README-genilib-jail 4.65 KB
Newer Older
1
A. How to setup and update the genilib-jail and git-profile-jail environments.
2 3 4 5 6 7

We use a combination of iocage and our own hand-rolled script to efficiently
spawn up environments in which we can interpret geni-lib scripts. Right now
we only have to do this at Utah, but down the road, if other sites start
running their own portal, this will be needed.

8 9 10 11
We also use a persistant jail for caching "git-based profile" repos. It
doesn't need genilib stuff, just git, but we just roll it all into the same
setup (and FreeBSD package) cuz, ya know, who doesn't want git!

12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
0. Convert your ops node to using ZFS.
   Ugh.
   
1. Make sure the "iocage" package is installed.
   We are using version 1.7.4.

   pkg install iocage

2. Setup the "base" jail.

   iocage fetch release=10.2-RELEASE
   iocage create -c release=10.2-RELEASE tag=py-cage-new

   iocage set compression=off py-cage-new
   iocage set quota=10G py-cage-new

3. Install packages:

   cd /iocage/jails/<UUID>/root
   chroot . pkg install ca_root_nss

   cat >etc/pkg/Emulab-devel.conf <<EOF
Emulab-devel: {
  url: "https://www.emulab.net/FreeBSD/10.2-devel/packages",
  mirror_type: NONE,
  enabled: yes
}
EOF

   chroot . pkg install -r Emulab-devel emulab-genilib

43 44 45 46 47 48 49 50 51 52
4. Take care of some riff-raff
   # mount point for geni-lib stuff
   mkdir -p usr/testbed/lib/geni-lib
   # symlinks we use
   ln -sf python2.7 usr/local/bin/python2
   ln -sf python2.7 usr/local/bin/python
   # if perl is loaded
   ln -sf /usr/local/bin/perl5 usr/bin/perl

5. Make it a template
53 54 55

   iocage set template=yes py-cage-new

Mike Hibler's avatar
Mike Hibler committed
56 57 58 59 60 61
6. Make it the default

   We create the tag py-cage by hand and point it to the correct iocage:

   mv /iocage/tags/py-cage /iocage/tags/py-cage-old
   cp -R /iocage/tags/py-cage-new /iocage/tags/py-cage
62 63

B. Updating your iocage:
64 65 66

1. Fetch the appropriate release:

67
   iocage fetch release=10.2-RELEASE
68

69
2. to be finished...
70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183

C. Setting up the git repo cache.

   Skip to step 8 if you are only exporting a ZFS to boss (no jail).

   Skip step 1 if you already have iocage installed.
   Skip step 2 if you already have iocages (e.g., if you have a genilib-jail).

1. Make sure the "iocage" package is installed.
   We are using version 1.7.4.

   pkg install iocage
   echo 'iocage_enable="YES"' >> /etc/rc.conf

2. Load the appropriate release

   iocage fetch release=10.2-RELEASE

3. Setup the jail.

   iocage create -c release=10.2-RELEASE tag=repo

   # Make it network ready
   iocage set ip4_addr='xn0|128.110.100.35' repo
   iocage set host_hostname='repo.apt.emulab.net' repo

   # Override the UUID default for hostname
   iocage set hostname='repo.apt.emulab.net' repo

   # If not on a flat control network
   iocage set defaultrouter=128.110.100.33 repo

   # XXX for the git repo jail, you will want a resolver
   iocage set resolver='nameserver 128.110.100.4;search apt.emulab.net' repo

   # so we can install updates from inside
   iocage set securelevel=0 repo

   # make it boot at host boot time
   iocage set boot=on repo

   # tweak our zfs fs
   iocage set compression=off repo
   iocage set quota=10G repo

4. Make sure sshd starts up and you can login from boss (for our benefit)

   cd /iocage/jails/<UUID>/root
   mkdir -m 0700 root/.ssh
   cp -p /root/.ssh/authorized_keys root/.ssh/
   echo 'sshd_enable="YES"' >> etc/rc.conf
   echo 'PermitRootLogin without-password' >> etc/ssh/sshd_config

5. Fire it up and apply updates

   iocage start repo

   sudo ssh repo	# from boss
   freebsd-update fetch
   freebsd-update install

6. Install packages:

   sudo ssh repo	# from boss

   cat > /etc/pkg/Emulab-devel.conf <<EOF
Emulab-devel: {
  url: "https://www.emulab.net/FreeBSD/10.2-devel/packages",
  mirror_type: NONE,
  enabled: yes
}
EOF

   pkg install ca_root_nss
   pkg install -r Emulab-devel emulab-genilib

   # XXX til I update the above package
   pkg install -r Emulab-devel git

7. Take care of some riff-raff

   sudo ssh repo	# from boss

   # symlinks we use
   ln -sf python2.7 /usr/local/bin/python2
   ln -sf python2.7 /usr/local/bin/python
   # if perl is loaded
   ln -sf /usr/local/bin/perl5 /usr/bin/perl

8. Create and attach a ZFS for the repos.

   zfs create -o quota=50G -o mountpoint=/repos -o sharenfs=off z/git-repos
   
   Add to ops:/etc/exports.head:

   /repos       boss.apt.emulab.net     -maproot=root

   Add to boss:/etc/fstab:

   fs.apt.emulab.net:/repos       /repos                  nfs     rw,tcp,soft,-b,nosuid,late      0       0

   then do:

   exports_setup
   mkdir /repos
   mount /repos

   If you have a jail, add to ops:/etc/fstab:

   /repos /iocage/jails/161ff0bb-d210-11e6-8598-09c38a1965bd/root/repos	nullfs	rw,late	0	0

   and:

   mount /iocage/jails/161ff0bb-d210-11e6-8598-09c38a1965bd/root/repos