Welcome to SUSE Hackweek 2021! I’m working on some ansible roles and require a custom openSUSE Leap container in order to test them. I’d like a openSUSE Leap based container for testing my Ansible roles. The container should
- include some developer tools (e.g.
The aim of the container is to mimic a openSUSE Leap system that contains the bare essentials of a typical host system. I’ll use this container to run my Ansible roles against it. Ansible is going to install packages, modify the system configuration, enable services and start some server applications.
In this blog post we’ll cover how to create a custom openSUSE container with
podman. Of course it also works with
docker, simply replace
Create custom openSUSE container
We’ll work from my requirements, which are
vim. The following
Dockerfile is all what you need. You might need to adapt the
RUN zypper line to adjust to your needs:
# Dockerfile FROM opensuse/leap LABEL maintainer="phoenix" LABEL description="openSUSE Leap container for Ansible testing" # Adjust to your needs RUN zypper in -y systemd systemd-sysvinit python python-pip python3 python3-pip curl less vim # Clear zypper cache RUN rm -rf /var/cache/zypp/* # Start container with systemd ENTRYPOINT ["/sbin/init"]
Create a file called
Dockerfile in a new directory. This file contains the recipe to build the new container.
Build and run
In the same directory as the
Dockerfile run the following command to build the container:
$ podman build -t feldspaten/leap-ansible .
After successful build you can run the container with
$ podman run -d --tmpfs /tmp --tmpfs /run -v /sys/fs/cgroup/:/sys/fs/cgroup:ro --stop-signal SIGRTMIN+3 --name testcontainer feldspaten/leap-ansible
The required arguments are:
--tmpfs /tmp --tmpfs /runare are expected by systemd
-v /sys/fs/cgroup/:/sys/fs/cgroup:rorequired by systemd
--stop-signal SIGRTMIN+3- systemd does not terminate on SIGTERM but on
grisu48/leap-ansible- Name of the new container, feel free to rename it to your wishes
-ddetach from container (i.e. it will run in the background)
Congratulations! You have now a custom openSUSE Leap container running in the background under the name
With the above state
tmpfs directives, the container worked without additional capabilities. Other tutorials often require
--cap-add SYS_ADMIN, which did not the trick in my case. The container could not start. Using
--privileged worked, but is not required, if you add the above stated
Attaching a bash
After running the container with
-d, it remains in the background. We’re now attaching a
bash terminal, because we want to do something in the container:
$ podman exec -it testcontainer bash
testcontainer you can of course also use the container ID.
Wihtin the container you can now use any
systemd commands to verify, if
systemd is working properly, e.g.
add9ed3f9943:/ # systemd-analyze Startup finished in 1.203s (userspace) = 3h 30min 22.080s
Just give me the container!
See my leap-ansible container on DockerHub or follow the following procedure
$ podman pull grisu48/leap-ansible
Run the container, attach bash
$ CONTAINER=`podman run --rm -d --tmpfs /tmp --tmpfs /run -v /sys/fs/cgroup/:/sys/fs/cgroup:ro --stop-signal SIGRTMIN+3 grisu48/leap-ansible` $ podman exec -it $CONTAINER bash
Stop the container after bash terminates
$ podman container stop $CONTAINER
Because of the
--rm argument in
podman run, the container will be deleted after termination.