Changes

Page history
Update Installation instructions authored by Nikolai.Hartmann's avatar Nikolai.Hartmann
Hide whitespace changes
Inline Side-by-side
Installation-instructions.md
View page @ d8291597
**Note:** to just update the image, follow the instructions from
- [Build image (using mkosi)](#build-image-using-mkosi)
- [Set permissions for image](#set-permissions-for-image)
- [Start and enable xcache service running in container](#start-and-enable-xcache-service-running-in-container)
# Install packages on debian host system
```bash
apt install acl dnf rpm git systemd-container rsync voms-clients
# (possibly rpm is not needed for manual image building)
```
# Clone git and checkout config files
```bash
git clone https://gitlab.physik.uni-muenchen.de/Nikolai.Hartmann/xcache-nspawn-lrz.git
# as root in repository dir
cd xcache-nspawn-lrz
# optional, in order to be able to push into the dir if no modifications
git config receive.denyCurrentBranch updateInstead
# remove everything, except .git
rm -r *
# checkout files to /
git config core.worktree /
git reset --hard
# list tracked files
git ls-files /
# remove README
rm /README.md
git update-index --assume-unchanged /README.md
```
# Build image (using mkosi)
```bash
cd /var/local/mkosi
# if not existing yet
mkdir mkosi.cache
# generate image
img_name=xcache-$(date +%Y-%m-%d-%H%M)
mkosi -i -t directory -o /var/lib/machines/$img_name |& tee build_$img_name.log
```
**Alternative: Build image using manual `dnf --installroot`**
```bash
img_name=xcache-$(date +%Y-%m-%d-%H%M)
build_image.sh /var/lib/machines/$img_name
```
**after building the image don't forget to [set the permissions for the image](#set-permissions-for-image)**
# Create xrootd user in host system
We will map the xrootd user id inside the container to one shifted by 65536 * 10 on the host system. This is an arbitrary choice and one should check this range of user ids is not used by anything else. One also has to be careful that the xrootd user id does not change when a new image is built. The image building script now force sets the user id to 1000 so this should be fine. See [[Migrate xrootd user]] for how to change the host xrootd user later if needed.
```bash
# for some reason that command might add a carriage return (therefore the sed) ...
XRD_UID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -u xrootd | sed 's/\r//')
XRD_GID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -g xrootd | sed 's/\r//')
let "XRD_UID_HOST = $XRD_UID_INSIDE + 65536 * 10"
let "XRD_GID_HOST = $XRD_GID_INSIDE + 65536 * 10"
useradd --no-create-home --system -u $XRD_UID_HOST xrootd
groupmod -g $XRD_GID_HOST xrootd
```
# Set permissions for image
To be able to mount the image read-only the permissions need to be set correctly once. This can be achieved with the following command
```
systemd-nspawn --volatile=no --private-users-chown --private-users=655360 -D /var/lib/machines/$img_name ls -la /
```
# Copy xcache robot certificates to `/root/.globus` and add `/etc/vomses`
# Directories for bind mounts
Create directories for bind mounts and make them owned by xrootd where nescessary. Here one needs to check that the data directory is the correct path (e.g. the path where the raid system is mounted) and possibly adjust the bind mount in `/etc/systemd/nspawn/xcache.nspawn`
Note: Assuming the data directories are under `/srv/xache` and are as configured in `/etc/xrootd/xcache.cfg`
```bash
mkdir -p /var/spool/xrootd /var/run/xrootd /srv/xcache/namespace /srv/xcache/xrdcinfos
chown -R xrootd:xrootd /var/spool/xrootd /var/run/xrootd /srv/xcache
# if not existing
mkdir -p /etc/grid-security
# if running with authentication and need host key
setfacl -m "u:xrootd:r" /etc/grid-security/hostkey.pem
```
# Start and enable xcache service running in container
The running image has to be linked to `/var/lib/machines/xcache` in order to pick up the configuration in `/etc/systemd/nspawn/xcache.nspawn`.
in case of existing installation (just updated image)
```
rm /var/lib/machines/xcache
```
In any case
```
ln -s /var/lib/machines/{$img_name,xcache}
```
In case of first installation
```
machinectl start xcache
machinectl enable xcache
```
In case of existing installation (just updated image)
```
systemctl restart systemd-nspawn@xcache
```
**Note:** to just update the image, follow the instructions from
- [Build image (using mkosi)](#build-image-using-mkosi)
- [Set permissions for image](#set-permissions-for-image)
- [Start and enable xcache service running in container](#start-and-enable-xcache-service-running-in-container)
# Install packages on debian host system
```bash
apt install acl dnf rpm git systemd-container rsync voms-clients
# (possibly rpm is not needed for manual image building)
```
# Clone git and checkout config files
```bash
git clone https://gitlab.physik.uni-muenchen.de/Nikolai.Hartmann/xcache-nspawn-lrz.git
# as root in repository dir
cd xcache-nspawn-lrz
# optional, in order to be able to push into the dir if no modifications
git config receive.denyCurrentBranch updateInstead
```
Then, to checkout the files in git into the root filesystem (`/`):
```bash
# remove everything, except .git
rm -r *
# checkout files to /
git config core.worktree /
git reset --hard
# list tracked files
git ls-files /
# remove README
rm /README.md
git update-index --assume-unchanged /README.md
```
# Build image (using mkosi)
```bash
cd /var/local/mkosi
# if not existing yet
mkdir mkosi.cache
# generate image
img_name=xcache-$(date +%Y-%m-%d-%H%M)
mkosi -i -t directory -o /var/lib/machines/$img_name |& tee build_$img_name.log
```
**Alternative: Build image using manual `dnf --installroot`**
```bash
img_name=xcache-$(date +%Y-%m-%d-%H%M)
build_image.sh /var/lib/machines/$img_name
```
**after building the image don't forget to [set the permissions for the image](#set-permissions-for-image)**
# Create xrootd user in host system
We will map the xrootd user id inside the container to one shifted by 65536 * 10 on the host system. This is an arbitrary choice and one should check this range of user ids is not used by anything else. One also has to be careful that the xrootd user id does not change when a new image is built. The image building script now force sets the user id to 1000 so this should be fine. See [[Migrate xrootd user]] for how to change the host xrootd user later if needed.
```bash
# for some reason that command might add a carriage return (therefore the sed) ...
XRD_UID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -u xrootd | sed 's/\r//')
XRD_GID_INSIDE=$(systemd-nspawn -D /var/lib/machines/$img_name id -g xrootd | sed 's/\r//')
let "XRD_UID_HOST = $XRD_UID_INSIDE + 65536 * 10"
let "XRD_GID_HOST = $XRD_GID_INSIDE + 65536 * 10"
useradd --no-create-home --system -u $XRD_UID_HOST xrootd
groupmod -g $XRD_GID_HOST xrootd
```
# Set permissions for image
To be able to mount the image read-only the permissions need to be set correctly once. This can be achieved with the following command
```
systemd-nspawn --volatile=no --private-users-chown --private-users=655360 -D /var/lib/machines/$img_name ls -la /
```
# Copy xcache robot certificates to `/root/.globus` and add `/etc/vomses`
# Directories for bind mounts
Create directories for bind mounts and make them owned by xrootd where nescessary. Here one needs to check that the data directory is the correct path (e.g. the path where the raid system is mounted) and possibly adjust the bind mount in `/etc/systemd/nspawn/xcache.nspawn`
Note: Assuming the data directories are under `/srv/xache` and are as configured in `/etc/xrootd/xcache.cfg`
```bash
mkdir -p /var/spool/xrootd /var/run/xrootd /srv/xcache/namespace /srv/xcache/xrdcinfos
chown -R xrootd:xrootd /var/spool/xrootd /var/run/xrootd /srv/xcache
# if not existing
mkdir -p /etc/grid-security
# if running with authentication and need host key
setfacl -m "u:xrootd:r" /etc/grid-security/hostkey.pem
```
# Start and enable xcache service running in container
The running image has to be linked to `/var/lib/machines/xcache` in order to pick up the configuration in `/etc/systemd/nspawn/xcache.nspawn`.
in case of existing installation (just updated image)
```
rm /var/lib/machines/xcache
```
In any case
```
ln -s /var/lib/machines/{$img_name,xcache}
```
In case of first installation
```
machinectl start xcache
machinectl enable xcache
```
In case of existing installation (just updated image)
```
systemctl restart systemd-nspawn@xcache
```