Re: P2P Packaging/Koji Cloud

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

2011/12/7 seth vidal <skvidal@xxxxxxxxxxxxxxxxx>
I've looked into spawning virt instances to do building and it is pretty doable. The problem with them being offered by volunteers is trust
[...]

You are right. I had not thought at that... how naive of me :(

The volunteers/trustees would sign the builds with their own private keys, for instance with their FAS keys. Then, we could have some "trustworthiness" ratings for all the submitters, like we have today for the packagers (new packager, proven-packager, sponsor). While the submitter is still not trusted, the centralised Koji infrastructure can duplicate the build, and check that it gives the same results. And even when the submitter is trusted, some random duplicate builds can occur. If the submitter taints the builds, it will be flagged as a potential "fraud". A human being would have to have a look at it then.

Or, the VMs could do "scratch" builds (only). When those builds are successful, the VMs then just act as a standard clients to the central Koji servers, and the packages are re-built in that safe infrastructure. Overall, the central Koji infrastructure would be off-loaded from all the scratch builds, as well as from the failed builds. Which is already not so bad, is it?


I've worked on some code to spawn off an instance, submit jobs + packages, build them (a chain-build so you don't have to keep respawning them) then collect all the results back to your local machine. It works - it requires setting up trusted images at those cloud providers but that's not very hard to do and keep current. Right now I'm porting the code to use a different cloud-communication API than I was using before.

That would be very cool. Do you intend to use DeltaCloud (http://deltacloud.apache.org/), or something like that?

 
I have a couple of systems inside the red hat colo that I had planned on reinstalling to f16 and setting up openstack on them to play with the same idea but on a local cloud instance.

For sure, I would like to set up something like that for my own usage.


Is all this inline with the problems you've thought about?

Yes, that is fully in-line, and very interesting!

Denis

PS: why isn't there a virtualisation SIG? As there is already a mailing list, it may be just a question of adding the corresponding Wiki page?

_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux