Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building containers and images in and for openSUSE

Building containers and images in and for openSUSE

In this talk I explain how containers based on openSUSE Leap and Tumbleweed should be built and how the process for building and submitting official images works.

E86ebd841cf10a80bc5e40aa24ef826d?s=128

Fabian Vogt

May 24, 2019
Tweet

Transcript

  1. Building containers and images in and for (open)SUSE How it

    works, what to do and what to avoid. Release Engineer - SUSE Fabian Vogt fvogt@suse.com fvogt on freenode.net
  2. Slide 2/26 Containers? Images? Containers! VM Images and Live media!

  3. Slide 3/26 Source Code

  4. Slide 4/26 Our tools • Not only for packages, also

    supports images • Recently gained ability to handle container images natively • Central tool for official openSUSE components
  5. Slide 5/26 Our tools • Integration into OBS • Builds

    all kinds of images for all kinds of distros KIWI
  6. Slide 6/26 Components image.kiwi Metadata Packages config.sh Configuration Packages Provided

    by OBS Note the project configuration archive.tar.xz Custom files Container images Bootable disk images KIWI
  7. Slide 7/26 Structure of a kiwi image description • XML

    Header • OBS metainfo • Image metainfo: Name, author etc. • Image profiles
  8. Slide 8/26 • Image type and the specific configuration (container

    metainfo, subvolumes etc.) • Version • Package manager configuration
  9. Slide 9/26 • List of repositories (just use obsrepositories:/ everywhere)

    • List of image and bootstrap packages
  10. Slide 10/26 Image Templates on OBS • Get started easily

    with JeOS or derived container images • „New Image“ on the OBS start page
  11. Slide 11/26 Size is important

  12. Slide 12/26 Package selection • What‘s the use case? •

    Don‘t break hard dependencies – that causes breakage. If a broken dep doesn‘t cause breakage, the dep is wrong. • Use patterns if possible:
  13. Slide 13/26 Dive into soft dependencies • Soft dependencies are

    Recommends and Supplements (Suggests and Enhances don‘t matter in this case) • A HUGE amount of packages (and patterns) are recommended. Too much to fit on a CD or even DVD now. • They can be important though: – breeze4-style Supplements: packageand(breeze5-style:libqt4) – minimal_base pattern: Recommends: grub2
  14. Slide 14/26 What to do with soft deps? Disable soft

    deps • Used for JeOS and container images • Patterns can help a lot • Needs QA – something might not work as expected Enable soft deps and blacklist packages (<ignore name=“foo“/>) • Used for live media • Can get messy, blacklist has to be adapted regularly
  15. Slide 15/26 rpm --excludedocs • Documentation files are marked as

    such in .rpm files and the package database • Installation can be disabled in zypp.conf (rpm.install.excludedocs = yes) and kiwi (<rpm-excludedocs>true</rpm-excludedocs>) • Kiwi does not write it into the target‘s zypp.conf: → Do that in config.sh • Previously, license files were marked as %doc – mostly fixed in Tumbleweed now, but not completely in Leap (and SLE). Make sure that all packages have their license files available on the medium.
  16. Container images are special • No block devices, no kernel,

    no /sbin/init required • Metadata is much more important – Name is now global, e.g. opensuse/leap:15.1 – Labels are necessary for usability • Derived containers are built on top of other image(s)
  17. How container labels are defined • We need labels for

    e.g. image version and build count • Labels need to be duplicated to be visible in derived images
  18. How container labels are defined • OBS Services to the

    rescue!
  19. Slide 19/26 What makes an image official? • Builds inside

    the openSUSE: namespace on OBS (→ uses the official openSUSE key for signing!) • Went through openSUSE review processes • Only uses packages from inside openSUSE: for building
  20. Slide 20/26 Submitting official images to openSUSE • Just like

    packages: osc sr openSUSE:(Factory:Leap)(:Update) • Poke the release team by mail or IRC to get new images published on download.opensuse.org or registry.o.o
  21. Slide 21/26 KIWI Profiles • One .kiwi file → multiple

    images: Different image types and package selection Combine with OBS _multibuild: + +
  22. Slide 22/26 KIWI Profiles: MicroOS as example • Profile =

    Flavor + Platform, e.g. ContainerHost-kvm-and-xen • Implemented using kiwi profile dependencies
  23. Slide 23/26 live-add-yast-repos • Package setting up repos for the

    used openSUSE version • Uses ultimate source of truth: skelcd control.xml • Install the „live-add-yast-repos“ package and call add-yast-repos in config.sh. • The package can be removed again.
  24. Slide 24/26 openSUSE image release process • Built inside openSUSE:Factory/images

    • Binaries released into openSUSE:Factory:ToTest/appliances or /containers • openQA pulls it from there • If openQA is successful, :ToTest/images is publish enabled and /containers released into openSUSE:Containers:Tumbleweed • openSUSE:Containers publishes directly to registry.opensuse.org • Bot copies container images to registry-1.docker.io
  25. Slide 25/26 Resources • https://en.opensuse.org/Building_derived_containers • https://build.opensuse.org/image_templates • https://opensource.suse.com/kiwi/development/schema.html

  26. The end