Prepare a location to run juju and install it:
mkdir ~/party cd ~/party sudo apt-get install juju
Initialize your juju environment. Be sure to add “juju-origin: ppa” to your environment, along with filling in your access-key and secret-key from your Amazon AWS account. Note that control-bucket and admin-secret should not be used by any other environment or juju won’t be able to distinguish them. Other variables are good to set now too. I wanted my instances close to me, use I set “region: us-west-1“. I also wanted a 64bit system, so using the AMI list, I chose “default-series: oneiric“, “default-instance-type: m1.large” and “default-image-id: ami-7b772b3e”
juju $EDITOR ~/.juju/environments.yaml
Get my sbuild charm, and configure some types of builders. The salt should be something used only for this party; it is used to generate the random passwords for the builder accounts. The distro and releases can be set to whatever the mk-sbuild tool understands.
bzr co lp:~kees/charm/oneiric/sbuild/trunk sbuild-charm
cat >local.yaml <<EOM
builder-debian:
salt: some-secret-phrase-for-this-party
distro: debian
releases: unstable
builder-ubuntu:
salt: some-secret-phrase-for-this-party
distro: ubuntu
releases: precise,oneiric
EOM
Bootstrap juju and wait for ec2 instance to come up.
juju bootstrap
Before running the status, you can either accept the SSH key blindly, or use “ec2-describe-instances” to find the instance and public host name, and use my “wait-for-ssh” tool to inject the SSH host key into your ~/.ssh/known_hosts file. This requires having set up the environment variables needed by “ec2-describe-instances“, though.
ec2-describe-instances --region REGION ./sbuild-charm/wait-for-ssh INSTANCE HOST REGION
Get status:
juju status
Deploy a builder:
juju deploy --config local.yaml --repository $PWD local:sbuild-charm builder-debian
Deploy more of the same type:
juju add-unit builder-debian juju add-unit builder-debian juju add-unit builder-debian
Now you have to wait for them to finish installing, which will take a while. Once they’re at least partially up (the “builder” user has been created), you can print out the slips of paper to hand out to your party attendees:
./sbuild-charm/slips | mpage -1 > /tmp/slips.ps ps2pdf /tmp/slips.ps /tmp/slips.pdf
They look like this:
Unit: builder-debian/3 Host: ec2-256-1-1-1.us-west-1.compute.amazonaws.com SSH key fingerprints: 1024 3e:f7:66:53:a9:e8:96:c7:27:36:71:ce:2a:cf:65:31 (DSA) 256 53:a9:e8:96:c7:20:6f:8f:4a:de:b2:a3:b7:6b:34:f7 (ECDSA) 2048 3b:29:99:20:6f:8f:4a:de:b2:a3:b7:6b:34:bc:7a:e3 (RSA) Username: builder Password: 68b329da9893
To admin the machines, you can use juju itself, where N is the machine number from the “juju status” output:
juju ssh N
To add additional chroots to the entire builder service, add them to the config:
juju set builder-debian release=unstable,testing,stable juju set builder-ubuntu release=precise,oneiric,lucid,natty
Notes about some of the terrible security hacks this charm does:
- enables password-based SSH access (and locks the default “ubuntu” account), so party attendees don’t need anything but the ssh client itself to get to the builders.
- starts
rngd -r /dev/urandomto create terrible but plentiful entropy for the sbuild GPG key generation.
Enjoy!
© 2011, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.