Container Image as OS Appendix
Introduction
This feature is only available in certain products and to selected customers.
This document describes how to use “image appendix” for container images. This is highly useful for cases where external storage is not availble, or when a single system image is required for deploying upgrades.
The method implies appending a WeOS 5 binary image with a signed appendix. The appendix itself can be one or more container images, but also other data, like branding or custom configuration files, none of which are covered in this document.
The document utilizes a NetBox derived application demo for the application container image and the sqsq-tool for signing the appendix.
+---------+------------+
| | |
| WeOS5 | Appendix |
| | |
+---------+------------+
Create the Container Image
To create your own container image follow the instructions in Building a Netbox container image. This includes the subsections “Introduction”, “Cloning Netbox repository” and “Configure and build”. In this example we will use a released container backbone.
Create the Appendix
Create the appendix by setting up the lib/app/images
subdirectory and place the container image inside it. Then generate the squasfs appendix using the appendix directory created.
Resulting directory structure:
host:~$ tree appendix
appendix/
`-- lib/
`-- app/
`-- images/
`-- backbone-coronet-1.0.0.img
Example:
host:~$ mkdir -p appendix/lib/app/images host:~$ cd appendix/lib/app/images/ host:~/appendix/lib/app/images$ wget \ https://github.com/westermo/app-demo/releases/download/1.0.0/backbone-coronet-1.0.0.img host:~/appendix/lib/app/images$ cd - host:~$ mksquashfs appendix appendix.sqsh
Appendix Signing
Use the sqsq-tool to sign the appendix. Follow the instructions to build and install on your host system.
host:~$ sqsq-create -o appendix.bin appendix.sqsh
Now we have a signed appendix in the file appendix.bin
.
Create Final Image
If the WeOS image for the specific target (not the .pkg file for all targets) is named WeOS-image.bin and is located in our current directory then we can simply concatenate the weos image with the appendix as shown in the example below.
host:~$ cat WeOS-image.bin appendix.bin > WeOS-image-with-appendix.bin
Upgrade the device using the generated image.
The appendix will be mounted as read-only under /opt
this means that container images inside image appendix can not be removed.
Container Application Configuration
Configure the app as described in Building a Netbox container image starting from section “Configure the Netbox app”.