Hello!
I did some research about YaST and containers and here is my summary what I
found.
But at first lets start with two IMPORTANT DISCLAIMERS:
1. This is still just a research or proof of concept project, we might or might
not
use this approach in the future, i.e. no promises for anything!
2. If you want to test this approach then it is highly recommended to use a
testing
virtual machine, do NOT use it in production systems, it is still an experiment!
Why?
====
OK, let's start with the reasons why to have YaST in a container.
As you probably know YaST has quite a big dependency tree and that makes it
difficult
to use it a really minimal system. It needs Ruby, Perl, libyui, lots of other
libraries and tools. And all of that might mess up your fine tuned minimal
system.
On the other hand a container has all dependencies hidden inside, from the
outside
it actually looks like one big binary blob. Additionally it can be very easily
removed from the system if it is not needed anymore.
Another reason might be using different versions of libraries or languages than
shipped in the product. In theory we could use Ruby 3.1 in the container
although
SLES would be still shipped with the old Ruby 2.5 for compatibility reasons.
Another interesting feature could be cross distribution ability. For example you
could run the powerful YaST partitioner in a container on an Ubuntu or Debian
system.
Nice, isn't it? :-o
Today I found one more interesting use case: disaster recovery. First I removed
zypper + libzypp from the system and I was able to install it back using YaST
package manager in a container. Then I even removed rpm (!) itself and I was
still
able to install it back to the system via the YaST container!
Of course, this requires that you have already installed docker or podman and
they
work properly. ;-)
YaST Changes
============
Of course, running in a container needs some small changes in YaST.
Unfortunately
you cannot take the existing modules and expect everything will just work.
So far I have adapted these YaST clients:
"repositories" - the repository manager (the GPG key manager which can be
started
from it works as well)
"sw_single" - the package manager
"scc - registration module, designed for SLES but you can actually also register
openSUSE Leap (so you can later migrate it to SLES automatically)
Prototype
=========
I built a small package "yast-in-container" [1][2]. It is just a small shell
script
which does not depend on YaST at all. It only requires podman or docker to be
installed (and running, in case of docker). See the README.md file [2] for details
how to install it.
It provides two commands, "yast2_container" and "yast_container" which work the
same
way as the original "yast2" and "yast" commands. You need to be logged in as
"root" user to use them.
The script downloads the container image [3][4] from OBS and runs the specified
client (see above) from the container.
The prototype works in Leap 15.4 or SLES15-SP4. It should work in older versions
(15.3 or SP3), but that's untested and makes it even more "dangerous" to use
as the container is based on openSUSE Leap 15.4.
Feedback
========
It would be nice to get some feedback about this idea or about using the
prototype.
For more details see the README.md file [3].
Enjoy!
Ladislav
[1] https://github.com/yast/yast-in-container
[2] https://build.opensuse.org/package/show/YaST:Head/yast-in-container
[3]
https://build.opensuse.org/package/show/YaST:Head/yast-mgmt-ncurses-leap_latest
[4] https://build.opensuse.org/package/show/YaST:Head/yast-mgmt-qt-leap_latest
--
Ladislav Slezák
YaST Developer
SUSE LINUX, s.r.o.
Corso IIa
Křižíkova 148/34
18600 Praha 8
