Difference between revisions of "Fedora ARM Secondary Architecture/Standard Operating Procedures"

From CDOT Wiki
Jump to: navigation, search
(Daily Infrastructure Duties)
 
(65 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[[Category:CDOT Staff]][[Category:Fedora ARM Secondary Architecture]]
+
[[Category:CDOT Staff]][[Category:Fedora ARM Secondary Architecture]][[Category:SOP]]
  
 +
== Daily Infrastructure Duties ==
 +
 +
* Monitor builder status
 +
** All machines should be ready and enabled.
 +
** Mount points from Hong Kong - Work Space (builder specific, and /mnt/koji).
 +
* Back-ups - Check all automated back ups
 +
**Back-ups are located on the critical management servers and iraq - /archive/blaze-backup/
 +
***should contain backups of "/etc" and a postgresql dump, run on a daily basis after midnight. These are cronjobs run as root for "/etc" and as koji for the postgresql dump.
 +
* Check available disk space on all relevant machines - Hongkong, Ireland and New Zealand.
 +
** /var and /mnt/koji on Hong Kong
 +
 +
== Repo Compose and Release ==
 +
 +
 +
==== Repo Closure ====
 +
* Run 'depcheck' to ensure no broken dependencies that can be resolved.
 +
** Fix any issues
 +
 +
==== Compose ====
 +
*Run 'mash' to create a repository
 +
    mash -o /mnt/koji/mash/beta/f13-arm-2011-05-06 f13-arm
 +
 +
==== Compose Updates ====
 +
*Run mash against previously composed repository
 +
    mash f13-updates-arm -o /mnt/koji/mash/updates/13/ -p /mnt/koji/tree/updates/13/ -d /mnt/koji/tree/releases/13/Everything/ -f /mnt/koji/tree/releases/13/Everything/arm/os/repodata/fce31f091be8211a394d8942fcf4f6cbeffa3d40d87b61af55a97b1a88b46987-Fedora-13-comps.xml
 +
 +
==== Sign Packages ====
 +
* Temporarily done with 'rpm --addsign'. This is done on Hong Kong using Paul's account. Pass phrase is the old root password. You will need to enter the pass phrase about five times as the packages are signed.
 +
    ls *.rpm | xargs rpm --addsign
 +
* After packages are signed, you must run createrepo again to include the new metadata. Createrepo should be run from the parent directory of "Packages". Please replace the path to groups file accordingly.
 +
    createrepo -g /mnt/koji/mash/beta/f13-arm-2011-05-10/f13-arm/arm/os/comps.xml -d .
 +
* Package signing Standards of Practice [https://fedoraproject.org/wiki/Release_package_signing Packaging SOP]
 +
 +
==== Create new root filesystem ====
 +
* On the OpenRD using mkrootfs ( script packaged for rootfs creation, installed on openRD ). You will need to edit the fedora-arm-koji.repo file in /etc/yum.repos.d/ to point to the newly created repo.
 +
    mkrootfs-f13
 +
* edit rootfs adding in correct URL for yum pointing to the latest compose.
 +
    vi etc/yum.repos.d/fedora.repo
 +
* Add in Pandaboard specific hack to "/etc/rc.d/rc.local"
 +
         
 +
      # horrible hack to respawn serial console
 +
      #while true
 +
      #do
 +
      #/sbin/agetty -L 115200 console vt100
 +
      #done
 +
* Currently the root file system is hosted on Scotland. Copy the root file system using scp.
 +
    scp username@scotland.proximity.on.ca:/var/www/html/fedora-arm/beta/f13/
 +
 +
==== Update ARM-VM RPM Package ====
 +
*
 +
 +
==== Release ====
 +
* Email to ARM mailing list
 +
* Blogpost including links
 +
* Wiki page for the release highlighting changes, notes
 +
 +
== Create Koji Builder - Create repo ==
 +
 +
* Download the ARM patched koji software from [http://scotland.proximity.on.ca/paulwhalen/ Koji Software]
 +
yum localinstall koji-1.6.0-2.fc15.arm.noarch.rpm koji-builder-1.6.0-2.fc15.arm.noarch.rpm
 +
* on hongkong create a certificate to be used with the new host. Certificates are created from the directory '/etc/pki/koji' by running the 'certscript'. A link to the [http://scotland/paulwhalen/certscript certscript]
 +
./certscript <hostname>
 +
* copy the cert (hostname.pem) and 'koji_ca_local+fedora.crt' to the new host machines '/etc/kojid/' folder.
 +
* In order for createrepo tasks to work successfully you will need to downgrade the createrepo and yum packages that are included in F16. Download [http://scotland.proximity.on.ca/paulwhalen/createrepo-0.9.8-5.fc14.noarch.rpm createrepo-0.9.8-5.fc14.noarch.rpm ] and [http://scotland.proximity.on.ca/paulwhalen/yum-3.2.29-10.fc15.noarch.rpm yum-3.2.29-10.fc15.noarch.rpm]
 +
rpm -Uvh --oldpackage createrepo-0.9.8-5.fc14.noarch.rpm
 +
rpm -Uvh --oldpackage yum-3.2.29-10.fc15.noarch.rpm
 +
* Edit the /etc/yum.conf to exclude the above packages from being updated
 +
* edit '/etc/kojid/kojid.conf'. Example of a kojid.config can be found here [http://scotland/paulwhalen/kojid.conf kojid.conf]
 +
* Edit the export file in the nfs server that holds mount koji, at this point which is chile and add the to-be-createrepo machine's info on that file and restart the nfs server
 +
* Add mount koji through nfs in the to-be-createrepo machine (make the mounting directory and edit the fstab) and run mount all
 +
 +
 +
== Bandwidth Throttling and Connection Limiting in Scotland ==
 +
=== Throttling ===
 +
* This script is based on [http://www.topwebhosts.org/tools/traffic-control.php Traffic Shaping script] and uses [http://linux.die.net/man/8/tc tc command]
 +
* The bandwidth throttling script ''bwmon'' is available in /usr/local/bin in scotland
 +
* Activate it by running the following
 +
    bwmon start
 +
* Available options are
 +
    # bwmon [start|stop|restart|show]
 +
 +
* Script base is available [http://www.topwebhosts.org/tools/tc.bash.txt here]
 +
* [http://www.linuxquestions.org/questions/linux-server-73/applying-download-speed-limit-iptables-842906/ External link] on bandwidth throttling.
  
= Standard Operating Procedures =
+
=== Connection Limiting ===
 +
* Connection will be limited 2 per host every 60 sec
 +
* Custom netfilter tables are available in /usr/local/bin directory
  
== Daily Infrastructure Duties ==
+
* To enable connection limiting run the following
 +
 
 +
    iptables-restore < /usr/local/bin/connlim.iptab
 +
    iptables-save > /etc/sysconfig/iptables
  
 +
* To disable connection limiting run the following
 +
    iptables-restore < /usr/local/bin/regular.iptab
 +
    iptables-save > /etc/sysconfig/iptables
 +
* More info available at [http://www.topwebhosts.org/tools/traffic-control.php Cybercity]
  
  
* Builder status - Are all machines checking in? Have NFS shares mount?
 
* Back-ups - Check all automated back ups
 
**Ireland, New Zealand - /var/koji-backup/
 
***should contain backups of "/etc" and a postgresql dump, run on a daily basis at midnight.
 
***Ireland should also have a full copy of "/mnt/koji"
 
* Check available disk space on all relevant machines - Hongkong, Ireland and New Zealand.
 
  
 +
== rsync server: Scotland ==
  
 +
* The rsync server is running at default rsync port (TCP 873)
  
== Repo Compose and Release ==
+
* Associated files are
 +
    daemon file = /etc/rsyncd.conf
 +
    motd file = /etc/rsyncd.motd
 +
    log file = /var/log/rsyncd.log
 +
    pid file = /var/run/rsyncd.pid
 +
    lock file = /var/run/rsync.lock
 +
* The Firewall was adjusted to accommodate the rsyncd service. Please see [http://zenit.senecac.on.ca/wiki/index.php/Fedora_ARM_Secondary_Architecture/Standard_Operating_Procedures#Connection_Limiting already implemented firewall rules]
 +
* Available modules are test and raspberrypi
 +
* Sample invocation method as follows
 +
    rsync -aprvz scotland.proximity.on.ca::raspberrypi /path/to/destination/directory
 +
* Script base is available at [http://everythinglinux.org/rsync/ Everything Linux]
 +
* Additional tutorials available at [http://zenit.senecac.on.ca/wiki/index.php/OPS335_Lab_10 Seneca Wiki]
 +
=== Feature possibilities for the rsync server ===
 +
* Service Command compatibility [http://www.fredshack.com/docs/rsync.html script from Fredshack] can be added
 +
* Systemd compatibility [https://gist.github.com/1401352 script from Github] can be implemented

Latest revision as of 09:48, 14 March 2012


Daily Infrastructure Duties

  • Monitor builder status
    • All machines should be ready and enabled.
    • Mount points from Hong Kong - Work Space (builder specific, and /mnt/koji).
  • Back-ups - Check all automated back ups
    • Back-ups are located on the critical management servers and iraq - /archive/blaze-backup/
      • should contain backups of "/etc" and a postgresql dump, run on a daily basis after midnight. These are cronjobs run as root for "/etc" and as koji for the postgresql dump.
  • Check available disk space on all relevant machines - Hongkong, Ireland and New Zealand.
    • /var and /mnt/koji on Hong Kong

Repo Compose and Release

Repo Closure

  • Run 'depcheck' to ensure no broken dependencies that can be resolved.
    • Fix any issues

Compose

  • Run 'mash' to create a repository
    mash -o /mnt/koji/mash/beta/f13-arm-2011-05-06 f13-arm

Compose Updates

  • Run mash against previously composed repository
    mash f13-updates-arm -o /mnt/koji/mash/updates/13/ -p /mnt/koji/tree/updates/13/ -d /mnt/koji/tree/releases/13/Everything/ -f /mnt/koji/tree/releases/13/Everything/arm/os/repodata/fce31f091be8211a394d8942fcf4f6cbeffa3d40d87b61af55a97b1a88b46987-Fedora-13-comps.xml

Sign Packages

  • Temporarily done with 'rpm --addsign'. This is done on Hong Kong using Paul's account. Pass phrase is the old root password. You will need to enter the pass phrase about five times as the packages are signed.
    ls *.rpm | xargs rpm --addsign
  • After packages are signed, you must run createrepo again to include the new metadata. Createrepo should be run from the parent directory of "Packages". Please replace the path to groups file accordingly.
   createrepo -g /mnt/koji/mash/beta/f13-arm-2011-05-10/f13-arm/arm/os/comps.xml -d .

Create new root filesystem

  • On the OpenRD using mkrootfs ( script packaged for rootfs creation, installed on openRD ). You will need to edit the fedora-arm-koji.repo file in /etc/yum.repos.d/ to point to the newly created repo.
    mkrootfs-f13
  • edit rootfs adding in correct URL for yum pointing to the latest compose.
    vi etc/yum.repos.d/fedora.repo
  • Add in Pandaboard specific hack to "/etc/rc.d/rc.local"
     # horrible hack to respawn serial console
     #while true
     #do
     #/sbin/agetty -L 115200 console vt100
     #done
  • Currently the root file system is hosted on Scotland. Copy the root file system using scp.
    scp username@scotland.proximity.on.ca:/var/www/html/fedora-arm/beta/f13/

Update ARM-VM RPM Package

Release

  • Email to ARM mailing list
  • Blogpost including links
  • Wiki page for the release highlighting changes, notes

Create Koji Builder - Create repo

yum localinstall koji-1.6.0-2.fc15.arm.noarch.rpm koji-builder-1.6.0-2.fc15.arm.noarch.rpm
  • on hongkong create a certificate to be used with the new host. Certificates are created from the directory '/etc/pki/koji' by running the 'certscript'. A link to the certscript
./certscript <hostname>
  • copy the cert (hostname.pem) and 'koji_ca_local+fedora.crt' to the new host machines '/etc/kojid/' folder.
  • In order for createrepo tasks to work successfully you will need to downgrade the createrepo and yum packages that are included in F16. Download createrepo-0.9.8-5.fc14.noarch.rpm and yum-3.2.29-10.fc15.noarch.rpm
rpm -Uvh --oldpackage createrepo-0.9.8-5.fc14.noarch.rpm
rpm -Uvh --oldpackage yum-3.2.29-10.fc15.noarch.rpm
  • Edit the /etc/yum.conf to exclude the above packages from being updated
  • edit '/etc/kojid/kojid.conf'. Example of a kojid.config can be found here kojid.conf
  • Edit the export file in the nfs server that holds mount koji, at this point which is chile and add the to-be-createrepo machine's info on that file and restart the nfs server
  • Add mount koji through nfs in the to-be-createrepo machine (make the mounting directory and edit the fstab) and run mount all


Bandwidth Throttling and Connection Limiting in Scotland

Throttling

  • This script is based on Traffic Shaping script and uses tc command
  • The bandwidth throttling script bwmon is available in /usr/local/bin in scotland
  • Activate it by running the following
    bwmon start
  • Available options are
    # bwmon [start|stop|restart|show]

Connection Limiting

  • Connection will be limited 2 per host every 60 sec
  • Custom netfilter tables are available in /usr/local/bin directory
  • To enable connection limiting run the following
    iptables-restore < /usr/local/bin/connlim.iptab
    iptables-save > /etc/sysconfig/iptables
  • To disable connection limiting run the following
    iptables-restore < /usr/local/bin/regular.iptab
    iptables-save > /etc/sysconfig/iptables


rsync server: Scotland

  • The rsync server is running at default rsync port (TCP 873)
  • Associated files are
    daemon file = /etc/rsyncd.conf
    motd file = /etc/rsyncd.motd
    log file = /var/log/rsyncd.log
    pid file = /var/run/rsyncd.pid
    lock file = /var/run/rsync.lock
  • The Firewall was adjusted to accommodate the rsyncd service. Please see already implemented firewall rules
  • Available modules are test and raspberrypi
  • Sample invocation method as follows
    rsync -aprvz scotland.proximity.on.ca::raspberrypi /path/to/destination/directory

Feature possibilities for the rsync server