Process of building
- Build images for arches x86 and VM on building host, build images for aarch64 on taishan
- Rsync images into building host to directory ~/images
- Sign images with gpg2 key
- Rsync signed images into ftp
Build host: cloud-builder.office.basealt.ru
Sсript directory: ~/cloud-build (clone branch configs of this repo)
Directory with builded images: ~/images
Directory with signed images: ~/proto
How to setting builder host (what i did):
- Setting space for straight getting packages:
mkdir /space
cat /etc/fstab << "alt.office.basealt.ru:/space /space nfs4 noauto,nosuid,noexec,nolock,ro,soft,_netdev,x-systemd.automount 0 0"
mount /space
add lines to file /etc/apt/sources.list.d/alt.list, on other lines set #:
rpm [alt] copy:/space/ALT/Sisyphus x86_64 classic
rpm [alt] copy:/space/ALT/Sisyphus x86_64 debuginfo
rpm [alt] copy:/space/ALT/Sisyphus x86_64-i586 classic
rpm [alt] copy:/space/ALT/Sisyphus noarch classic
- Install packages
for mkimage-profiles: apt-get install mkimage mkimage-preinstall hasher git-core
other: git (for getting build repo), podman, vml (for tests), qemu-img
- For building VM images need rootrules:
add your builder-user to wheel group
from root call
visudo
add path to file tar2fs from mkimage-profiles, instead of WHEEL_USERS can be your builder-user. For example:
WHEEL_USERS ALL=(ALL) NOPASSWD: /home//.local/share/cloud-build/work/mkimage-profiles/bin/tar2fs
- Setting of configs
in repo directory "configs" check settings:
-
remote - directory, where you get builded images after working of script (~/images)
-
repository_url - from where getting packages for building : now is space, which we set before - copy:///space/ALT/{branch}
-
branches and arches, which we are going build
- Set external images path
create directory /external_files with right organization inside: /external_files/branches_list/arches_list
images from this path just rsync to result directory (~/images) as is
- Get ssh key and gpg key to build host
ssh key is for rsync resulting images to ftp-mirror
gpg key is for signig images
- Set master config for sign stage
use master.yaml for signing images after building (on host ~/sign-config/master.yaml)
check setting inside
-
key - set your key for sign
-
remote - directory, where you get signed images after working of script (~/proto)
-
external_files - path to your special images
- Check access to taishan and ftp-mirror
Build own cloud forge on taishan
- Create virtual user (for exam. cloud-builder) on taishan who will be cloud forge vms owner
- Add it to wheel and vm group and add to it ssh key which you will go to builder vm with
- Run vm on vml from aarch64 qcow2 image (-i path to image, name exam. builder) and set to its config special static port
vml create -i ~/images/alt --minimum-disk-size 64G --memory 8G builder
vim ~/vml/builder/vml.tml ssh.port-user-network = 33201
- Install programs on vm-builder
apt-get update && apt-get install git podman git-core bash-completion vim-console mkimage mkimage-preinstall hasher qemu-img kpartx
- Create virtual user (for exam. cloud-builder) and add ssh key which you will go to builder vm with to root and cloud-builder users on vm. Check including cloud-builder to wheel and user-named groups
useradd -U -p cloud-builder123 cloud-builder
usermod -a -G wheel cloud-builder
vim ~/.ssh/authorized_keys
vim /home/cloud-builder/.ssh/authorized_keys
- Add users for hasher
hasher-useradd cloud-builder
- Set config for hasher
vim /etc/hasher-priv/system prefix=~:/tmp/.private allowed_mountpoints=/proc,/dev/pts
- Check working status of hasher, command must work
hsh --initroot-only ~/hasher
- Check static builder vm port
cat ~/vml/builder/alt-dev/.vml/cache/port
- Check go to builder vm on taishan from your host by ssh-key-having user
ssh root@127.0.0.1 -p 33201 -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519_builder -o ProxyCommand="ssh cloud-builder@taishan -W %h:%p"
ssh cloud-builder@127.0.0.1 -p 33201 -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519_builder -o ProxyCommand="ssh cloud-builder@taishan -W %h:%p"