/
Dockerfile.j2
31 lines (25 loc) · 1.3 KB
/
Dockerfile.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
{% if item.image in ["centos:7"] %}
RUN yum install -y python sudo bash iproute libselinux-python selinux-policy firewalld && systemctl enable firewalld && yum clean all
{% else %}
RUN yum install -y python sudo bash iproute python3-libselinux selinux-policy firewalld && systemctl enable firewalld && yum clean all
{% endif %}
VOLUME [ "/sys/fs/cgroup" ]
# NOTE(Gonéri) Ninja hack to prevent firewalld from loading extra kernel modules
RUN sed -i 's,<module name="nf_conntrack_tftp"/>,,' /usr/lib/firewalld/services/tftp.xml && rm -f /sbin/ebtables*
RUN adduser centos && \
echo 'centos ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/90-centos && \
chmod 440 /etc/sudoers.d/90-centos