Building containers and images in and for openSUSE

Transcript

1. Building containers and images in and for (open)SUSE How it

   works, what to do and what to avoid. Release Engineer - SUSE Fabian Vogt [email protected] fvogt on freenode.net

2. Slide 2/26 Containers? Images? Containers! VM Images and Live media!

3. Slide 3/26 Source Code

4. Slide 4/26 Our tools • Not only for packages, also

   supports images • Recently gained ability to handle container images natively • Central tool for official openSUSE components

5. Slide 5/26 Our tools • Integration into OBS • Builds

   all kinds of images for all kinds of distros KIWI

6. Slide 6/26 Components image.kiwi Metadata Packages config.sh Configuration Packages Provided

   by OBS Note the project configuration archive.tar.xz Custom files Container images Bootable disk images KIWI

7. Slide 7/26 Structure of a kiwi image description • XML

   Header • OBS metainfo • Image metainfo: Name, author etc. • Image profiles

8. Slide 8/26 • Image type and the specific configuration (container

   metainfo, subvolumes etc.) • Version • Package manager configuration

9. Slide 9/26 • List of repositories (just use obsrepositories:/ everywhere)

   • List of image and bootstrap packages

10. Slide 10/26 Image Templates on OBS • Get started easily

    with JeOS or derived container images • „New Image“ on the OBS start page

11. Slide 11/26 Size is important

12. Slide 12/26 Package selection • What‘s the use case? •

    Don‘t break hard dependencies – that causes breakage. If a broken dep doesn‘t cause breakage, the dep is wrong. • Use patterns if possible:

13. Slide 13/26 Dive into soft dependencies • Soft dependencies are

    Recommends and Supplements (Suggests and Enhances don‘t matter in this case) • A HUGE amount of packages (and patterns) are recommended. Too much to fit on a CD or even DVD now. • They can be important though: – breeze4-style Supplements: packageand(breeze5-style:libqt4) – minimal_base pattern: Recommends: grub2

14. Slide 14/26 What to do with soft deps? Disable soft

    deps • Used for JeOS and container images • Patterns can help a lot • Needs QA – something might not work as expected Enable soft deps and blacklist packages (<ignore name=“foo“/>) • Used for live media • Can get messy, blacklist has to be adapted regularly

15. Slide 15/26 rpm --excludedocs • Documentation files are marked as

    such in .rpm files and the package database • Installation can be disabled in zypp.conf (rpm.install.excludedocs = yes) and kiwi (<rpm-excludedocs>true</rpm-excludedocs>) • Kiwi does not write it into the target‘s zypp.conf: → Do that in config.sh • Previously, license files were marked as %doc – mostly fixed in Tumbleweed now, but not completely in Leap (and SLE). Make sure that all packages have their license files available on the medium.

16. Container images are special • No block devices, no kernel,

    no /sbin/init required • Metadata is much more important – Name is now global, e.g. opensuse/leap:15.1 – Labels are necessary for usability • Derived containers are built on top of other image(s)

17. How container labels are defined • We need labels for

    e.g. image version and build count • Labels need to be duplicated to be visible in derived images

18. How container labels are defined • OBS Services to the

    rescue!

19. Slide 19/26 What makes an image official? • Builds inside

    the openSUSE: namespace on OBS (→ uses the official openSUSE key for signing!) • Went through openSUSE review processes • Only uses packages from inside openSUSE: for building

20. Slide 20/26 Submitting official images to openSUSE • Just like

    packages: osc sr openSUSE:(Factory:Leap)(:Update) • Poke the release team by mail or IRC to get new images published on download.opensuse.org or registry.o.o

21. Slide 21/26 KIWI Profiles • One .kiwi file → multiple

    images: Different image types and package selection Combine with OBS _multibuild: + +

22. Slide 22/26 KIWI Profiles: MicroOS as example • Profile =

    Flavor + Platform, e.g. ContainerHost-kvm-and-xen • Implemented using kiwi profile dependencies

23. Slide 23/26 live-add-yast-repos • Package setting up repos for the

    used openSUSE version • Uses ultimate source of truth: skelcd control.xml • Install the „live-add-yast-repos“ package and call add-yast-repos in config.sh. • The package can be removed again.

24. Slide 24/26 openSUSE image release process • Built inside openSUSE:Factory/images

    • Binaries released into openSUSE:Factory:ToTest/appliances or /containers • openQA pulls it from there • If openQA is successful, :ToTest/images is publish enabled and /containers released into openSUSE:Containers:Tumbleweed • openSUSE:Containers publishes directly to registry.opensuse.org • Bot copies container images to registry-1.docker.io

25. Slide 25/26 Resources • https://en.opensuse.org/Building_derived_containers • https://build.opensuse.org/image_templates • https://opensource.suse.com/kiwi/development/schema.html

26. The end