Slide 1

Slide 1 text

Building containers and images in and for (open)SUSE How it works, what to do and what to avoid. Release Engineer - SUSE Fabian Vogt [email protected] fvogt on freenode.net

Slide 2

Slide 2 text

Slide 2/26 Containers? Images? Containers! VM Images and Live media!

Slide 3

Slide 3 text

Slide 3/26 Source Code

Slide 4

Slide 4 text

Slide 4/26 Our tools ● Not only for packages, also supports images ● Recently gained ability to handle container images natively ● Central tool for official openSUSE components

Slide 5

Slide 5 text

Slide 5/26 Our tools ● Integration into OBS ● Builds all kinds of images for all kinds of distros KIWI

Slide 6

Slide 6 text

Slide 6/26 Components image.kiwi Metadata Packages config.sh Configuration Packages Provided by OBS Note the project configuration archive.tar.xz Custom files Container images Bootable disk images KIWI

Slide 7

Slide 7 text

Slide 7/26 Structure of a kiwi image description ● XML Header ● OBS metainfo ● Image metainfo: Name, author etc. ● Image profiles

Slide 8

Slide 8 text

Slide 8/26 ● Image type and the specific configuration (container metainfo, subvolumes etc.) ● Version ● Package manager configuration

Slide 9

Slide 9 text

Slide 9/26 ● List of repositories (just use obsrepositories:/ everywhere) ● List of image and bootstrap packages

Slide 10

Slide 10 text

Slide 10/26 Image Templates on OBS ● Get started easily with JeOS or derived container images ● „New Image“ on the OBS start page

Slide 11

Slide 11 text

Slide 11/26 Size is important

Slide 12

Slide 12 text

Slide 12/26 Package selection ● What‘s the use case? ● Don‘t break hard dependencies – that causes breakage. If a broken dep doesn‘t cause breakage, the dep is wrong. ● Use patterns if possible:

Slide 13

Slide 13 text

Slide 13/26 Dive into soft dependencies ● Soft dependencies are Recommends and Supplements (Suggests and Enhances don‘t matter in this case) ● A HUGE amount of packages (and patterns) are recommended. Too much to fit on a CD or even DVD now. ● They can be important though: – breeze4-style Supplements: packageand(breeze5-style:libqt4) – minimal_base pattern: Recommends: grub2

Slide 14

Slide 14 text

Slide 14/26 What to do with soft deps? Disable soft deps ● Used for JeOS and container images ● Patterns can help a lot ● Needs QA – something might not work as expected Enable soft deps and blacklist packages () ● Used for live media ● Can get messy, blacklist has to be adapted regularly

Slide 15

Slide 15 text

Slide 15/26 rpm --excludedocs ● Documentation files are marked as such in .rpm files and the package database ● Installation can be disabled in zypp.conf (rpm.install.excludedocs = yes) and kiwi (true) ● Kiwi does not write it into the target‘s zypp.conf: → Do that in config.sh ● Previously, license files were marked as %doc – mostly fixed in Tumbleweed now, but not completely in Leap (and SLE). Make sure that all packages have their license files available on the medium.

Slide 16

Slide 16 text

Container images are special ● No block devices, no kernel, no /sbin/init required ● Metadata is much more important – Name is now global, e.g. opensuse/leap:15.1 – Labels are necessary for usability ● Derived containers are built on top of other image(s)

Slide 17

Slide 17 text

How container labels are defined ● We need labels for e.g. image version and build count ● Labels need to be duplicated to be visible in derived images

Slide 18

Slide 18 text

How container labels are defined ● OBS Services to the rescue!

Slide 19

Slide 19 text

Slide 19/26 What makes an image official? ● Builds inside the openSUSE: namespace on OBS (→ uses the official openSUSE key for signing!) ● Went through openSUSE review processes ● Only uses packages from inside openSUSE: for building

Slide 20

Slide 20 text

Slide 20/26 Submitting official images to openSUSE ● Just like packages: osc sr openSUSE:(Factory:Leap)(:Update) ● Poke the release team by mail or IRC to get new images published on download.opensuse.org or registry.o.o

Slide 21

Slide 21 text

Slide 21/26 KIWI Profiles ● One .kiwi file → multiple images: Different image types and package selection Combine with OBS _multibuild: + +

Slide 22

Slide 22 text

Slide 22/26 KIWI Profiles: MicroOS as example ● Profile = Flavor + Platform, e.g. ContainerHost-kvm-and-xen ● Implemented using kiwi profile dependencies

Slide 23

Slide 23 text

Slide 23/26 live-add-yast-repos ● Package setting up repos for the used openSUSE version ● Uses ultimate source of truth: skelcd control.xml ● Install the „live-add-yast-repos“ package and call add-yast-repos in config.sh. ● The package can be removed again.

Slide 24

Slide 24 text

Slide 24/26 openSUSE image release process ● Built inside openSUSE:Factory/images ● Binaries released into openSUSE:Factory:ToTest/appliances or /containers ● openQA pulls it from there ● If openQA is successful, :ToTest/images is publish enabled and /containers released into openSUSE:Containers:Tumbleweed ● openSUSE:Containers publishes directly to registry.opensuse.org ● Bot copies container images to registry-1.docker.io

Slide 25

Slide 25 text

Slide 25/26 Resources ● https://en.opensuse.org/Building_derived_containers ● https://build.opensuse.org/image_templates ● https://opensource.suse.com/kiwi/development/schema.html

Slide 26

Slide 26 text

The end