|
2 | 2 |
|
3 | 3 | When running a fleet of systems, it is common to use a central management service. Commonly, these services provide a client to be installed on each system which connects to the central service. Often, the management service requires the client to perform a one time registration. |
4 | 4 |
|
5 | | -The following example shows how to install the client into a bootc image and run it at startup to register the system. This example assumes the management-client handles future connections to the server, e.g. via a cron job or a separate systemd service. This example could be modified to create a persistent systemd service if that is required. The Containerfile is not optimized in order to more clarly explain each step, e.g. it's generally better to invoke RUN a single time to avoid creating multiple layers in the image. |
| 5 | +The following example shows how to install the client into a bootc image and run it at first boot to register the system. This example assumes the management-client handles future connections to its management server, e.g. via a cron job or a separate systemd service. This example could be modified to create a persistent systemd service if that is required. The Containerfile is not optimized in order to more clearly explain each step, e.g. it's generally better to invoke RUN a single time to avoid creating multiple layers in the image. |
6 | 6 |
|
7 | 7 | ```Dockerfile |
8 | 8 | FROM <bootc base image> |
9 | 9 |
|
| 10 | +# Bake the credentials for the management service into the image. |
| 11 | +ARG activation_key= |
| 12 | + |
10 | 13 | # Typically when using a management service, it will determine when to upgrade the system. |
11 | 14 | # So, disable bootc-fetch-apply-updates.timer if it is included in the base image. |
12 | 15 | RUN systemctl disable bootc-fetch-apply-updates.timer |
13 | 16 |
|
14 | | -# Install the client from dnf, or some other method that applies for your client |
| 17 | +# Install the client from dnf, or some other method that applies for your client. |
15 | 18 | RUN dnf install management-client -y && dnf clean all |
16 | 19 |
|
17 | | -# Bake the credentials for the management service into the image |
18 | | -ARG activation_key= |
19 | | - |
20 | | -# The existence of .run_next_boot acts as a flag to determine if the |
21 | | -# registration is required to run when booting |
22 | | -RUN touch /etc/management-client/.run_next_boot |
23 | | - |
24 | 20 | COPY <<"EOT" /usr/lib/systemd/system/management-client.service |
25 | 21 | [Unit] |
26 | | -Description=Run management client at boot |
| 22 | +Description=Register with management client on first boot |
27 | 23 | After=network-online.target |
28 | | -ConditionPathExists=/etc/management-client/.run_client_next_boot |
| 24 | +ConditionPathExists=/etc/management-client/.register-on-first-boot |
29 | 25 |
|
30 | 26 | [Service] |
31 | 27 | Type=oneshot |
32 | 28 | EnvironmentFile=/etc/management-client/.credentials |
| 29 | +ExecStartPre=/bin/rm -f /etc/management-client/.register-on-first-boot |
33 | 30 | ExecStart=/usr/bin/management-client register --activation-key ${CLIENT_ACTIVATION_KEY} |
34 | | -ExecStartPre=/bin/rm -f /etc/management-client/.run_next_boot |
35 | 31 | ExecStop=/bin/rm -f /etc/management-client/.credentials |
36 | 32 |
|
37 | 33 | [Install] |
38 | 34 | WantedBy=multi-user.target |
39 | 35 | EOT |
40 | 36 |
|
41 | | -# Link the service to run at startup |
| 37 | +# Link the service to run at startup. |
42 | 38 | RUN ln -s /usr/lib/systemd/system/management-client.service /usr/lib/systemd/system/multi-user.target.wants/management-client.service |
43 | 39 |
|
44 | | -# Store the credentials in a file to be used by the systemd service |
| 40 | +# Store the credentials in a file, so it can used by the systemd service. |
45 | 41 | RUN echo -e "CLIENT_ACTIVATION_KEY=${activation_key}" > /etc/management-client/.credentials |
46 | 42 |
|
47 | | -# Set the flag to enable the service to run one time |
48 | | -# The systemd service will remove this file after the registration completes the first time |
49 | | -RUN touch /etc/management-client/.run_next_boot |
| 43 | +# This file exists as a condition flag for the management-client.service. |
| 44 | +# It will be removed once the registration finishes. |
| 45 | +RUN touch /etc/management-client/.register-on-first-boot |
50 | 46 | ``` |
51 | | - |
0 commit comments