mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-16 22:42:21 +08:00
Merge pull request #5890 from Snaplee/master
translated 20170711 Ubuntu Core Making a factory image with private snaps.md
This commit is contained in:
commit
0c57f22467
@ -1,167 +0,0 @@
|
||||
【Snaplee翻译中】Ubuntu Core: Making a factory image with private snaps
|
||||
============================================================
|
||||
|
||||
|
||||
|
||||
### Share or save
|
||||
|
||||
This is a follow-up to the [ROS prototype to production on Ubuntu Core][3] series to answer a question I received: “What if I want to make an image for the factory, but don’t want to make my snaps public?” This question is of course not robotics-specific, and neither is its answer. In this post we’ll cover two ways to do this.
|
||||
|
||||
Before we start, you’ll need a little bit of an Ubuntu Core imaging background. If you followed the ROS prototype to production series ([part 5][4] specifically) you already have the required background, but if you didn’t, check out the [tutorial for creating your own Ubuntu Core image][5].
|
||||
|
||||
Assuming you’re up-to-speed and know what I’m talking about when I say “model definition” or “model assertion,” let’s get started on a few different methods for creating an Ubuntu Core image with private snaps.
|
||||
|
||||
### Method 1: Don’t put your snap in the store at all
|
||||
|
||||
It really doesn’t get simpler. Take a look at this example model definition, **amd64-model.json**:
|
||||
|
||||
```
|
||||
{
|
||||
"type": "model",
|
||||
"series": "16",
|
||||
"model": "custom-amd64",
|
||||
"architecture": "amd64",
|
||||
"gadget": "pc",
|
||||
"kernel": "pc-kernel",
|
||||
"authority-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"brand-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"timestamp": "2017-06-23T21:03:24+00:00",
|
||||
"required-snaps": ["kyrofa-test-snap"]
|
||||
}
|
||||
```
|
||||
|
||||
Let’s go ahead and turn that into a model assertion:
|
||||
|
||||
```
|
||||
$ cat amd64-model.json | snap sign -k my-key-name > amd64.model
|
||||
You need a passphrase to unlock the secret key for
|
||||
user: "my-key-name"
|
||||
4096-bit RSA key, ID 0B79B865, created 2016-01-01
|
||||
...
|
||||
```
|
||||
|
||||
Now you have your model assertion: **amd64.model**. If you hand that to **ubuntu-image** right now you’ll run into a problem:
|
||||
|
||||
```
|
||||
$ sudo ubuntu-image -c stable amd64.model
|
||||
Fetching core
|
||||
Fetching pc-kernel
|
||||
Fetching pc
|
||||
Fetching kyrofa-test-snap
|
||||
error: cannot find snap "kyrofa-test-snap": snap not found
|
||||
COMMAND FAILED: snap prepare-image --channel=stable amd64.model /tmp/tmp6p453gk9/unpack
|
||||
```
|
||||
|
||||
The snap with the name **kyrofa-test-snap** isn’t actually in the store. But that’s important to note: the model definition (and thus assertion) only contains a list of snap names. If you have a snap locally with that name, even if it’s not in the store, you can tell **ubuntu-image** to use it to satisfy that name in the assertion with the **–extra-snaps** option:
|
||||
|
||||
```
|
||||
$ sudo ubuntu-image -c stable \
|
||||
--extra-snaps /path/to/kyrofa-test-snap_0.1_amd64.snap \
|
||||
amd64.model
|
||||
Fetching core
|
||||
Fetching pc-kernel
|
||||
Fetching pc
|
||||
Copying "/path/to/kyrofa-test-snap_0.1_amd64.snap" (kyrofa-test-snap)
|
||||
kyrofa-test-snap already prepared, skipping
|
||||
WARNING: "kyrofa-test-snap" were installed from local snaps
|
||||
disconnected from a store and cannot be refreshed subsequently!
|
||||
Partition size/offset need to be a multiple of sector size (512).
|
||||
The size/offset will be rounded up to the nearest sector.
|
||||
```
|
||||
|
||||
There. You now have an Ubuntu Core image (named **pc.img**) with your snap preinstalled, without the snap ever needing to be in the store. This works, but it has a big disadvantage which **ubuntu-image** points out with a warning: preinstalling a snap that isn’t connected to the store means you have no way to update it once devices are flashed with this image. Your only update mechanism would be to ship new images to be flashed.
|
||||
|
||||
### Method 2: Use a brand store
|
||||
|
||||
When you create a store account and visit [dashboard.snapcraft.io][6], you’re viewing your snaps in the standard Ubuntu store. If you install snapd fresh on your system, this is the store it uses by default. While you can release snaps privately on the Ubuntu store, you [can’t preinstall those in an image][7] because only you (and the collaborators you’ve added) can obtain access to it. The only way you can make an image in this case would be to make the snaps publicly available, which defeats the whole purpose of this post.
|
||||
|
||||
For this use-case, we have what are called [**brand stores**][8]. Brand stores are still hosted in the Ubuntu store, but they’re a custom, curated version of it, meant to be specific to a given company or device. They can inherit (or not) from the standard Ubuntu store, and be open to all developers or locked down to a specific group (which is what we want in our case, to keep things private).
|
||||
|
||||
Note that this is a paid feature. You need to [request a brand store][9]. Once your request has been granted, you’ll see your new store by visiting “stores you can access” under your name.
|
||||
|
||||
![](https://insights.ubuntu.com/wp-content/uploads/1a62/stores_you_can_access.jpg)
|
||||
|
||||
There you’ll see the various stores to which you have access. You’ll have at least two: the normal Ubuntu store, and your new brand store. Select the brand store (red rectangle). While you’re here, record your store ID (blue rectangle): you’ll need it in a moment.
|
||||
|
||||
![](https://insights.ubuntu.com/wp-content/uploads/b10c/Screenshot-from-2017-07-06-15-16-32.png)
|
||||
|
||||
From there, registering names/uploading snaps works the same way, but now they go into your brand store instead of the standard one, and assuming you have it unlisted, those snaps are not available to external users. The only caveat today is that at least the first upload for the snap needs to be via the web interface. After that, you can continue to use Snapcraft like normal.
|
||||
|
||||
So how does this change things? My “kyrofa-store” inherits snaps from the Ubuntu store, and also contains a “kyrofa-branded-test-snap” published into the stable channel. This snap isn’t available in the Ubuntu store, as you can see if you search for it:
|
||||
|
||||
```
|
||||
$ snap find kyrofa-branded
|
||||
The search "kyrofa-branded" returned 0 snaps
|
||||
```
|
||||
|
||||
But using the store ID we recorded earlier, we can make a model assertion that pulls from the brand store instead of the Ubuntu store. We just need to add the “store” key to the JSON document, making it look like this:
|
||||
|
||||
```
|
||||
{
|
||||
"type": "model",
|
||||
"series": "16",
|
||||
"model": "custom-amd64",
|
||||
"architecture": "amd64",
|
||||
"gadget": "pc",
|
||||
"kernel": "pc-kernel",
|
||||
"authority-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"brand-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"timestamp": "2017-06-23T21:03:24+00:00",
|
||||
"required-snaps": ["kyrofa-branded-test-snap"],
|
||||
"store": "ky<secret>ek"
|
||||
}
|
||||
```
|
||||
|
||||
Sign it just as we did in **Method 1**, and we can create an Ubuntu Core image with our private, brand-store snap preinstalled as simply as:
|
||||
|
||||
```
|
||||
$ sudo ubuntu-image -c stable amd64.model
|
||||
Fetching core
|
||||
Fetching pc-kernel
|
||||
Fetching pc
|
||||
Fetching kyrofa-branded-test-snap
|
||||
Partition size/offset need to be a multiple of sector size (512).
|
||||
The size/offset will be rounded up to the nearest sector.
|
||||
```
|
||||
|
||||
Now, like at the end of **Method 1**, you have a **pc.img** ready for the factory. However, with this method, the snaps in the image are all coming from the store, which means they will automatically update as usual.
|
||||
|
||||
### Conclusion
|
||||
|
||||
These are the only two options for doing this today. When I started writing this post I thought there was a third (keeping one’s snap private and creating an image with it), but that turns out to [not be the case][10].
|
||||
|
||||
Note that we’ve also received numerous requests for some sort of on-premises/enterprise store, and while such a product is not yet available, the store team is working on it. Once this is available, I’ll write a new post about it.
|
||||
|
||||
I hope this proves useful!
|
||||
|
||||
_Original post can be found [here][1]._
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
作者简介:
|
||||
|
||||
Kyle is a member of the Snapcraft team, and is also Canonical's resident roboticist. He focuses on snaps and the snap developer experience, as well as robotics enablement for snaps and Ubuntu Core.
|
||||
|
||||
|
||||
|
||||
-----
|
||||
|
||||
via: https://insights.ubuntu.com/2017/07/11/ubuntu-core-making-a-factory-image-with-private-snaps/
|
||||
|
||||
作者:[Kyle Fazzari ][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:https://insights.ubuntu.com/author/kyrofa/
|
||||
[1]:http://bit.ly/2sS7M1i
|
||||
[2]:https://insights.ubuntu.com/author/kyrofa/
|
||||
[3]:https://insights.ubuntu.com/2017/04/06/from-ros-prototype-to-production-on-ubuntu-core/
|
||||
[4]:https://insights.ubuntu.com/2017/05/09/ros-production-create-ubuntu-core-image-with-snap-preinstalled-55/
|
||||
[5]:https://tutorials.ubuntu.com/tutorial/create-your-own-core-image
|
||||
[6]:http://dashboard.snapcraft.io/
|
||||
[7]:https://forum.snapcraft.io/t/unable-to-create-an-image-that-uses-private-snaps
|
||||
[8]:https://docs.ubuntu.com/core/en/build-store/index
|
||||
[9]:https://docs.ubuntu.com/core/en/create
|
||||
[10]:https://forum.snapcraft.io/t/unable-to-create-an-image-that-uses-private-snaps
|
@ -0,0 +1,147 @@
|
||||
# Ubuntu Core: 制作包含私有 snaps 的工厂镜像
|
||||
---
|
||||
这篇帖子是有关 [ROS prototype to production on Ubuntu Core][1] 系列的补充,用来回答我接收到的一个问题: “如何在不公开发布 snaps 的情况下制作一个工厂镜像?” 当然,问题和回答都不只是针对于机器人技术。在这篇帖子中,我将会通过两种方法来回答这个问题。
|
||||
|
||||
开始之前,你需要了解一些制作 Ubuntu Core 镜像的背景知识,如果你已经看过 [ROS prototype to production on Ubuntu Core][3] 系列文章(具体是第 5 部分),你就已经有了需要的背景知识,如果没有看过的话,可以查看有关 [制作你的 Ubuntu Core 镜像][5] 的教程。
|
||||
|
||||
如果你已经了解了最新的情况并且当我说 “模型定义” 或者 “模型断言” 时知道我在谈论什么,那就让我们开始通过不同的方法使用私有 sanps 来制作 Ubuntu Core 镜像吧。
|
||||
|
||||
### 方法 1: 无需上传你的 snap 到商店
|
||||
这是最简单的方法了。首先看一下这个有关模型定义的例子——**amd64-model.json**:
|
||||
```
|
||||
{
|
||||
"type": "model",
|
||||
"series": "16",
|
||||
"model": "custom-amd64",
|
||||
"architecture": "amd64",
|
||||
"gadget": "pc",
|
||||
"kernel": "pc-kernel",
|
||||
"authority-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"brand-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"timestamp": "2017-06-23T21:03:24+00:00",
|
||||
"required-snaps": ["kyrofa-test-snap"]
|
||||
}
|
||||
```
|
||||
让我们将它转换成模型断言
|
||||
```
|
||||
$ cat amd64-model.json | snap sign -k my-key-name > amd64.model
|
||||
You need a passphrase to unlock the secret key for
|
||||
user: "my-key-name"
|
||||
4096-bit RSA key, ID 0B79B865, created 2016-01-01
|
||||
...
|
||||
```
|
||||
获得模型断言:**amd64.model** 后,如果你现在就把它交给 **ubuntu-image** 使用,你将会碰钉子:
|
||||
```
|
||||
$ sudo ubuntu-image -c stable amd64.model
|
||||
Fetching core
|
||||
Fetching pc-kernel
|
||||
Fetching pc
|
||||
Fetching kyrofa-test-snap
|
||||
error: cannot find snap "kyrofa-test-snap": snap not found
|
||||
COMMAND FAILED: snap prepare-image --channel=stable amd64.model /tmp/tmp6p453gk9/unpack
|
||||
```
|
||||
实际上商店中并没有名为 **kyrofa-test-snap** 的 snap。这里需要重点说明的是:模型定义(以及转换后的断言)会包含一列 snap 的名字。如果你在本地有个名字相同的 snap,即使它没有存在于商店中,你也可以通过 **--extra-snaps** 选项告诉 **ubuntu-image** 在断言中增加这个名字来使用它:
|
||||
```
|
||||
$ sudo ubuntu-image -c stable \
|
||||
--extra-snaps /path/to/kyrofa-test-snap_0.1_amd64.snap \
|
||||
amd64.model
|
||||
Fetching core
|
||||
Fetching pc-kernel
|
||||
Fetching pc
|
||||
Copying "/path/to/kyrofa-test-snap_0.1_amd64.snap" (kyrofa-test-snap)
|
||||
kyrofa-test-snap already prepared, skipping
|
||||
WARNING: "kyrofa-test-snap" were installed from local snaps
|
||||
disconnected from a store and cannot be refreshed subsequently!
|
||||
Partition size/offset need to be a multiple of sector size (512).
|
||||
The size/offset will be rounded up to the nearest sector.
|
||||
```
|
||||
现在,在 snap 并没有上传到商店的情况下,你已经获得一个预装了私有 snap 的 Ubuntu Core 镜像(名为 pc.img)。但是这样做有一个很大的问题,ubuntu-image 会提示一个警告:不通过连接商店预装 snap 意味着你没有办法在烧录了这些镜像的设备上更新它。你只能通过制作新的镜像并重新烧录到设备的方式来更新它。
|
||||
|
||||
### 方法 2: 使用品牌商店
|
||||
当你注册了一个商店账号并访问 [dashboard.snapcraft.io][6] 时,你其实是在标准的 Ubuntu 商店中查看你的 snaps。如果你在系统中安装 snap(原文是:If you install snapd fresh on your system,但是 snapd 并不是从 Ubuntu 商城安装的,而是通过 apt-get 命令 安装的),默认会从这个商店下载。虽然你可以在 Ubuntu 商店中发布私有的 snaps,但是你 [不能将它们预装到镜像中][7],因为只有你(以及你添加的合作者)才有权限去使用它。在这种情况下制作镜像的唯一方式就是公开发布你的 snaps,然而这并不符合这篇帖子的目的(原文是:which defeats the whole purpose of this post)。
|
||||
|
||||
对于这种用例,我们有所谓的 **[品牌商店][8]**。品牌商店仍然在 Ubuntu 商店里托管,但是它们是针对于某一特定公司或设备的一个可定制的策划(curated)版本。品牌商店可以继承或者不继承标准的 Ubuntu 商店,品牌商店也可以选择开放给所有的开发者或者将其限制在一个特定的组内(保持私有正是我们想要的)。
|
||||
|
||||
请注意,这是一个付费功能。你需要 [申请一个品牌商店][9]。请求通过后,你将可以通过访问用户名下的“stores you can access” 看到你的新商店。
|
||||
![图片.png-78.9kB][10]
|
||||
|
||||
在那里你可以看到多个有权使用的商店。最少的情况下也会有两个: 标准的 Ubuntu 商店以及你的新的品牌商店。选择品牌商店(红色矩形),进去后记录下你的商店 ID(蓝色矩形):等下你将会用到它。
|
||||
![图片.png-43.9kB][11]
|
||||
|
||||
|
||||
在品牌商店里注册名字或者上传 snaps 和标准的商店使用的方法是一样的,只是它们现在是上传到你的品牌商店而不是标准的那个。如果你没有将品牌商店列出来,那么这些 snaps 对外部用户是不可见。但是这里需要注意的是第一次上传 snap 的时候需要通过web界面来操作。在那之后,你可以继续像往常一样使用 Snapcraft 。
|
||||
|
||||
那么这些是如何改变的呢?我的 “kyrofal-store” 从 Ubuntu 商店继承了 snaps,并且还包含一个发布在稳定通道中的 “kyrofa-bran-test-snap” 。这个 snap 在 Ubuntu 商店里是使用不了的,如果你去搜索它,你是找不到的:
|
||||
```
|
||||
$ snap find kyrofa-branded
|
||||
The search "kyrofa-branded" returned 0 snaps
|
||||
```
|
||||
|
||||
但是使用我们前面记录的商店 ID,我们可以创建一个从品牌商店而不是 Ubuntu 商店下载 snaps 的模型断言。我们只需要将 “store” 键添加到 JSON 文件中,就像这样:
|
||||
```
|
||||
{
|
||||
"type": "model",
|
||||
"series": "16",
|
||||
"model": "custom-amd64",
|
||||
"architecture": "amd64",
|
||||
"gadget": "pc",
|
||||
"kernel": "pc-kernel",
|
||||
"authority-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"brand-id": "4tSgWHfAL1vm9l8mSiutBDKnnSQBv0c8",
|
||||
"timestamp": "2017-06-23T21:03:24+00:00",
|
||||
"required-snaps": ["kyrofa-branded-test-snap"],
|
||||
"store": "ky<secret>ek"
|
||||
}
|
||||
```
|
||||
使用方法 1 中的方式对它签名,然后我们就可以像这样很简单的制作一个预装有我们品牌商店私有 snap 的 Ubuntu Core 镜像:
|
||||
```
|
||||
$ sudo ubuntu-image -c stable amd64.model
|
||||
Fetching core
|
||||
Fetching pc-kernel
|
||||
Fetching pc
|
||||
Fetching kyrofa-branded-test-snap
|
||||
Partition size/offset need to be a multiple of sector size (512).
|
||||
The size/offset will be rounded up to the nearest sector.
|
||||
```
|
||||
现在,和方法 1 的最后一样,你获得了一个为工厂准备的 pc.img。并且使用这种方法制作的镜像中的所有 snaps 都从商店下载的,这意味着它们将能像平常一样自动更新。
|
||||
|
||||
### 结论
|
||||
|
||||
到目前为止,做这个只有两种方法。当我开始写这篇帖子的时候,我想过可能还有第三种(将 snap 设置为私有然后使用它制作镜像),[但最后证明是不行的][12]。
|
||||
|
||||
另外,我们也收到很多内部部署或者企业商店的请求,虽然这样的产品还没有公布,但是商店团队正在从事这项工作。一旦可用,我将会写一篇有关它的文章。
|
||||
|
||||
希望能帮助到您!
|
||||
|
||||
|
||||
---
|
||||
关于作者
|
||||
Kyle 的图片
|
||||
|
||||
![Kyle_Fazzari.jpg-12kB][13]
|
||||
|
||||
Kyle 是 Snapcraft 团队的一员,也是 Canonical 公司的常驻机器人专家,他专注于 snaps 和 snap 开发实践,以及 snaps 和 Ubuntu Core 的机器人技术实现。
|
||||
|
||||
- - -
|
||||
via: https://insights.ubuntu.com/2017/07/11/ubuntu-core-making-a-factory-image-with-private-snaps/
|
||||
|
||||
作者:[Kyle Fazzari][a]
|
||||
译者:[Snaplee](https://github.com/Snaplee)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[1]: https://insights.ubuntu.com/2017/04/06/from-ros-prototype-to-production-on-ubuntu-core/
|
||||
[2]: https://insights.ubuntu.com/2017/04/06/from-ros-prototype-to-production-on-ubuntu-core/
|
||||
[3]: https://insights.ubuntu.com/2017/04/06/from-ros-prototype-to-production-on-ubuntu-core/
|
||||
[4]: https://insights.ubuntu.com/2017/04/06/from-ros-prototype-to-production-on-ubuntu-core/
|
||||
[5]: https://tutorials.ubuntu.com/tutorial/create-your-own-core-image
|
||||
[6]: https://dashboard.snapcraft.io/dev/snaps/
|
||||
[7]: https://forum.snapcraft.io/t/unable-to-create-an-image-that-uses-private-snaps
|
||||
[8]: https://docs.ubuntu.com/core/en/build-store/index?_ga=2.103787520.1269328701.1501772209-778441655.1499262639
|
||||
[9]: https://docs.ubuntu.com/core/en/build-store/create
|
||||
[10]: http://static.zybuluo.com/apollomoon/hzffexclyv4srqsnf52a9udc/%E5%9B%BE%E7%89%87.png
|
||||
[11]: http://static.zybuluo.com/apollomoon/9gevrgmq01s3vdtp5qfa8tp7/%E5%9B%BE%E7%89%87.png
|
||||
[12]: https://forum.snapcraft.io/t/unable-to-create-an-image-that-uses-private-snaps/1115
|
||||
[13]: http://static.zybuluo.com/apollomoon/xaxxjof19s7cbgk00xntgmqa/Kyle_Fazzari.jpg
|
||||
[14]: https://insights.ubuntu.com/2017/04/06/from-ros-prototype-to-production-on-ubuntu-core/
|
Loading…
Reference in New Issue
Block a user