coulomb/sand-boxer
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
sand-boxer/docs/migration-build-machines.md
tegwick 774bc5ae0a feat: Packer build orchestration (SAND-WP-0012) 
Add vm-packer build mode, profile.vm-packer-build, State Hub progress
notes during long provision, docs/runbook, and build mode tests.
2026-06-24 12:56:32 +02:00

2.8 KiB
Raw Permalink Blame History

Migration — build-machines → ext.vm-packer

Maps the-custodian/infra/build-machines/ to sand-boxer profile.vm-haskell-build.

What moved

Legacy (build-machines) sand-boxer v0
Packer OVA build Unchanged — operator runs Packer in the-custodian
VM boot + build-agent registration Unchanged — systemd agent on VM
make remote-build PROJECT= sandboxer create --profile profile.vm-haskell-build + SSH build (shim in build-machines Makefile)
packer build in haskell/ sandboxer create --profile profile.vm-packer-build
Isolated workspace /build/<project> /build/sbx-<sandbox_id>/ per create
make bridge-status ssh -p 12222 build@localhost or sandboxer inspect (future)

v0 attach workflow

  1. Build/import VM per build-machines README.
  2. Ensure tunnel is up (make bridge-status in build-machines).
  3. Create sand-boxer workspace:
export SANDBOXER_VM_TUNNEL_PORT=12222   # or use SSH alias

sandboxer create \
  --profile profile.vm-haskell-build \
  --input vm=haskell-build \
  --input repo=~/projects/my-haskell-app \
  --host localhost
  1. Run builds on VM:
ssh haskell-build "cd <remote_dir> && source ~/.ghcup/env && cabal build all"
  1. Destroy workspace (VM stays running):
sandboxer destroy <sandbox_id>

Inputs

Input Purpose
vm SSH config alias (e.g. haskell-build)
ssh_target Alias for vm
tunnel_port Local reverse-tunnel port (default via SANDBOXER_VM_TUNNEL_PORT)
repo Optional rsync source to workspace
workspace_dir Override workspace path on VM

Packer build mode (SAND-WP-0012)

sandboxer create \
  --profile profile.vm-packer-build \
  --input packer_template=~/the-custodian/infra/build-machines/haskell \
  --input vm_name=haskell-build \
  --host localhost
Input Purpose
mode build (default for profile.vm-packer-build) or attach
packer_template Directory containing *.pkr.hcl
vm_name / vm Packer vm_name variable
packer_var_* Extra Packer -var flags (suffix → variable name)

Runbook: docs/runbooks/profile-vm-packer-build.md

Port registry (read-only pointer)

the-custodian/infra/build-machines/port-registry.yml maps tunnel ports 1222112230 to VM slots. When attaching via tunnel, set SANDBOXER_VM_TUNNEL_PORT or --input tunnel_port= to a registered port. Full ops-bridge automation is deferred — operators bring tunnels up manually.

Not migrated yet

  • State Hub capability-catalog sync from build-agent (agent unchanged)
  • Automated port-registry → ops-bridge config generation

Runbook

docs/runbooks/profile-vm-haskell-build.md

Reference in New Issue View Git Blame Copy Permalink