From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6526858154773315584
X-Received: by 10.223.180.86 with SMTP id v22mr580359wrd.1.1519997088201;
        Fri, 02 Mar 2018 05:24:48 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.28.0.78 with SMTP id 75ls281129wma.4.gmail; Fri, 02 Mar 2018
 05:24:47 -0800 (PST)
X-Google-Smtp-Source: AG47ELsdaaTGuOMOP7LVoaJXnu71s2qzM3w0uL9vLGbmLnvdMb32+NoSAqNUYG7EaRA/lUhsBCed
X-Received: by 10.28.50.4 with SMTP id y4mr176280wmy.1.1519997087741;
        Fri, 02 Mar 2018 05:24:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519997087; cv=none;
        d=google.com; s=arc-20160816;
        b=tS8/CGfu5ROMsDzzqngHtPGHNpfpv8NzCLUQ6zb7+B3z5n4vraX0VpcnphumhH9+So
         YOZpaI3gBt4Q6KiPo+BezATczw8P6QPL/az229LBeiDJIHON13W72NINCzAhgmrVCiwu
         oOg1KmWi2V3HhwCcKn8D8dOOQNhR90lQdOwMNeq1/8o/A3fk5512/O4yANX5YlZQg2J4
         3HgjtrQIMUV1llqRTC7HesA+tgQhDJPuiRbpPUTkYdAmRekT6639XGqd6eqqaUKQ6q/M
         vrMFrUNq4hXLl5/c4nLRl1x8POsRaJePJc6jncZX5qQSk79fDhiEghR4tJcZ63h2zbKh
         +D6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject
         :arc-authentication-results;
        bh=/y5vYC4Dz2umDeEiotxxbUupPQCyj4yozaW+a1Qw4MM=;
        b=fOdWkDbQrBw4hpFd+vxxIquU6Iiks9n8B+jOaTwhOAEK5JvDMFhgmsJ64hGEk/Qcsl
         muBi5jY2CkMY9/QFc+XRjBy45g83QDCo9HJ4yrx2VezaKSvHRVI2rgAVgBzODgxvuVFi
         22Eoqh4Gm+JUlQpMA+1skge0zO7TpFgg/SahMRWjzIZTbZNOLIRBFCi4vsomZFMv5ARD
         kaiulPOV6kLVMs5+RgG+KaYQghIUfDw968VKpGpokZnj1+dFvqJzk3mCYipVK89ioQuy
         XFgBF6ZmO6Ukua6qjynCmMvsdxpi4HlpzZeDRmvRzLkTIRxYzxRkW3tcywousZGU+okF
         nZYQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de
Return-Path: <asmirnov@ilbers.de>
Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211])
        by gmr-mx.google.com with ESMTPS id a33si294815wrc.5.2018.03.02.05.24.47
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 02 Mar 2018 05:24:47 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) client-ip=85.214.62.211;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de
Received: from [10.0.2.15] ([188.227.110.165])
	(authenticated bits=0)
	by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id w22DOiZu030862
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
	Fri, 2 Mar 2018 14:24:46 +0100
Subject: Re: [RFC][PATCH] ci: Build in kas docker image
To: Jan Kiszka <jan.kiszka@siemens.com>,
        isar-users <isar-users@googlegroups.com>
References: <b38a417c-70c6-edd2-fef3-f03531f49ff8@siemens.com>
 <c1e925a5-ffca-fd5c-349b-0c36bb2533ef@ilbers.de>
 <fe8abc55-5e25-c32e-5e6f-a57fbf073e60@siemens.com>
From: Alexander Smirnov <asmirnov@ilbers.de>
Message-ID: <eebc2a32-d5fb-3dca-256d-c84f298d16c2@ilbers.de>
Date: Fri, 2 Mar 2018 16:24:39 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <fe8abc55-5e25-c32e-5e6f-a57fbf073e60@siemens.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-TUID: 906cm2tOMCx2



On 03/02/2018 03:43 PM, Jan Kiszka wrote:
> On 2018-03-02 13:37, Alexander Smirnov wrote:
>> On 02/26/2018 04:43 PM, Jan Kiszka wrote:
>>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>>
>>> This models a gitlab CI build via the kas-isar docker image. That image
>>> provides a stable execution environment, resolving all currently
>>> required host-side dependencies for us.
>>>
>>> Change the build stage to run the CI tests directly, instead of falling
>>> back to the - by now - incompatible ci_build.sh script.
>>>
>>> Drop artifact deployment from the public CI setup for now. They were
>>> incomplete anyway, and they should be accompanied with an expiry date if
>>> they should be reintroduced.
>>>
>>
>> What is the way for me to test this change?
> 
> Set up a runner with special privileges for the docker containers,
> namely "--cap-add=SYS_ADMIN --cap-add=MKNOD --privileged --device
> $(/sbin/losetup -f)". Should be
> 
>        docker_privileged: True
>        docker_cap_add: [ "MKNOD","SYS_ADMIN" ]
>        docker_devices: [ "$(/sbin/losetup -f)" ]
> 
> in the CI runner syntax. We are currently playing with this, but the
> whole thing still needs VM encapsulation per job because, well, it runs
> with super-foo. Can send you the code.siemens.com links offlist if you
> are interested.

Sure, please send it. Apart from this, I have no other objections, do 
you still consider it as RFC, or I could apply it?

Alex