In my last post, I wrote about my usage of rkt. I have also posted the basic configuration to create your own container images. Today we will learn more about those various build commands of the .acb files. We use these commands with the acbuild tool.
begin
begin starts a new build. The build information is stored inside the .acbuild directory in the current directory. By default, it starts with an empty rootfs. But we can pass some options to change that behavior. We can start with either a local filesystem, or a local aci image, or even from a remote aci image. To create the Fedora 25 aci image, I extracted the rootfs on a local directory and used that with begin command. Examples:
begin /mnt/fedora
begin ./fedora-25-linux-amd64.aci
dep
dep command is used to add any separate aci as a dependency to the current aci. In the rootfs the current aci will be on top of any dependency image. The order of the dependencies is important, so keep an eye to that while working on a new aci image. For example to build any image on top of the Fedora aci image we use the following line
dep add kushal.fedorapeople.org/rkt/fedora:25
run
We can execute any command inside the container we are building using the run command. For example to install a package using dnf we will use the following line:
run -- dnf install htop -y
The actual command (which will run inside the container) is after --, anything before that is considered part of the dep command itself.
environment
We can also add or remove any environment variable in the container image. We use environment command for the same.
environment add HOME /mnt
environment add DATAPATH /opt/data
copy
copy command is used to copy a file or a directory from the local filesystem to the aci image. For example, here we are coping dnf.conf file to the /etc/dnf/ directory inside the container image.
copy ./dnf.conf /etc/dnf/dnf.conf
mount
We use mount command to mark a location in the aci image which should be mounted while running the container. Remember one thing about mount points (this is true for ports too), they worked based on the name you give. Here, we are creating a mount point called apphome and then the next command we are actually specifying the host mount point for the same.
mount add apphome /opt/app/data
rkt run --volume apphome,kind=host,source=/home/kushal/znc,readOnly=false my-image.aci
port
Similar to the mount command, we can use the port command to mark any port of the container which can be mapped to the host system. We need to specify a name, the protocol (can be either udp or tcp) and finally the port number. We use the provided name to map it to a host port in the host.
port add http tcp 80
port add https tcp 443
set-user
set-user command specifies the user which will be used in the container environment.
set-user kushal
Remember to create the user before you try to use it.
set-group
Similar to the set-user command, it specifies the group which will be used to run the application inside the container.
set-working-directory
set-working-directory is used to set the working directory for the application inside the container.
set-working-directory /opt/data
set-exec
Using set-exec we specify a command to run as the application. In the below example we are running the znc command as the application in the container.
set-exec -- /usr/bin/znc --foreground
write
The final command for today is write. Using this command we create the final image from the current build environment. There is --overwrite flag, using which we can overwrite the image file we are creating.
write --overwrite znc-latest-linux-amd64.aci
I hope this post will help to understand the build commands, and you can use the same to build your own rkt images. In future, if I need to find the command reference, I can read this blog post itself.