Details
-
Task
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
None
-
None
-
None
Description
Since an AIX machine is available, this needs to be added to Buildbot. Docker is not available for AIX, so the buildbot process needs to run directly on the machine.
This is a new addition compared to the old buildbot
Attachments
Issue Links
- is part of
-
-
- Closed
-
Activity
Pulling up notes from emails:
Dependencies (runtime at least) http://www-frec.bull.com/pkg?id=5875
RPM build dependencies https://src.fedoraproject.org/rpms/mariadb/blob/master/f/mariadb.spec#_198
so hopefully most of those map up.
very obvious linux dependencies like systemd/systemtap can obviously be dropped. Not sure if libaio is cross platform
latest ssl https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp
We might have to run 'updtvpkg' after updating openssl.
So wpars are the AIX forms of docker. Two types, system, which is like VM, and application, which is like docker.
Looked up wpars a bit more. wparexec is the main executable for application WPARS. Best documentation I've found so far is the man page.
It requires root to execute (bottom of man page), /etc/security/privcmds has some privs than can be used if RBAC is used to grant bb addition admin privs on creating wpars, so having the aix.wpar.owner accessauth (https://www.ibm.com/support/knowledgecenter/ssw_aix_72/security/rbac_using.html).
|
/etc/security/privcmds |
/usr/sbin/wparexec:
|
accessauths = aix.wpar.owner
|
innateprivs = PV_AZ_ROOT,PV_DAC_O,PV_DAC_R,PV_DAC_W,PV_DAC_X,PV_FS_CHOWN,PV_PROC_PRIV
|
inheritprivs = PV_AZ_CHECK,PV_AZ_ROOT,PV_DAC_O,PV_DAC_R,PV_DEV_CONFIG,PV_DEV_LOAD,PV_FS_CHOWN,PV_KER_ACCT,PV_KER_DR,PV_KER_WLM,PV_KER_WPAR,PV_NET_CNTL,PV_NET_PORT,PV_PROC_PRIV,P
|
V_PROC_SIG,PV_SU_UID,PV_TCB
|
euid = 0
|
egid = 0
|
secflags = FSF_EPS
|
Its filesystem is shared with the host. Its network and process are isolationed. Options exist to:
- create templates
- control mountpoints (-M)
or wpar