Lately, I’ve been doing a lot of development work on Tridium Niagara kit. The Tridium platform is fundamentally built on Sun^WOracle’s Java environment, and is very popular in the building management industry. There’s an estimate of over 600000 JACE devices (building management controllers) deployed worldwide, so I can fully understand why my workplace is chasing them.
That means coming to grips with their environment, and getting it to talk to ours. Officially, VRT is a Debian/Ubuntu shop. They used to dabble with Red Hat years ago, back when VRT and Red Hat were next-door neighbours (in Gardner Close, Milton) but VRT switched to Ubuntu around 2008 after a brief flirt with Gentoo. Thus, must of our tooling assumes a Debian-based system.
Docker CE on Debian and Ubuntu is a snap. However, Tridium it would seem, are Red Hat fans, and only support their development environment on Microsoft Windows (yes shudder) or Red Hat Enterprise Linux. Thus, we have a RHEL 7.3 VM we pass around when we’re doing VM development. I figured since we’re trying to link Niagara to WideSky, it would be nice to be able to deploy WideSky on RHEL.
WideSky uses Docker as the basis for its deployment, so this sounded simple enough. Install Docker and docker-compose, throw a bog-standard deployment in there, docker-compose up -d, off we go.
Not so fast.
While there’s Docker EE for RHEL, budget is tight and we really don’t need the support as this isn’t a “production” instance as such. If the VM gets sick we just roll it back to a known good version and continue from there. It doesn’t make sense to spend money on purchasing Docker EE. There’s a CentOS version of Docker CE, and even unofficial instructions on how to shoehorn this into RHEL. I dutifully followed these, but then hit a road-block with container-selinux: the repository no longer has that version.
Rather than looking for what version they have now, or play Russian Roulette hunting for a random RPM from some mirror site (been there, done that many moons ago before I knew better)… a better plan was to grab the sources and sic rpmbuild onto them so we get a RHEL-native binary.
Building container-selinux on RHEL
- Begin by installing dependencies:
# yum install -y selinux-policy selinux-policy-devel rpm-build rpm-devel git
- Download the sources for the RPM:
$ git clone https://git.centos.org/r/rpms/container-selinux.git $ git checkout c7-alt $ cd SPECS
- Have a look at the .spec file to see where it expects to source the sources from, up the top of the file I downloaded, I saw:
%global git0 https://github.com/projectatomic/%{name} %global commit0 dfb449b771ca4977bb7d5fb6cd7be3cfc14d6fca - Fetch the sources, then check out that commit:
$ git clone https://github.com/projectatomic/container-selinux $ git checkout dfb449b771ca4977bb7d5fb6cd7be3cfc14d6fca
- Rename the check-out directory as
container-selinux-${GIT_COMMIT_ID}$ cd .. $ mv container-selinux container-selinux-dfb449b771ca4977bb7d5fb6cd7be3cfc14d6fca
- Package it up into a tarball, excluding the
.gitdirectory and plop that file in~/rpmbuild/SOURCES$ tar --exclude container-selinux-dfb449b771ca4977bb7d5fb6cd7be3cfc14d6fca/.git \ -czvf ~/rpmbuild/sources/container-selinux-dfb449b.tar.gz \ container-selinux-dfb449b771ca4977bb7d5fb6cd7be3cfc14d6fca
- Build!
$ rpmbuild -ba container-selinux.spec
All going to plan, you should have a shiny new RPM file in ~/rpmbuild/RPMS. Install that, then you can proceed with installing the CentOS version of Docker CE. If you’re doing this for a production environment, and absolutely must use Docker CE, then I’d advise that perhaps taking the source RPMs for Docker CE and building those on RHEL would be advisable over using raw CentOS binaries, but each to your own.
# docker info Containers: 0 Running: 0 Paused: 0 Stopped: 0 Images: 0 Server Version: 18.06.0-ce Storage Driver: overlay2 Backing Filesystem: xfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: d64c661f1d51c48782c9cec8fda7604785f93587 runc version: 69663f0bd4b60df09991c08812a60108003fa340 init version: fec3683 Security Options: seccomp Profile: default Kernel Version: 3.10.0-693.11.1.el7.x86_64 Operating System: Red Hat Enterprise Linux OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 3.702GiB Name: localhost.localdomain ID: YVHJ:UXQV:TBAS:E5MH:B4GL:VT2H:A2BW:MQMF:3AGA:FBBX:MINO:24Z6 Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false