source: trunk/debathena/NOTES @ 23158

Revision 23158, 24.1 KB checked in by ghudson, 16 years ago (diff)
Document the cluster packages in NOTES.
Line 
1This hierarchy contains Debian/Ubuntu-specific materials, also known
2as "Debathena".  The contents are:
3
4* debathena - Debathena-specific software packages such as PAM and NSS
5  modules.
6
7* config - Packages for configuring native system software in a manner
8  appropriate for Athena.
9
10* meta - Packages which contain nothing but dependencies on other
11  packages and serve as an installation convenience.
12
13* scripts - Build scripts and supporting materials.
14
15Debathena is a SIPB project, and its infrastructure and procedures
16will need to be adapted for Athena 10.  For the moment this file will
17document the Debathena procedures as they are, not as they will be.
18The current procedures do not even use this svn repository yet.
19
20Debian software used by Debathena:
21
22  * schroot - Used to manage build chroot environments for each
23    Debian/Ubuntu version.  We use the lvm-snapshot schroot type,
24    which allows rapid construction of ephemeral copies of template
25    "source" chroots, so that every binary package build is done in a
26    clean environment.
27
28  * debuild - Used to create Debian source packages from package
29    source directories.
30
31  * sbuild - Used to build binary packages from source packages inside
32    schroot environments.
33
34  * equivs - Used to create packages which only contain dependency
35    information.  Somewhat of a dirty hack, since it doesn't keep
36    proper changelogs, but it reduces overhead.
37
38  * CDBS (Common Debian Build System) - Referenced by debian/rules
39    files in packages.  Contains standard build rules to cut down on
40    per-package boilerplate.
41
42  * reprepro - Used to upload packages into the apt repositories.
43
44  * approx - Used to create a local cache of Debian packages on the
45    build server.  This cache is referenced by the build chroots for
46    improved performance.
47
48The remainder of this file documents procedures useful to Athena 10
49developers and the release engineer.
50
51Developers: Preferences setup
52-----------------------------
53
54You will probably want a $HOME/.devscripts file containing the
55following:
56
57DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn"
58
59This will save you from having to specify those options every time you
60run debuild.  Athena 10 scripts do not assume the above preferences,
61but the instructions in this file do.  The options mean:
62
63  * Look for original source as a tarfile or create one.
64  * Do not sign the source package.
65  * Do not sign the changes file.
66  * Ignore common version control metadata files when creating diffs.
67  * Ignore .svn paths when creating tarballs.
68
69You will also want a $HOME/.sbuildrc file containing the following:
70
71  $nolog = 1;
72  $mailto = 'yourusername';
73  $log_dir = '/tmp/sbuild-logs';
74  $maintainer_name = 'Debian-Athena Project <debathena@mit.edu>';
75  $force_orig_source = 1;
76  $sbuild_mode = "user";
77  1;
78
79You should also set the environment variable DEBATHENA_APT to
80"/afs/dev.mit.edu/system/athena10/apt".
81
82Developers: Preparing a change
83------------------------------
84
85To prepare a change to a regular package (a source tree containing a
86debian/ subdir), make the edits in a checkout and record a changelog
87entry.  You can either edit debian/changelog using emacs changelog
88mode (C-c C-v to add a new version entry, C-c C-a to add a change
89entry, C-c C-f to finalize the entry) or you can run "dadch".
90
91When creating a new version entry, bump the upstream version number
92(to 10.0.0 if it was not already that high) if you are changing the
93main package source.  Otherwise, just bump the Debian version
94component (change 0debathena1 to 0debathena2, for instance).
95
96Developers: Building a package for test purposes on one platform
97----------------------------------------------------------------
98
99After you have prepared a change, you will want to test that it builds
100and perhaps that it works before committing it.  First, if it is an
101Athena source directory using autoconf, run "daconfiscate" to set up
102the autoconf boilerplate which we don't check in.  Second, run
103"daorig" to copy or create an orig tarball in the parent directory if
104necessary.  Third, run "debuild".  The resulting package will be
105placed in the parent directory.
106
107In order to test if the package works, you can install it with "dpkg
108-i filename.deb".
109
110Developers: Building a package for test purposes on all platforms
111-----------------------------------------------------------------
112
113If the package you are working on interacts with the native OS in ways
114that might vary from platform to platform, you may want to do a test
115build for all platforms.  You will need to do this on
116linux-build-10.mit.edu or another machine which has been set up with
117build schroots.
118
119As above, run daconfiscate (if necessary) and then daorig.  Then run
120"debuild -S" to create a source package.  Now cd into the parent
121directory and identify the .dsc file created by debuild -S; it will
122have a name like debathena-just_9.4.0-0debathena2.dsc.  Run "da
123sbuildhack filename.dsc" to perform the package builds.  Each build
124will take place inside an ephemeral chroot based on a snapshot of a
125template for a particular Debian or Ubuntu version.  If a build fails
126and it's not obvious from the build log why, you may need to create
127your own ephemeral chroot session with a command like "schroot -c
128gutsy-amd64-sbuild /bin/sh" and then run debuild from within the
129package sources.
130
131If the build is successful, it will create a set of packages with
132names like debathena-just_9.4.0-0debathena2~ubuntu6.06_amd64.deb.
133
134Developers: Building an equivs package
135--------------------------------------
136
137Most of the packages under debathena/meta are faked up using equivs.
138To build one, just run:
139
140  equivs-build --full filename.equivs
141
142These equivs files make reference to ../common, so you must have a
143checkout of debathena/meta/common alongside the particular
144meta-package you are building.
145
146Developers: The meaning of metapackages
147---------------------------------------
148
149If you are adding a new package to the repository, you will probably
150at some point want to add it to one of the metapackages so that it
151doesn't have to be installed by hand.  Here are some descriptions
152which may help identify which metapackage is best:
153
154* locker: Provides access to Athena locker software--AFS and
155  automounter configuration, locker-related utilities, etc.
156
157* clients: Provides clients (either locally-written, like athinfo and
158  Discuss, or configurations) for Athena services, as well as
159  Athena-specific utility programs like "jot".  Configurations for
160  graphical client software are generally in the workstation package
161  instead, in order to make this package less intrusive.
162
163* standard: Implies locker and clients.  Also provides Athena shell
164  customizations and dotfiles.
165
166* login: Implies standard.  Configurations to merge the MIT user
167  namespace into the local machine namespace for the purpose of user
168  lookups and authentication.
169
170* workstation: Implies login.  Configurations for the graphical login
171  system and graphical client software intended to provide a standard
172  X login experience using Athena home directories.  Still in
173  development.
174
175* cluster-software: Provides a set of Debian packages common to
176  cluster machines.  The resulting software set is rather large, and
177  thus may not be desirable to all workstation configurations.  Only
178  stock Debian packages belong in this metapackage; do not add
179  other Debathena packages to it.
180
181* cluster: Implies workstation and cluster-software.  Also contains
182  configurations for self-maintenance of machines (unattended updates,
183  cleanups between logins, etc.).
184
185* debian-dev: Intended for developers of the system itself; provides a
186  set of Debian packages used by Debathena for development.
187
188For the most part a package should be listed in the "Depends:" line of
189a metapackage, but in some cases it is appropriate to hedge by using
190"Recommends:", which will cause aptitude to succeed even if the
191package is unavailable.  For example, a package which doesn't exist in
192all Debian/Ubuntu suites or isn't free can be listed under
193"Recommends:" so that our metapackages still work in all environments.
194
195Developers: Index of cluster packages
196-------------------------------------
197
198Some private workstation admins may want specific pieces of cluster
199infrastructure.  With Athena 9.4, they would typically install the
200entire Athena software suite and then turn off features they did not
201want via /etc/athena/rc.conf.  That is not generally possible in
202Athena 10; a debathena-cluster machine acts like a cluster machine in
203all respects.  Instead, the machine owner should install
204debathena-workstation and then install specific packages they might be
205interested in.  At this time, candidate packages include:
206
207  * debathena-dns-config: Installs a caching DNS resolver and
208    configures the machine to use it.
209
210  * debathena-tmp-cleaner: Cleans files in /tmp and /var/tmp which
211    have not been recently accessed.
212
213  * debathena-reactivate: Causes each graphical login to be performed
214    in a separate ephemeral snapshot of the chroot.  This package
215    requires the root filesystem to be an LVM logical volume inside a
216    volume group with 21GB of free space for the snapshots; if that is
217    not the case, it will break graphical logins.  Install with care.
218
219  * debathena-auto-update: Periodically updates the machine's software
220    and reboots (when no one is logged in) if necessary.
221
222Cluster packages which are generally not of interest to private
223machine owners include:
224
225  * debathena-clusterinfo: Looks up the machine's cluster information
226    in Hesiod and caches it on local disk.
227
228  * debathena-larvnet: Reports to the central larvnet server whether
229    anyone has a graphical login to the machine.
230
231Release engineer: Bootstrapping the project infrastructure
232----------------------------------------------------------
233
234  1. Create the package repository (detailed instructions on this
235     pending).  Set the DEBATHENA_APT environment variable to point to
236     the package repository.  Put a copy of the debathena "scripts"
237     subdir in your path.
238
239  2. Create the build area.
240
241  3. Build each equivs package under meta/ using "equivs-build --full
242     *.equivs" and upload each with "daequivsupload *.changes".  This
243     has the side-effect of creating the basic structure of the
244     package repository.
245
246  4. Set up the build server.  The basic structure of the apt
247     repository must work for make-chroot to succeed, so this must
248     happen after step 3.
249
250  5. For each normal Debian package in dependency order, cd into its
251     directory in the build area and run "da sbuildhack *.dsc" and
252     "daupload-release *_source.changes".  If the package contains
253     only an "Architecture: all" binary package, pass the -A option to
254     both commands.
255
256     The all-packages script can generate an approximation of the
257     package list in dependency order, but it doesn't work right yet,
258     and ideally it would be possible to do several builds in parallel
259     using a Makefile like the one in scripts/build-server/build-all.
260     Improvements to this machinery are pending.
261
262  6. For each package under third, run "da ./debathenify-PKG source
263     binary upload".  Any created directories under third/openafs/meta
264     should be chmodded 777 to work around a perl/AFS permissions
265     issue with File::Temp; if this is not done, OpenAFS metapackage
266     builds will fail for other users.
267
268Release engineer: Updating the apt repository
269---------------------------------------------
270
271  1. ssh to the build server as the builder account and change to the
272     canonical build directory.
273
274  2. Run "gen-packages" to update the package list.  (Or "gen-packages
275     -c" if you know the AFS checkout of the source tree is up to date;
276     it should update every half hour.)
277
278  3. Run "ood-packages" to produce a list of out-of-date packages.
279
280  4. For each out of date package, run "dasource PKG".  Then change to
281     the package directory and run "da sbuildhack *.dsc" and
282     "daupload-release *_source.changes".  If the package contains
283     only an "Architecture: all" binary package, pass the -A option to
284     both commands.
285
286  5. svn update the meta directory.  If there are new subdirectories,
287     chmod them 777 to work around a perl/AFS permissions issue with
288     File::Temp.  For each updated subdir, change to it, run
289     "equivs-build --full *.equivs", and then "daequivsupload
290     FILENAME.changes" on the produced changes file.
291
292  6. svn update the third directory.  You can let autodebathenify
293     handle the updated scripts, or you can touch
294     ~/autodebathenify.suppress, make sure it's not running, and run
295     "da ./debathenify-PKG source binary upload" in each updated
296     directory.
297
298Sometimes you may have to mix up the order of the above steps in order
299to handle build dependencies.
300
301Release engineer: Setting up a build server
302-------------------------------------------
303
304  1. The build server must be installed with free space in an LVM
305     volume group.  The build chroots consume 2GB each.  There is a
306     known memory corruption issue with LVM snapshots in the kernel
307     used in Ubuntu Gutsy (which is based on 2.6.22), so use a newer
308     kernel such as the one in Ubuntu Hardy (based on 2.6.24) instead.
309
310  2. Install debathena-standard as per the the instructions in
311     http://debathena.mit.edu/install.
312
313  3. apt-key add /afs/dev.mit.edu/system/athena10/apt/athena10-archive.asc
314
315  4. Install the packages listed in
316     scripts/build-server/packages (using "aptitude install")
317
318  5. Install debathena-login, debathena-ssh-server, and
319     debathena-build-depends (using "aptitude install").
320
321     (Depending on how recently debathena-build-depends was rebuilt,
322     additional packages might need to be installed to satisfy the
323     build-depends of newer packages.  This can be taken care of later
324     when an error occurs building a source package.)
325
326  6. Edit /etc/security/access.conf and add a first line:
327     -:ALL EXCEPT root <developer usernames>:ALL
328
329  7. Edit /etc/pam.d/schroot, comment out "@include common-session",
330     and add:
331
332       # Basic pam_unix session module in place of common-session.
333       session required         pam_unix.so
334
335  8. Edit /etc/group and add the developers to the sbuild group.
336
337  9. Create /etc/passwd entries for each developer with "hesinfo
338     username passwd >> /etc/passwd" and then run pwconv.
339
340     (This is not necessary for the login system on the main root
341     environment, but is for the chroot environments.)
342
343  10. Append to /etc/approx/approx.conf the contents of
344       scripts/build-server/approx.conf.tail.
345      Change the last line from http://debathena.mit.edu/apt to
346       file:///afs/dev.mit.edu/system/athena10/apt
347      Add "$interval 0" above the repository lines (only necessary if
348       the version of approx as reported by "dpkg -l approx" is less
349       than 3.0)
350      Run: /etc/init.d/approx restart
351
352  11. Apply scripts/build-server/mount-defaults.patch.
353
354  12. For each supported DIST (see scripts/debian-versions.sh) run:
355
356        VG=/dev/blah scripts/build-server/make-chroot DIST i386
357        VG=/dev/blah scripts/build-server/make-chroot DIST amd64
358
359      substituting the name of the volume group for blah.  Omit the
360      amd64 line if DIST is sarge.
361
362      Example: VG=/dev/dink scripts/build-server/make-chroot gutsy i386
363
364  13. Create a local account for builder with:
365
366        adduser --uid 1047 --disabled-password builder
367
368      Make the home directory mode 700.  Install a
369      daemon/linux-build-10.mit.edu keytab in the home directory as
370      "keytab".  Install a copy of the secret repository-signing key
371      (athena10@mit.edu) in the home directory's keyring with
372      something like:
373
374        kinit builder
375        gpg --export-secret-keys athena10@mit.edu | \
376          ssh -l builder machinename gpg --import
377
378      Create a file named .sbuildrc in builder's homedir containing:
379
380        $nolog = 1;
381        $mailto = 'source-wash@mit.edu';
382        $log_dir = '/tmp/sbuild-logs';
383        $maintainer_name = 'Debian-Athena Project <debathena@mit.edu>';
384        $force_orig_source = 1;
385        $sbuild_mode = "user";
386        1;
387
388      Create a file named .ssh/config in builder's homedir containing:
389
390        Host svn.mit.edu
391          User debuildsvn
392
393      Add builder to the sbuild group in /etc/group.
394
395      Copy scripts/build-server/autodebathenify to builder's homedir.
396      Create a file named autodebathenify.config in builder's homedir
397      containing:
398
399        error_addr=source-wash@mit.edu
400        scripts_dir=/afs/dev.mit.edu/source/src-svn/debathena/scripts
401        build_dir=/afs/dev.mit.edu/project/release/10/build/third
402        packages="cyrus-sasl2-mit evolution-data-server lprng openafs tcsh"
403        export DEBATHENA_APT=/afs/dev.mit.edu/system/athena10/apt
404
405      Copy scripts/build-server/autodebathenify.cron to builder's
406      homedir and install it with "crontab autodebathenify.cron".
407
408      Create a file named .devscripts in builder's homedir containing:
409
410        DEBUILD_DPKG_BUILDPACKAGE_OPTS="-sa -us -uc -i -I.svn"
411
412      In builder's homedir, append to .profile:
413
414        PATH=${PATH}:/afs/dev.mit.edu/source/src-svn/debathena/scripts
415        export DEBATHENA_APT=/afs/dev.mit.edu/system/athena10/apt
416
417      and to .bashrc:
418
419        bld=/afs/dev.mit.edu/project/release/10/build
420
421Release engineer: Removing a build chroot on the build server
422-------------------------------------------------------------
423
424  1. Run VG=/dev/blah scripts/clean-schroots as root to make sure that
425     the build chroot is not mounted, substituting the name of the
426     volume group for blah.
427
428  2. Edit /etc/schroot/schroot.conf and delete the section
429     corresponding to the chroot.
430
431  3. Run lvchange -an blah/chrootname
432     substituting the name of the volume group for blah and the chroot
433     name for chroot.  Example: lvchange -an dink/gutsy-i386-sbuild
434
435  4. Run lvremove blah/chrootname
436
437Release engineer: Removing a dist from the apt repository
438---------------------------------------------------------
439
440  1. Inside the apt repository, edit conf/distributions and remove the
441     distribution section.
442
443  2. Run reprepro -Vb $DEBATHENA_APT --delete clearvanished
444
445Release engineer: Setting up a canonical build area
446---------------------------------------------------
447
448  1. Create an empty directory and cd into it.  The canonical build
449     area lives in /afs/dev.mit.edu/project/release/10/build.
450
451  2. Run gen-packages to create the table of normal Debian packages.
452
453  3. Run dasource to create subdirs and source packages for each
454     normal Debian package.
455
456  4. Create checkouts of the meta and third directories:
457
458     svn co svn+ssh://svn.mit.edu/athena/trunk/debathena/meta
459     svn co svn+ssh://svn.mit.edu/athena/trunk/debathena/third
460     chmod 777 meta/*
461
462     A couple of subdirectories of debathena/meta are normal Debian
463     packages, so this will create redundant copies of those.  Ignore
464     them; they won't be used.
465
466Release engineer: Adding a new suite
467------------------------------------
468
469This process is rarely performed and the infrastructure for it is
470imperfect.  Substitute the name of the new suite for "newdist" in all
471steps below.
472
473  1. Make sure the apt repository is up to date with respect to the
474     source tree for the existing dists.
475
476  2. Add the new dist to scripts/debian-versions.sh.  (It is not
477     necessary to add the new dist to codes at this point, but it must
478     be present in the gettag conditional.)
479
480  3. Create the new distribution in the apt repository's configuration
481     file.  Create the skeleton of the dist by installing at least one
482     equivs package from meta/ with "reprepro -Vb $DEBATHENA_APT
483     include newdistname file.changes".
484
485  4. On the build server, create a chroot for the new distribution as
486     documented above.  This may require downloading and installing a
487     more recent version of the debootstrap package from the
488     -backports dist corresponding to the build server's OS.
489
490  5. Set the DEBATHENA_BUILD_AREA environment variable to point to the
491     build area.
492
493  6. Fire up screen.
494
495  7. mkdir $DEBATHENA_BUILD_AREA/stamps.newdist.
496
497  8. cd into a checkout of debathena/scripts/build-server/build-all.
498
499  9. Edit Makefile (and check in the edit) so that suite is the new
500     distribution and psuite is the previously most recent Debian or
501     Ubuntu distribution.
502
503  10. Run "make deps.mk".
504
505  11. Run "make -k all STAMPS=$DEBATHENA_BUILD_AREA/stamps.newdist".
506      You can watch the builds happen in the other windows of the
507      screen session.  It's possible to do several builds at once with
508      make -j N.
509
510  12. debathenify packages will fail out; they must be built by hand.
511      When the build fails on one, cd into third/packagename in the
512      build area and run "./debathenify newdist-amd64 -A source binary
513      upload" and "./debathenify newdist-i386 binary upload".  Then
514      touch $DEBATHENA_BUILD_AREA/stamps.newdist/packagename.done" and
515      restart the build.
516
517      The newly created third/openafs/meta directories should be
518      chmodded 777 to work around a perl/AFS permissions issue.
519
520Release engineer: Maintaining autodebathenify
521---------------------------------------------
522
523autodebathenify is a cron job which runs hourly on the builder account
524and keeps the OpenAFS modules and modified packages under
525debathena/third up to date when there are upstream changes.  It relies
526on the following:
527
528  * builder@ATHENA.MIT.EDU has access to a local account named
529    debuildsvn on svn.mit.edu with read access to the athena
530    repository.
531
532  * builder@ATHENA.MIT.EDU has write access to the canonical build
533    area and apt repository in the dev cell.
534
535  * The builder account on the build machine has a copy of the signing
536    private key for the apt repository.
537
538The cron job will silently exit if it detects that it is already
539running.  If it fails for any other reason, it will send mail to
540source-wash@mit.edu and touch a file named autodebathenify.suppress
541which will prevent it from running again until manual intervention.
542It is important to get autodebathenify running smoothly or the apt
543repository will become out of date with respect to third-party
544packages, which in turn will compromise the user experience.
545
546Even if you don't notice failure mail, it's good to check on the
547status of autodebathenify from time to time.  To do this, get tickets
548as builder and ssh to linux-build-10 as builder.  Run "ls -l logs" to
549see what's been going on.  A logfile with size around 48K indicates
550that autodebathenify ran normally but didn't find any new work to do.
551A logfile with size around 60 means that autodebathenify.suppress
552exists and the cron job has stopped running.  A longer logfile
553indicates that autodebathenify attempted to build and upload a
554package.
555
556Possible failure cases include:
557
558  * One of the upstream apt repositories timed out during an "apt-get
559    update" of an sbuild chroot.  If this happens, you can just remove
560    the autodebathenify.suppress file to get the cron job to start
561    running again.
562
563  * autodebathenify tried to build an upstream version which already
564    exists.  If this happens, the build will fail at upload time.  If
565    this happens, there is a bug in the part of the debathenify-*
566    script which checks whether our apt repository already has the
567    expected version of the built package.
568
569  * Debian and Ubuntu have .orig files with the same name but
570    different contexts for a particular third-party package.  This has
571    only happened once, with bash (which is currently not configured
572    into autodebathenify for that reason).  We do not have a general
573    mechanism for resolving such issues at this time.
574
575  * The new upstream version of the package is sufficiently different
576    to cause our modifications to fail to apply, and our debathenify-*
577    script needs to be adapted appropriately.
578
579The cron job is run out of builder's home directory, but its canonical
580source location is in debathena/scripts/build-server in this
581repository, should it need to be modified.
582
583Release engineer: apt repository HTTP server setup
584--------------------------------------------------
585
586The apt repository server (athena10.mit.edu) is an ops virtual image
587with httpd and AFS installed.  At the moment, the only customization
588is two changes to /etc/httpd/conf/httpd.conf:
589
590  * The DocumentRoot is set to "/afs/dev.mit.edu/system/athena10".
591  * The Directory entry for /var/html/www is also changed to
592    "/afs/dev.mit.edu/system/athena10".
Note: See TracBrowser for help on using the repository browser.