coulomb/sand-boxer
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2d0669c2f8285b9e1aebfb7d1a04d63ab0f5bbad
sand-boxer/docs/migration-build-machines.md
tegwick 774bc5ae0a feat: Packer build orchestration (SAND-WP-0012) 
Add vm-packer build mode, profile.vm-packer-build, State Hub progress
notes during long provision, docs/runbook, and build mode tests.
2026-06-24 12:56:32 +02:00

87 lines
2.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Migration — build-machines → ext.vm-packer
Maps `the-custodian/infra/build-machines/` to sand-boxer `profile.vm-haskell-build`.
## What moved
| Legacy (build-machines) | sand-boxer v0 |
|-------------------------|---------------|
| Packer OVA build | **Unchanged** — operator runs Packer in the-custodian |
| VM boot + build-agent registration | **Unchanged** — systemd agent on VM |
| `make remote-build PROJECT=` | `sandboxer create --profile profile.vm-haskell-build` + SSH build (shim in build-machines Makefile) |
| `packer build` in `haskell/` | `sandboxer create --profile profile.vm-packer-build` |
| Isolated workspace `/build/<project>` | `/build/sbx-<sandbox_id>/` per create |
| `make bridge-status` | `ssh -p 12222 build@localhost` or `sandboxer inspect` (future) |
## v0 attach workflow
1. Build/import VM per [build-machines README](~/the-custodian/infra/build-machines/README.md).
2. Ensure tunnel is up (`make bridge-status` in build-machines).
3. Create sand-boxer workspace:
```bash
export SANDBOXER_VM_TUNNEL_PORT=12222 # or use SSH alias
sandboxer create \
--profile profile.vm-haskell-build \
--input vm=haskell-build \
--input repo=~/projects/my-haskell-app \
--host localhost
```
4. Run builds on VM:
```bash
ssh haskell-build "cd <remote_dir> && source ~/.ghcup/env && cabal build all"
```
5. Destroy workspace (VM stays running):
```bash
sandboxer destroy <sandbox_id>
```
## Inputs
| Input | Purpose |
|-------|---------|
| `vm` | SSH config alias (e.g. `haskell-build`) |
| `ssh_target` | Alias for `vm` |
| `tunnel_port` | Local reverse-tunnel port (default via `SANDBOXER_VM_TUNNEL_PORT`) |
| `repo` | Optional rsync source to workspace |
| `workspace_dir` | Override workspace path on VM |
## Packer build mode (SAND-WP-0012)
```bash
sandboxer create \
--profile profile.vm-packer-build \
--input packer_template=~/the-custodian/infra/build-machines/haskell \
--input vm_name=haskell-build \
--host localhost
```
| Input | Purpose |
|-------|---------|
| `mode` | `build` (default for profile.vm-packer-build) or `attach` |
| `packer_template` | Directory containing `*.pkr.hcl` |
| `vm_name` / `vm` | Packer `vm_name` variable |
| `packer_var_*` | Extra Packer `-var` flags (suffix → variable name) |
Runbook: `docs/runbooks/profile-vm-packer-build.md`
## Port registry (read-only pointer)
`the-custodian/infra/build-machines/port-registry.yml` maps tunnel ports
1222112230 to VM slots. When attaching via tunnel, set
`SANDBOXER_VM_TUNNEL_PORT` or `--input tunnel_port=` to a registered port.
Full ops-bridge automation is deferred — operators bring tunnels up manually.
## Not migrated yet
- State Hub capability-catalog sync from build-agent (agent unchanged)
- Automated port-registry → ops-bridge config generation
## Runbook
`docs/runbooks/profile-vm-haskell-build.md`
Reference in New Issue View Git Blame Copy Permalink