launchpad-dev team mailing list archive

Thread
Date

Re: Immediate plan for Build Farm generic jobs

To: Julian Edwards <julian.edwards@xxxxxxxxxxxxx>
From: Michael Hudson <michael.hudson@xxxxxxxxxxxxx>
Date: Thu, 19 Nov 2009 12:54:42 +1300
Cc: launchpad-dev@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B046E2B.70206@canonical.com>
User-agent: Thunderbird 2.0.0.23 (X11/20090817)

Julian Edwards wrote:

>> The only solution that I see as feasible is doing something rather like
>> P3As: HTTPS with per-branch credentials. I initially considered that
>> buildd-manager should grant and revoke these credentials on a per-job
>> basis, but I guess a branch's buildd key doesn't ever actually need to
>> change.
> 
> Yes I was trying to think of something comparable to the way we do P3As.

I think we should do somewhat like the way we do p3as.

> We could also have a private branch server inside the DC that has no
> restrictions.  I don't really know enough about how that stuff works so
> I'm really happy to have someone that does just come up with a solution ;
Currently, internal-to-Launchpad branch authorization is done client
side: on the machine/network level if a host can see any private
branches it can see all of them and the code running on that machine has
to decide whether access is appropriate at any given time.  This doesn't
really work for the builder case, unless we can do things out of the VM
or otherwise push branches into the builder.

We do have one implementation of server-side authorization: the ssh
server.  However for this use case, I think we should write another one,
that is very much read-only and does something like http basic auth.  I
don't think this would be very difficult (famous last words, I know, but
I've done enough similar things for codehosting in other areas).
Something I don't have a clear picture on is how much to reuse the
existing Launchpad authorization -- this is all organized around people
or teams.  I guess we could allow a machine building a recipe to access
all branches that the recipe owner can access, or we can be more anal
and only allow the machine to access branches mentioned in the recipe.

Basically, I think the upshot is that if we provide the machine building
the recipe with a list of urls to get the branches from we won't be
painting ourselves into too much of a corner, and we'd just pass URLs
like http://bazaar.launchpad.net/~bzr/bzr/trunk for now.

Cheers,
mwh

References

Immediate plan for Build Farm generic jobs
From: Julian Edwards, 2009-11-13
Re: Immediate plan for Build Farm generic jobs
From: Michael Hudson, 2009-11-18
Re: Immediate plan for Build Farm generic jobs
From: Julian Edwards, 2009-11-18
Re: Immediate plan for Build Farm generic jobs
From: William Grant, 2009-11-18
Re: Immediate plan for Build Farm generic jobs
From: Julian Edwards, 2009-11-18