2011/12/7 seth vidal <skvidal＠fedoraproject.org
I've looked into spawning virt instances to do building and it is
doable. The problem with them being offered by volunteers is trust
You are right. I had not thought at that... how naive of me :(
The volunteers/trustees would sign the builds with their own private keys,
for instance with their FAS keys. Then, we could have some
"trustworthiness" ratings for all the submitters, like we have today for
the packagers (new packager, proven-packager, sponsor). While the submitter
is still not trusted, the centralised Koji infrastructure can duplicate the
build, and check that it gives the same results. And even when the
submitter is trusted, some random duplicate builds can occur. If the
submitter taints the builds, it will be flagged as a potential "fraud". A
human being would have to have a look at it then.
Or, the VMs could do "scratch" builds (only). When those builds are
successful, the VMs then just act as a standard clients to the central Koji
servers, and the packages are re-built in that safe
infrastructure. Overall, the central Koji infrastructure would be
off-loaded from all the scratch builds, as well as from the failed builds.
Which is already not so bad, is it?
I've worked on some code to spawn off an instance, submit jobs + packages,
build them (a chain-build so you don't have to keep respawning
collect all the results back to your local machine. It works - it requires
setting up trusted images at those cloud providers but that's not very hard
to do and keep current. Right now I'm porting the code to use a different
cloud-communication API than I was using before.
That would be very cool. Do you intend to use DeltaCloud (
), or something like that?
I have a couple of systems inside the red hat colo that I had planned
reinstalling to f16 and setting up openstack on them to play with the same
idea but on a local cloud instance.
For sure, I would like to set up something like that for my own usage.
Is all this inline with the problems you've thought about?
Yes, that is fully in-line, and very interesting!
PS: why isn't there a virtualisation SIG? As there is already a mailing
list, it may be just a question of adding the corresponding Wiki page?