Poudriere in a jail: Difference between revisions
From TykWiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
(3 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
* Create a ZFS dataset for the jail | * Create a ZFS dataset for the jail | ||
<pre> | <pre> | ||
$ sudo zfs create -o jailed=on | $ sudo zfs create -o jailed=on tyktank/poudriere | ||
</pre> | </pre> | ||
* Change settings in ezjail config | * Change settings in ezjail config | ||
<pre> | <pre> | ||
export jail_poudriere_tyknet_dk_zfs_datasets="tyktank/poudriere" | |||
export jail_poudriere_tyknet_dk_parameters="children.max=100 allow.mount allow.mount.tmpfs allow.mount.devfs allow.mount.procfs allow.mount.zfs allow.mount.nullfs allow.raw_sockets allow.socket_af allow.sysvipc allow.chflags enforce_statfs=1 ip6=inherit ip4=inherit" | export jail_poudriere_tyknet_dk_parameters="children.max=100 allow.mount allow.mount.tmpfs allow.mount.devfs allow.mount.procfs allow.mount.zfs allow.mount.nullfs allow.raw_sockets allow.socket_af allow.sysvipc allow.chflags enforce_statfs=1 ip6=inherit ip4=inherit" | ||
</pre> | </pre> | ||
Line 19: | Line 20: | ||
<pre> | <pre> | ||
$ sudo portmaster www/nginx ports-mgmt/poudriere | $ sudo portmaster www/nginx ports-mgmt/poudriere | ||
</pre> | |||
* Create key and cert for signing packages | |||
<pre> | |||
$ sudo mkdir -p /usr/local/etc/ssl/{keys,certs} | |||
$ sudo chmod 0600 /usr/local/etc/ssl/keys | |||
$ sudo openssl genrsa -out /usr/local/etc/ssl/keys/poudriere.key 4096 | |||
$ sudo openssl rsa -in /usr/local/etc/ssl/keys/poudriere.key -pubout -out /usr/local/etc/ssl/certs/poudriere.crt | |||
</pre> | |||
* Create <code>/usr/local/etc/poudriere.conf</code> with the following contents: | |||
<pre> | |||
ZPOOL=tyktank | |||
ZROOTFS=/poudriere | |||
FREEBSD_HOST=ftp://ftp.dk.freebsd.org | |||
RESOLV_CONF=/etc/resolv.conf | |||
BASEFS=/usr/local/poudriere | |||
USE_PORTLINT=no | |||
USE_TMPFS=yes | |||
DISTFILES_CACHE=/usr/ports/distfiles | |||
PKG_REPO_SIGNING_KEY=/usr/local/etc/pki/poudriere/poudriere.key | |||
NOLINUX=yes | |||
BUILDER_HOSTNAME=poudriere.tyknet.dk | |||
# https://gist.github.com/gynter/86ed7a6cae20927d6ef0 | |||
USE_MASTERMNT_HASH=yes | |||
</pre> | |||
* The last line is not a default setting but one that is neccesary due to path length restrictions combined with jails. To make it work apply the patch in the link above. | |||
* Create one or more jails for the versions you need to build for | |||
<pre> | |||
sudo poudriere jail -c -j freebsd_10_3_amd64 -v 10.3-RELEASE | |||
</pre> | |||
* Create (one or more) ports tree. I name the default tree "default" and if I want to experiment with, say, one of the quarterly ports trees, I'd name it as such. | |||
<pre> | |||
sudo poudriere ports -c -p default | |||
</pre> | </pre> |
Latest revision as of 13:49, 3 August 2016
- Create a normal ezjail
- Create a ZFS dataset for the jail
$ sudo zfs create -o jailed=on tyktank/poudriere
- Change settings in ezjail config
export jail_poudriere_tyknet_dk_zfs_datasets="tyktank/poudriere" export jail_poudriere_tyknet_dk_parameters="children.max=100 allow.mount allow.mount.tmpfs allow.mount.devfs allow.mount.procfs allow.mount.zfs allow.mount.nullfs allow.raw_sockets allow.socket_af allow.sysvipc allow.chflags enforce_statfs=1 ip6=inherit ip4=inherit"
- Add needed kld modules to rc.conf (and load them manually)
kld_list="zfs aesni geom_mirror tmpfs linux linprocfs nullfs procfs fdescfs"
- Install needed ports
$ sudo portmaster www/nginx ports-mgmt/poudriere
- Create key and cert for signing packages
$ sudo mkdir -p /usr/local/etc/ssl/{keys,certs} $ sudo chmod 0600 /usr/local/etc/ssl/keys $ sudo openssl genrsa -out /usr/local/etc/ssl/keys/poudriere.key 4096 $ sudo openssl rsa -in /usr/local/etc/ssl/keys/poudriere.key -pubout -out /usr/local/etc/ssl/certs/poudriere.crt
- Create
/usr/local/etc/poudriere.conf
with the following contents:
ZPOOL=tyktank ZROOTFS=/poudriere FREEBSD_HOST=ftp://ftp.dk.freebsd.org RESOLV_CONF=/etc/resolv.conf BASEFS=/usr/local/poudriere USE_PORTLINT=no USE_TMPFS=yes DISTFILES_CACHE=/usr/ports/distfiles PKG_REPO_SIGNING_KEY=/usr/local/etc/pki/poudriere/poudriere.key NOLINUX=yes BUILDER_HOSTNAME=poudriere.tyknet.dk # https://gist.github.com/gynter/86ed7a6cae20927d6ef0 USE_MASTERMNT_HASH=yes
- The last line is not a default setting but one that is neccesary due to path length restrictions combined with jails. To make it work apply the patch in the link above.
- Create one or more jails for the versions you need to build for
sudo poudriere jail -c -j freebsd_10_3_amd64 -v 10.3-RELEASE
- Create (one or more) ports tree. I name the default tree "default" and if I want to experiment with, say, one of the quarterly ports trees, I'd name it as such.
sudo poudriere ports -c -p default