P2P Packaging/Koji Cloud

Denis Arnaud denis.arnaud_fedora at m4x.org
Wed Dec 7 17:31:27 UTC 2011

2011/12/7 seth vidal <skvidal at fedoraproject.org>

> I've looked into spawning virt instances to do building and it is pretty
> doable. The problem with them being offered by volunteers is trust
> [...]

You are right. I had not thought at that... how naive of me :(

The volunteers/trustees would sign the builds with their own private keys,
for instance with their FAS keys. Then, we could have some
"trustworthiness" ratings for all the submitters, like we have today for
the packagers (new packager, proven-packager, sponsor). While the submitter
is still not trusted, the centralised Koji infrastructure can duplicate the
build, and check that it gives the same results. And even when the
submitter is trusted, some random duplicate builds can occur. If the
submitter taints the builds, it will be flagged as a potential "fraud". A
human being would have to have a look at it then.

Or, the VMs could do "scratch" builds (only). When those builds are
successful, the VMs then just act as a standard clients to the central Koji
servers, and the packages are re-built in that safe
infrastructure. Overall, the central Koji infrastructure would be
off-loaded from all the scratch builds, as well as from the failed builds.
Which is already not so bad, is it?

I've worked on some code to spawn off an instance, submit jobs + packages,
> build them (a chain-build so you don't have to keep respawning them) then
> collect all the results back to your local machine. It works - it requires
> setting up trusted images at those cloud providers but that's not very hard
> to do and keep current. Right now I'm porting the code to use a different
> cloud-communication API than I was using before.

That would be very cool. Do you intend to use DeltaCloud (
http://deltacloud.apache.org/), or something like that?

> I have a couple of systems inside the red hat colo that I had planned on
> reinstalling to f16 and setting up openstack on them to play with the same
> idea but on a local cloud instance.

For sure, I would like to set up something like that for my own usage.

Is all this inline with the problems you've thought about?

Yes, that is fully in-line, and very interesting!


PS: why isn't there a virtualisation SIG? As there is already a mailing
list, it may be just a question of adding the corresponding Wiki page?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/cloud/attachments/20111207/254a9a50/attachment.html>

More information about the cloud mailing list