configuring_linux.tex

\documentclass[a4paper]{book}

\usepackage[DIV=13]{typearea} % Benjamins proposal, higher div saves more paper.
% Eliminating empty pages
\let\cleardoublepage\par % Alternatively: \let\cleardoublepage\clearpage

% Improving line layout, f.ex. eliminating overfull boxes, etc.
\usepackage[tracking, kerning, spacing]{microtype}
\microtypecontext{spacing=nonfrench}

\usepackage{verbatim}



\begin{document}


\tableofcontents
\chapter{General strategy}
To provide different M2 processes for several users and at the same time not putting the host system at any risk we have the following strategy:
\begin{enumerate}
\item Create a virtual machine where our server is inside. Apparently it is very difficult to escape from a virtual machine.
\item Inside the virtual machine have the users run in an (s)chrooted environment.
\item Limit the resources for each user using cgroups.
\item Do provide as little system files to the user as possible. We mount almost everything (except /proc) from a master schroot. The mounting happens readonly. If the user needs write access he gets a writable layer on top.
\item Mounting readonly with a writable layer forces us to modify the schroot source.
\end{enumerate}
Backing up the progress is easy using the snapshot tool of VBoxManage (see below). This document is supposed to provide enough information to set up this environment.

Please note that almost all (except the virtualbox) commands are to be executed on the virtual machine, i.e. webm2.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%
%%%  Things we actually do on Habanero
%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Actual usage}
This is a short manual how to start and stop things very concretely.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Controlling
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Controlling}
\subsection{Habanero}
Habanero can shut down using
\begin{verbatim}
sudo shutdown -P now
\end{verbatim}
and rebooted using
\begin{verbatim}
sudo reboot
\end{verbatim}
Currently I now of now way to booting it once it completely shut down besides being in the office.
\subsection{webm2}
Use the same commands as for habanero, after ssh on to webm2. If it gets stuck use
\begin{verbatim}
sudo -u vmuser VBoxManage controlvm "webm2" poweroff
\end{verbatim}
The only way to start it is
\begin{verbatim}
sudo -u vmuser VBoxManage startvm "webm2" --type=headless
\end{verbatim}
Other VBoxManage commands can be found below. To control webm2 they must be executed as the vmuser.
\subsection{schroot}
No need to start these. Else see the updating section on schroots and the chapter on schroots.
You can end all schroots using
\begin{verbatim}
sudo schroot -e -f --all-sessions
\end{verbatim}
To clean up all users use
\begin{verbatim}
cd /home/franzi/tryM2/perl-scripts
sudo perl total_cleanup.pl
\end{verbatim}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Updating
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Updating Ubuntus + M2}
\subsection{Habanero}
First ssh on to habanero. To update Ubuntu do
\begin{verbatim}
sudo apt-get update
sudo apt-get upgrade
\end{verbatim}
and possibly
\begin{verbatim}
sudo apt-get dist-upgrade
\end{verbatim}
If something fails, the following commands might help:
\begin{verbatim}
sudo apt-get autoclean
sudo apt-get autoremove
\end{verbatim}
\subsection{webm2}
First ssh on to habanero, from there ssh on to webm2. There is no way to ssh directly on to webm2.
Now you can execute the same commands as for habanero.
\subsection{The schroot}
You need to ssh on to webm2. Then go into the master schroot using
\begin{verbatim}
sudo -u lars schroot -c master -u root -d /home
\end{verbatim}
Your shell should now clearly indicate that you are inside the schroot. Since you already are root you can just
\begin{verbatim}
apt-get update
apt-get upgrade
apt-get dist-upgrade
\end{verbatim}
\subsection{Updating M2 in the schroot}
First get the '.tar.gz' with the newest M2. Then you can just unpack it to the folder
\begin{verbatim}
/fakeroots/master/M2
\end{verbatim}
Note that on our webm2 this is currently
\begin{verbatim}
/fakeroots/new_master/M2
\end{verbatim}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%
%%%  Virtualbox
%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{VirtualBox (VBox)}
One can install VBox via apt:
\begin{verbatim}
sudo apt-get install virtualbox
\end{verbatim}
I do not (yet) provide information on how to install a guest system without the gui, sorry.

Lets give an short overview over the commands:

\begin{verbatim}
VBoxManage list runningvms
VBoxManage list vms
\end{verbatim}
will list the running VMs or all vms.

\begin{verbatim}
VBoxManage export machine name.ovf
\end{verbatim}
will export machine into file name.ovf.

For starting the vm machine via command line use
\begin{verbatim}
VBoxManage startvm machine --type headless
\end{verbatim}

Modifying VMs is done via modifyvm:
\begin{verbatim}
VBoxManage modifyvm machine --option value
\end{verbatim}

Here is a very concrete example working on habanero. First log on to habanero via ssh. Then
\begin{verbatim}
sudo -u vmuser -i
VBoxManage list vms
VBoxManage showvminfo webm2
VBoxManage modifyvm webm2 --memory 32768
VBoxManage startvm webm2 --type headless
VBoxManage controlvm webm2 poweroff
VBoxManage clonevm webm2 --name "webm2_rescue" --register
\end{verbatim}

One can take a snapshot using
\begin{verbatim}
VBoxManage snapshot webm2 take name --description "Cool features."
\end{verbatim}
CAUTION: For some reason taking a snapshot of the running machine didn't work.

Unfortunately I do not know how to set up port forwarding. Possibly
\begin{verbatim}
http://www.virtualbox.org/manual/ch06.html#natforward
\end{verbatim}
provides that information.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Starting the server at startup of vm
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Starting the server at startup of vm}
Log onto the vm using ssh. Now edit the crontab of root:
\begin{verbatim}
sudo crontab -e
\end{verbatim}
At the end insert the line
\begin{verbatim}
@reboot export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:
/usr/bin:/sbin:/bin:/M2/bin; cd /home/franzi/tryM2; make start >>
/home/webm2.logs/cron.log 2>&1
\end{verbatim}
Maybe the line breaks need to be removed if you are copying from this pdf.
This will export a PATH to have all necessary commands available for the forever script, change into the directory with the node server and then start it.


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%
%%%  cgroups
%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{cgroups}
We want to use cgroups to restrict the memory per user if this is possible.
\begin{verbatim}
sudo apt-get install cgroup-bin 
sudo reboot
\end{verbatim}

Now the create\_user.pl script will create a new cgroup for each user with the following lines:
\begin{verbatim}
system "cgcreate -a $user -g memory:$user";
system "chown -R root:root /sys/fs/cgroups/memory/$user/";
system "echo 500000000 > /sys/fs/cgroup/memory/$user/memory.limit_in_bytes";
\end{verbatim}

Then the schroot can be executed in the corresponding cgroup using
\begin{verbatim}
sudo cgexec -g memory:user sudo -u user schroot -c user -u user -d /home/m2user -r M2
\end{verbatim}

If you want to see the tasks of a specific user:
\begin{verbatim}
cat /sys/fs/cgroup/memory/user/tasks
\end{verbatim}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%
%%%  Schroots
%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Schroots}
What is this about?

We wanted to build something in Ubuntu similar to jails in FreeBSD, i.e. have a
full system in a subtree without the riscs of breaking out.  Additionally we
wanted it to be very secure, even root shouldn't be able to modify files.
Schroots were our weapon of choice. We first build a master schroot containing
the system and programs to run. At any point we can start the master schroot to
install programs.

Then we built clones of the master schroot. They mount everything readonly from
the master schroot, except some temporary folders to store temporary files
generated by processes (in our case M2). This document contains very detailed
information on what to do.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Preparation
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Preparation}

Install the following

\begin{verbatim}
sudo apt-get install debootstrap gettext doxygen po4a autoconf groff libboost-dev
   libboost-program-options-dev libboost-regex-dev autopoint uuid-dev liblockdev1-dev
   libpam0g-dev libboost-iostreams-dev libtool
\end{verbatim}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Installing schroot from source
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Installing schroot from modified source}
Since we need to temper with the source of schroot to modify it according to our needs, we have to compile and install it ourselves. First we download the source, then compile it and install it.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Mounting readonly file systems with a writable layer
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Mounting readonly file systems with a writable layer}
The problem we are trying to solve is the following: We want to mount the /etc
and /root folder inside the clone. Inside the clone they need to be writable
but we need their outer versions to be unchanged.  This can be solved in the
fstab with an entry like

\begin{verbatim}
none  /etc  aufs  br:/tmp=rw:/etc=ro   0  0
\end{verbatim}

This will mount both the outside /tmp and the outside /etc folder onto the
inner /etc. Changes in the inner /etc would be kept in the outer /tmp and leave
the outer /etc unharmed.

But now a new problem arises, namely all changes for all users would be kept in
the same /tmp folder and could cause trouble, thus we want something like:

\begin{verbatim}
tmpfs    /tmpetc  tmpfs  nodev,nouid  0  0
none  /etc  aufs  br:/absolute/path/to/tmpfs=rw:/etc=ro  0  0
\end{verbatim}

Thus we somehow need to enter the absolute path to the individually created /tmpetc.

The solution is to make the following work:

\begin{verbatim}
tmpfs    /tmpetc  tmpfs  nodev,nouid  0  0
none  /etc  aufs  br:$FULL_MOUNT_PATH/tmpfs=rw:/etc=ro  0  0
\end{verbatim}


Now you are done with this part.


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% The master
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Creating the master}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Building Ubuntu precise pangolin
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Building precise}
First we don't want anything from the outside world going into the master.
Assume we are in a folder 'fakeroots', create a folder for the master

\begin{verbatim}
cd fakeroots
mkdir master
\end{verbatim}

Let path2master be the absolute path of the fakeroots folder.
Now install precise into the master folder

\begin{verbatim}
sudo debootstrap --variant=buildd --arch=amd64 precise 
   path2master/master 
   http://archive.ubuntu.com/ubuntu
\end{verbatim}

(all in one line)
Replace precise by another version if needed.


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Creating the master profile
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Creating the master profile}

Start by duplicating the default profile

\begin{verbatim}
cd /usr/local/etc/schroot
sudo mkdir master
sudo cp default/* master
\end{verbatim}

Now we need to modify the profile for not getting some files from the outside

\begin{verbatim}
cd /usr/local/etc/schroot/master
sudo vim fstab
\end{verbatim}

Comment out all lines, except the line with /proc in fstab. 

Later also comment out the lines in copyfiles and nssdatabases.  Then schroot
won't copy the passwd file and /proc won't be mounted from the outside.
Somehow it's important to have initial copies of these files, though, for
having a sane system. If there aren't any sane versions of these files, M2 will
segfault.  Also if you update these files and want them updated inside you will
have to uncomment these files.

Modify the configuration file to have the correct paths

\begin{verbatim}
sudo vim /usr/local/etc/schroot/master/config
\end{verbatim}

it should look like

\begin{verbatim}
# Settings for "master" profile.
FSTAB="/usr/local/etc/schroot/master/fstab"
COPYFILES="/usr/local/etc/schroot/master/copyfiles"
NSSDATABASES="/usr/local/etc/schroot/master/nssdatabases"
\end{verbatim}

Next I created the configuration file

\begin{verbatim}
cd /usr/local/etc/schroot/chroot.d
touch master.conf
\end{verbatim}

And filled it with the following content

\begin{verbatim}
[master]
description=Ubuntu precise pangolin master chroot
directory=path2master/master
root-users=lars <- your username here.
type=directory
users=m2user
profile=master <- total path doesn't work
\end{verbatim}

Note that apparently all the users mentioned here have to exist on the outside
as well.  We definetely have to modify the passwd file, since at this point it
is a copy from the outside.

Note also that we need to move our custom 'open' and 'open-www' files to /usr/local/bin.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Installing M2
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Installing M2 and other things}

Move the M2 sources to a location (for example /home) inside the chroot:

\begin{verbatim}
sudo cp M2-1.4.0.1.tar.gz path2master/master/home/
\end{verbatim}

Now start the master schroot

\begin{verbatim}
schroot -c master -u root
\end{verbatim}

NO sudo in front of this command. Once inside, install everything you need
using apt.  Note that you might get an error message depending on whether the
folder you start the schroot in also exists in the schroot environment or not.

Inside the chroot

\begin{verbatim}
cd /home
tar -xzf M2-1.4.0.1.tar.gz
cd /
mkdir M2
mv /home/installed/* M2
rm -rf /home/installed/
rm /home/M2-1.4.0.1.tar.gz
apt-get update
apt-get upgrade
apt-get install vim
\end{verbatim}

Install all packages needed for M2. Start the schroot as root and inside

\begin{verbatim}
apt-get install libxml2 graphviz curl
M2
\end{verbatim}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% The Clone
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Cloning the master schroot}

We want to prepare a profile for the clones

\begin{verbatim}
cd /usr/local/etc/schroot
sudo mkdir clone
sudo cp master/* clone
cd clone
sudo vim config
\end{verbatim}

edit this to look like

\begin{verbatim}
# Settings for "clone" profile.
FSTAB="/usr/local/etc/schroot/clone/fstab"
COPYFILES="/usr/local/etc/schroot/clone/copyfiles"
NSSDATABASES="/usr/local/etc/schroot/clone/nssdatabases"
\end{verbatim}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Mounting the master files readonly
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Mounting readonly with a writable layer}

Edit the fstab to fetch the master files

\begin{verbatim}
sudo vim /usr/local/etc/schroot/clone/fstab
\end{verbatim}

it should look like

\begin{verbatim}
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/proc      /proc    none    bind        0       0
/proc      /proc    none    remount,bind,ro        0       0
/fakeroots/master/bin /bin  none  bind     0  0
/fakeroots/master/bin /bin  none  remount,bind,ro      0  0
/fakeroots/master/cbin /cbin  none  bind     0  0
/fakeroots/master/cbin /cbin  none  remount,bind,ro      0  0
/fakeroots/master/usr /usr  none  bind     0  0
/fakeroots/master/usr /usr  none  remount,bind,ro      0  0
/fakeroots/master/srv /srv  none  bind     0  0
/fakeroots/master/srv /srv  none  remount,bind,ro      0  0
/fakeroots/master/lib /lib  none  bind     0  0
/fakeroots/master/lib /lib  none  remount,bind,ro      0  0
/fakeroots/master/lib64 /lib64  none  bind     0  0
/fakeroots/master/lib64 /lib64  none  remount,bind,ro      0  0
/fakeroots/master/sys /sys  none  bind     0  0
/fakeroots/master/sys /sys  none  remount,bind,ro      0  0
/fakeroots/master/selinux /selinux  none  bind     0  0
/fakeroots/master/selinux /selinux  none  remount,bind,ro      0  0
/fakeroots/master/var /var  none  bind     0  0
/fakeroots/master/var /var  none  remount,bind,ro      0  0
/fakeroots/master/boot   /boot none  bind     0  0
/fakeroots/master/boot   /boot none  remount,bind,ro      0  0
/fakeroots/master/media   /media none  bind     0  0
/fakeroots/master/media   /media none  remount,bind,ro      0  0
/fakeroots/master/opt /opt  none  bind     0  0
/fakeroots/master/opt /opt  none  remount,bind,ro      0  0
/fakeroots/master/run /run  none  bind     0  0
/fakeroots/master/run /run  none  remount,bind,ro      0  0
/fakeroots/master/mnt /mnt  none  bind     0  0
/fakeroots/master/mnt /mnt  none  remount,bind,ro      0  0
/fakeroots/master/M2 /M2  none  bind     0  0
/fakeroots/master/M2 /M2  none  remount,bind,ro      0  0

# Temporary file systems
tmpfs   /tmp    tmpfs   nodev,nosuid,size=32M   0       0
tmpfs   /home/m2user      tmpfs   nodev,nosuid,size=32M,rw,uid=1002,gid=1002      0       0

# Mounting readonly folders writable
tmpfs   /tmpetc tmpfs   nodev,nosuid,size=4M,mode=755    0       0
none    /etc    aufs    br:$FULL_MOUNT_PATH/tmpetc=rw:/fakeroots/master/etc=ro  0       0
tmpfs   /tmproot        tmpfs   nodev,nosuid,size=4M,mode=755    0       0
none    /root   aufs    br:$FULL_MOUNT_PATH/tmproot=rw:/fakeroots/master/root=ro        0       0
\end{verbatim}

Please bear with me for not modifying the paths.

A word on the gid and uid: Since the users come from the host system, I just
took them from there.  We set the mode of the /root and /etc folder by setting
the mode on the corresponding /tmp folders.  We don't want the user to be able
to mess up the files there, even not temporary. Go on and try to touch
something as a user.

In the nssdatabases and copyfiles file comment out all lines.

Note that we do not have a sbin folder at all.

Now one can run the schroot. At desctruction the also the folders /etc and
/root are eliminated.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Configuring the clone
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Configuring the clone}

Create a folder for the clone (maybe inside fakeroots)

\begin{verbatim}
cd fakeroots
mkdir clone
\end{verbatim}

Edit the clone chroot config

\begin{verbatim}
cd /usr/local/etc/schroot/chroot.d
sudo vim clone.conf
\end{verbatim}

to look like

\begin{verbatim}
[clone]
description=Ubuntu precise pangolin clone chroot
directory=path2clone/clone
root-users=lars
type=directory
users=m2user
profile=clone
\end{verbatim}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Running the clone for the first time
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{First test of the clone}

Start the clone and check it

\begin{verbatim}
schroot -c clone -u root
touch /bin/bla
\end{verbatim}

should yield

\begin{verbatim}
touch: cannot touch `/bin/bla': Read-only file system
\end{verbatim}

Note: Have a look at the copyfiles file in the configuration folder.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Schroot Commands
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Schroot Commands}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Basics
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Basic commands}
One can list all schroots with

\begin{verbatim}
schroot -l
\end{verbatim}

Kill all schroots with

\begin{verbatim}
schroot -e --all-sessions
\end{verbatim}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Naming schroots
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Naming the schroots}
Start a schroot with given id name. Then access it as a user

\begin{verbatim}
schroot -c chroot -n name -b
schroot -c name -u user -r
\end{verbatim}

It is not possible to log into the named schroot immediately.
This is also the format of the commands used in m2server-module.js.

Alternatively start M2 when logging on

\begin{verbatim}
schroot -c name -u user -r /M2/bin/M2 -d /home/user 
\end{verbatim}

Of course this directory should exist.

Ending this schroot
\begin{verbatim}
schroot -c name -e
\end{verbatim}

One can use this to let the schroot know its name:

\begin{verbatim}
schroot -c name -d existing/rw/dir -u user -r touch name
\end{verbatim}

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Updating the schroot
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Short note on updating our schroots:}
\begin{enumerate}
\item Shut down the forever script.
\item Shut down the m2server.
\item Kill all schroots using
\begin{verbatim}
sudo schroot -e -f --all-sessions
\end{verbatim}
\item Start the master schroot:
\begin{verbatim}
sudo -u lars schroot -c master -u root
\end{verbatim}
\item You should now be inside the schroot as root. Do
\begin{verbatim}
apt-get update
apt-get upgrade
\end{verbatim}
\item For updating M2 move the new .tar.gz to /fakeroots/new\_master/home (or wherever your master schroot is) and inside the schroot unpack the tarball. Then, still inside, replace /M2 with the new files and delete the tarball. With adjusted paths you could also do this from the outside.
\item Restart the server.
\end{enumerate}


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%
%%%  Gentoo walkthrough
%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\chapter{Gentoo walkthrough}
This is a collection of commands to create a virtual machine with a 20G harddisc running gentoo. Using the above instructions one can then install schroot on it and use it to run a node server.

First command downloads a gentoo minimal installation disc. Then create a virtual machine and mount it.
\begin{verbatim}
wget http://distfiles.gentoo.org/releases/amd64/autobuilds/current-iso/default/20130207/install-amd64-minimal-20130207.iso
VBoxManage createhd
VBoxManage createhd --filename gentoo_hd.vdi --size 20000 --variant Standard
VBoxManage list ostypes
VBoxManage createvm --name gentoo_webm2 --ostype Gentoo_64 --register
VBoxManage list vms
VBoxManage modifyvm
VBoxManage storagectl gentoo_webm2 --name "SATA Controller" --add sata
VBoxManage storageattach gentoo_webm2 --storagectl "SATA Controller" --port 0 --device 0 --type hdd --medium "gentoo_hd.vdi"
VBoxManage storagectl gentoo_webm2 --name "IDE Controller" --add ide
VBoxManage storageattach gentoo_webm2 --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium "install-amd64-minimal-20130207.iso"
VBoxManage modifyvm gentoo_webm2 --boot1 dvd --boot2 disk --boot3 none --boot4 none
VBoxHeadless -s gentoo_webm2 -n -m 3389
\end{verbatim}

Now the virtual machine is started. Since it has no ssh-server running, you have to access it using a ssh tunnel and vncviewer:
\begin{verbatim}
ssh -L 3389:127.0.0.1:3389 lars@habanero.math.cornell.edu
vncviewer localhost:3389
\end{verbatim}

Now you are inside the virtual machine. Check the network connection:
ifconfig tells that everything is alright.
Then start partitioning the harddisc.
\begin{verbatim}
fdisk /dev/sda
n p 1 default +128M
a 1
n p 2 default +3072M
t 2 82
n p 3 default +10G
n e default
n default +3G
n default default
p
\end{verbatim}
You should now have 6 partitions
\begin{verbatim}
w
\end{verbatim}

Then mount the partitions.
\begin{verbatim}
mkswap /dev/sda2
swapon /dev/sda2
mkfs.ext2 /dev/sda1
mkfs.ext4 /dev/sda3
mkfs.ext4 /dev/sda5
mkfs.ext4 /dev/sda6
mount /dev/sda3 /mnt/gentoo
cd /mnt/gentoo
mkdir boot
mkdir fakeroot
mkdir usr
cd usr
mkdir local
cd
mount /dev/sda1 /mnt/gentoo/boot
mount /dev/sda5 /mnt/gentoo/fakeroot
mount /dev/sda6 /mnt/gentoo/usr/local
cd /mnt/gentoo
links http://www.gentoo.org/main/en/mirrors.xml
\end{verbatim}
Download stage 3 tarball
\begin{verbatim}
tar xvjpf stage...
nano -w /mnt/gentoo/etc/portage/make.conf add line MAKEOPTS="-j3" at end
mirrorselect -i -o >> /mnt/gentoo/etc/portage/make.conf
mirrorselect -i -r -o >> /mnt/gentoo/etc/portage/make.conf
cat /mnt/gentoo/etc/portage/make.conf
cp -L /etc/resolv.conf /mnt/gentoo/etc/
mount -t proc none /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
chroot /mnt/gentoo /bin/bash
source /etc/profile
export PS1="(chroot) $PS1"

mkdir /usr/portage
emerge-webrsync
emerge --sync

echo "America/New_York" > /etc/timezone

emerge gentoo-sources
cd /usr/src/linux
emerge pciutils
lspci
lsmod
make menuconfig
\end{verbatim}
In the config enable the cgroup support and the aufs file system. If it doesn't support the aufs filesystem you will have to download and install a different kernel later using emerge.

\begin{verbatim}
make && make modules_install
cp arch/x86_64/boot/bzImage /boot/kernel-xxx-gentoo

emerge genkernel
genkernel --install initramfs

emerge vim

vim /etc/fstab

cd /etc/init.d
ln -s net.lo net.eth0
rc-update add net.eth0 default
emerge syslog-ng
rc-update add syslog-ng default

emerge grub
vim /boot/grub/grub.conf

grep -v rootfs /proc/mounts > /etc/mtab
grub-install --no-floppy /dev/sda

exit
umount -l /mnt/gentoo/dev{/shm,/pts,}
umount -l /mnt/gentoo{/boot,/proc,}
reboot
\end{verbatim}

This will fail. First remove the cdrom, as vmuser do:
\begin{verbatim}
VBoxManage storageattach gentoo_webm2 --storagectl "IDE Controller" --port 0 --device 0 --type dvddrive --medium none
VBoxManage modifyvm gentoo_webm2 --natpf1 "guestssh,tcp,,13779,,13779"
VBoxManage modifyvm gentoo_webm2 --natpf1 "webaccess,tcp,,3691,,8002"
\end{verbatim}

Now install an ssh server and have it listen on port 13779
\begin{verbatim}
emerge openssh
rc-update add sshd default
vim /etc/ssh/sshd_config
\end{verbatim}

Log on to the virtual machine and install the necessary node stuff.
\begin{verbatim}
sudo emerge nodejs
sudo npm install -g connect forever cookies
\end{verbatim}
\end{document}