Hi, On Thursday 30 July 2015 13:37:15 Pino Toscano wrote: > On Wednesday 22 July 2015 23:35:02 Steve McIntyre wrote: > > On Wed, Jul 22, 2015 at 11:24:09AM +0200, Pino Toscano wrote: > > >On Wednesday 22 July 2015 00:13:43 Steve McIntyre wrote: > > >> > > >> The build is done insida a VM hosted on our CD / live image production > > >> machine (pettersson.debian.org) - that's where the openstack images > > >> are made. It's not easy to give out access to that VM, but it's easy > > >> enough to add extra steps to the image production code that runs > > >> there. There's a slight snag, though - the signing process is outside > > >> of the VM so we'd probably have to generate the index file then > > >> post-process it to add the signature. > > > > > >Sounds OK for me -- we can create the snippet of index for each image > > >generated during that process, and later when publishing the image > > >aggregate all the index snippets into a single index file. > > >Could you please point me to the build scripts, so I can start taking > > >a look at them? > > > > Sure. My wrapper code is in > > > > http://anonscm.debian.org/cgit/debian-cd/pettersson-live.git/ > > > > There's not much magic there - look at > > available/run-30openstack-build, which calls > > build-openstack-debian-image for the heavy lifting. > > Thanks -- attached there is a first patch to produce a snippet of index > for each OpenStack image generated. > > > >Regarding signing: let's start generating the index for the images as > > >first step, so we have the process running, and later get the signing > > >done. > > After the above patch, there would need to assemble the resulting index > snippets, but I don't see the scripts doing the actual publishing of > the images. Could you please point at me? > > > >> >Also, a different chapter would be having proper non-cloud qcow2 > > >> >images available (always with virt-builder metadata, of course). > > >> >This, other than allowing us to avoid maintaining Debian images, would > > >> >mean virt-builder users can get official images of stable released, > > >> >updated periodically. > > >> >Would that be something useful? If so, how/where/etc could this process > > >> >get started? > > >> > > >> Sure, we can do that too - we have scope for producing all sorts of > > >> images. It's something that there's going to be discussion about at > > >> DebConf next month, in fact! > > > > > >Cool! > > >If it could be helpful, we use d-i based scripts for generate the > > >templates we host on libguestfs.org: you can see at  debian.sh and > > >debian.preseed for the actual image building, and compress.sh for the > > >cleaning up and compression. They should be runnable as normal user, > > >so there could be even no need for additional VM for building them. > > > > > > https://github.com/libguestfs/libguestfs/tree/master/builder/website > > > > Cool, that looks useful. We're using the VM explicitly to allow for > > some root access, so it would be nice to play with alternatives. > > Yes, I can understand the concern being that, and this is what > libguestfs can help with: all the image operations are done inside a > small virtual machine (called "appliance") so users can do any sort of > image manipulation with no extra permissions needed, and without any > manual VM handling. Friendly ping... anything I can do to move this process forward? Thanks, -- Pino Toscano
Description: This is a digitally signed message part.