Updated base image and some more functionality

1. Rebased the image on the centos:8 image
2. Removed all env-var handling code as its basically superseded by the
   systemd `PassEnvironment` option that can be specified on a
   per-unit-file basis
3. Made systemd and journald output go to `/dev/console` which should be
   collected by the container engine automatically
4. Made a new service unit file that tries to run the arguments given
   to the container as commands after all systemd services have started
   and exit the container once those commands are done while returning
   an appropriate return value.
5. It is possible to have environment variables passed to the invoked
   commands by setting variable names in the `ARGS_ENV_INCLUDE` variable
   either when launching the container or when building derived
   containers

Note: The CentOs version upgrade is required, among other things,
because the `systemd` version in CentOS 7 does not support returning
exit codes on exit.

Note: Certain versions of Docker have an issue with collecting
`/dev/console` properly. See the following for explanation:

- systemd/systemd#4262
- moby/moby#27202
- https://bugzilla.redhat.com/show_bug.cgi?id=1373780

This image also include a workaround for the following Podman issue:

- containers/podman#4625

Signed-off-by: Barak Korren <[email protected]>

.dockerignore

@@ -0,0 +1 @@
+*.swp

.gitignore

@@ -0,0 +1 @@
+*.swp

Dockerfile

@@ -1,6 +1,8 @@
-FROM centos:7.6.1810
+FROM centos:8
 
 ENV container docker
+VOLUME ["/sys/fs/cgroup"]
+
 RUN ( \
     cd /lib/systemd/system/sysinit.target.wants/; \
     for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done \
@@ -13,9 +15,13 @@ RUN ( \
     rm -f /lib/systemd/system/basic.target.wants/*; \
     rm -f /lib/systemd/system/anaconda.target.wants/*; \
     touch /etc/sysconfig/network
-COPY sbin/export_environment.sh /sbin/export_environment
-COPY systemd/* /etc/systemd/system/
-RUN chmod +x /sbin/export_environment
-RUN systemctl enable export-environment.service
-VOLUME ["/sys/fs/cgroup"]
-CMD ["/usr/sbin/init"]
+
+COPY sbin/ /sbin/
+COPY etc/ /etc/
+
+ENV ARGS_EXPORT_PATH=/etc/ci-container.args
+# A list of variables to be made available in the environment the given command
+# line args run in
+ENV ARGS_ENV_INCLUDE="ARGS_EXPORT_PATH"
+
+ENTRYPOINT ["/sbin/entrypoint.sh"]

etc/systemd/journald.conf

@@ -0,0 +1,42 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See journald.conf(5) for details.
+
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=10000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+#RuntimeMaxUse=
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+#ForwardToSyslog=no
+#ForwardToKMsg=no
+ForwardToConsole=yes
+#ForwardToWall=yes
+TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+MaxLevelConsole=debug
+#MaxLevelWall=emerg
+#LineMax=48K

etc/systemd/system/run-args.service.in

@@ -0,0 +1,14 @@
+[Unit]
+Description=Run container command
+
+[Service]
+Type=oneshot
+PassEnvironment=ARGS_EXPORT_PATH $ARGS_ENV_INCLUDE
+# Remove this service file so that if the container layer is committed, the
+# resulting image will not contain the given command information
+ExecStartPre=-/usr/bin/systemctl disable --no-reload run-args.service
+ExecStartPre=-/usr/bin/rm -f /etc/systemd/system/run-args.service
+ExecStart=/sbin/run_args.sh ${ARGS_EXPORT_PATH}
+
+[Install]
+WantedBy=multi-user.target

sbin/entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/bash -e
+# Read command-line arguments and store them in a file to be used later
+#
+if [[ $# -gt 0 ]] && [[ $1 ]]; then
+    # Podman seems to have an issue where `podman commit` cannot create images
+    # without a CMD setting, and adding `--change='CMD []'` results in the
+    # command being an array with a single string in it. Therefor we detect that
+    # particular case above and treat it as if a command was not given
+    echo "Got $# command-line arguments, enabling run-args service"
+    printf '%s\n' "$@" > "$ARGS_EXPORT_PATH"
+    # Update list of variables that systemd will pass to invoked process on the
+    # fly. Unfortunately this dirty `sed` is the only way to do that
+    #
+    # We create the *.service file from in *.service.in file rather then making
+    # the change to the file in-place, so that the change can be undone without
+    # leaving overlayfs records behind
+    #
+    /usr/bin/sed -re "s/\\\$ARGS_ENV_INCLUDE/$ARGS_ENV_INCLUDE/" \
+        /etc/systemd/system/run-args.service.in \
+        > /etc/systemd/system/run-args.service \
+    # Enable service to run the arguments
+    systemctl enable run-args.service
+fi
+
+exec /usr/sbin/init

sbin/run_args.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+# run_args.sh - Run command from a given file
+#
+(
+    # Run in a subshell so -e only applies to the commands in parantheses
+    set -e
+    CMD_FILE="${1:?Args file not passed to run_args.sh}"
+    if ! [[ -r "$CMD_FILE" ]]; then
+        echo "run_args.sh: Args file: '$CMD_FILE' not found"
+    fi
+    mapfile -t CMD < "$CMD_FILE"
+    # remove the file since we don't need it anymore
+    rm -f "$CMD_FILE" || :
+    # Finally run the command
+    "${CMD[@]}"
+)
+# Since this script is not running with -e the command below will always run
+systemctl exit $?
+# Exit with 0 so systemd doesn't think the service had failed
+exit 0