Automatic connection requests for gambol

store-requests
1

Greetings Store Team :wave:

Could I please have the following auto-connections for my snap gambol?

  • lxd → so gambol can connect to LXD via the unix socket located under /var/snap/lxd/common
  • dot-gambol → personal-files write access to the directory $HOME/.gambol

gambol is a tool that the Ubuntu HPC team developed for running the end-to-end/integration tests we have for the distributed applications we work with. Most of our snaps require multiple services to run correctly - for example, the Slurm snap needs an LDAP server, NFS server, control, and compute service before you can even think about doing e2e tests - so we wrote gambol to help with orchestrating those tests. Also, we got tired of burning CI minutes, so we wanted something that runs the same on locally on our laptops first before running in GitHub CI runners.

You can audit the gambol source code here on GitHub

Why we need the lxd connection

gambol is similar to GitHub Actions where jobs (we call them acts) are run inside isolated environments to prevent polluting the base environment of the runner. Instead of some fancy VM sauce, gambol will request a system container from LXD to run an act within. This is typically what a act would look like :point_down:

 nfs-server:
    name: "Provision shared storage integration"
    run-on: noble
    keep-alive: true
    input:
      - host-path: testdata/sssd.conf
        path: sssd.conf
      - host-path: testdata/exports.conf
        path: exports
    scenes:
      - name: "Install NFS server (nfs-kernel-server)"
        run: |
          export DEBIAN_FRONTEND=noninteractive
          apt-get install -y nfs-kernel-server sssd-ldap
      - name: "Connect to IAM provider"
        run: |
          mv sssd.conf /etc/sssd
          chmod 0600 /etc/sssd/sssd.conf
          chown root:root /etc/sssd/sssd.conf
          systemctl restart sssd
      - name: "Start NFS server"
        run: |
          mkdir -p /home/researcher
          chown researcher:researchers /home/researcher
          mv exports /etc
          exportfs -a
          systemctl restart nfs-server

gambol communicates with LXD via its unix socket to manage instances used for running scenes (steps). The idea is that you can easily set up LXD on your local machine with lxd init --auto and immediately start running integration tests for our artifacts.

Here’s an example of us using gambol test configless mode for our Slurm snap.

Why we need the dot-gambol connection

gambol uses a bbolt database located under $HOME/.gambol to cache artifacts between acts.

We have this caching functionality because even though acts run within isolated environment, we still need to exchange files/directories between instances. For example, Slurm requires that you exchange a key file between all the nodes in the cluster. After we provision the controller, we put the key file into the bbolt cache. Then, when any act instance needs that key file, the key file is pulled from the cache and injected into the instance for further processing.

Let me know if you have any questions, Store Team!

2

+1 from me for auto-connect of a personal-files instance named dot-gambol for write permission to ~/.gambol as this snap is the clear owner of that path.

Regarding the use of lxd - whilst this is a super-privileged interface, the entire purpose of this snap is to make use of LXD as the backing environment in which to run its tests etc - and so it would not function without this access. +1 from me also then to auto-connect lxd.

1 Like
3

Hey Store Team!

Just wanted to inquire if there were any further updates on getting these auto-connections granted? Reason I’m asking is because we’re currently using gambol in some of our CI pipelines for running end-to-end/integration tests.

Since we can’t publish the snap to the Snap Store yet - gambol requires a manual review due to the dot-gambol interface - we’re currently doing a bit of an awkward dance where we’re publishing a pre-built gambol snap to GitHub Releases and then pulling it from there. We would like to pull gambol directly from instead of using a hack and wack workaround :sweat_smile:

4

Given the snap is the owner of .gambol, +1 from myself as well for auto-connecting this personal-files interface.

+1 from me as well for auto-connecting lxd given the purpose of this snap.

+2 votes for, 0 votes against, granting auto-connect of interfaces lxd and dot-gambol to snap gambol.

I have vetted the publisher for the use of the super-privileged interface lxd. This is now live.