[opensuse-buildservice] Internet Access Inside Workers
Hello all, I am currently evaluating OBS for an internal Debian/Ubuntu package building system, and am very pleased with what I see so far. My use case requires the code running inside the workers to have access to the internet, but in my testing, the package tests failed due to lack of internet connectivity. This will be an internal OBS instance running only trusted code, and we have Buildbot instances which serve a similar purpose, so I am not very concerned with the security implications of allowing connectivity inside the worker. Is there a configuration option to allow this, or is this something I would need to implement myself? Thanks in advance. Kyle -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Fri, Mar 13, 2020 at 4:13 PM Kyle Edwards
Hello all,
I am currently evaluating OBS for an internal Debian/Ubuntu package building system, and am very pleased with what I see so far.
My use case requires the code running inside the workers to have access to the internet, but in my testing, the package tests failed due to lack of internet connectivity. This will be an internal OBS instance running only trusted code, and we have Buildbot instances which serve a similar purpose, so I am not very concerned with the security implications of allowing connectivity inside the worker. Is there a configuration option to allow this, or is this something I would need to implement myself? Thanks in advance.
You will need to implement a mechanism yourself. Unlike the COPR system, OBS provides no configuration mechanism for doing this because it is intended to be a secure build environment. -- 真実はいつも一つ!/ Always, there's only one truth! -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Samstag, 14. März 2020, 06:38:01 CET wrote Neal Gompa:
On Fri, Mar 13, 2020 at 4:13 PM Kyle Edwards
wrote: Hello all,
I am currently evaluating OBS for an internal Debian/Ubuntu package building system, and am very pleased with what I see so far.
My use case requires the code running inside the workers to have access to the internet, but in my testing, the package tests failed due to lack of internet connectivity. This will be an internal OBS instance running only trusted code, and we have Buildbot instances which serve a similar purpose, so I am not very concerned with the security implications of allowing connectivity inside the worker. Is there a configuration option to allow this, or is this something I would need to implement myself? Thanks in advance.
You will need to implement a mechanism yourself. Unlike the COPR system, OBS provides no configuration mechanism for doing this because it is intended to be a secure build environment.
well, the build script is supporting network enabled builds. Kyle may run a worker either in chroot or patch bs_worker to use --vm-net option of the build script. We could also make this a bs_worker option to offer this. But it is true that it breaks the concept of guaranteed reproducability, so at least it will never be allowed for any official (open)SUSE distribution package... -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Sat, Mar 14, 2020 at 12:47 PM Adrian Schröter
But it is true that it breaks the concept of guaranteed reproducability, so at least it will never be allowed for any official (open)SUSE distribution package...
Makes sense. What advice for someone who would like to add some deep neural network stuff to OBS? It uses the NVIDIA NVCC compiler, which is obtained via the network. I know that NVIDIA make all this difficult, but the CUDA tools they provide are rather useful. -- Roger Oberholtzer -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On Montag, 16. März 2020, 07:39:08 CET wrote Roger Oberholtzer:
On Sat, Mar 14, 2020 at 12:47 PM Adrian Schröter
wrote: But it is true that it breaks the concept of guaranteed reproducability, so at least it will never be allowed for any official (open)SUSE distribution package...
Makes sense. What advice for someone who would like to add some deep neural network stuff to OBS? It uses the NVIDIA NVCC compiler, which is obtained via the network. I know that NVIDIA make all this difficult, but the CUDA tools they provide are rather useful.
Olaf (CC'd) was digging into this ... we used to offer CUDA via DoD. But I dunno if this approach was successful ... Olaf? bye adrian -- Adrian Schroeter email: adrian@suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (4)
-
Adrian Schröter
-
Kyle Edwards
-
Neal Gompa
-
Roger Oberholtzer