#971 Investigation: ImageBuild on CBS
Closed: Fixed with Explanation 2 years ago by arrfab. Opened 2 years ago by tdawson.

The Alternative Images SIG would really like ImageBuilder available.
Would it be possible to get ImageBuilder available to the SIG's?

If so, would it be easier/better to somehow link to the Fedora ImageBuilder? Or setup a new one on our infrastructure?


Metadata Update from @arrfab:
- Issue priority set to: Next Meetings (was: Needs Review)
- Issue tagged with: blocked, need-more-info

2 years ago

Q: Why would we need this?
A: Mainly for ostree images. The web and API interface are nice on image builder, but those are secondary.
If anyone knows of a good way to create ostree images on the CBS infrastructure, we (The Alternative Images SIG) are open to suggestions and alternative solutions.

Ping
Any estimate of starting on this?
I understand you are busy, but an estimate would be nice (week/month/quarter).

I believe I have given you the information you wanted. If I didn't, please let me know what you need to know.

I'll let @amoloney comment as we had a prioritization call yesterday and it wasn't mentioned/planned so far

Metadata Update from @arrfab:
- Issue assigned to amoloney

2 years ago

Hi @tdawson apologies we didnt get to this on the meeting, however I will put it on the agenda for the next call scheduled for Wednesday Feb. 8th and I will update this ticket if we land on when we can start looking into this. I will let @arrfab respond if they need more information.
For context on workload, there is a focus on doing some auth system work to meet an internal requirement, and a koji upgrade for CentOS Stream, plus some (most/all) of the centos infra team will be attending FOSDEM next weekend (3rd - 5th Feb) so the infra meeting on the 8th Feb will be the best meeting to meaningfully discuss when we can start this work for you.

Will be back to you after that date with a bit more of a concrete answer & thanks for your patience, it is very much appreciated.

Kindest regards,
Aoife

Hi,

I had an interesting discussion with @obudai about this.
The good news : while it doesn't exist (yet), he branched the needed koji-osbuild package for epel8 : https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a89d8f6a76

The bad news :

  • ImageBuilder would require koji krb5 auth, which we don't use/support for https://cbs.centos.org (@obudai said that it can be somewhere on their roadmap but not there yet)
  • other limitation would be (and I know that for Hyperscale SIG that would be blocker) : no btrfs support on the ImageBuilder infra for the moment

The fact that ImageBuilder infra doesn't (yet) for now support x509/TLS auth to interact back with Koji (cbs.centos.org) would be a blocker.

Thank you for your investigation.
I does look like it is currently blocked.
Is there any plan in the near future to add x509/TLS support to the infrastucture?
Or do you think it better to pursue getting ImageBuilder to use koji krb5 auth?

It's the other way around, image builder supports krb5 but not x509.

It's definitely possible to implement x509 in ib, but it has never been high on the core team's list of priorities.

OTOH, last week during Hyperscale meeting, @ngompa proposed (in his free time) to look at having kiwi supporting rpm ostree based image builds.
So we can still wait for ImageBuilder to support tls/x509 auth (and btrfs support) and see in parallel about kiwi support for ostree

After our meeting, we (the Alternative Images SIG) have decided to close this ticket.
We appreciate the investigation that went on, and the results it gave us.
We mainly wanted ImageBuilder to create ostree images.
We will look for alternative ways to get ostree images created.

Note: I cannot close the issue because #1039 is marked as a blocker, and I don't have the permissions to remove that.

Metadata Update from @arrfab:
- Issue unmarked as depending on: #1039

2 years ago

Metadata Update from @arrfab:
- Assignee reset

2 years ago

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed with Explanation
- Issue status updated to: Closed (was: Open)

2 years ago

Log in to comment on this ticket.

Metadata