: - openssh-server - openssh-clients container_images: - source: quay.io/centos/centos tag: stream10-development name: localhost/cs10 # Required for testing the image only: systemd: enabled_services: # Enable ssh daemon - sshd.service auth: # "password" root_password: $6$xoLqEUz0cGGJRx01$H3H/bFm0myJPULNMtbSsOFd/2BnHqHkMD92Sfxd.EKM9hXTWSmELG8cf205l6dktomuTcgKGGtGDgtvHVXSWU. # Required for testing the image only: sshd_config: PasswordAuthentication: true PermitRootLogin: true
-
Export the value of your hardware architecture to a temporary variable:
-
Run the
automotive-image-builder
tool to build an OS image that embeds the remote containerized application:$ sudo automotive-image-builder \ --verbose \ --include=/var/lib/containers/storage/ \ build \ --distro autosd \ --target qemu \ --mode image \ --build-dir=_build \ --export qcow2 \ container_remote.aib.yml \ container_remote.$arch.qcow2
Note
You can customize the
automotive-image-builder
command to set other options fordistro
name,mode
,target
, andexport
format. -
Verify that the script has created an AutoSD image file named
container_remote.<arch>.qcow2
in your present working directory.
After you have created the OS image, assuming that you have
installed QEMU, you can boot
the AutoSD image in a virtual machine by using the automotive-image-runner
utility
and verify that the containerized application is included in the built OS image:
-
Run the image in QEMU using
automotive-image-runner
:If necessary, substitute the filename of your
.qcow2
image file. -
After the image has booted in QEMU, log in with the user name
root
and the passwordpassword
. -
Verify that your containerized application image is available:
Sample output:
When you build your OS image, OSBuild copies the application container image from the remote container image
registry to your OS image.
As defined in the build manifest file, the containerized application is available at localhost/cs10
and can be run by using Podman.
However, you must first create container configuration files and configure OSBuild to copy these files to the
/etc/containers/systemd
directory in your OS image. For more information about these container configuration files, see
Running containers from systemd
.
Next steps
- If required, you can customize your image further. For more information, see
Running containers from
systemd
, Configuring communication between containers in the root partition, and Deploying applications in the QM partition.
Additional resources