[CentOS-devel] numbering and building the CentOS Atomic story

Wed Jul 15 23:28:55 UTC 2015
Ari LiVigni <alivigni at redhat.com>

Why not continuously build the ostree based on package changes to Docker, Kub, etcd, flannel, etc.  This way the triggering happens when packages are updated.   It would be great if Centos had something like fedmsg or our  downstream CI message bus. 
Thoughts? 
-== @ri ==-

-------- Original message --------
From: Colin Walters <walters at verbum.org> 
Date: 07/15/2015  5:40 PM  (GMT-05:00) 
To: centos-devel at centos.org 
Subject: Re: [CentOS-devel] numbering and building the CentOS Atomic story 

Thanks for posting this!

On Wed, Jul 15, 2015, at 06:18 AM, Karanbir Singh wrote:
>
> For (a) above, I propose we run an ostree repo, managed by a
> centos-release-projectatomic rpm file; the ostree repo for this should
> be delivered from buildlogs.centos.org, and updated in sync with the
> rest of the content in the CentOS Linux repos, as well as the atomic sig
> run repos in the community build service. In order to keep things
> simple, it might be good enough to run this ostree update on a nightly
> basis.

With current rpm-ostree it is very inexpensive to just run it constantly (e.g
every 5 minutes), or better, edge triggered from push notification from
one of the rpm-md input repos being regenerated, and it will quickly do
nothing if there's nothing to do.

See:
https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2015-June/msg00041.html

> I propose this nightly build be run from an automated harness at
> ci.centos.org, which would pull down the last ostree repo, do its
> updates, commit the changeset, and have a way to push back into the
> buildlogs.centos.org host the new repo. 

Transitioning it from CI to CD then.  There's lots of interesting aspects to
this...

> As an additional downstream
> trigger, we should then build nightly the images derived from this

Not sure I understand the rationale of this nightly thing here either.  Why
not just trigger all images when the ostree commit changes?  That can
be implemented by a few lines of shell to compare the previous/new
commit IDs, and/or rpm-ostree compose tree --touch-if-changed.

> ostree repo ( this would be the GenericCloud, Vagrant, ISO files etc for
> the atomic build that maps to the latest commit in that ostree repo).
> For numbering, I propose we use datestamp with a build id eg:
> 20150715_01, this maps well to user expectations and also sets suitable
> confidence in the build.

That versioning seems fine to me.

> Key requirement to applying updates is that the atomic host needs a
> reboot to consume the latest ostree propagated changes. So while the
> updated tree would be available nightly, uses might chose to still apply
> it nightly, they can control to a fairly good granularity the point in
> time they wish to run.

That sounds like a different branch name?

> The atomic sig can then decide which point in time build they wish to
> promote as their 4wk 'release' image. The ostree repo + images +
> documentation for that build can then be promoted to a release location.
> This would then be announced via projectatomic.io
> 
> I'm also proposing that this build be called the project atomic build.
> 
> for (b) above, I'm proposing we use the same process as for (a), except
> for the following major changes :
> - content in (a) is signed, 

Is *not* signed?  Or is?  Note that OSTree actually supports multiple
GPG signatures per commit, intended for "binary promotion" workflows.
But:

> so while we can build things nightly, we
> cant promote that content as is. 

Right, and the SIG build may have things that aren't in the rebuild,
so it wouldn't make sense to binary-promote.

> - the update cycle for the ostree repo should be undecided, so we can
> promote a new update if there are security issues that merit this work,
> and also when there is a new version of a core component that we might
> want to push out out of band ( i.e not wait on the next upstream build )

I doubt anyone would object if we unconditionally always included the Z stream
errata and released the tree commit immediately after the RPM rebuild.
_______________________________________________
CentOS-devel mailing list
CentOS-devel at centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20150715/e7ff1154/attachment-0008.html>