Creating an AI-VAULT Image
Create an AI-VAULT image before installing AI-VAULT. This section describes how to create an image. You can modify the Dockerfile if needed.
The Dockerfile in the software package is for reference only. You can custom an image based on the example. After the image is created, perform security hardening in a timely manner. For example, fix vulnerabilities in base images and perform security hardening on vulnerabilities caused by third-party dependencies.
Creating an Image
- Obtain the AI-VAULT software package. For details, see Component Preparation.
- Log in as the root user, upload the software package to a private directory on the server, and decompress the package.
- Go to the decompressed directory, run the vi Dockerfile command, modify the Dockerfile based on the security requirements of your organization, and save the modification. Note that AiVault is an example user name. Ensure that the software source is reachable.
FROM ubuntu:{version} # Ubuntu 18.04/20.04 RUN useradd -d /home/AiVault -u 9001 -m -s /usr/sbin/nologin AiVault && \ usermod root -s /usr/sbin/nologin RUN apt update && \ apt-get install libssl1.1 -y WORKDIR /home/AiVault COPY --chown=AiVault:AiVault ./ai-vault /home/AiVault/ai-vault COPY --chown=AiVault:AiVault ./lib /home/AiVault/lib RUN mkdir -p /home/AiVault/.ai-vault && \ chown -R AiVault:AiVault /home/AiVault/.ai-vault &&\ chmod -R 500 /home/AiVault && \ chmod -R 700 /home/AiVault/.ai-vault &&\ chmod 700 /home/AiVault &&\ echo 'umask 077' >> /etc/profile && \ echo 'source /etc/profile' >> /home/AiVault/.bashrc ENV LD_LIBRARY_PATH=/home/AiVault/lib # using AiVault as default user USER AiVault - Run the docker build command to create an image.
docker build --no-cache=true -t image name_system architecture:image tag .
Do not omit . at the end of the command.
The following is a creation example:# docker build --no-cache -t image name_system architecture:image tag .. Sending build context to Docker daemon 13.32MB Step 1/9 : FROM ubuntu:18.04 ---> 20fffa419e3a Step 2/9 : RUN useradd -d /home/AiVault -u 9001 -m -s /usr/sbin/nologin AiVault && usermod root -s /usr/sbin/nologin ---> Running in 7fe41c44aafa Removing intermediate container 7fe41c44aafa ---> da4e3b304240 Step 3/9 : RUN apt update && apt-get install libssl1.1 -y ---> Running in e2b021e420ea Removing intermediate container e2b021e420ea ---> 75a754cbf770 Step 4/9 : WORKDIR /home/AiVault ---> Running in 26a27797833c Removing intermediate container 26a27797833c ---> 31f2a3dbd20e Step 5/9 : COPY --chown=AiVault:AiVault ./ai-vault /home/AiVault/ai-vault ---> 1363eecd287f Step 6/9 : COPY --chown=AiVault:AiVault ./lib /home/AiVault/lib ---> 91e49bd13648 Step 7/9 : RUN mkdir -p /home/AiVault/.ai-vault && chown -R AiVault:AiVault /home/AiVault/.ai-vault && chmod -R 500 /home/AiVault && chmod -R 700 /home/AiVault/.ai-vault && chmod 700 /home/AiVault && echo 'umask 077' >> /etc/profile && echo 'source /etc/profile' >> /home/AiVault/.bashrc ---> Running in 69bec3585cc5 Removing intermediate container 69bec3585cc5 ---> 11571b54edde Step 8/9 : ENV LD_LIBRARY_PATH=/home/AiVault/lib ---> Running in 88eef21aa248 Removing intermediate container 88eef21aa248 ---> 96ff5fde5dce Step 9/9 : USER AiVault ---> Running in 7ca7c70bbcb1 Removing intermediate container 7ca7c70bbcb1 ---> 197f4e8780ca Successfully built 197f4e8780ca Successfully tagged ai-vault:v3.0.0
- (Optional) Distribute the image.
If you want to install the component on multiple servers, you can create one image for CPUs of the same architecture, and distribute the image to other compute nodes through your private image repository. For details, see Docker instructions.
Parent topic: Installation Preparations