Continuous integration/Qemu

AgentEdit

See Nova Resource:Integration/Setup for how to set up a Qemu worker node for Jenkins.

Snapshot maintenanceEdit

ProvisioningEdit

Launch a snapshot manually to create changes to the base image. Never launch or modify a snapshot directly. Always copy first.

you@agent$ cp /path/to/thing-to-change.img ~/vm.img
you@agent$ qemu-system-x86_64 -m 4096 -nographic vm.img

Wait for the bootloader to pass, then once "img login:" appears, enter "root".

A shell will appear shortly. Make your changes, then run exit to log out from the VM.

Once back in the bootscreen, use Ctrl-A X to exit from Qemu and return to the agent.

The vm.img file is now an updated snaphot, ready for publishing.

Launch for remote controlEdit

This is how Jenkins jobs launch the VM. This is different from the above provisioning workflow. Rather than getting an interactive shell directly from Qemu, we we launch the Qemu with an SSH port exposed, and login that way:

# Terminal 1
you@agent$ qemu-system-x86_64 -device virtio-net,netdev=user.0 -netdev user,id=user.0,hostfwd=tcp::4293-:22 -m 4096 -nographic vm.img
…

# Terminal 2
you@agent$ install -m 600 /srv/vm-images/sshkey_qemu_root_v1 root.key 
you@agent$ ssh -i ./root.key -p 4293 root@localhost
…
root@img# …
root@img# exit

Publish new snapshotEdit

  1. Before publishing a new snaphot, verify that you are able to launch the VM and connect to it over SSH using the "Launch for remote control" steps above.
  2. Use sudo to move the img file from your home directory to /srv/vm-images/qemu-<flavour>-<date><sequence>.img. For example, /srv/vm-images/qemu-debian10buster-2020_04_28a.img, or …-2020_04_28b.img, where the sequence letter is used in case of multiple updates on the same date.
  3. Set chmod 644 *.img, so that it is available as read-only for the Jenkins user.

SSH KeysEdit

To create a new keypair:

agent$ ssh-keygen -t rsa -b 4096
  • Don't use any actual e-mail address (leave the default to your shell name and agent hostname).
  • Don't set a pass phrase.
  • Name it like "sshkey_qemu_<user>_v<sequence>", for example sshkey_qemu_root_v1.
  • Use sudo to move ~/.ssh/sshkey_qemu_root_v1 and ~/.ssh/sshkey_qemu_root_v1.pub to /srv/vm-images/.
  • Set chmod 644 *.img, so that it is available as read-only for the Jenkins user.

SnapshotsEdit

qemu-debian10busterEdit

Current version: qemu-debian10buster-2020_05_04b.img

Provisioning:

  • Snapshot of Debian 10 Buster with.
  • Grub configured to use a serial console.
  • apt-get install ssh
  • apt-get install git
  • apt-get install docker.io
  • edit /etc/ssh/sshd_config, and set PermitRootLogin yes (The nano editor is pre-installed).
  • mkdir /root/.ssh
  • copy sshkey_qemu_root_v1.pub to /root/.ssh/authorized_keys (E.g. create the file with nano and copy the pub file contents from another tab)
  • run systemctl restart sshd.service