Creating a Container Image

Switch to the root user and perform the following steps to prepare the Dockerfile:
1. Go to the directory where the image package is stored and run the following command to create a dockerfile (for example, Dockerfile):
```
vim Dockerfile
```
2. For details, see Compilation Description. After writing the content, run the :wq command to save the content.
3. Ensure that the files required during the creation meet the security requirements of your organization.
Go to the directory where the software packages are stored and run the following command to create a container image. Do not omit the period (.) at the end of the command.
```
docker build  --no-cache=true -t image name:image tag .
```
See the following example:
```
docker build  --no-cache=true -t cfs-infer:v1 .
```
Table 1 describes the commands.

Table 1 Parameters in the commands
Parameter

Description

-t

Image name.

Image name_System architecture:Image tag

Image name and tag. Change them based on the actual situation.

If "Successfully built xxx" is displayed, the image has been created.

**Table 1** Parameters in the commands
Parameter	Description
-t	Image name.
Image name_System architecture:Image tag	Image name and tag. Change them based on the actual situation.

After the image is created, run the following command to view the image information:

docker images

Example command output:

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
cfs-infer           v1                  fffbd83be42a        X minutes ago       XXXMB

(Optional) If you need to import the image to another device, run the following command to export the image first:
```
docker save -o cfs-infer.tar cfs-infer:v1
```
- -o: input parameter
- cfs-infer.tar: name of the image to be exported.
- cfs-infer:v1: image name:image tag.

Compilation Description

Dockerfile compilation sample

# Basic inference image
FROM ${basic image name}

RUN  chmod 700 /home/hwMindX && \
    mkdir /run/secrets/  && \
    chown hwMindX:hwMindX /run/secrets  && \
    chmod 700 /run/secrets && \
    mkdir /job && \
    chown hwMindX:hwMindX -R /job && \
    echo 'umask 077' >> /etc/profile && \
    apt update && apt-get install libssl1.1 -y && \
    echo 'source /etc/profile' >> /home/hwMindX/.bashrc

# Copy the image package to /job.
COPY --chown=hwMindX:hwMindX . /job/

# hwMindX is used as the default user of the container
USER hwMindX
WORKDIR /job
ENV LD_LIBRARY_PATH=/job/crypto_fs/lib:$LD_LIBRARY_PATH

The default user and user group for installing the driver are HwHiAiUser and its user group. When creating an image, ensure that the user in the image is in the user group of HwHiAiUser.
If the running user of the inference container is the root user, there will be security risks in permission control. Do not use the root user to run inference in the container.
If the running user of the inference container must be the root user, use the --install-for-all parameter when installing the driver. After the installation, all users will have the permission. This parameter has security risks. For details, see the driver and firmware installation guide.

Parent topic: Containerized Inference in Edge Scenarios