Use the UML fakemachine/Debos backend in the image builder (!107) · Merge requests · infrastructure / apertis-docker-images

Emanuele Aina requested to merge wip/em/image-builder-uml into apertis/v2021dev2 Apr 02, 2020

The image builder so far required /dev/kvm to be available in the container.

Unfortunately this is not possible on workers hosted on cloud providers, like our autoscaling workers on AWS, nor on the Azure ones.

The chroot backend for Debos cannot run inside a container as it needs to do actually privileged operatins like mounting filesystems.

The new User Mode Linux backend for fakemachine/Debos allows us to avoid those issues and run unprivileged builds in places where KVM is not available, like cloud CI workers or like the Apertis SDK under VirtualBox.

This MR changes the way containers should be invoked. Exposing /dev/kvm is no longer needed, but UML needs the ptrace capability and a executable tmpfs mounted on /scratch (--cap-add=SYS_PTRACE --tmpfs /scratch:exec on the docker run command line).

The last build of the KVM-based version is saved as registry.gitlab.apertis.org/infrastructure/apertis-docker-images/v2021dev2-image-builder:latest-kvm.

Edited Apr 13, 2020 by Emanuele Aina

Admin message

Use the UML fakemachine/Debos backend in the image builder

Merge request reports