container-suseconnect is a ZYpp service and command line interface.
It gives access to repositories during docker build and run using the host machine credentials.
The application runs as ZYpp service per default if the name of the executable
is container-suseconnect-zypp. In every other case it assumes that a real user
executes the application. The help output of container-suseconnect shows all
available commands and indicates which one is the current default:
container-suseconnect -h
NAME:
container-suseconnect
USAGE:
This application can be used to retrieve basic metadata about SLES
related products and module extensions.
Please use the 'list-products' subcommand for listing all currently
available products including their repositories and a short description.
Use the 'list-modules' subcommand for listing available modules, where
their 'Identifier' can be used to enable them via the ADDITIONAL_MODULES
environment variable during container creation/run.
The 'zypper' subcommand runs the application as zypper plugin and is only
intended to use for debugging purposes.
VERSION:
2.1.0
COMMANDS:
list-products, lp List available products (default)
list-modules, lm List available modules
zypper, z, zypp Run the zypper service plugin
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
--version, -v print the version
COPYRIGHT:
© 2018 SUSE LCC
By default, this program will log everything into the
/var/log/suseconnect.log file. Otherwise, you can optionally specify a custom
path with the SUSECONNECT_LOG_FILE environment variable. To retrieve the
contents of the log, you will have to mount the needed volume in your host.
You can do this with either the
VOLUME instruction in your
Dockerfile, or with the -v parameter when running docker run. Read more
about this here.
Finally, if neither the default /var/log/suseconnect.log file nor the file
specified through the SUSECONNECT_LOG_FILE environment variable are writable,
then this program will default to the standard error.
Creating a Custom SLE 12 Image
The following Docker file creates a simple Docker image based on SLE 12:
FROM suse/sles12:latest
RUN zypper --gpg-auto-import-keys ref -s
RUN zypper -n in vim
When the Docker host machine is registered against an internal SMT server, the Docker image requires the SSL certificate used by SMT:
FROM suse/sles12:latest
# Import the crt file of our private SMT server
ADD http://smt.test.lan/smt.crt /etc/pki/trust/anchors/smt.crt
RUN update-ca-certificates
RUN zypper --gpg-auto-import-keys ref -s
RUN zypper -n in vim
Creating a Custom SLE 11 SP3 or SP4 Image
The following Docker file creates a simple Docker image based on SLE 11 SP3:
FROM suse/sles11sp3:latest
RUN zypper --gpg-auto-import-keys ref -s
RUN zypper -n in vim
When the Docker host machine is registered against an internal SMT server, the Docker image requires the SSL certificate used by SMT:
FROM suse/sles11sp3:latest
# Import the crt file of our private SMT server
ADD http://smt.test.lan/smt.crt /etc/ssl/certs/smt.pem
RUN c_rehash /etc/ssl/certs
RUN zypper --gpg-auto-import-keys ref -s
RUN zypper -n in vim
All recommended package modules are enabled by default. It is possible to enable
additionally non-recommended modules via the identifier by setting the
environment variable ADDITIONAL_MODULES:
FROM registry.suse.com/suse/sle15:latest
ENV ADDITIONAL_MODULES sle-module-desktop-applications,sle-module-development-tools
RUN zypper --gpg-auto-import-keys ref -s
RUN zypper -n in gvim
Examples taken from https://www.suse.com/documentation/sles-12/book_sles_docker/data/customizing_pre-build_images.html
When the host system used for building the docker images is registered against RMT or SMT it is only possible to build containers for the same SLE code base as the host system is running on. I.e. if you docker host is a SLE15 system you can only build SLE15 based images out of the box.
If you want to build for a different SLE version than what is running on the host machine you will need to inject matching credentials for that target release into the build. For details on how to achieve that please follow the steps outlined in the Building images on non SLE distributions section.
It is possible to build SLE based docker images on other distributions as well. For that the following two files from a base SLE system are needed:
/etc/SUSEConnectfor the API access point/etc/zypp/credentials.d/SCCcredentialsfor providing the user credentials
These files can be copied from a SLE machine that has been successfully registered at the SUSE Customer Center, RMT or SMT.
A Docker version of 18.09 or above is needed to provide a secure way to mount the credentials into the image build process. This version can be installed for example on LEAP15 (x86_64) via:
> sudo zypper addrepo https://download.opensuse.org/repositories/Virtualization:containers/openSUSE_Leap_15.0/Virtualization:containers.repo
> sudo zypper in docker-18.09.0_ce-lp150.304.1.x86_64
A Dockerfile for building a SLE15 image which contains go would then look like
this:
# syntax=docker/dockerfile:1.0.0-experimental
FROM registry.suse.com/suse/sle15:latest
ARG ADDITIONAL_MODULES
RUN --mount=type=secret,id=SUSEConnect,required \
--mount=type=secret,id=SCCcredentials,required \
zypper -n --gpg-auto-import-keys in go
This file mounts all necessary secrets into the image during the build process
and removes it afterwards. Please note that the first line of the Dockerfile
is mandatory at the time of writing. Both files SUSEConnect and
SCCcredentials needs to be available beside the Dockerfile.
After the file creation the image can be built by executing:
> export DOCKER_BUILDKIT=1
> docker build -t sle15-go \
--build-arg ADDITIONAL_MODULES=PackageHub \
--secret id=SUSEConnect,src=SUSEConnect \
--secret id=SCCcredentials,src=SCCcredentials \
.At the time of writing (docker 18.09.0) it is necessary to enable the Docker
BuildKit by setting the environment variable DOCKER_BUILDKIT. The
ADDITIONAL_MODULES are used here to enable all needed repositories. After the
image has been built the package should be usable within the docker image:
> docker run sle15-go go version
go version go1.9.7 linux/amd64Please keep in mind that it is not possible to use container-suseconnect or
zypper within the container after the build, because the secrets are not
available any more.
Licensed under the Apache License, Version 2.0. See LICENSE for the full license text.