Image Customizer: Improve docs for chroot. (#9101)
This commit is contained in:
Chris Gunn
GitHub
Родитель
8693ee40fb
Коммит
48b1f7bfd2
|
|
@ -3,10 +3,10 @@
|
||||||
The Azure Linux Image Customizer is a tool that can take an existing generic Azure Linux
|
The Azure Linux Image Customizer is a tool that can take an existing generic Azure Linux
|
||||||
image and modify it to be suited for particular scenario.
|
image and modify it to be suited for particular scenario.
|
||||||
|
|
||||||
MIC uses [chroot](https://en.wikipedia.org/wiki/Chroot) (and loopback block devices) to
|
The Image Customizer uses [chroot](https://en.wikipedia.org/wiki/Chroot) (and loopback
|
||||||
customize the image.
|
block devices) to customize the image.
|
||||||
This is the same technology used to build the Azure Linux images (along with most other
|
This is the same technology used to build the Azure Linux images, along with most other
|
||||||
Linux distros).
|
Linux distros.
|
||||||
This is in contrast to some other image customization tools, like Packer, which
|
This is in contrast to some other image customization tools, like Packer, which
|
||||||
customize the image by booting it inside a VM.
|
customize the image by booting it inside a VM.
|
||||||
|
|
||||||
|
|
@ -22,9 +22,8 @@ Advantages:
|
||||||
|
|
||||||
Disadvantages:
|
Disadvantages:
|
||||||
|
|
||||||
- Not all Linux tools play nicely when run under chroot. (Though most of the most
|
- Not all Linux tools play nicely when run under chroot.
|
||||||
common tools do play nicely since they are used to build Linux images under chroot.)
|
So, some customizations aren't possible using the Image Customizer.
|
||||||
So, some customizations aren't possible to do using MIC.
|
|
||||||
(For example, initializing a Kubernetes cluster node.)
|
(For example, initializing a Kubernetes cluster node.)
|
||||||
|
|
||||||
## Getting started
|
## Getting started
|
||||||
|
|
@ -83,3 +82,33 @@ Disadvantages:
|
||||||
The customized image is placed in the file that you specified with the
|
The customized image is placed in the file that you specified with the
|
||||||
`--output-image-file` parameter. You can now use this image as you see fit.
|
`--output-image-file` parameter. You can now use this image as you see fit.
|
||||||
(For example, boot it in a Hyper-V VM.)
|
(For example, boot it in a Hyper-V VM.)
|
||||||
|
|
||||||
|
## Things to avoid
|
||||||
|
|
||||||
|
The Image Customizer tool provides the option to run custom scripts as part of the
|
||||||
|
customization process.
|
||||||
|
These can be used to handle scenarios not covered by the Image Customizer tool.
|
||||||
|
However, these scripts are only run within a chroot environment, which while it is kind
|
||||||
|
of similar to containers, is very explicitly not a sandbox environment.
|
||||||
|
So, such scripts have the ability to modify the host build system.
|
||||||
|
|
||||||
|
In particular, you should be very wary of commands that have the ability to change the
|
||||||
|
runtime kernel settings.
|
||||||
|
And even commands that only read runtime kernel settings are probably doing the wrong
|
||||||
|
thing, since the host build system's kernel is likely entirely unrelated to the
|
||||||
|
customized OS's kernel.
|
||||||
|
|
||||||
|
Examples of commands to avoid:
|
||||||
|
|
||||||
|
- `ip`
|
||||||
|
- `iptables`
|
||||||
|
- `iptables-save`
|
||||||
|
- `ip6tables-save`
|
||||||
|
- `sysctl`
|
||||||
|
|
||||||
|
Instead, you should you make use of config files that set the runtime kernel settings
|
||||||
|
during OS boot.
|
||||||
|
|
||||||
|
Example config directories to use instead:
|
||||||
|
|
||||||
|
- `/etc/sysctl.d` (`systemd-sysctl.service`)
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче