Merge pull request #84641 from jldohmann/OSDOCS-12604

jldohmann · web-flow · commit 288d4c6ca505 · 2024-11-11T12:49:41.000-08:00
OSDOCS-12604: inline containerfiles and update with dnf
diff --git a/machine_configuration/mco-coreos-layering.adoc b/machine_configuration/mco-coreos-layering.adoc
@@ -84,9 +84,21 @@ RUN dnf install -y https://example.com/myrepo/haproxy-1.0.16-5.el8.src.rpm && \
 * *{op-system-base} packages*. You can download {op-system-base-full} packages from the link:https://access.redhat.com/downloads/content/479/ver=/rhel---9/9.1/x86_64/packages[Red Hat Customer Portal], such as chrony, firewalld, and iputils.
 +
 .Example out-of-cluster Containerfile to apply the libreswan utility
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
-include::https://raw.githubusercontent.com/openshift/rhcos-image-layering-examples/master/libreswan/Containerfile[]
+# Get {op-system} base image of target cluster `oc adm release info --image-for rhel-coreos`
+# hadolint ignore=DL3006
+FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...
+
+# Install our config file
+COPY my-host-to-host.conf /etc/ipsec.d/
+
+# {op-system-base} entitled host is needed here to access {op-system-base} packages
+# Install libreswan as extra {op-system-base} package
+RUN dnf install -y libreswan && \
+    dnf clean all && \
+    systemctl enable ipsec && \
+    ostree container commit
 ----
 +
 Because libreswan requires additional {op-system-base} packages, the image must be built on an entitled {op-system-base} host. For RHEL entitlements to work, you must copy the `etc-pki-entitlement` secret into the `openshift-machine-api` namespace. 
@@ -114,9 +126,17 @@ RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.n
 ----
 +
 .Example out-of-cluster Containerfile to apply a third-party package from EPEL
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
-include::https://raw.githubusercontent.com/openshift/rhcos-image-layering-examples/master/htop/Containerfile[]
+# Get {op-system} base image of target cluster `oc adm release info --image-for rhel-coreos`
+# hadolint ignore=DL3006
+FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...
+
+#Enable EPEL (more info at https://docs.fedoraproject.org/en-US/epel/ ) and install htop
+RUN dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \
+    dnf install -y htop && \
+    dnf clean all && \
+    ostree container commit
 ----
 +
 This Containerfile installs the {op-system-base} fish program. Because fish requires additional {op-system-base} packages, the image must be built on an entitled {op-system-base} host. For {op-system-base} entitlements to work, you must copy the `etc-pki-entitlement` secret into the `openshift-machine-api` namespace. 
@@ -134,9 +154,17 @@ RUN dnf install -y https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Pac
 ----
 +
 .Example out-of-cluster Containerfile to apply a third-party package that has {op-system-base} dependencies
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
-include::https://raw.githubusercontent.com/openshift/rhcos-image-layering-examples/master/fish/Containerfile[]
+# Get {op-system} base image of target cluster `oc adm release info --image-for rhel-coreos`
+# hadolint ignore=DL3006
+FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256...
+
+# {op-system-base} entitled host is needed here to access {op-system-base} packages
+# Install fish as third party package from EPEL
+RUN dnf install -y https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/f/fish-3.3.1-3.el9.x86_64.rpm && \
+    dnf clean all && \
+    ostree container commit
 ----
 
 After you create the machine config, the Machine Config Operator (MCO) performs the following steps:
