Re: virt-builder metadata for Debian cloud images
On Wed, Jul 22, 2015 at 11:24:09AM +0200, Pino Toscano wrote:
>On Wednesday 22 July 2015 00:13:43 Steve McIntyre wrote:
>> The build is done insida a VM hosted on our CD / live image production
>> machine (pettersson.debian.org) - that's where the openstack images
>> are made. It's not easy to give out access to that VM, but it's easy
>> enough to add extra steps to the image production code that runs
>> there. There's a slight snag, though - the signing process is outside
>> of the VM so we'd probably have to generate the index file then
>> post-process it to add the signature.
>Sounds OK for me -- we can create the snippet of index for each image
>generated during that process, and later when publishing the image
>aggregate all the index snippets into a single index file.
>Could you please point me to the build scripts, so I can start taking
>a look at them?
Sure. My wrapper code is in
There's not much magic there - look at
available/run-30openstack-build, which calls
build-openstack-debian-image for the heavy lifting.
>Regarding signing: let's start generating the index for the images as
>first step, so we have the process running, and later get the signing
>> >Also, a different chapter would be having proper non-cloud qcow2
>> >images available (always with virt-builder metadata, of course).
>> >This, other than allowing us to avoid maintaining Debian images, would
>> >mean virt-builder users can get official images of stable released,
>> >updated periodically.
>> >Would that be something useful? If so, how/where/etc could this process
>> >get started?
>> Sure, we can do that too - we have scope for producing all sorts of
>> images. It's something that there's going to be discussion about at
>> DebConf next month, in fact!
>If it could be helpful, we use d-i based scripts for generate the
>templates we host on libguestfs.org: you can see at  debian.sh and
>debian.preseed for the actual image building, and compress.sh for the
>cleaning up and compression. They should be runnable as normal user,
>so there could be even no need for additional VM for building them.
Cool, that looks useful. We're using the VM explicitly to allow for
some root access, so it would be nice to play with alternatives.
Steve McIntyre, Cambridge, UK. firstname.lastname@example.org
Getting a SCSI chain working is perfectly simple if you remember that there
must be exactly three terminations: one on one end of the cable, one on the
far end, and the goat, terminated over the SCSI chain with a silver-handled
knife whilst burning *black* candles. --- Anthony DeBoer