[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virt-builder metadata for Debian cloud images


(apologies if you get this three times)

On Wednesday 22 July 2015 23:35:02 Steve McIntyre wrote:
> On Wed, Jul 22, 2015 at 11:24:09AM +0200, Pino Toscano wrote:
> >On Wednesday 22 July 2015 00:13:43 Steve McIntyre wrote:
> >> 
> >> The build is done insida a VM hosted on our CD / live image production
> >> machine (pettersson.debian.org) - that's where the openstack images
> >> are made. It's not easy to give out access to that VM, but it's easy
> >> enough to add extra steps to the image production code that runs
> >> there. There's a slight snag, though - the signing process is outside
> >> of the VM so we'd probably have to generate the index file then
> >> post-process it to add the signature.
> >
> >Sounds OK for me -- we can create the snippet of index for each image
> >generated during that process, and later when publishing the image
> >aggregate all the index snippets into a single index file.
> >Could you please point me to the build scripts, so I can start taking
> >a look at them?
> Sure. My wrapper code is in
>   http://anonscm.debian.org/cgit/debian-cd/pettersson-live.git/
> There's not much magic there - look at
> available/run-30openstack-build, which calls
> build-openstack-debian-image for the heavy lifting.

Thanks -- attached there is a first patch to produce a snippet of index
for each OpenStack image generated.

> >Regarding signing: let's start generating the index for the images as
> >first step, so we have the process running, and later get the signing
> >done.

After the above patch, there would need to assemble the resulting index
snippets, but I don't see the scripts doing the actual publishing of
the images. Could you please point at me?

> >> >Also, a different chapter would be having proper non-cloud qcow2
> >> >images available (always with virt-builder metadata, of course).
> >> >This, other than allowing us to avoid maintaining Debian images, would
> >> >mean virt-builder users can get official images of stable released,
> >> >updated periodically.
> >> >Would that be something useful? If so, how/where/etc could this process
> >> >get started?
> >> 
> >> Sure, we can do that too - we have scope for producing all sorts of
> >> images. It's something that there's going to be discussion about at
> >> DebConf next month, in fact!
> >
> >Cool!
> >If it could be helpful, we use d-i based scripts for generate the
> >templates we host on libguestfs.org: you can see at [1] debian.sh and
> >debian.preseed for the actual image building, and compress.sh for the
> >cleaning up and compression. They should be runnable as normal user,
> >so there could be even no need for additional VM for building them.
> >
> >[1] https://github.com/libguestfs/libguestfs/tree/master/builder/website
> Cool, that looks useful. We're using the VM explicitly to allow for
> some root access, so it would be nice to play with alternatives.

Yes, I can understand the concern being that, and this is what
libguestfs can help with: all the image operations are done inside a
small virtual machine (called "appliance") so users can do any sort of
image manipulation with no extra permissions needed, and without any
manual VM handling.

Pino Toscano
>From 1048c8bd6d436393ba5bb87cc4cb26b78e6b0117 Mon Sep 17 00:00:00 2001
From: Pino Toscano <ptoscano@redhat.com>
Date: Thu, 30 Jul 2015 11:59:30 +0200
Subject: [PATCH] OpenStack images: generate snippet of virt-builder index

When generating OpenStack images, generate a snippet of virt-builder
metadata/index for each qcow2 image.

These will need to be assembled and signed later.
 available/run-30openstack-build | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/available/run-30openstack-build b/available/run-30openstack-build
index f02bdda..004ce4b 100755
--- a/available/run-30openstack-build
+++ b/available/run-30openstack-build
@@ -74,6 +74,41 @@ if [ $ERROR -eq 0 ] ; then
 	rename -v "$RENAME" * >> ${LOG}/${BUILDNAME}.log
+    # snippet of index for virt-builder
+    qcow=debian-${VERSION}-openstack-amd64.qcow2
+    checksum=$(sha512sum ${qcow} | awk '{print $1;}')
+    size=$(stat -c '%s' ${qcow})
+    revision=$(date +%Y%m%d)
+    case "${CODENAME}" in
+        testing|unstable) pretty_codename=${CODENAME} ;;
+        *) pretty_codename=$(echo ${CODENAME} | sed 's/./\U&/') ;;
+    esac
+    case "${VERSION}" in
+        testing|unstable)
+            version_major_minor=${VERSION}
+            osinfo=debian8 # XXX latest stable available
+            ;;
+        *)
+            version_major_minor=$(echo ${VERSION} | awk -F. '{print $1"."$2;}')
+            osinfo=debian$(echo ${VERSION} | awk -F. '{print $1;}')
+            ;;
+    esac
+    cat <<EOF > ${qcow}.index
+name=Debian ${VERSION} (${pretty_codename}) Cloud
+notes=Debian ${VERSION} (${pretty_codename}).
+ This is a Debian installation, suited for running as OpenStack guest.
     cd ${WORK}
     mkdir source

Reply to: