Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building containers and images in and for openSUSE

Building containers and images in and for openSUSE

In this talk I explain how containers based on openSUSE Leap and Tumbleweed should be built and how the process for building and submitting official images works.


Fabian Vogt

May 24, 2019


  1. Building containers and images in and for (open)SUSE How it

    works, what to do and what to avoid. Release Engineer - SUSE Fabian Vogt fvogt@suse.com fvogt on freenode.net
  2. Slide 2/26 Containers? Images? Containers! VM Images and Live media!

  3. Slide 3/26 Source Code

  4. Slide 4/26 Our tools • Not only for packages, also

    supports images • Recently gained ability to handle container images natively • Central tool for official openSUSE components
  5. Slide 5/26 Our tools • Integration into OBS • Builds

    all kinds of images for all kinds of distros KIWI
  6. Slide 6/26 Components image.kiwi Metadata Packages config.sh Configuration Packages Provided

    by OBS Note the project configuration archive.tar.xz Custom files Container images Bootable disk images KIWI
  7. Slide 7/26 Structure of a kiwi image description • XML

    Header • OBS metainfo • Image metainfo: Name, author etc. • Image profiles
  8. Slide 8/26 • Image type and the specific configuration (container

    metainfo, subvolumes etc.) • Version • Package manager configuration
  9. Slide 9/26 • List of repositories (just use obsrepositories:/ everywhere)

    • List of image and bootstrap packages
  10. Slide 10/26 Image Templates on OBS • Get started easily

    with JeOS or derived container images • „New Image“ on the OBS start page
  11. Slide 11/26 Size is important

  12. Slide 12/26 Package selection • What‘s the use case? •

    Don‘t break hard dependencies – that causes breakage. If a broken dep doesn‘t cause breakage, the dep is wrong. • Use patterns if possible:
  13. Slide 13/26 Dive into soft dependencies • Soft dependencies are

    Recommends and Supplements (Suggests and Enhances don‘t matter in this case) • A HUGE amount of packages (and patterns) are recommended. Too much to fit on a CD or even DVD now. • They can be important though: – breeze4-style Supplements: packageand(breeze5-style:libqt4) – minimal_base pattern: Recommends: grub2
  14. Slide 14/26 What to do with soft deps? Disable soft

    deps • Used for JeOS and container images • Patterns can help a lot • Needs QA – something might not work as expected Enable soft deps and blacklist packages (<ignore name=“foo“/>) • Used for live media • Can get messy, blacklist has to be adapted regularly
  15. Slide 15/26 rpm --excludedocs • Documentation files are marked as

    such in .rpm files and the package database • Installation can be disabled in zypp.conf (rpm.install.excludedocs = yes) and kiwi (<rpm-excludedocs>true</rpm-excludedocs>) • Kiwi does not write it into the target‘s zypp.conf: → Do that in config.sh • Previously, license files were marked as %doc – mostly fixed in Tumbleweed now, but not completely in Leap (and SLE). Make sure that all packages have their license files available on the medium.
  16. Container images are special • No block devices, no kernel,

    no /sbin/init required • Metadata is much more important – Name is now global, e.g. opensuse/leap:15.1 – Labels are necessary for usability • Derived containers are built on top of other image(s)
  17. How container labels are defined • We need labels for

    e.g. image version and build count • Labels need to be duplicated to be visible in derived images
  18. How container labels are defined • OBS Services to the

  19. Slide 19/26 What makes an image official? • Builds inside

    the openSUSE: namespace on OBS (→ uses the official openSUSE key for signing!) • Went through openSUSE review processes • Only uses packages from inside openSUSE: for building
  20. Slide 20/26 Submitting official images to openSUSE • Just like

    packages: osc sr openSUSE:(Factory:Leap)(:Update) • Poke the release team by mail or IRC to get new images published on download.opensuse.org or registry.o.o
  21. Slide 21/26 KIWI Profiles • One .kiwi file → multiple

    images: Different image types and package selection Combine with OBS _multibuild: + +
  22. Slide 22/26 KIWI Profiles: MicroOS as example • Profile =

    Flavor + Platform, e.g. ContainerHost-kvm-and-xen • Implemented using kiwi profile dependencies
  23. Slide 23/26 live-add-yast-repos • Package setting up repos for the

    used openSUSE version • Uses ultimate source of truth: skelcd control.xml • Install the „live-add-yast-repos“ package and call add-yast-repos in config.sh. • The package can be removed again.
  24. Slide 24/26 openSUSE image release process • Built inside openSUSE:Factory/images

    • Binaries released into openSUSE:Factory:ToTest/appliances or /containers • openQA pulls it from there • If openQA is successful, :ToTest/images is publish enabled and /containers released into openSUSE:Containers:Tumbleweed • openSUSE:Containers publishes directly to registry.opensuse.org • Bot copies container images to registry-1.docker.io
  25. Slide 25/26 Resources • https://en.opensuse.org/Building_derived_containers • https://build.opensuse.org/image_templates • https://opensource.suse.com/kiwi/development/schema.html

  26. The end