Questions about OSBS

Adam Miller maxamillion at fedoraproject.org
Thu Jul 2 14:46:37 UTC 2015 

Hello all,
    I've been doing some digging into OpenShift V3[0], OSBS[1], and
the Containerbuild plugin for koji[2] for the sake of the proposed
Layered Image Build Service Change[3] and I was left with a few
questions that I was hoping some subject matter experts on the various
topics could fill in for me.

- How is security between OSBS and Koji handled for the Koji plugin?
  - These systems are disjoint and have to communicate somehow.

- Are there any docs on how to deploy OSBS on top of a pre-existing
OpenShift V3 Environment? (The current OSBS deploy docs and ansible
are only single-node)

- Is there any sort of OSBS Administration guide?
  - Once this is setup, how do we admin it? Users that need to be
created, maintenance, database trimming, etc.
  - Method to keep atomic-reactor buildroot image updated?
  - How to know/detect/determine that the atomic-reactor buildroot
image needs updating?

- Is there a timeline for OSBS update to OpenShift V3 1.0.0? (current
upstream OSBS OpenShift version at the time of the writing is quite
old - v0.5.2)

- How would someone go about configuration for internal vs external
docker registry to be used with OSBS?

- The ContainerBuild Koji plugin is hardcoding koji_hub_path
  - Is there a reason/motivation behind this?
  - Can this be a configuration parameter?

- How does OSBS and the Koji plugin negotiate authentication/authorization?
  - What users within OSBS/OpenShift map to Koji users? (Do they at all?)
  - Where does the responsibility for user mapping exists? (just defer to koji?)
  - How to determine what users are allowed to build and/or build for
what koji tags?

- Is is possible to use OSBS against the new Atomic Enterprise[4]
instead of OpenShift V3?
  - Main motivation/curiosity is that for the build system we don't
really need a giant portion of what OpenShift offers and the
maintenance, administrative overhead and security aspects are of
concern. (This is mostly an idle curiosity, I'm not advocating for one
over the other but I wanted to bring it up).

Thank you,
-AdamM

[0] - https://github.com/openshift/origin
[1] - https://github.com/DBuildService/osbs-client
[2] - https://github.com/release-engineering/koji-containerbuild
[3] - https://fedoraproject.org/wiki/Changes/Layered_Docker_Image_Build_Service
[4] - https://github.com/projectatomic/atomic-enterprise

More information about the rel-eng mailing list