Skip to content

Embedding container images in the root partition from a remote registry

You can download and embed containerized applications from a remote container image registry when you build an AutoSD operating system (OS) image. Doing so makes the containerized application available for use from within the AutoSD OS after the system boots.

When you use this method, OSBuild pulls a container from a remote container image registry at build time and embeds it in the AutoSD image.

Important

If you want to include containerized applications in an OS image, pulling containers from a secure remote registry is the only reliable, reproducible, and recommended method for production OS image builds. Although you can also containerize applications locally and embed them from local storage when building an OS image, doing so is not the method recommended for building the OS image and is meant only for development or experimental purposes.

Prerequisites

Procedure

This procedure explains how to create an automotive image builder manifest and build an AutoSD operating system image in the qcow2 format that you can boot in a QEMU virtual machine.

The resulting AutoSD OS image will include a containerized CentOS 10 application image pulled from the quay.io remote container image registry and installed to /usr/share/containers/storage in the AutoSD OS.

Note that you can customize the script and the manifest to pull your own containerized application images from any image registry to which you have access.

  1. Create a build manifest file named container_remote.aib.yml:

    $ touch container_remote.aib.yml
    
  2. Open the container_remote.aib.yml file in a text editor, add the following YAML code, and save the file:

    Sample manifest for embedding remote container images
    # hosted in a remote container registry
    
    name: container_remote
    
    content:
      repos:
        - id: epel
          baseurl: https://dl.fedoraproject.org/pub/epel/9/Everything/$arch/
      rpms:
        - podman
        # For testing the image only:
        - openssh-server
        - openssh-clients
    
      container_images:
        - source: quay.io/centos/centos
          tag: stream10-development
          name: localhost/cs10
    
      # Required for testing the image only:
      systemd:
        enabled_services:
          # Enable ssh daemon
          - sshd.service
    
    auth:
      # "password"
      root_password: $6$xoLqEUz0cGGJRx01$H3H/bFm0myJPULNMtbSsOFd/2BnHqHkMD92Sfxd.EKM9hXTWSmELG8cf205l6dktomuTcgKGGtGDgtvHVXSWU.
      # Required for testing the image only:
      sshd_config:
        PasswordAuthentication: true
        PermitRootLogin: true
    
  3. Export the value of your hardware architecture to a temporary variable:

    $ export arch=$(arch)
    
  4. Run the automotive-image-builder tool to build an OS image that embeds the remote containerized application:

    $ sudo automotive-image-builder \
        --verbose \
        --include=/var/lib/containers/storage/ \
        build \
        --distro autosd \
        --target qemu \
        --mode image \
        --build-dir=_build \
        --export qcow2 \
        container_remote.aib.yml \
        container_remote.$arch.qcow2
    

    Note

    You can customize the automotive-image-builder command to set other options for distro name, mode, target, and export format.

  5. Verify that the script has created an AutoSD image file named container_remote.<arch>.qcow2 in your present working directory.

After you have created the OS image, assuming that you have installed QEMU, you can boot the AutoSD image in a virtual machine by using the automotive-image-runner utility and verify that the containerized application is included in the built OS image:

  1. Run the image in QEMU using automotive-image-runner:

    $ sudo automotive-image-runner container_remote.x86_64.qcow2
    

    If necessary, substitute the filename of your .qcow2 image file.

  2. After the image has booted in QEMU, log in with the user name root and the password password.

  3. Verify that your containerized application image is available:

    # podman image list
    

    Sample output:

    REPOSITORY           TAG         IMAGE ID      CREATED            SIZE
    localhost/cs10  latest      054a7b912609  About an hour ago  250 MB
    

When you build your OS image, OSBuild copies the application container image from the remote container image registry to your OS image. As defined in the build manifest file, the containerized application is available at localhost/cs10 and can be run by using Podman. However, you must first create container configuration files and configure OSBuild to copy these files to the /etc/containers/systemd directory in your OS image. For more information about these container configuration files, see Running containers from systemd.

Next steps

Additional resources


© Red Hat