ubi example

[th-hummel]

Example of building an image starting from an RHEL UBI container then using host RHEL subscription to use same repos instead of UBI repos

[middelkoopt]

Could this be written in a Container? What does buildah do that you can't do in a container?

[th-hummel]

Could this be written in a Container? What does buildah do that you can't do in a container?

Initially I was mounting container rootfs with buildah. I find buildah convenient to use from into a script.
I'm not sure but I also think via a ContainerFile (podman build) when commiting container to an OCI image it resulted in intermediate OCI layers.

[middelkoopt]

You can remove intermediate layers by doing two-stage build. Podman build is same tools/workflow as the rest of the containers. On first glance I don't see anything that would cause problems, you can also include some of the tool in the container.

[th-hummel]

You can remove intermediate layers by doing two-stage build. Podman build is same tools/workflow as the rest of the containers. On first glance I don't see anything that would cause problems, you can also include some of the tool in the container.

My intent was not to push buildah over podman but illustrating what I do to solve the following problem:

1. by nature I want to provision a chroot (install rpm inside it)
2. from RHEL official repos (on a RH Satellite Server in my case) (BaseOS, AppStream, ...)
3. [this is the key in my reasoning] with a fully supported RH method, so assuming
   a) registering from inside the chroot (which is possible with some tweaks - this is what I do)
   b) even bind mounting host subscriptions info
   would not be fully supported (in the open a ticket on customer portal sense : helped me with the register inside a chroot but in a best effort mode with warnings it's not supported - I suspect the bind mount falls under the same category)

So I had no choice for that matter to start with an UBI container (ran with say podman or handled with buildah it does not really matter) and somehow switch to my Satellite repos (BaseOS, AppStream) away from ubi.repo

Maybe it's not helpful I don't know. Working around those questions is not always trivial

[middelkoopt]

Thanks contributing, just was giving some suggestions. I'll look closer at this PR soon.

[th-hummel]

Thanks contributing, just was giving some suggestions. I'll look closer at this PR soon.

Feel free to reject it. I'm wrapping my head about this for a long time.
Actually we also provision with ansible (ansible_connection=chroot) which still requires the chroot to be registered...
I also try to go full container and provision a running container as it was a VM (basically a systemd ubi - they provide images) but this is cumbersome and does not really work. So chroot is still the way to go in my opinion.