Bug 1226210 - Container builds - separation of build environment and container content packages
Summary: Container builds - separation of build environment and container content pack...
Status: NEW
Alias: None
Product: openSUSE Build Service
Classification: Internal Novell Products
Component: build process (show other bugs)
Version: master
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Michael Schröder
QA Contact: Adrian Schröter
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-06-12 09:07 UTC by Klaus Kämpf
Modified: 2024-06-12 12:27 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Klaus Kämpf 2024-06-12 09:07:00 UTC 
With the Elemental project, we build installable images as containers, esp. including a kernel package.

This repeatedly leads to problems within the build service when setting up the build environment, as it does not properly separate "kernel used for build environment" from "kernel to be install _in_ the container"

Example: https://suse.slack.com/archives/C02BXKBMXNV/p1718181303880799

Typical error message

"[   59s] time="2024-06-11T17:06:13.281952797Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: WARNING: Module bridge not found in directory /usr/lib/modules/6.9.3-1-default\nmodprobe: WARNING: Module br_netfilter not found in directory /usr/lib/modules/6.9.3-1-default\n, error: exit status 1"
[   59s] failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to register "bridge" driver: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: modprobe: FATAL: Module ip_tables not found in directory /usr/lib/modules/6.9.3-1-default
[   59s] iptables v1.8.10 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
[   59s] Perhaps iptables or your kernel needs to be upgraded.
[   59s]  (exit status 3)
[   69s] Docker is dead"
Comment 1 Michael Schröder 2024-06-12 10:58:27 UTC 
Actually you can have a completely different build environment for the docker command, but it's a feature not often used (and it's harder for docker than for kiwi, as kiwi supports a repository setup out of the box).
Comment 2 Klaus Kämpf 2024-06-12 12:07:10 UTC 
(In reply to Michael Schröder from comment #1)
> Actually you can have a completely different build environment for the
> docker command, but it's a feature not often used 

Great ! How would I use this (where is it documented) ?
Comment 3 Michael Schröder 2024-06-12 12:27:53 UTC 
It depends on the base container. The base container comes with a set of repositories. The bci containers use "obsrepositories:/" which tells OBS
to use the repositories from the project (i.e. the ones used to setup the build environment).

So you're somewhat stuck with the repos if you use a bci container as base.
But we could add a means to overwrite the repo configuration in the Dockerfile if you need this functionality.