"YaST in a container" or "YaST without YaST"
Hello! I did some research about YaST and containers and here is my summary what I found. But at first lets start with two IMPORTANT DISCLAIMERS: 1. This is still just a research or proof of concept project, we might or might not use this approach in the future, i.e. no promises for anything! 2. If you want to test this approach then it is highly recommended to use a testing virtual machine, do NOT use it in production systems, it is still an experiment! Why? ==== OK, let's start with the reasons why to have YaST in a container. As you probably know YaST has quite a big dependency tree and that makes it difficult to use it a really minimal system. It needs Ruby, Perl, libyui, lots of other libraries and tools. And all of that might mess up your fine tuned minimal system. On the other hand a container has all dependencies hidden inside, from the outside it actually looks like one big binary blob. Additionally it can be very easily removed from the system if it is not needed anymore. Another reason might be using different versions of libraries or languages than shipped in the product. In theory we could use Ruby 3.1 in the container although SLES would be still shipped with the old Ruby 2.5 for compatibility reasons. Another interesting feature could be cross distribution ability. For example you could run the powerful YaST partitioner in a container on an Ubuntu or Debian system. Nice, isn't it? :-o Today I found one more interesting use case: disaster recovery. First I removed zypper + libzypp from the system and I was able to install it back using YaST package manager in a container. Then I even removed rpm (!) itself and I was still able to install it back to the system via the YaST container! Of course, this requires that you have already installed docker or podman and they work properly. ;-) YaST Changes ============ Of course, running in a container needs some small changes in YaST. Unfortunately you cannot take the existing modules and expect everything will just work. So far I have adapted these YaST clients: "repositories" - the repository manager (the GPG key manager which can be started from it works as well) "sw_single" - the package manager "scc - registration module, designed for SLES but you can actually also register openSUSE Leap (so you can later migrate it to SLES automatically) Prototype ========= I built a small package "yast-in-container" [1][2]. It is just a small shell script which does not depend on YaST at all. It only requires podman or docker to be installed (and running, in case of docker). See the README.md file [2] for details how to install it. It provides two commands, "yast2_container" and "yast_container" which work the same way as the original "yast2" and "yast" commands. You need to be logged in as "root" user to use them. The script downloads the container image [3][4] from OBS and runs the specified client (see above) from the container. The prototype works in Leap 15.4 or SLES15-SP4. It should work in older versions (15.3 or SP3), but that's untested and makes it even more "dangerous" to use as the container is based on openSUSE Leap 15.4. Feedback ======== It would be nice to get some feedback about this idea or about using the prototype. For more details see the README.md file [3]. Enjoy! Ladislav [1] https://github.com/yast/yast-in-container [2] https://build.opensuse.org/package/show/YaST:Head/yast-in-container [3] https://build.opensuse.org/package/show/YaST:Head/yast-mgmt-ncurses-leap_lat... [4] https://build.opensuse.org/package/show/YaST:Head/yast-mgmt-qt-leap_latest -- Ladislav Slezák YaST Developer SUSE LINUX, s.r.o. Corso IIa Křižíkova 148/34 18600 Praha 8
participants (1)
-
Ladislav Slezák