-
Notifications
You must be signed in to change notification settings - Fork 70
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: ckyrouac <ckyrouac@redhat.com>
- Loading branch information
Showing
2 changed files
with
50 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| # Management services | ||
|
|
||
| When running a fleet of systems, it is common to use a central management service. Commonly, these services provide a client to be installed on each system which connects to the central service. Often, the management service requires the client to perform a one time registration. The following example shows how to install the client into a bootc image and run it at startup to register the system. | ||
|
|
||
| ```Dockerfile | ||
| FROM <bootc base image> | ||
|
|
||
| # Typically when using a management service, it will determine when to upgrade the system. | ||
| # So, disable bootc-fetch-apply-updates.timer if it is included in the base image. | ||
| systemctl disable bootc-fetch-apply-updates.timer | ||
|
|
||
| # Install the client from dnf, or some other method that applies for your client | ||
| RUN dnf install management-client -y && dnf clean all | ||
|
|
||
| # Bake the credentials for the management service into the image | ||
| ARG activation_key=<INSERT KEY HERE> | ||
|
|
||
| # The existence of .run_next_boot acts as a flag to determine if the | ||
| # registration is required to run when booting | ||
| RUN touch /etc/management-client/.run_next_boot | ||
|
|
||
| COPY <<"EOT" /usr/lib/systemd/system/management-client.service | ||
| [Unit] | ||
| Description=Run management client at boot | ||
| After=network-online.target | ||
| ConditionPathExists=/etc/management-client/.run_client_next_boot | ||
|
|
||
| [Service] | ||
| Type=oneshot | ||
| EnvironmentFile=/etc/management-client/.credentials | ||
| ExecStart=/usr/bin/management-client register --activation-key ${CLIENT_ACTIVATION_KEY} | ||
| ExecStartPre=/bin/rm -f /etc/management-client/.run_next_boot | ||
| ExecStop=/bin/rm -f /etc/management-client/.credentials | ||
|
|
||
| [Install] | ||
| WantedBy=multi-user.target | ||
| EOT | ||
|
|
||
| # Link the service to run at startup | ||
| RUN ln -s /usr/lib/systemd/system/management-client.service /etc/systemd/system/multi-user.target.wants/management-client.service | ||
|
|
||
| # Store the credentials in a file to be used by the systemd service | ||
| RUN echo -e "CLIENT_ACTIVATION_KEY=${activation_key}" > /etc/management-client/.credentials | ||
|
|
||
| # Set the flag to enable the service to run one time | ||
| # The systemd service will remove this file after the registration completes the first time | ||
| RUN touch /etc/management-client/.run_next_boot | ||
| ``` | ||
|
|