Skip to content
This repository has been archived by the owner on May 24, 2020. It is now read-only.

Build Pre-Post-Installed Images #41

Open
keomabrun opened this issue Oct 21, 2018 · 5 comments
Open

Build Pre-Post-Installed Images #41

keomabrun opened this issue Oct 21, 2018 · 5 comments

Comments

@keomabrun
Copy link
Member

A lot of the process that is happening during an install-party, that is, the installation of an InternetCube using install.labriqueinter.net is repeated in each installation. I would like to create InternetCube images that already ran the YunoHost post-install process to avoid repetition and reduce errors during installations.

To do so, I started modifying the image build script to run the post-install with default values. The idea is to only have to change some configuration during the install-party (user name and domain).

However, I run into issues during the post-install step.
The code of my latest attempt is available here:
https://github.com/keomabrun/build.labriqueinter.net
The only interesting adding is the following line:
chroot_deb $TARGET_DIR "yunohost tools postinstall -d foo.bar.labriqueinter.net -p yunohost --ignore-dyndns"

When I run this code, I run into the following error during the post-install:
Error: Unable to reach LDAP server

This might be because we are running in a chroot environment as documented here.
Because we are running in a chroot environment I can not assess the status of services, including slapd.

Should we use systemd-nspawn or lxc to build our images ?
https://superuser.com/questions/688733/start-a-systemd-service-inside-chroot
Note that the raspbian build script does not.

@pitchum
Copy link
Member

pitchum commented Oct 21, 2018

I've started testing your build chain in order to reproduce this LDAP issue.
If it's possible I'll give LXC a try to see if it does better than chroot.

@keomabrun
Copy link
Member Author

Thanks. If you or anyone go into that direction (LXC, containers), the first step is to make sure we can extract the output file system and make it an image.

@alexAubin
Copy link
Member

Thinking about this, I'm not really sure you can convert an LXC to an ISO image ? Naively I'd think an LXC is built to be ran as an LXC, but can't be turned into a bare-metal system. That might be the point of systemd-nspawn ? (i.e. taking any filesystem and turning it into an "alive" system...?) That's just an intuition though ...

@alexAubin
Copy link
Member

So I made a few tests tonight with systemd-nspawn.

I created a fresh Debian Stretch VPS. Note that :

  • the OS is important here - we need version of software not yet available on e.g. Mint. I also tried running this on Ubuntu Xenial and stopped because of some other reason I forgot...
  • you should have as few things installed on the machine as possible, as service might conflict between the host and guest ... (c.f. my very first trial using a yunohost instance as host which led to many issues)
  • i basically have no idea what i'm doing

Summary of the steps used :

# Get dependencies
apt install zip qemu-user qemu-user-static binfmt-support psmisc systemd-container

# Fetch and unzip orangepicpcplus image
wget https://build.yunohost.org/yunohost-stretch-3.0.0-orangepipcplus-stable.img.zip
unzip yunohost-stretch-3.0.0-orangepipcplus-stable.img.zip

# Mount image on 'mytest'
mkdir mytest
mount -o loop,offset=4194304 yunohost-stretch-3.0.0-orangepipcplus-stable.img mytest

# We need this for cross-containeurization?
cp /usr/bin/qemu-arm-static ./mytest/usr/bin/

# Annnd now for the black magic
systemd-nspawn -b -D mytest
# <the system should boot as in real life and then you should be able to log inside as a real tty ô.O>

During the boot, you might notice that a few service (e.g. dnsmasq) don't start properly for mystical reasons. But basically my understanding so far is that QEMU don't emulate 100% of everything to perfection. But you can at least run systemctl status slapd and see it's running (same for other service e.g. nginx).

Then I yolotried to postinstall and got :

root@orangepipcplus:~# yunohost tools postinstall
Main domain: yolo.swag
New administration password: 
Confirm new administration password: 
Error: [Errno 52] Invalid url https://dyndns.yunohost.org/domains (does this site exists ?)
Warning: dyndns_provider_unreachable
Installing YunoHost...
The configuration file '/etc/nsswitch.conf' is now managed by the service nsswitch.
Success! The configuration has been updated for service 'nsswitch'
The configuration file '/etc/nslcd.conf' is now managed by the service nslcd.
Success! The configuration has been updated for service 'nslcd'
Warning: Unknown host QEMU_IFLA type: 40
Warning: Unknown host QEMU_IFLA type: 41
Warning: Unknown host QEMU_IFLA type: 40
Warning: Unknown host QEMU_IFLA type: 41
Warning: Unknown host QEMU_IFLA type: 40
Warning: Unknown host QEMU_IFLA type: 41
Warning: Unknown host QEMU_IFLA type: 40
Warning: Unknown host QEMU_IFLA type: 41
Error: LDAP initialization failed to create admin user
Error: Installation failed

Not sure what those Unknown host QEMU_IFLA refer to ...and more importantly not sure why the LDAP cannot initialize the admin user ?

Naively I tried to investigate by re-running with --debug ... Surprisingly the postinstall went further than the admin-creation step (???) and configured a lot of things. Until the almost-final step of configuring the firewall at which point I got :

95866 DEBUG iptables seems to be not available, it outputs:
> iptables v1.6.0: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
> Perhaps iptables or your kernel needs to be upgraded.
95870 WARNING You cannot play with iptables here. You are either in a container or your kernel does not support it
96008 DEBUG ip6tables seems to be not available, it outputs:
> getsockopt level=41 optname=64 not yet supported
> modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.9.0-8-amd64/modules.dep.bin'
> modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/4.9.0-8-amd64
> ip6tables v1.6.0: can't initialize ip6tables table `filter': Memory allocation problem
> Perhaps ip6tables or your kernel needs to be upgraded.
96014 WARNING You cannot play with ip6tables here. You are either in a container or your kernel does not support it
96017 DEBUG action [2967.1] executed in 86.630s
96020 DEBUG lock has been released
96022 ERROR Unable to reload the firewall

Gotta dig moar...

@pitchum
Copy link
Member

pitchum commented Nov 4, 2018

I just managed to build an image with LXC too with changes in my fork: https://github.com/pitchum/build.labriqueinter.net/tree/replace-chroot-with-lxc
It's still untested though and now I think I must run it on an arm arch (on a cube) instead of an amd_64 VM.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants