Bug 1226210

Summary: Container builds - separation of build environment and container content packages
Product: [Internal Novell Products] openSUSE Build Service Reporter: Klaus Kämpf <kkaempf>
Component: build processAssignee: Michael Schröder <mls>
Status: NEW --- QA Contact: Adrian Schröter <adrian.schroeter>
Severity: Normal    
Priority: P5 - None    
Version: master   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Klaus Kämpf 2024-06-12 09:07:00 UTC 
With the Elemental project, we build installable images as containers, esp. including a kernel package.

This repeatedly leads to problems within the build service when setting up the build environment, as it does not properly separate "kernel used for build environment" from "kernel to be install _in_ the container"

Example: https://suse.slack.com/archives/C02BXKBMXNV/p1718181303880799

Typical error message

"[   59s] time="2024-06-11T17:06:13.281952797Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module bridge not found in directory /usr/lib/modules/6.9.3-1-default\nmodprobe: WARNING: Module br_netfilter not found in directory /usr/lib/modules/6.9.3-1-default\n, error: exit status 1"
[   59s] failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: modprobe: FATAL: Module ip_tables not found in directory /usr/lib/modules/6.9.3-1-default
[   59s] iptables v1.8.10 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
[   59s] Perhaps iptables or your kernel needs to be upgraded.
[   59s]  (exit status 3)
[   69s] Docker is dead"
Comment 1 Michael Schröder 2024-06-12 10:58:27 UTC 
Actually you can have a completely different build environment for the docker command, but it's a feature not often used (and it's harder for docker than for kiwi, as kiwi supports a repository setup out of the box).
Comment 2 Klaus Kämpf 2024-06-12 12:07:10 UTC 
(In reply to Michael Schröder from comment #1)
> Actually you can have a completely different build environment for the
> docker command, but it's a feature not often used 

Great ! How would I use this (where is it documented) ?
Comment 3 Michael Schröder 2024-06-12 12:27:53 UTC 
It depends on the base container. The base container comes with a set of repositories. The bci containers use "obsrepositories:/" which tells OBS
to use the repositories from the project (i.e. the ones used to setup the build environment).

So you're somewhat stuck with the repos if you use a bci container as base.
But we could add a means to overwrite the repo configuration in the Dockerfile if you need this functionality.