[opensuse-buildservice] Virtualizing OBS worker build environment with OpenVZ or LXC
Greetings, Is there any work being done for OpenVZ, LXC or other OS-level virtualization support for the build environment in OBS? I am doing my Master's thesis on extending OBS to the cloud. Seeing that Amazon Web Services uses Xen for virtualization (and thus does not support Xen/KVM inside it), and that building without a sandboxed environment is not safe, OpenVZ and LXC would seem promising. There's also much talk about using these technologies in AWS, so I would see it possible. Best Regards, Ville Seppänen Tieto Corporation -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Am Dienstag, 29. März 2011, 14:10:38 schrieb Ville.Seppanen@tieto.com:
Greetings,
Is there any work being done for OpenVZ, LXC or other OS-level virtualization support for the build environment in OBS?
I am doing my Master's thesis on extending OBS to the cloud. Seeing that Amazon Web Services uses Xen for virtualization (and thus does not support Xen/KVM inside it), and that building without a sandboxed environment is not safe, OpenVZ and LXC would seem promising. There's also much talk about using these technologies in AWS, so I would see it possible.
We support XEN, KVM and LXC atm. Check the sources here : http://www.gitorious.org/opensuse/build However, amazon EC2 is not support because the XEN support requires currently control over the Dom0
Best Regards, Ville Seppänen Tieto Corporation
-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hi, I am afraid you might've misunderstood me. I am aware that OpenSUSE does provide LXC, but I meant is there work being done for OBS, so that OBS build host would use LXC to separate the worker build environment itself from the build host (so that the package being built cannot modify the build host). To me, it seems that currently OBS supports Xen and KVM. Looking at /etc/sysconfig/obs-worker, OBS_VM_TYPE can be auto, xen, kvm or none. Could support for LXC be easily implemented? When you said "we support", I understood that you meant OpenSUSE. However, I was talking specifically about OBS. Best Regards, Ville Seppänen Tieto Corporation -----Original Message----- From: Adrian Schröter [mailto:adrian@suse.de] Sent: 29. maaliskuuta 2011 14:37 To: opensuse-buildservice@opensuse.org Cc: Seppanen Ville Subject: Re: [opensuse-buildservice] Virtualizing OBS worker build environment with OpenVZ or LXC Am Dienstag, 29. März 2011, 14:10:38 schrieb Ville.Seppanen@tieto.com:
Greetings,
Is there any work being done for OpenVZ, LXC or other OS-level virtualization support for the build environment in OBS?
I am doing my Master's thesis on extending OBS to the cloud. Seeing that Amazon Web Services uses Xen for virtualization (and thus does not support Xen/KVM inside it), and that building without a sandboxed environment is not safe, OpenVZ and LXC would seem promising. There's also much talk about using these technologies in AWS, so I would see it possible.
We support XEN, KVM and LXC atm. Check the sources here : http://www.gitorious.org/opensuse/build However, amazon EC2 is not support because the XEN support requires currently control over the Dom0
Best Regards, Ville Seppänen Tieto Corporation
-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On 2011-03-29 15:46:17 +0300, Ville.Seppanen@tieto.com wrote:
I am afraid you might've misunderstood me. I am aware that OpenSUSE does provide LXC, but I meant is there work being done for OBS, so that OBS build host would use LXC to separate the worker build environment itself from the build host (so that the package being built cannot modify the build host). To me, it seems that currently OBS supports Xen and KVM. Looking at /etc/sysconfig/obs-worker, OBS_VM_TYPE can be auto, xen, kvm or none. Could support for LXC be easily implemented?
When you said "we support", I understood that you meant OpenSUSE. However, I was talking specifically about OBS.
adrian *is* talking about the build script support for lxc. build is also used by the obs workers. so if you want to learn more about that part, dig into the "build" git tree. darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Hello, On Tue, 2011-03-29 at 14:54 +0200, Marcus Rueckert wrote:
On 2011-03-29 15:46:17 +0300, Ville.Seppanen@tieto.com wrote:
I am afraid you might've misunderstood me. I am aware that OpenSUSE does provide LXC, but I meant is there work being done for OBS, so that OBS build host would use LXC to separate the worker build environment itself from the build host (so that the package being built cannot modify the build host). To me, it seems that currently OBS supports Xen and KVM. Looking at /etc/sysconfig/obs-worker, OBS_VM_TYPE can be auto, xen, kvm or none. Could support for LXC be easily implemented?
When you said "we support", I understood that you meant OpenSUSE. However, I was talking specifically about OBS.
adrian *is* talking about the build script support for lxc.
build is also used by the obs workers. so if you want to learn more about that part, dig into the "build" git tree.
I am trying to accomplish this as well at the moment. I have been going through the "build" code and it's apparent that LXC is indeed supported by the build code's side. However, am I correct to say that no such support has been added to the actual worker code and getting LXC to work with the workers would require manual patching of the worker code. Both XEN and KVM are initialized by starting the bs_worker with a specific argument which does not seem to exist for LXC. Best regards, Sami -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (4)
-
Adrian Schröter
-
Marcus Rueckert
-
Sami Anttila
-
Ville.Seppanen@tieto.com