This repository contains a Makefile and set of Gentoo assets assisting small scientific groups in the creation of their own subject-specific Linux "micro-distirbution" in a way pretty close to LFS, but with means and benefits of Gentoo Portage system.
Although our scientific group currently using the images produced by these scripts, some settings/scenarios here are hardcoded (see TODO at the end of this note). So far it should be considered as a boilerplate by side user rather than a generic-purpose distro.
The goal of this initiative is to gain customization freedom available within custom made Linux build (close to Linux from scratch) by the price of binary package-based distributive at the user side.
This repository provides:
- A recipes to build an environment layer for pre-compiled packages
production. This base image should be then considered as a factory image, or
"farm" (this is where "binfarm" came from). The binfarm image effectively is
just a customized Gentoo
stage3image. Once the basic environment is clamped by particular binfarm release, the binary packages may be then built and published for the purpose of fast assembling a Docker image for particular purpose. - A boilerplate recipe(s) for building a number of packages. Once built, these packages can be then exploited for assembling a subject-specific docker images.
This way we tend to follow the Docker idea of making layered images. Pretty close like with classic binary package-based distro like RHEL, Debian, etc., the new image can be assembled from base image and a bundle of binary packages in reasonable amount of time. However, making the base layer (binfarm) we still leave as much of customization opportunities as original Gentoo Linux distirbution can offer.
One may think of the binfarm as if it is a classic binary-package-based
repo (RHEL, Debian) of certain version, but driven by emerge instead of
yum/dnf/apt. Benefits:
- Some set of pre-built packages is available to speed-up the initial deployment; one can easily customize and deploy bootstrapping distro image for specific needs together with own overlays/binary package repositories.
- From-source builds are available as well, by the elaborated means of portage EAPI.
Drawbacks:
- To customize the images one need to know basics of Gentoo system administration.
- To establish own souce code overlays with their own ebuilds one have to be familiar with Portage's ebuilds.
To get started, one have to imagine a list of packages relevant to their subject area, provide the corresponding Gentoo packages configuration.
Besides of demonstration, the side purpose of this repository is to provide robust and modern environment for analysis and simulation task of High-Energy Physics (HEP). It is quite common effort (see, e.g. FairSoft), however we are aiming a slightly different priorities.
Users are encouraged to override the configurations for their specific needs others than HEP, of course...
It is crucial for most of the systems by security reasons to isolate container management activities. We do solve this by introducing a dedicated no-login user:
# useradd -M collector # create the user named `collector'
# usermod -L collector # set this account to be no-login
# gpasswd -a collector docker # grant `docker' group privelegies to user
If last command indicates, there is no docker group, you probably need to
create it manually and let the docker service know then:
# groupadd docker
# service docker restart
If your user and collector have to share the same dir, e.g. when you're making
changes in this repository you may consider adding your account to group
collector and changing owning rule for the current directory to allow both,
you and collector user, to write there. It will allow you to edit
configuration files from within your user session while collector will be
responsible for building the stuff:
# gpasswd -a ${USER} collector
# adduser collector ${USER}
# gpasswd collector ${USER}
$ newgrp collector
$ chown ${USER}:collector .
Note: you probably would like to re-login to restore your primary group after
newgrp that switches your current primary group.
Although the Gentoo community maintains Docker image for their stage3 archive
being built automatically,
we do need an additional layer over the stage3 with some possible kludges to
circumvent native Dockerfile restrictions (SYS_PTRACE, extended SELinux
attributes, etc). Albeit this is not the case nowadays this place must be
foreseen.
Note, that the portages snapshot on the docker volume was noticed to introduce a significant performance drop on some systems (see notes section of this readme).
To implement this we introduce the binfarm image is derived from
Gentoo's stage3 tarball with some minor system-wide customization applied.
This basic customization acts more like native Gentoo profile (and may turn to
one in the future) and determines major traits of the build: debug information
vs. optimization, static builds, no-multilib, etc.
where:
- Binfarm is a bootrstrap image for subsequent builds.
- Subject images are base layers for containers producing the binary packages. Defines basic configuration for pre-built packages located on public repo. It is not supposed to be published on any registry.
- Custom image may be then quickly assembled by user or uploaded to registry, just like in case of ordinary binary package-based distro... but with much more impressive customization possibilities!
All these variables have their default values set in Makefile. One may override
them by editing the Makefile or by providing them in command line during make
invokation. Below is the list of most important common ones.
PORTAGE_TAGshould contain particular portage timestamp tag (like20200214). To see list of available tags, visit portages image page on dockerhub.PLATFORMmust correspond to one of the Gentoo's available platforms, likex86,x86-hardened,amd64,amd64-nomultilib,amd64-hardened, oramd64-hardened-nomultilib(see images on dockerhub page). WARNING: currently we do not use platforms other fromamd64, so setting it to different values may cause problems.STAGE3_TAGshould contain particularstage3timestamp tag (like20200214). To see list of available tags, visit correspondingstage3image page (e.g. for amd64.BINFARM_TYPErefers to one of dynamically-composed build configurations. Currently onlyoptanddbgare supported for optimized and debug versions of the binary farm environment.GENTOO_PROFILEshould be customized profile provided by your overlay. One may found ourq-crypt-hepoverlay being illustrative in that way. For detailed explaination of Gentoo profiles, see relevant Gentoo wiki page. Currently, profile name is deduced fromBINFARM_TYPEvalue. One can utilize one of the system Gentoo profiles as well, of course.PKGS_LOCAL_DIRshall be the base directory where binary packages for particularm "farms" to be located (default is/var/hepfarm/pkgs).
For the rest of variables, see comments within the Makefile itself. Note the
variable PORTAGE_BINHOST -- this might be very useful to keep the
progress of packages already being built during the process of development
your own bundle (see Workflow section below).
Conceptually the make pkgs should do all the work, but there can be
(and most often are) troubles -- packages change, the Gentoo changes,
it is matter of luck to rely on automated builds. So far one have to perform
manual staging with:
$ make binfarm # few minutes, initial bootstrapping image
$ make hepfarm # few seconds, configure environment for building packages
$ make pkgs # few hours, build packages
$ make publish-pkgs # few minutes, upload built packages
$ make publish-image # few minutes, upload image to the registry
One can, of course, supply their own environment variables appending KEY=VALUE
pairs within the make command (see Makefile Variables section above). In
particular, once (some) packages were build within the pkgs target one would
be interested in PORTAGE_BINHOST variable that allows to avoid rebuilding of
packages being successfully built.
$ make pkgs PORTAGE_BINHOST=/var/cache/binpkgs
This way Portage will consume previously built binary packages from shared location.
- Break the "hepfarm" into pieces for incremental builds: need finer subject structure: MC, analysis, serving, etc.
- Clean-up targets: delete images, temporary files, etc.
- The management of
$(TMP_DIR)/root.$*.dwithin the targetcontext.%.d/root.d.tarsometimes weirdly omits rebuild. - Test the
pkg-srv.txttarget and localPORTAGE_BINHOSTbehaviour. - More
_GUARD_files to provide finer dependency tracking over virtual ones. - Remove
/var/db/repos/gentooportages tree from images uploaded to the hub/registry to save some size (for users images it might be safely restored from a portages snapshot).