2011/12/7 seth vidal <skvidal@fedoraproject.org>
I've looked into spawning virt instances to do building and it is pretty doable. The problem with them being offered by volunteers is trust
[...]

You are right. I had not thought at that... how naive of me :(

The volunteers/trustees would sign the builds with their own private keys, for instance with their FAS keys. Then, we could have some "trustworthiness" ratings for all the submitters, like we have today for the packagers (new packager, proven-packager, sponsor). While the submitter is still not trusted, the centralised Koji infrastructure can duplicate the build, and check that it gives the same results. And even when the submitter is trusted, some random duplicate builds can occur. If the submitter taints the builds, it will be flagged as a potential "fraud". A human being would have to have a look at it then.

Or, the VMs could do "scratch" builds (only). When those builds are successful, the VMs then just act as a standard clients to the central Koji servers, and the packages are re-built in that safe infrastructure. Overall, the central Koji infrastructure would be off-loaded from all the scratch builds, as well as from the failed builds. Which is already not so bad, is it?


I've worked on some code to spawn off an instance, submit jobs + packages, build them (a chain-build so you don't have to keep respawning them) then collect all the results back to your local machine. It works - it requires setting up trusted images at those cloud providers but that's not very hard to do and keep current. Right now I'm porting the code to use a different cloud-communication API than I was using before.

That would be very cool. Do you intend to use DeltaCloud (http://deltacloud.apache.org/), or something like that?

 
I have a couple of systems inside the red hat colo that I had planned on reinstalling to f16 and setting up openstack on them to play with the same idea but on a local cloud instance.

For sure, I would like to set up something like that for my own usage.


Is all this inline with the problems you've thought about?

Yes, that is fully in-line, and very interesting!

Denis

PS: why isn't there a virtualisation SIG? As there is already a mailing list, it may be just a question of adding the corresponding Wiki page?