Building containers and images in and for openSUSE
In this talk I explain how containers based on openSUSE Leap and Tumbleweed should be built and how the process for building and submitting official images works.
Recommends and Supplements (Suggests and Enhances don‘t matter in this case) • A HUGE amount of packages (and patterns) are recommended. Too much to fit on a CD or even DVD now. • They can be important though: – breeze4-style Supplements: packageand(breeze5-style:libqt4) – minimal_base pattern: Recommends: grub2
deps • Used for JeOS and container images • Patterns can help a lot • Needs QA – something might not work as expected Enable soft deps and blacklist packages (<ignore name=“foo“/>) • Used for live media • Can get messy, blacklist has to be adapted regularly
such in .rpm files and the package database • Installation can be disabled in zypp.conf (rpm.install.excludedocs = yes) and kiwi (<rpm-excludedocs>true</rpm-excludedocs>) • Kiwi does not write it into the target‘s zypp.conf: → Do that in config.sh • Previously, license files were marked as %doc – mostly fixed in Tumbleweed now, but not completely in Leap (and SLE). Make sure that all packages have their license files available on the medium.
no /sbin/init required • Metadata is much more important – Name is now global, e.g. opensuse/leap:15.1 – Labels are necessary for usability • Derived containers are built on top of other image(s)
the openSUSE: namespace on OBS (→ uses the official openSUSE key for signing!) • Went through openSUSE review processes • Only uses packages from inside openSUSE: for building
packages: osc sr openSUSE:(Factory:Leap)(:Update) • Poke the release team by mail or IRC to get new images published on download.opensuse.org or registry.o.o
used openSUSE version • Uses ultimate source of truth: skelcd control.xml • Install the „live-add-yast-repos“ package and call add-yast-repos in config.sh. • The package can be removed again.
• Binaries released into openSUSE:Factory:ToTest/appliances or /containers • openQA pulls it from there • If openQA is successful, :ToTest/images is publish enabled and /containers released into openSUSE:Containers:Tumbleweed • openSUSE:Containers publishes directly to registry.opensuse.org • Bot copies container images to registry-1.docker.io