Re: virt-builder metadata for Debian cloud images
Hi,
(apologies if you get this three times)
On Wednesday 22 July 2015 23:35:02 Steve McIntyre wrote:
> On Wed, Jul 22, 2015 at 11:24:09AM +0200, Pino Toscano wrote:
> >On Wednesday 22 July 2015 00:13:43 Steve McIntyre wrote:
> >>
> >> The build is done insida a VM hosted on our CD / live image production
> >> machine (pettersson.debian.org) - that's where the openstack images
> >> are made. It's not easy to give out access to that VM, but it's easy
> >> enough to add extra steps to the image production code that runs
> >> there. There's a slight snag, though - the signing process is outside
> >> of the VM so we'd probably have to generate the index file then
> >> post-process it to add the signature.
> >
> >Sounds OK for me -- we can create the snippet of index for each image
> >generated during that process, and later when publishing the image
> >aggregate all the index snippets into a single index file.
> >Could you please point me to the build scripts, so I can start taking
> >a look at them?
>
> Sure. My wrapper code is in
>
> http://anonscm.debian.org/cgit/debian-cd/pettersson-live.git/
>
> There's not much magic there - look at
> available/run-30openstack-build, which calls
> build-openstack-debian-image for the heavy lifting.
Thanks -- attached there is a first patch to produce a snippet of index
for each OpenStack image generated.
> >Regarding signing: let's start generating the index for the images as
> >first step, so we have the process running, and later get the signing
> >done.
After the above patch, there would need to assemble the resulting index
snippets, but I don't see the scripts doing the actual publishing of
the images. Could you please point at me?
> >> >Also, a different chapter would be having proper non-cloud qcow2
> >> >images available (always with virt-builder metadata, of course).
> >> >This, other than allowing us to avoid maintaining Debian images, would
> >> >mean virt-builder users can get official images of stable released,
> >> >updated periodically.
> >> >Would that be something useful? If so, how/where/etc could this process
> >> >get started?
> >>
> >> Sure, we can do that too - we have scope for producing all sorts of
> >> images. It's something that there's going to be discussion about at
> >> DebConf next month, in fact!
> >
> >Cool!
> >If it could be helpful, we use d-i based scripts for generate the
> >templates we host on libguestfs.org: you can see at [1] debian.sh and
> >debian.preseed for the actual image building, and compress.sh for the
> >cleaning up and compression. They should be runnable as normal user,
> >so there could be even no need for additional VM for building them.
> >
> >[1] https://github.com/libguestfs/libguestfs/tree/master/builder/website
>
> Cool, that looks useful. We're using the VM explicitly to allow for
> some root access, so it would be nice to play with alternatives.
Yes, I can understand the concern being that, and this is what
libguestfs can help with: all the image operations are done inside a
small virtual machine (called "appliance") so users can do any sort of
image manipulation with no extra permissions needed, and without any
manual VM handling.
Thanks,
--
Pino Toscano
>From 1048c8bd6d436393ba5bb87cc4cb26b78e6b0117 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Thu, 30 Jul 2015 11:59:30 +0200
Subject: [PATCH] OpenStack images: generate snippet of virt-builder index
When generating OpenStack images, generate a snippet of virt-builder
metadata/index for each qcow2 image.
These will need to be assembled and signed later.
---
available/run-30openstack-build | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/available/run-30openstack-build b/available/run-30openstack-build
index f02bdda..004ce4b 100755
--- a/available/run-30openstack-build
+++ b/available/run-30openstack-build
@@ -74,6 +74,41 @@ if [ $ERROR -eq 0 ] ; then
rename -v "$RENAME" * >> ${LOG}/${BUILDNAME}.log
fi
+ # snippet of index for virt-builder
+ qcow=debian-${VERSION}-openstack-amd64.qcow2
+ checksum=$(sha512sum ${qcow} | awk '{print $1;}')
+ size=$(stat -c '%s' ${qcow})
+ revision=$(date +%Y%m%d)
+ case "${CODENAME}" in
+ testing|unstable) pretty_codename=${CODENAME} ;;
+ *) pretty_codename=$(echo ${CODENAME} | sed 's/./\U&/') ;;
+ esac
+ case "${VERSION}" in
+ testing|unstable)
+ version_major_minor=${VERSION}
+ osinfo=debian8 # XXX latest stable available
+ ;;
+ *)
+ version_major_minor=$(echo ${VERSION} | awk -F. '{print $1"."$2;}')
+ osinfo=debian$(echo ${VERSION} | awk -F. '{print $1;}')
+ ;;
+ esac
+ cat <<EOF > ${qcow}.index
+[debian-${version_major_minor}-cloud]
+name=Debian ${VERSION} (${pretty_codename}) Cloud
+osinfo=${osinfo}
+arch=x86_64
+file=${qcow}
+checksum[sha512]=${checksum}
+format=qcow2
+size=${size}
+revision=${revision}
+notes=Debian ${VERSION} (${pretty_codename}).
+
+ This is a Debian installation, suited for running as OpenStack guest.
+
+EOF
+
cd ${WORK}
mkdir source
--
2.1.0
Reply to: