Diff for "Soyuz/HowToDevelopWithBuildd"

Not logged in - Log In / Register

Differences between revisions 3 and 20 (spanning 17 versions)
Revision 3 as of 2020-04-06 00:13:37
Size: 6861
Editor: cjwatson
Comment: apt-get -> apt
Revision 20 as of 2021-06-07 10:03:26
Size: 8267
Editor: cjwatson
Comment: expand on virtualization settings
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
The password for the user can be generated using `mkpasswd -m sha-512 <password>`. `mkpasswd` lives in the `whois` package. The password for the user can be generated using:
{{{
   mkpasswd -m sha-512 <password>
}}}

`mkpasswd` lives in the `whois` package.
Line 16: Line 21:
To create this run `lxc profile create vm` and then `lxc profile edit vm`. To create this run:
{{{
   lxc profile create vm
}}}
and then:
{{{
    
lxc profile edit vm
}}}
Line 61: Line 74:
This will take a while to settle. You can monitor it's progress with `lxd console <vm name>`. This will take a while to settle. You can monitor its progress with `lxd console <vm name>`.
Line 82: Line 95:
sudo apt install bzr
bzr branch lp:launchpad-buildd
sudo apt install git
git clone https://git.launchpad.net/launchpad-buildd
Line 94: Line 107:
sudo apt install quilt binfmt-support qemu-user-static dpkg-dev fakeroot build-essential debhelper python dh-python python-setuptools devscripts equivs
mk-build-deps launchpad-buildd --install --root-cmd sudo --remove
sudo apt build-dep launchpad-buildd fakeroot
sudo apt install -f
Line 103: Line 116:
# This may fail with missing dependencies.
sudo dpkg -i python-lpbuildd_<version>_all.deb launchpad-buildd_<version>_all.deb
# If the previous line failed, do the following. There is no need to rerun the previous line:
sudo apt install -f
sudo dpkg -i ./python3-lpbuildd_<version>_all.deb ./launchpad-buildd_<version>_all.deb
Line 112: Line 122:
Edit /etc/launchpad-buildd/default and change 'ntphosts' to something valid (91.189.89.199 might be useful here.) Edit /etc/launchpad-buildd/default and change 'ntphost' to something valid (ntp.ubuntu.com should work)
Line 115: Line 125:
/usr/bin/python /usr/bin/twistd --no_save --pidfile /var/run/launchpad-buildd/default.pid --python /usr/lib/launchpad-buildd/buildd-slave.tac -n cd launchpad-buildd
/usr/bin/python3 /usr/bin/twistd --no_save --pidfile /var/run/launchpad-buildd/default.pid --python /usr/lib/launchpad-buildd/buildd-slave.tac -n
Line 132: Line 143:
sudo apt install python-ubuntutools sudo apt install python3-launchpadlib python3-ubuntutools
Line 134: Line 145:
sha256sum livecd.ubuntu-base.rootfs.tar.gz sha256sum livecd.ubuntu-base.rootfs.tar.gz/home/buildd/filecache-default
Line 136: Line 147:
cp <sha256sum named file> /home/buildd/filecache-default sudo cp <sha256sum named file> /home/buildd/filecache-default
sudo chown buildd: /home/buildd/filecache-default/<sha256sum named file>
Line 152: Line 164:
proxy.build('1-3', 'oci', '540947c8a8a5222e9f34150afed945f9f01ccf43', {}, {'name': 'test-build', 'series': 'bionic', 'arch_tag': 'amd64', 'git_repository': 'https://github.com/tomwardill/test-docker-repo.git', 'archives': ['deb http://archive.ubuntu.com/ubuntu bionic main restricted', 'deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted', 'deb http://archive.ubuntu.com/ubuntu bionic universe']}) proxy.build('1-3', 'oci', '<sha256 of base, possibly from previous section>', {}, {'name': 'test-build', 'series': 'bionic', 'arch_tag': 'amd64', 'git_repository': 'https://github.com/tomwardill/test-docker-repo.git', 'archives': ['deb http://archive.ubuntu.com/ubuntu bionic main restricted', 'deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted', 'deb http://archive.ubuntu.com/ubuntu bionic universe']})
Line 168: Line 180:
=== Image Setup ===

Consult the 'Launchpad Configuration' section of [[Soyuz/HowToUseSoyuzLocally|here]] to do the correct `manage-chroot` dance to register an image with launchpad. Without this, you will have no valid buildable architectures.
Line 172: Line 188:
1. Log in as admin
2. Go to https://launchpad.test/~launchpad-buildd-admins and add your user
3. Go to https://launchpad.test/~ubuntu-team and add your user
 1. Log in as admin
 2. Go to https://launchpad.test/~launchpad-buildd-admins and add your user
 3. Go to https://launchpad.test/~ubuntu-team and add your user
Line 180: Line 196:
1. Go to https://launchpad.net/builders
2. Press 'Register a new build machine'
3. Fill in the details.
  * The 'URL' is probably 'http://<buildd ip>:8221'.
  * 'Virtualized' should be true
  * VM reset protocol can be either 1.1 or 2.0
4. After 30 seconds or so, the status of the builder on the builders page should be 'Idle'. This page does not auto-update, so refresh!
 1. Go to https://launchpad.test/builders
 2. Press 'Register a new build machine'
 3. Fill in the details.
   * The 'URL' is probably 'http://<buildd ip>:8221'.
   * You can make the builder be either virtualized or non-virtualized, but each option requires some extra work. Make sure you understand what's needed in the case you choose.
    * Most production builders are virtualized, which means that there's machinery to automatically reset them to a clean VM image at the end of each build. To set this up, `builddmaster.vm_resume_command` in your config must be set to a command which `buildd-manager` can run to reset the builder. If the VM reset protocol is 1.1, then the resume command is expected to be synchronous: once it returns, the builder should be running. If the VM reset protocol is 2.0, then the resume command is expected to be asynchronous, and the builder management code is expected to change the builder's state from `CLEANING` to `CLEAN` using the webservice once the builder is running.
    * Non-virtualized builders are much simpler: `launchpad-buildd` is cleaned synchronously over XML-RPC at the end of each build, and that's it. If you use this, then you must be careful not to run any untrusted code on the builder (since a chroot or container escape could compromise the builder), and you'll need to uncheck "Require virtualized builders" on any PPAs, live filesystems, recipes, etc. that you want to be allowed to build on this builder.
 4. After 30 seconds or so, the status of the builder on the builders page should be 'Idle'. This page does not auto-update, so refresh!

LXD VM Support

This is now on stable and allows for management of VMs with the same LXD CLI.

For now, we need to use the images: source for images, rather than the ubuntu: images. The default ubuntu images do not have the LXD agent preinstalled. Once they do, this gets a bit simpler.

It is also slightly simpler to use the ubuntu user, as it is already available in the image and doesn't require as many hoops jumped to get uid/gid mapping to work.

Create a LXD profile for VMs

This is a convenience helper profile for VMs that will add users and run cloud-init for installing the LXD VM agent. It is not required and you can pass the options on the lxc command. The password for the user can be generated using:

    mkpasswd -m sha-512 <password>

mkpasswd lives in the whois package.

For now, we are using the LXD provided cloud images as it has the LXD agent and cloud-init preinstalled. This requires a smaller LXD profile, but needs some extra commands afterwards.

To create this run:

    lxc profile create vm

and then:

    lxc profile edit vm

name: vm
config:
  limits.cpu: "2"
  limits.memory: 4GB
  user.vendor-data: |
    #cloud-config
    package_update: true
    ssh_pwauth: yes
    packages:
      - openssh-server
      - byobu
      - language-pack-en
    users:
     - name: "ubuntu"
       passwd: "<shell password hash>"
       lock_passwd: false
       groups: lxd
       shell: /bin/bash
       sudo: ALL=(ALL) NOPASSWD:ALL
       ssh-import-id: <lp username>
description: ""
devices:
  config:
    source: cloud-init:config
    type: disk
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  work:
    path: <path to folder you want to share to in the VM>
    source: <path to folder you want to share from the host>
    type: disk

Start the LXD VM

Start a VM via downloading the images: cloud image

lxc launch images:ubuntu/<release name>/cloud -p vm -p default <vm name> --vm

This will take a while to settle. You can monitor its progress with lxd console <vm name>. Once it has complete cloud-init, you should then see an IP assigned in lxc list and be able to execute a bash shell with lxc exec <vm name> bash.

Configure password and ssh

This should be done by the cloud-init config in the profile, but the package is not installed at the time that is run, so do it afterwards manually:

lxc exec <vm name> sudo passwd ubuntu
lxc exec <vm name> --user 1000 "/usr/bin/ssh-import-id" <launchpad user id>

This will not be required once we can use the ubuntu: image source in LXD.

Launchpad Buildd

We'll need a clone of this and then build and install it for running.

Branch

sudo apt install git
git clone https://git.launchpad.net/launchpad-buildd

Install dependencies

cd launchpad-buildd
sudo apt-add-repository ppa:launchpad/ubuntu/buildd-staging
sudo apt-add-repository ppa:launchpad/ubuntu/ppa
vi /etc/apt/sources.list.d/launchpad-ubuntu-ppa-bionic.list <uncomment deb-src line>
sudo apt update
sudo apt build-dep launchpad-buildd fakeroot
sudo apt install -f

Make and install the package

make
cd ..
sudo dpkg -i ./python3-lpbuildd_<version>_all.deb ./launchpad-buildd_<version>_all.deb

Run the buildd

Edit /etc/launchpad-buildd/default and change 'ntphost' to something valid (ntp.ubuntu.com should work)
sudo mkdir -p /var/run/launchpad-buildd
sudo chown ubuntu: /var/run/launchpad-buildd
cd launchpad-buildd
/usr/bin/python3 /usr/bin/twistd --no_save --pidfile /var/run/launchpad-buildd/default.pid --python /usr/lib/launchpad-buildd/buildd-slave.tac -n

Making changes

The package is installed as a system deb, so to make changes you will need to rebuild and reinstall the package following the 'Make and install' section.

Testing

You probably want the next section ('Configuring Launchpad') at this point, but if you are doing any buildd development and need to test your changes without having to have the whole system running, you can use the XML-RPC interface to cause builds to happen.

Getting a base image

First, we need a base image to use for the builds. Usually this is pulled as part of a build, but if we don't have Launchpad involved, we need to set this up manually.

bzr branch lp:ubuntu-archive-tools
sudo apt install python3-launchpadlib python3-ubuntutools
./manage-chroot -s bionic -a amd64 get
sha256sum livecd.ubuntu-base.rootfs.tar.gz/home/buildd/filecache-default
mv livecd.ubuntu-base.rootfs.tar.gz <sha256sum from previous line>
sudo cp <sha256sum named file> /home/buildd/filecache-default
sudo chown buildd: /home/buildd/filecache-default/<sha256sum named file>

Running a build

You can try running a build via the XML-RPC interface. Start a python/ipython repl and run.

import xmlrpclib
proxy = xmlrpclib.ServerProxy("http://localhost:8221/rpc")
proxy.status()

Assuming that works, a sample build can be created using (relying on the OCI capabilities being merged into launchpad-buildd):

proxy.build('1-3', 'oci', '<sha256 of base, possibly from previous section>', {}, {'name': 'test-build', 'series': 'bionic', 'arch_tag': 'amd64', 'git_repository': 'https://github.com/tomwardill/test-docker-repo.git', 'archives': ['deb http://archive.ubuntu.com/ubuntu bionic main restricted', 'deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted', 'deb http://archive.ubuntu.com/ubuntu bionic universe']})

Configuring Launchpad

Running soyuz and adding data

First, you'll need to run some extra bits in Launchpad:

utilities/start-dev-soyuz.sh
utilities/soyuz-sampledata-setup.py
make run

Image Setup

Consult the 'Launchpad Configuration' section of here to do the correct manage-chroot dance to register an image with launchpad. Without this, you will have no valid buildable architectures.

User setup

It's convenient to add your user to the correct groups, so you can interact with it, without being logged in as admin.

  1. Log in as admin
  2. Go to https://launchpad.test/~launchpad-buildd-admins and add your user

  3. Go to https://launchpad.test/~ubuntu-team and add your user

Registering the buildd

The buildd that you have just installed needs registering with Launchpad so that builds can be dispatched to it.

  1. Go to https://launchpad.test/builders

  2. Press 'Register a new build machine'
  3. Fill in the details.
    • The 'URL' is probably 'http://<buildd ip>:8221'.

    • You can make the builder be either virtualized or non-virtualized, but each option requires some extra work. Make sure you understand what's needed in the case you choose.
      • Most production builders are virtualized, which means that there's machinery to automatically reset them to a clean VM image at the end of each build. To set this up, builddmaster.vm_resume_command in your config must be set to a command which buildd-manager can run to reset the builder. If the VM reset protocol is 1.1, then the resume command is expected to be synchronous: once it returns, the builder should be running. If the VM reset protocol is 2.0, then the resume command is expected to be asynchronous, and the builder management code is expected to change the builder's state from CLEANING to CLEAN using the webservice once the builder is running.

      • Non-virtualized builders are much simpler: launchpad-buildd is cleaned synchronously over XML-RPC at the end of each build, and that's it. If you use this, then you must be careful not to run any untrusted code on the builder (since a chroot or container escape could compromise the builder), and you'll need to uncheck "Require virtualized builders" on any PPAs, live filesystems, recipes, etc. that you want to be allowed to build on this builder.

  4. After 30 seconds or so, the status of the builder on the builders page should be 'Idle'. This page does not auto-update, so refresh!

Soyuz/HowToDevelopWithBuildd (last edited 2021-09-10 09:38:43 by ilasc)