Skip to content

This is a tool which facilitates the creation of SLE containers for Docker.

License

Notifications You must be signed in to change notification settings

SUSE/sle2docker

Repository files navigation

Build Status Code Climate Test Coverage

sle2docker is a convenience tool which imports the pre-built SUSE Linux Enterprise images for Docker.

The tool takes advantage of pre-built Docker images distributed by SUSE to create the base Docker image that users can later customize using Docker's integrated build system. The pre-built images are distributed by SUSE as RPMs.

Pre-built images do not have repositories configured but zypper will automatically have access to the right repositories when the Docker host has a SLE subscription that provides access to the product used in the image. For more details read the "Customizing the images" section below.

Previous versions of the tool built the Docker images from KIWI templates distributed by SUSE. This is no longer possible.

Requirements

Ruby is required to execute the sle2docker program.

Docker must be running on the system and the user invoking sle2docker must have the rights to interact with it.

Installation

The recommended way to install sle2docker is via zypper:

sudo zypper in sle2docker

However sle2docker can also be installed via gem:

sudo gem install --no-format-exec sle2docker

The --no-format-exec is recommended otherwise the sle2docker binary will be prefixed with the ruby version installed on the system (e.g.: the binary on SLE12 would be called sle2docker.ruby2.1).

Usage

To list the available pre-built images use the following command:

sle2docker list
Available pre-built images:
 - sles11sp3-docker.x86_64-1.0.0-Build1.3
 - sles12-docker.x86_64-1.0.0-Build7.4

To activate the pre-built image use the following command:

sle2docker activate IMAGE_NAME

Customizing the images

To create custom Docker images based on the official ones use Docker's integrated build system.

The pre-built images do not have any repository configured. They contain a zypper service that contacts either the SUSE Customer Center (SCC) or your Subscription Management Tool (SMT) server according to the configuration of the SLE host running the Docker container. The service obtains the list of repositories available for the product used by the Docker image.

There is no need to add any credential to the Docker image because the machine credentials are automatically injected into the container by the docker daemon. These are injected inside of the /run/secrets directory. The same applies to the /etc/SUSEConnect file of the host system, which is automatically injected into the /run/secrets.

The contents of the /run/secrets directory are never committed to a Docker image, hence there's no risk of leaking your credentials.

To obtain the list of repositories invoke:

zypper ref -s

This will automatically add all the repositories to your container. For each repository added to the system a new file is going to be created under /etc/zypp/repos.d. The URLs of these repositories include an access token that automatically expires after 12 hours. To renew the token just call the zypper ref -s command. It is totally fine, and secure, to commit these files to a Docker image.

If you want to use a different set of credentials, place a custom /etc/zypp/credentials.d/SCCcredentials with the machine credentials having the subscription you want to use inside of the Docker image. The same applies to the SUSEConnect file: if you want to override the one available on the host system running the Docker container you have to add a custom /etc/SUSEConnect file inside of the Docker image.

Creating a custom SLE12 image

This Dockerfile creates a simple Docker image based on SLE12:

FROM suse/sles12:latest

RUN zypper ref -s
RUN zypper -n in vim

When the Docker host machine is registered against an internal SMT server the Docker image requires the ssl certificate used by SMT:

FROM suse/sles12:latest

# Import the crt file of our private SMT server
ADD http://smt.test.lan/smt.crt /etc/pki/trust/anchors/smt.crt
RUN update-ca-certificates

RUN zypper ref -s
RUN zypper -n in vim

Creating a custom SLE11SP3 image

This Dockerfile creates a simple Docker image based on SLE11:

FROM suse/sles11sp3:latest

RUN zypper ref -s
RUN zypper -n in vim

When the Docker host machine is registered against an internal SMT server the Docker image requires the ssl certificate used by SMT:

FROM suse/sles11sp3:latest

# Import the crt file of our private SMT server
ADD http://smt.test.lan/smt.crt /etc/ssl/certs/smt.pem
RUN c_rehash /etc/ssl/certs

RUN zypper ref -s
RUN zypper -n in vim

Additional documentation

For more information visit the SUSE's Docker documentation page.

License

sle2docker is released under the MIT license.