Proposal: No Cloud Disposable Clients
Tim Flink
tflink at redhat.com
Fri Dec 5 01:56:08 UTC 2014
On Thu, 4 Dec 2014 19:29:08 -0500
Matthew Miller <mattdm at fedoraproject.org> wrote:
> On Thu, Dec 04, 2014 at 05:00:31PM -0700, Tim Flink wrote:
> > What if we turned that on it's head a bit and put VM spawning into
> > the task itself - spawn a vm local to the buildslave that is then
> > responsible for the actual work in the task instead of doing all the
> > work inside the buildslave process? This would allow for image and
> > vm requirements to be described in the task without weird multiple
> > parsings and could avoid most if not all of the problems/complexity
> > that we've started seeing in getting buildbot to work with latent
> > buildslaves.
>
> This seems both sane and useful to me, but we _will_ want to run at
> least some tests in the actual cloud environments. Should that stuff
> go _back_ to fedimg?
As I understand it, most of the stuff that the cloud folks want to test
can be done on the cloud image in any virt environment.
There are a couple of things I can think of that would require the full
cloud system (does the image boot and have ssh connectivity in Open
Stack, AWS etc.) but I think that stuff is somewhat orthogonal to how
the client is booted.
With either method, the task would have to connect to a cloud system
using a set of credentials, create an instance with the specified image
and connect to that image after it boots. Either way, we're still faced
with the problem of securely distributing credentials and spawning
instances in the task.
It's probably worth asking the question of whether some tests should be
in fedimg. If I'm right and the only credential-requiring tests are
whether or not the image boots in <service> and we can ssh into it, it
might make more sense to put that into fedimg and not deal with the
credential issue in Taskotron.
> (Also random other note: if you're using cloud-init to expand image
> root, ssh keys can be part of that too, right?)
I'm not sure if we'd be using cloud-init for all tasks but I think it
would be involved in many client setups. AFAIK, cloud-init can handle
ssh key insertion but we'd still have a potential security issue,
depending on what keys we stuck in the image on boot.
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/qa-devel/attachments/20141204/071bf638/attachment.sig>
More information about the qa-devel
mailing list