particle-os/debian-koji-osbuild
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-koji-osbuild/HACKING.md
Christian Kellner 54c59cc41c builder: use cloud api 
Composer now[1] has integrated the koji API into the "cloud API"
and thus we can use this more general purpose and powerful API
instead of using the specialized koji API endpoint.
Adapt the request and response structures as well as the unit
tests to use that.

[1] PR #2214, commit 11e2ae45284bfb0d89ef1c1e0d2aa4ae230ea573
2022-02-11 16:36:07 +01:00

4.8 KiB
Raw Blame History

Patches

Patches should be submitted in the form of pull requests at [github][github].

Coding style

Standard PEP-8 formatting is used project wide for Python, with a few relaxations, like maximum line length (120). A pylint config file .pylintrc is provided. The ./run-test.sh will lint the source code using this (see Testing below).

Contributing

Please refer to the developer guide to learn about our workflow, code style and more.

Testing

Unit tests

To support local development an container test/Dockerfile contains the environment to test all three plugins. It can be built and run via ./run-test.sh. This will execute the unit tests as well as run pylint and ShellCheck on the source code.

Local integration testing

Preparation

This assumes that osbuild-composer, version greater than 21, is installed on the host and the koji API is enabled.

Make certificates for osbuild-composer. This is needed to authorize clients to use the composer API. There is a script that will create the certificates and also copy it to the correct places in /etc.

sudo test/make-certs.sh

Build the containers:

sudo test/build-container.sh

Setup the infrastructure containers

Run the infra containers, i.e. the database server, the kerberos kdc, and koji hub. This will also create the kerberos keytabs needed for the koji builder to authorize itself to koji hub.

sudo test/run-koji-container.sh start

Koji web will now be running at: http://localhost:8080/koji/

Copy the credentials: The TLS certificates for the koji builder plugin to make authorize requests to composer and the kerberos keytabs needed for composer and worker (of composer) to reserve and import the build via the koji XML RPC.

sudo  test/copy-creds.sh

Run the mock OpenID server

The koji builder plugin needs to be authorized in order to be able to start a compose via Composer. The default authentication scheme is OAuth2. For testing purposes we can use the mock OpenID server that is included in the osbuild-composer-tests package. A helper script is included to start and stop the server with the correct parameters.

sudo test/run-openid.sh start

Run the koji builder

Run the koji builder instance can be started. Here fg means that it will be running in the foreground, so logs can be inspected and the container stopped via ctrl+c.

sudo test/run-builder.sh fg

Verify we can talk to koji hub via the koji command line client:

$ koji --server=http://localhost:8080/kojihub --user=osbuild --password=osbuildpass --authtype=password hello
grüezi, osbuild!

You are using the hub at http://localhost:8080/kojihub
Authenticated via password

Setup the tags

In order to build an image, a series of tags needs to be created. Specifically:

  • the target tag
  • the build tag, which contains the architectures
  • destination tag, which contains the list of packages

A helper script will create a minimum set that is necessary to build an image call Fedora-Cloud for f33-candidate:

test/make-tags.sh

Client plugin

The client plugin needs to be installed either by creating the RPMs first via meson, or via a symlink from the checkout to the koji cli plugin directory:

mkdir -p /usr/lib/python3.8/site-packages/koji_cli_plugins/
ln -s $(pwd)/plugins/cli/osbuild.py \
	  /usr/lib/python3.8/site-packages/koji_cli_plugins/osbuild.py

Making a build

Now that all is setup a build can be created via:

koji --server=http://localhost:8080/kojihub \
     --user=kojiadmin \
	 --password=kojipass \
	 --authtype=password \
	 osbuild-image \
	 Fedora-Cloud \
	 33 \
	 fedora-33 \
	 f33-candidate \
	 x86_64 \
	 --repo 'http://download.fedoraproject.org/pub/fedora/linux/releases/33/Everything/$arch/os/' \
	 --image-type guest-image \
	 --release 1

Troubleshooting

Check logs:

sudo podman logs org.osbuild.koji.koji  # koji hub
sudo podman logs org.osbuild.koji.kdc   # kerberos kdc

Execute into the container:

sudo podman exec -it org.osbuild.koji.koji /bin/bash
sudo podman exec -it org.osbuild.koji.kdc /bin/bash
sudo podman exec -it org.osbuild.koji.kojid /bin/bash

Cleanup

Stopping the container:

sudo test/run-koji-container.sh stop

Cleanup of kerberos tickets:

sudo kdestroy -A
sudo -u _osbuild-composer kdestroy -A

Useful links

[github][https://github.com/osbuild/koji-osbuild]