Re: OpenEmbedded Image Format

[Bruce Ashfield <bruce.ashfield@windriver.com>]

On 2018-09-10 9:01 PM, Stefan Agner wrote:
> On 10.09.2018 17:34, Bruce Ashfield wrote:
>> On 2018-09-10 7:21 PM, Stefan Agner wrote:
>>> Hi,
>>>
>>> Is there a OpenEmbedded image type which allows to build images which
>>> are OCI Image Format compliant? meta-virtualization includes the
>>> oci-image-tools, hence the recipe for tooling is there. There is
>>> currently no -native support for oci-image-tool and its dependencies,
>>> but I guess that shouldn't be too far away. Any thoughts?
>>
>> This is something that we typically do with umoci, not with the
>> raw tools.
>>
>> re-inventing what better tools already do in a bbclass using
>> the raw oci-image-tools is an not an exercise worth doing.
>>
>> Not to mention, nearly every use case I currently have for
>> working with container images, involves registries, and adding
>> something as clunky as a build system to generate the images
>> just doesn't make sense.
>>
>> How were you planning on running/using the OCI bundles ?
> 
> I am not very familiar with OCI and its tools yet, so quite possible I
> am on the wrong track here.
> 
> What we are looking for is a way to build an image using OE, generate a
> container from it and push it to a registry. The last operation is
> probably a separate/manual step, but ideally OE should build the tools
> for it.

Right, this is a function of meta-virtualization. You could use the
raw tools, but as I mentioned ... you would be unwise to try and
duplicate everything that much more complex tools already do.

> 
> A second use case is where we build the container runtime image, but
> also the container image using OE. In this case the container image
> should get installed at OE build time onto the container runtime rootfs.

That's something you need to do in your own layers/image definitions.
There's nothing really special needed for this, just image definitions
and dependencies.

I've done similar things in the past, and almost always walked away from
it (virtualization based images with already installed VM images). Since
the inflexibility of needing to build and re-assemble the image
outweighs the benefits you think you are getting.

It is almost always easier to do it as a post build step. In particular
with all the filesystem back ends, union layers, 3rd party elements,
etc, etc that come into play.

I find that a lot of folks want the build system to do more automation
and steps in this area, when it doesn't make a lot of sense.

But again, it is something you can do in your own layers, everything
to do it is available.

> 
> Since OpenEmbedded is the tooling to build the container runtime image
> as well as the container itself, all those steps preferably should be
> handled in OE as well.

I disagree on that point (to a degree). Assembling final images outside
of the build system from the artifacts is almost always faster and
more flexible. But I digress, this isn't the important part of what you
are looking for.

> 
> It seems to me that umoci is the tool we are looking for. Is this
> available as -native?

It very likely is what you need. A host tool + a very thin bbclass in
your layer to generate the oci bundle.

It could be extended to be a host tool. I just haven't had the use case
for it yet (I use it on target).

Cheers,

Bruce

> 
> --
> Stefan
> 
>>
>> I've been doing similar things for quite some time in meta-cube
>> i.e. http://layers.openembedded.org/layerindex/recipe/87474/
>>
>> But that all happens outside of the build system.
>>
>> I could move more of the tools over to meta-virt, if there's
>> interest.
>>
>> Cheers,
>>
>> Bruce
>>
>>>
>>> --
>>> Stefan
>>>