On Wed, Jul 03, 2013 at 07:46:15PM +0200, Miroslav Suchy wrote:
I'm trying to understood architecture of OBS. I find that /etc/init.d/obsworker starts /usr/lib/obs/server/bs_worker and that worker can be configure to build in kvm sandbox. But I got lost in bs_worker code. Can someone please enlighten me (or just point to specific parts of code) how is sources passed to that kvm sandbox and how is retrieved the result from the virtual machine?
The worker just fetches the sources from the source server and the binary packages from the repo server and calls /usr/bin/build from the "build" package to do the building and sandboxing. "build" is like Fedora's "mock", but a couple of years older ;)
The build program creates the file system, mounts it, copies the sources and binary packages into it and does the "preinstall" phase, i.e. it unpacks the packages needed to get rpm/bash running. This unpacking is done by using "rpm2cpio" and "bsdtar" for security reasons.
It then unmounts the file system and starts the virtual machine. The "init" program used in the vm is actually the build script again, it then installs all the rpm packages and runs rpmbuild.
Getting the build result out of the vm is a bit tricky, as we don't want to mount the filesystem again after the vm was running due to security reasons. Instead, the build script running inside the vm disables swap and writes a list of file system blocks to the swap device. Then the vm terminates, and the outer build script reads the swap space to get the block list and extracts the built rpms.
Then the build script terminates and the worker sends the result back to the repo server, which sends an event to the scheduler process to make it pick up the build result.
(The worker also listens to a port, so you can stream the build log and kill running jobs.)