Continuous integration/Qemu
Agent[edit]
See Nova Resource:Integration/Setup for how to set up a Qemu worker node for Jenkins.
Snapshot maintenance[edit]
Provisioning[edit]
Launch a snapshot manually to create changes to the base image. Never launch or modify a snapshot directly. Always copy first.
you@agent$ cp /path/to/thing-to-change.img ~/vm.img you@agent$ qemu-system-x86_64 -m 4096 -nographic vm.img
Wait for the bootloader to pass, then once "img login:
" appears, enter "root
".
A shell will appear shortly. Make your changes, then run exit
to log out from the VM.
Once back in the bootscreen, use Ctrl-A X
to exit from Qemu and return to the agent.
The vm.img file is now an updated snaphot, ready for publishing.
Launch for remote control[edit]
This is how Jenkins jobs launch the VM. This is different from the above provisioning workflow. Rather than getting an interactive shell directly from Qemu, we we launch the Qemu with an SSH port exposed, and login that way:
# Terminal 1 you@agent$ qemu-system-x86_64 -device virtio-net,netdev=user.0 -netdev user,id=user.0,hostfwd=tcp::4293-:22 -m 4096 -nographic vm.img … # Terminal 2 you@agent$ install -m 600 /srv/vm-images/sshkey_qemu_root_v1 root.key you@agent$ ssh -i ./root.key -p 4293 root@localhost … root@img# … root@img# exit
Publish new snapshot[edit]
- Before publishing a new snaphot, verify that you are able to launch the VM and connect to it over SSH using the "Launch for remote control" steps above.
- Use sudo to move the img file from your home directory to
/srv/vm-images/qemu-<flavour>-<date><sequence>.img
. For example,/srv/vm-images/qemu-debian10buster-2020_04_28a.img
, or…-2020_04_28b.img
, where the sequence letter is used in case of multiple updates on the same date. - Set
chmod 644 *.img
, so that it is available as read-only for the Jenkins user.
SSH Keys[edit]
To create a new keypair:
agent$ ssh-keygen -t rsa -b 4096
- Don't use any actual e-mail address (leave the default to your shell name and agent hostname).
- Don't set a pass phrase.
- Name it like "
sshkey_qemu_<user>_v<sequence>
", for examplesshkey_qemu_root_v1
. - Use sudo to move
~/.ssh/sshkey_qemu_root_v1
and~/.ssh/sshkey_qemu_root_v1.pub
to/srv/vm-images/
. - Set
chmod 644 *.img
, so that it is available as read-only for the Jenkins user.
Snapshots[edit]
qemu-debian10buster[edit]
Current version: qemu-debian10buster-2020_05_04b.img
Provisioning:
- Snapshot of Debian 10 Buster with.
- Grub configured to use a serial console.
apt-get install ssh
apt-get install git
apt-get install docker.io
- edit
/etc/ssh/sshd_config
, and setPermitRootLogin yes
(The nano editor is pre-installed). - mkdir
/root/.ssh
- copy
sshkey_qemu_root_v1.pub
to/root/.ssh/authorized_keys
(E.g. create the file with nano and copy the pub file contents from another tab) - run
systemctl restart sshd.service