Remote bootstrapping¶
bootstrap-vz is able to bootstrap images not only on the machine on which it is invoked, but also on remote machines that have bootstrap-vz installed.
This is helpful when you create manifests on your own workstation, but have a beefed up remote build server which can create images quickly. There may also be situations where you want to build multiple manifests that have different providers and require the host machines to be running on that provider (e.g. EBS backed AMIs can only be created on EC2 instances), when doing this multiple times SSHing into the machines and copying the manifests can be a hassle.
Lastly, the main motivation for supporting remote bootstrapping is the automation of system testing. As you will see further down, bootstrap-vz is able to select which build server is required for a specific test and run the bootstrapping procedure on said server.
bootstrap-vz-remote¶
Normally you’d use bootstrap-vz
to start a bootstrapping process.
When bootstrapping remotely simply use bootstrap-vz-remote
instead,
it takes the same arguments plus a few additional ones:
--servers <path>
: Path to a list of build-servers (see build-servers.yml for more info)--name <name>
: Selects a specific build-server from the list of build-servers--release <release>
: Restricts the autoselection of build-servers to the ones with the specified release
Much like when bootstrapping directly, you can press Ctrl+C
at any time
to abort the bootstrapping process.
The remote process will receive the keyboard interrupt signal
and begin cleaning up - pressing Ctrl+C
a second time will abort that as
well and kill the connection immediately.
Note that there is also a bootstrap-vz-server
, this file is not meant to be
invoked directly by the user, but is instead launched by bootstrap-vz on the
remote server when connecting to it.
Dependencies¶
For the remote bootstrapping procedure to work, you will need to install
bootstrap-vz as well as the sudo
command on the remote machine.
Also make sure that all the needed dependencies for bootstrapping your image
are installed.
Locally the pip package Pyro4 is needed.
build-servers.yml¶
The file build-servers.yml
informs bootstrap-vz about the different
build servers you have at your disposal.
In its simplest form you can just add your own machine like this:
local:
type: local
can_bootstrap: [virtualbox]
release: jessie
build_settings: {}
type
specifies how bootstrap-vz should connect to the build-server.
local
simply means that it will call the bootstrapping procedure directly,
no new process is spawned.
can_bootstrap
tells bootstrap-vz for which providers this machine is capable
of building images. With the exception of the EC2 provider,
the accepted values match the accepted provider names in the manifest.
For EC2 you can specify ec2-s3
and/or ec2-ebs
.
ec2-ebs
specifies that the machine in question can bootstrap EBS backed
images and should only be used when the it is located on EC2.
ec2-s3
signifies that the machine is capable of bootstrapping S3 backed
images.
Beyond being a string, the value of release
is not enforced in any way.
It’s only current use is for bootstrap-vz-remote
where you can restrict
which build-server should be autoselected.
Remote settings¶
The other (and more interesting) setting for type
is ssh
,
which requires a few more configuration settings:
local_vm:
type: ssh
can_bootstrap:
- virtualbox
- ec2-s3
release: wheezy
# remote settings below here
address: 127.0.0.1
port: 2222
username: admin
keyfile: path_to_private_key_file
server_bin: /root/bootstrap/bootstrap-vz-server
The last 5 settings specify how bootstrap-vz can connect
to the remote build-server.
While the initial handshake is achieved through SSH, bootstrap-vz mainly
communicates with its counterpart through RPC (the communication port is
automatically forwarded through an SSH tunnel).
address
, port
, username
and keyfile
are hopefully
self explanatory (remote machine address, SSH port, login name and path to
private SSH key file).
server_bin
refers to the abovementioned
bootstrap-vz-server executable. This is the command bootstrap-vz executes
on the remote machine to start the RPC server.
Be aware that there are a few limitations as to what bootstrap-vz is able to deal with, regarding the remote machine setup (in time they may be fixed by a benevolent contributor):
- The login user must be able to execute sudo without a password
- The private key file must be added to the ssh-agent before invocation (alternatively it may not be password protected)
- The server must already be part of the known_hosts list
(bootstrap-vz uses
ssh
directly and cannot handle interactive prompts)
Build settings¶
The build settings allow you to override specific manifest properties.
This is useful when for example the VirtualBox guest additions ISO is located
at /root/guest_additions.iso
on server 1, while server 2 has it at
/root/images/vbox.iso
.
local:
type: local
can_bootstrap:
- virtualbox
- ec2-s3
release: jessie
build_settings:
guest_additions: /root/images/VBoxGuestAdditions.iso
apt_proxy:
address: 127.0.0.1
port: 3142
ec2-credentials:
access-key: AFAKEACCESSKEYFORAWS
secret-key: thes3cr3tkeyf0ryourawsaccount/FS4d8Qdva
certificate: /root/manifests/cert.pem
private-key: /root/manifests/pk.pem
user-id: 1234-1234-1234
s3-region: eu-west-1
guest_additions
specifies the path to the VirtualBox guest additions ISO on the remote machine.apt_proxy
sets the configuration for the apt_proxy plugin <../plugins/apt_proxy>.ec2-credentials
contains all the settings you know from EC2 manifests.s3-region
overrides the s3 bucket region when bootstrapping S3 backed images.
Run settings¶
The run settings hold information about how to start a bootstrapped image. This is useful only when running system tests.
local:
type: local
can_bootstrap:
- ec2-s3
release: jessie
run_settings:
ec2-credentials:
access-key: AFAKEACCESSKEYFORAWS
secret-key: thes3cr3tkeyf0ryourawsaccount/FS4d8Qdva
docker:
machine: default
ec2-credentials
contains the access key and secret key used to boot an EC2 AMI.docker.machine
The docker machine on which an image built for docker should run.