Container Image as OS Appendix

Introduction

ⓘ Note

This feature is only available in certain products and to selected customers.


This document describes how to use “image appendix” for container images. This is highly useful for cases where external storage is not availble, or when a single system image is required for deploying upgrades.

The method implies appending a WeOS 5 binary image with a signed appendix. The appendix itself can be one or more container images, but also other data, like branding or custom configuration files, none of which are covered in this document.

The document utilizes a NetBox derived application demo for the application container image and the sqsq-tool for signing the appendix.

+---------+------------+
|         |            |
|  WeOS5  |  Appendix  |
|         |            |
+---------+------------+

Create the Container Image

To create your own container image follow the instructions in Building a Netbox container image. This includes the subsections “Introduction”, “Cloning Netbox repository” and “Configure and build”. In this example we will use a released container backbone.

Create the Appendix

Create the appendix by setting up the lib/app/images subdirectory and place the container image inside it. Then generate the squasfs appendix using the appendix directory created.

Resulting directory structure:

host:~$ tree appendix
appendix/
`-- lib/
    `-- app/
        `-- images/
            `-- backbone-coronet-1.0.0.img

Example:

host:~$ mkdir -p appendix/lib/app/images
host:~$ cd appendix/lib/app/images/
host:~/appendix/lib/app/images$ wget \
     https://github.com/westermo/app-demo/releases/download/1.0.0/backbone-coronet-1.0.0.img
host:~/appendix/lib/app/images$ cd -
host:~$ mksquashfs appendix appendix.sqsh

Appendix Signing

Use the sqsq-tool to sign the appendix. Follow the instructions to build and install on your host system.

host:~$ sqsq-create -o appendix.bin appendix.sqsh

Now we have a signed appendix in the file appendix.bin.

Create Final Image

If the WeOS image for the specific target (not the .pkg file for all targets) is named WeOS-image.bin and is located in our current directory then we can simply concatenate the weos image with the appendix as shown in the example below.

host:~$ cat WeOS-image.bin appendix.bin > WeOS-image-with-appendix.bin

Upgrade the device using the generated image.

The appendix will be mounted as read-only under /opt this means that container images inside image appendix can not be removed.

Container Application Configuration

Configure the app as described in Building a Netbox container image starting from section “Configure the Netbox app”.