|
| 1 | +# Management services |
| 2 | + |
| 3 | +When running a fleet of systems, it is common to use a central management service. Commonly, these services provide a client to be installed on each system which connects to the central service. Often, the management service requires the client to perform a one time registration. |
| 4 | + |
| 5 | +The following example shows how to install the client into a bootc image and run it at startup to register the system. This example assumes the management-client handles future connections to the server, e.g. via a cron job or a separate systemd service. This example could be modified to create a persistent systemd service if that is required. The Containerfile is not optimized in order to more clarly explain each step, e.g. it's generally better to invoke RUN a single time to avoid creating multiple layers in the image. |
| 6 | + |
| 7 | +```Dockerfile |
| 8 | +FROM <bootc base image> |
| 9 | + |
| 10 | +# Typically when using a management service, it will determine when to upgrade the system. |
| 11 | +# So, disable bootc-fetch-apply-updates.timer if it is included in the base image. |
| 12 | +RUN systemctl disable bootc-fetch-apply-updates.timer |
| 13 | + |
| 14 | +# Install the client from dnf, or some other method that applies for your client |
| 15 | +RUN dnf install management-client -y && dnf clean all |
| 16 | + |
| 17 | +# Bake the credentials for the management service into the image |
| 18 | +ARG activation_key= |
| 19 | + |
| 20 | +# The existence of .run_next_boot acts as a flag to determine if the |
| 21 | +# registration is required to run when booting |
| 22 | +RUN touch /etc/management-client/.run_next_boot |
| 23 | + |
| 24 | +COPY <<"EOT" /usr/lib/systemd/system/management-client.service |
| 25 | +[Unit] |
| 26 | +Description=Run management client at boot |
| 27 | +After=network-online.target |
| 28 | +ConditionPathExists=/etc/management-client/.run_client_next_boot |
| 29 | + |
| 30 | +[Service] |
| 31 | +Type=oneshot |
| 32 | +EnvironmentFile=/etc/management-client/.credentials |
| 33 | +ExecStart=/usr/bin/management-client register --activation-key ${CLIENT_ACTIVATION_KEY} |
| 34 | +ExecStartPre=/bin/rm -f /etc/management-client/.run_next_boot |
| 35 | +ExecStop=/bin/rm -f /etc/management-client/.credentials |
| 36 | + |
| 37 | +[Install] |
| 38 | +WantedBy=multi-user.target |
| 39 | +EOT |
| 40 | + |
| 41 | +# Link the service to run at startup |
| 42 | +RUN ln -s /usr/lib/systemd/system/management-client.service /usr/lib/systemd/system/multi-user.target.wants/management-client.service |
| 43 | + |
| 44 | +# Store the credentials in a file to be used by the systemd service |
| 45 | +RUN echo -e "CLIENT_ACTIVATION_KEY=${activation_key}" > /etc/management-client/.credentials |
| 46 | + |
| 47 | +# Set the flag to enable the service to run one time |
| 48 | +# The systemd service will remove this file after the registration completes the first time |
| 49 | +RUN touch /etc/management-client/.run_next_boot |
| 50 | +``` |
| 51 | + |
0 commit comments