cbs centos org community build service
play

cbs.centos.org Community Build Service FROM SOURCES TO RPMS On - PowerPoint PPT Presentation

Apr 10, 2024 •18 likes •258 views

cbs.centos.org Community Build Service FROM SOURCES TO RPMS On behalf of CentOS infra team and all contributors. Presented by Thomas alphacc Oulevey / @thomasnomas and Brian Stinson / @bstinsonmhk CERN IT Department CH-1211 Genve 23

  1. cbs.centos.org Community Build Service FROM SOURCES TO RPMS On behalf of CentOS infra team and all contributors. Presented by Thomas ‘alphacc’ Oulevey / @thomasnomas and Brian Stinson / @bstinsonmhk CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t

  2. Who am I ? • I am ‘alphacc’ on freenode • Worked for ESO, ISO, CERN • Service Manager at CERN (www.cern.ch) since 2011 Past: Openstack storage evaluation (gluster, ceph, netapp), Scientific Linux CERN. Current: IT Koji service, More SLC, CERN CentOS 7 migration, puppetization... (As people asked : https://jobs.web.cern.ch/)

  3. A GENDA ● Introduction, ● Koji, ● Repositories & mash, ● Signing, ● Centpkg. CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t

  4. Introduction Started in July 2014. 2 main use cases: • Build Special Interest Group(SIG) RPMs: Short term : Build from src.rpm Long term : Build from git.centos.org • Distribute RPMs: Short term : yum repos for dev/testers consumption Long term : automatic workflow for SIGs RPMs distribution.

  5. An agile user

  6. The big picture git : https://git.centos.org (giblit http://gitblit.com/) koji : https://fedorahosted.org/koji/ (fedora/epel) mash : https://git.fedorahosted.org/cgit/mash/

  7. Koji Components : • kojihub: XML-RPC server running under mod_wsgi Broker that abstract postgresql and filesystem. • kojid: polls build requests and handles them in a fresh buildroot thanks to mock. • kojira: keeps your repos updated. • clients: cli & kojiweb for user/admin tasks. All components/client communicate with certs (our "self-signed" CA).

  8. kojiweb

  9. kojiweb

  10. koji cli $ koji add-pkg <tag> <NAME> $ koji build <target> <NAME-RELEASE-VERSION>.src.rpm OR $ koji build <target> “git+https://url.git?#COMMIT” $ koji tag-build <tag> “mybuild”

  11. koji 101 tag: cloud7-testing, cloud7-release. external repos: centos7-os, centos7-updates build tag: cloud7-el7-build target: cloud7-el7 ; a buildroot and a destination tag. package : An RPM name e.g: gcc build : A build in Koji e.g: gcc-4.4-1.el6 to tag/untag : associate or not a package to a specific tag and therefore ultimately to a mash repository.

  12. Step 1 : Naming build tags : <SIG><MAJOR>-<TAG>[- <COLLECTION>,]-build e.g: cloud6-el6-build, scl6-el6-mariadb100-build targets : <SIG><MAJOR>-<TAG>[- <COLLECTION>,] e.g: cloud6-el6 destination tags: <SIG><MAJOR>-{testing,release} <SIG><MAJOR>-<PROJECT>-{testing,release} e.g: cloud6-release, cloud7-rdo-release

  13. Example $ koji add-pkg cloud7-testing openstack-glance $ koji add-pkg cloud7-release openstack-glance $ koji build cloud7-el7 “git+https://git.centos.org/rpms?#COMMIT” $ koji tag-build cloud7-release openstack-glance-2014.2.1-3.el7 (build target) cloud7-el7 (external-repo) (destination tag) centos-os cloud7-testing centos-updates (group) build (build tag) cloud7-el7-build (group) srpm-build

  14. Example

  15. Step 1 : Administration https://git.centos.org/summary/?r=sig-core/cbs-tools.git $ ./create_sig.sh usage: ./create_sig.sh -d <distribution> -s <signame(s)> -t <tag(s)> This script generate new build target in koji for SIGS. OPTIONS: -d Distribution : 5 6 7 -s SIG name : cloud, storage -t DISTTAGS : "el7 el7.centos el7_0" -c COLLECTION : mariadb100 (a single collection can be used at this time)

  16. Step 2 : Integration with git. Workflow: 1. user commit to git.centos.org 2. user submit a git url to build system 3. koji builder receive a new job 4. koji builder execute “git clone” 5. run a specific command (get_sources detects the branch and execute get_sources.sh with correct arguments.) to grab binary files from lookaside and generate the src.rpm. 6. build src.rpm available: in buildsys-tools package in koji and https://git.centos.org/summary/?r=centos-git-common.git

  17. Step 3 : Mash workflow 1. Build RPM with Koji 2. 10 minutes later it appears in -testing repository 3. User can tag it -release repository 4. -release repository signed and ready for consumption. $ cat /etc/mash/cloud6-release.mash [cloud6-release] rpm_path = /mnt/kojishare/repos/cloud6-release/%(arch)s/os/Packages repodata_path = /mnt/kojishare/repos/cloud6-release/%(arch)s/os/ source_path = source/SRPMS debuginfo = True multilib = True multilib_method = devel tag = cloud6-release inherit = False strict_keys = False repoviewurl = http://cbs.centos.org/repos/cloud6-release/%(arch)s/os/ repoviewtitle = "CLOUD6-RELEASE" arches = i386 x86_64 delta = True

  18. Over next months • User training • Support for software collection • Patch koji to support different dist-git layout (fedora + centos). All patches upstream now. • lookaside cache • imagefactory support • Added new builders (with puppet) • centpkg (A bit more on that later...) • Investigate signing

  19. Sigul 1/2 • Another Fedora project • Sigul keeps the private keys used for signing on its server. They are not accessible by the clients. • All requests by Sigul Clients to Sigul Server are sent over the Sigul Bridge which relays them. This allows signing RPMs from various machines, without having access to actual keys being used. • You never communicate directly with the Server which should be isolated from the rest of the world and only allow connections from/to the Bridge.

  20. Sigul 2 / 2 $ sigul sign-rpm -o signed.rpm my-gpg-key-name myrpm.rpm $ sigul sign-rpm --koji-only --store-in-koji --v3-signature my-gpg-key-name myrpm.rpm OR $ sigul sign-rpm -o signed.rpm --v3-signature my-gpg-key-name myrpm.rpm $ koji import-sig ./signed.rpm $ koji write-signed-rpm --all GPG-KEY-ID

  21. Centpkg A tool to manage the package building process: • handles dist-git operations, • local package building, • abstract koji operations. $ centpkg clone --branch c7 mypkg $ cd mypkg $ centpkg sources $ centpkg srpm

  22. Limitations • Single namespace ….but no collision on package name • Policy in a file / service reload needed. • Kernel modules no easy way to recompile against a specific kernel or having triggers to launch a new build.

  23. Few things I learnt easy-rsa : https://github.com/OpenVPN/easy-rsa If you want to roll your own CA, you need to know it exists :) It is part of openvpn project. git-crypt : https://www.agwa.name/projects/git-crypt/ enables transparent encryption and decryption of files in a git repository

  24. Questions QUESTIONS ? https://git.centos.org/summary/?r=sig-core/cbs-tools.git Thank you !

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The CentOS Ecosystem Karanbir Singh The Red Hat relationship Everything is a SIG Abstract the

The CentOS Ecosystem Karanbir Singh The Red Hat relationship Everything is a SIG Abstract the

The CentOS Ecosystem Karanbir Singh The Red Hat relationship Everything is a SIG Abstract the CentOS Project away from the CentOS Linux distro :: So we can do more and we can be wider inclusive. The Goals Be a great environment for people to

1.09k views • 20 slides
Next Linux version at CERN Presented by Thomas Oulevey on the behalf of Linux Support Team

Next Linux version at CERN Presented by Thomas Oulevey on the behalf of Linux Support Team

Next Linux version at CERN Presented by Thomas Oulevey on the behalf of Linux Support Team 10/09/2014 CERN IT Department CH-1211 Genve 23 Switzerland www.cern.ch/i t A GENDA Introduction : CentOS 7, CERN CentOS 7, Community,

253 views • 7 slides
Streamline Administrative Processes and Build Stronger Student Relationships Music and Community

Streamline Administrative Processes and Build Stronger Student Relationships Music and Community

Streamline Administrative Processes and Build Stronger Student Relationships Music and Community Arts Schools Heather Monagle, August 18, 2009 Advancing Efficiency. Service. Participation. ActiveNet is the market-preferred hosted technology

548 views • 29 slides
Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit

Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit

Image BUILD aS - a - SeRVIce Why it makes sense to build your own cloud images OpenStack Summit Boston 2017 aBoUt US kURt gaRLoff Studied physics Built up SUSE Labs, where he was leading the development open teLekom cLoUD aRchItekt of

544 views • 29 slides
a community built on service a community built on service The Foundation was created to act as a

a community built on service a community built on service The Foundation was created to act as a

a community built on service a community built on service The Foundation was created to act as a safety net for the food, beverage and hospitality industry members in British Columbia including those employed with: Restaurants Hotels,

183 views • 15 slides
Our mission is to build a healthy, caring and thriving community vibrant community gathering

Our mission is to build a healthy, caring and thriving community vibrant community gathering

Gibsons Community Building Society is a volunteer-led not-for-profit society established to build and operate Gibsons Public Market and the Nicholas Sonntag Marine Education Centre. Our mission is to build a healthy, caring and thriving

243 views • 23 slides
Building Community Mission Spokane County Regional Animal Protection Service (SCRAPS) works

Building Community Mission Spokane County Regional Animal Protection Service (SCRAPS) works

Saving Pets Helping People Building Community Mission Spokane County Regional Animal Protection Service (SCRAPS) works to build a more humane community, protect public safety and ensure animal welfare through compassionate, responsive,

137 views • 13 slides
State of Design-Build in the San Diego Community College District Presented to Design-Build

State of Design-Build in the San Diego Community College District Presented to Design-Build

SAN DIEGO COMMUNITY COLLEGE DISTRICT State of Design-Build in the San Diego Community College District Presented to Design-Build Institute of America - Western Pacific Region Thursday, December 1, 2011 SDCCD Propositions S and N Overview

596 views • 13 slides
T H O R N Y H I L L professional service with project work covering a diverse range of

T H O R N Y H I L L professional service with project work covering a diverse range of

Thorny Hill Community Proposal - a feasibility study exploring the possibility of an exciting new pilot scheme for custom design self-build houses in Dunning which will include a community led initiative. Fergus Purdie Architects (FPA) is a

259 views • 7 slides
Progress on Our Pathway to Excellence Toward a Full Service Community District Where Every Student

Progress on Our Pathway to Excellence Toward a Full Service Community District Where Every Student

Progress on Our Pathway to Excellence Toward a Full Service Community District Where Every Student Thrives! Presented by Supt. Antwan Wilson Oakland Achieves September 22, 2015 Our Mission &amp; Vision Mission: OUSD will build a full

726 views • 13 slides
SUMMER DESIGN-BUILD WORKSHOP SUMMER DESIGN-BUILD WORKSHOP 2014 Community Design Charrette 01.

SUMMER DESIGN-BUILD WORKSHOP SUMMER DESIGN-BUILD WORKSHOP 2014 Community Design Charrette 01.

SUMMER DESIGN-BUILD WORKSHOP SUMMER DESIGN-BUILD WORKSHOP 2014 Community Design Charrette 01. ACE / CPS Design Build Portfolio 02. Project Site - Catalpa Park and Playground 03. Research - playground activities, precedent parks &amp; related

918 views • 35 slides
Title Page Empowering a caring community that promises the well-being of every child. help the

Title Page Empowering a caring community that promises the well-being of every child. help the

Title Page Empowering a caring community that promises the well-being of every child. help the grantmaking community build your 3 service Focus skills Areas learn about leadership the community Grantmaking They Submit They

542 views • 13 slides
Atomic Developer Bundle Containerized Development Made Easy CentOS Dojo Brussels - January 2016

Atomic Developer Bundle Containerized Development Made Easy CentOS Dojo Brussels - January 2016

Atomic Developer Bundle Containerized Development Made Easy CentOS Dojo Brussels - January 2016 Brian bex Exelbierd (@bexelbie) Navid Shaikh (@swordphilic) Problem Statement Linux Container Development Group wants uniform

250 views • 14 slides
World Community Service 2019-2020 World Community Service 2019-2020 Sandy Dougall Myrna

World Community Service 2019-2020 World Community Service 2019-2020 Sandy Dougall Myrna

World Community Service 2019-2020 World Community Service 2019-2020 Sandy Dougall Myrna Dube-Thompson Dan Dunlop Imma Dike-Shittu Tony Fisher Larry Kennedy * Christine Kyte Janet Matthews Brenda McKinley Jamie Moorhouse Rick Scott

166 views • 14 slides
From source to the package Using the opensuse commander (osc) Marco Strigl Build Service

From source to the package Using the opensuse commander (osc) Marco Strigl Build Service

From source to the package Using the opensuse commander (osc) Marco Strigl Build Service Engineer SUSE / marco.strigl@suse.com About me Build Service engineer at SUSE osc maintainer since last year osc contributor since 12/2016 2 Overview

613 views • 43 slides
Open Build Service Cross-Distribution Packaging Sascha Peilicke &lt;saschpe@suse.de&gt; August

Open Build Service Cross-Distribution Packaging Sascha Peilicke &lt;saschpe@suse.de&gt; August

Open Build Service Cross-Distribution Packaging Sascha Peilicke &lt;saschpe@suse.de&gt; August 7, 2011 Intro The Open Build Service Formerly known as the ' openSUSE Buildservice ' It's a cross-distribution collaboration platform to

381 views • 20 slides
KLCCP Stapled Group Financial Results 2 nd Quarter ended 30 June 2017 16 Aug 2017 Disclaimer

KLCCP Stapled Group Financial Results 2 nd Quarter ended 30 June 2017 16 Aug 2017 Disclaimer

KLCCP Stapled Group Financial Results 2 nd Quarter ended 30 June 2017 16 Aug 2017 Disclaimer These materials contain historical information of the Company which should not be regarded as an indication of future performance or results. These

694 views • 32 slides
Gemini S peckle Imaging with DS S I at Gemini and the DCT Elliott Horch, S CS U DSSI

Gemini S peckle Imaging with DS S I at Gemini and the DCT Elliott Horch, S CS U DSSI

1 Gemini S peckle Imaging with DS S I at Gemini and the DCT Elliott Horch, S CS U DSSI 09.29.2016 ADeLA 2016 2 S peckle Imaging is S ingle-Aperture Interferometry In each exposure, t he effect of at mospheric t

529 views • 20 slides
The Best and the Worst: Computing the Optimal Value Range in Interval Linear Programming 1

The Best and the Worst: Computing the Optimal Value Range in Interval Linear Programming 1

The Best and the Worst: Computing the Optimal Value Range in Interval Linear Programming 1 Department of Applied Mathematics, Faculty of Mathematics and Physics, Charles University 2 Faculty of Finance and Accounting, University of Economics,

631 views • 31 slides
Identity and place: The changing role of Swabian in modern Germany Karen V. Beaman Queen Mary,

Identity and place: The changing role of Swabian in modern Germany Karen V. Beaman Queen Mary,

Identity and place: The changing role of Swabian in modern Germany Karen V. Beaman Queen Mary, University of London Eberhard Karls University of Tbingen Conference on Language, Place and Periphery University of Copenhagen, Denmark January

441 views • 32 slides
Review Spotlight: A User Interface for Summarizing Online Reviews Koji Yatani Supervisor: Dr.

Review Spotlight: A User Interface for Summarizing Online Reviews Koji Yatani Supervisor: Dr.

Review Spotlight: A User Interface for Summarizing Online Reviews Koji Yatani Supervisor: Dr. Khai N. Truong Online reviews are useful. But sometimes too much Any good way to quickly overview what people mention frequently? Standard Tag

101 views • 9 slides
How to test Fedora updates with your custom CI who am i Aleksandra Fedorova aka bookwar

How to test Fedora updates with your custom CI who am i Aleksandra Fedorova aka bookwar

How to test Fedora updates with your custom CI who am i Aleksandra Fedorova aka bookwar Build/DevOps/CI Engineer Fedora contributor for &gt;10 years Former member of FESCo Current member of Fedora Council Member of Fedora

371 views • 19 slides
Designing materials with machine learning and quantum annealing Koji Tsuda University of Tokyo /

Designing materials with machine learning and quantum annealing Koji Tsuda University of Tokyo /

Designing materials with machine learning and quantum annealing Koji Tsuda University of Tokyo / NIMS / RIKEN Automatic Materials Design Experimental Design Machine Simulation Experiments Learning (DFT etc) Data Agenda Bayesian

489 views • 30 slides
Systems and Symmetry Breaking Koji Umemoto (YITP) Based on Arpan Bhattacharyya (YITP), Alexander

Systems and Symmetry Breaking Koji Umemoto (YITP) Based on Arpan Bhattacharyya (YITP), Alexander

QIST 2019 June 6th, 2019 Entanglement of Purification in Many Body Systems and Symmetry Breaking Koji Umemoto (YITP) Based on Arpan Bhattacharyya (YITP), Alexander Jahn (Freie U.) Tadashi Takayanagi (YITP) and KU [1902.02369] =

529 views • 33 slides

More recommend