Skip to content

Running rootless and containerized builds

Running rootless and containerized builds

Follow these procedures to build AutoSD images without root access on the host or to isolate the build inside a container.

For background on when to use rootless versus rootful containerized builds, see Understanding rootless and containerized builds.

Prerequisites

Before you begin, verify that you have the following:

  • Podman installed and configured for rootless operation. See the Podman installation guide for instructions. Verify rootless support with:

    console $ podman info --format '{{.Host.Security.Rootless}}'

    Running this command should return true.

  • A manifest file (.aib.yml) for the target image. For details, see Creating a custom manifest.

Do a rootless build with --user-container

Use this workflow to build a bootc container image and disk image without root privileges.

  1. Build the bootc container image. Run aib build with the --user-container option:

    console $ aib build --user-container \ --target qemu \ manifest.aib.yml \ my-image

    AIB launches a rootless Podman container and runs the build inside it. The resulting container image is stored in the default per-user container store.

  2. Build the builder image. The builder image provides tools required by the disk image conversion step:

    console $ aib build-builder --user-container

  3. Convert to a disk image. Convert the container image to a bootable disk image:

    console $ aib to-disk-image --user-container \ my-image \ my-image.qcow2

    AIB automatically enables --vm for rootless disk image builds because partition table and filesystem creation require elevated privileges that the virtual machine provides.

  4. Boot the image. Boot the disk image in Automotive Image Runner:

    console $ air --nographics my-image.qcow2

    Log in as root using the password defined in the manifest auth section.

Persist images with --container-storage

By default, rootless builds store container images in the per-user container store. To keep build artifacts separate from the regular per-user store, specify a custom storage directory:

$ aib build --user-container \
    --container-storage /var/tmp/aib-storage \
    --target qemu \
    manifest.aib.yml \
    my-image

Convert the container image to a disk image using the same storage directory:

$ aib to-disk-image --user-container \
    --container-storage /var/tmp/aib-storage \
    my-image \
    my-image.qcow2

You can also set an AIB_CONTAINER_STORAGE environment variable to avoid repeating the path on every command.

Do a combined rootless build

To produce both the container image and disk image in a single command, pass the disk image path as the third positional argument:

$ aib build --user-container \
    --target qemu \
    manifest.aib.yml \
    my-image \
    my-image.qcow2

This combined command handles the container-to-disk conversion and --vm enablement automatically. The builder image must already exist. Run aib build-builder --user-container first if you have not built it yet.

Do a containerized build with --container

Use this workflow to run the build inside a rootful container. The build process uses the AIB container image with full privileges inside the container. Rootful builds support disk image creation without --vm, but using --vm is recommended because it produces more reliable results. Omit --vm only if KVM is not available on the build host.

  1. Build the bootc container image. Run aib build with the --container option:

    console $ aib build --container \ --target qemu \ manifest.aib.yml \ my-image

    Add --container-autoupdate to pull the latest AIB container image before building.

  2. Build the builder image. Create the builder image inside the container:

    console $ aib build-builder --container

  3. Convert to a disk image. Convert the container image to a bootable disk image:

    console $ aib to-disk-image --container \ my-image \ my-image.qcow2

  4. Boot the image. Boot the disk image in Automotive Image Runner:

    console $ air --nographics my-image.qcow2

Key considerations

Keep the following important points in mind when running containerized builds:

  • Builder image is still required. Both rootless and rootful containerized builds require a builder image for disk image conversion. Run aib build-builder with the same container option (--user-container or --container) before converting to a disk image, or use the combined single-command build.
  • Storage cleanup. Custom container storage directories accumulate images over time. Periodically remove unused images to reclaim disk space. Use podman image prune to remove dangling images, or podman --root /var/tmp/aib-storage image prune for a custom storage location. Use podman --root /var/tmp/aib-storage images and podman --root /var/tmp/aib-storage rmi to list and remove specific images in a custom storage location.
  • Container image version. The default AIB container image is quay.io/centos-sig-automotive/automotive-image-builder. Use --container-image to specify a different image, or --container-autoupdate to pull the latest version automatically.