This tutorial will show you how to setup pmanager to do role based package management on FreeBSD using tinderbox to generate binary packages for installation.
Contents |
You will require the following packages installed on your build system.
You should follow the installation instructions for tinderbox up until you get to the point where you will be creating stuff in it.
You can checkout the tinderbox side of the package management scripts as follows.
svn co http://svn.tomjudge.com/freebsd/tinderbox /usr/local/package_mangement
Change directory to the script installation and log into mysql:
cd /usr/local/package_management mysql -uroot -p
Next you need to create the database, populate it and grant the management user access to it and the tinderbox database:
CREATE DATABASE package_management; USE package_management; \. db.sql GRANT ALL ON package_management.* TO pmanager@localhost IDENTIFIED BY 'pmanager'; GRANT ALL ON tinderbox.* TO pmanager@localhost IDENTIFIED BY 'pmanager';
Now you need update manager.conf to reflect and changes that you made from the above examples.
Next we need to prepare the tinderbox to create our packages. We will be building packages for 2 releases (7.3-RELEASE and 8.1-RELEASE) in this example.
Note: Its assumed that you installed tinderbox in /usr/local/tinderbox through out this document.
cd /usr/local/tinderbox/scripts ./tc createJail -j 8.1-RELEASE -t 8.1-RELEASE -u LFTP -H ftp.freebsd.org ./tc createJail -j 7.3-RELEASE -t 7.3-RELEASE -u LFTP -H ftp.freebsd.org
Once this has finished we need to create a ports tree for the releases to build packages from:
cd /usr/local/tinderbox/scripts ./tc createPortsTree -p production -u CSUP -d "Production Ports Tree"
Now that the tree is in the tinderbox we need to register it and the packages with the build manager:
cd /usr/local/package_management ./pmanager addPortsTree --name=production --path=/usr/local/tinderbox/portstrees/production/ports ./pmanager updatePortsTree --name=production
Now we need to create the package builds and register them with the system:
cd /usr/local/tinderbox/scripts ./tc createBuild -b 8.1-Production -j 8.1-RELEASE -p production-ports -d "8.1 Production Build" ./tc createBuild -b 7.3-Production -j 7.3-RELEASE -p production-ports -d "7.3 Production Build" cd /usr/local/package_management ./pmanager addBuild --name=8.1-Production --ports-tree=production ./pmanager addBuild --name=7.3-Production --ports-tree=production
Now that we have told the system about the build environments that we have we can proceed with setting up the roles that servers will belong to and what packages will exist in those roles. I will be creating 2 roles:
You will need to read the tinderbox documentation on how to setup the options files. I have assumed you have configured it to use /options (relative to tinderbox root).
First we need to create the options structure:
cd /usr/local/tinderbox mkdir options mkdir options/8.1-Production mkdir options/8.1-Production/php5 mkdir options/7.3-Production mkdir options/7.3-Production/php5
Now place a file called options in each of the php5 directories containing the following:
WITH_APACHE=yes
First we need to register the roles with the system:
cd /usr/local/package_management ./pmanager addRole --name="Web Server" ./pmanager addRole --name="Database Server"
Now we can add the packages to the roles:
./pmanager addPackageToRole --role="Web Server" --package=lang/php5 --build=7.3-Production ./pmanager addPackageToRole --role="Web Server" --package=databases/php5-mysql --build=7.3-Production ./pmanager addPackageToRole --role="Web Server" --package=lang/php5 --build=8.1-Production ./pmanager addPackageToRole --role="Web Server" --package=databases/php5-mysql --build=8.1-Production ./pmanager addPackageToRole --role="Database Server" --package=databases/mysql51-server --build=7.3-Production ./pmanager addPackageToRole --role="Database Server" --package=databases/mysql51-scripts --build=7.3-Production ./pmanager addPackageToRole --role="Database Server" --package=databases/mysql51-server --build=8.1-Production ./pmanager addPackageToRole --role="Database Server" --package=databases/mysql51-scripts --build=8.1-Production
Note: Due to setting the option for php5 it will pull in the apache port as a dependency, if you wish to specify a different apache port you should set APACHE_PORT in the tinderbox env file for your build.
For build flexibility it is possible to build different package sets for the same role based on different ports trees. Obviously you will need to create a build for the other ports trees both in your tinderbox and using the pmanager command.
You can run the following command to show the information about a role in the system:
./pmanager showRole --name="Web Server"
Now we have to add our hosts to the roles that they will be in:
First we have to register the hosts with the system:
./pmanager addServer --name=web1.example.com ./pmanager addServer --name=web2.example.com ./pmanager addServer --name=db1.example.com ./pmanager addServer --name=db2.example.com ./pmanager addServer --name=dev.example.com
Now we can add the hosts to their roles:
./pmanager addServerToRole --server=web1.example.com --role="Web Server" ./pmanager addServerToRole --server=web2.example.com --role="Web Server" ./pmanager addServerToRole --server=dev.example.com --role="Web Server" ./pmanager addServerToRole --server=db1.example.com --role="Database Server" ./pmanager addServerToRole --server=db2.example.com --role="Database Server" ./pmanager addServerToRole --server=dev.example.com --role="Database Server"
Now you have created some roles with some servers and some packages in them its time to ask the system to build them. This stage is very simple:
./pmanager cronThis function is designed to be run from cron and is wrapped up in a script so that it can't run more than once at a time in cron.sh in the distribution.
You can follow your systems build progress using the tinderbox web interface.
First we need to grant access to the databases for the servers that will be running the agent. On example network all servers are in 192.168.0.0/24.
GRANT USAGE ON *.* TO 'pmanager_agent'@'192.168.0.0/255.255.255.0' IDENTIFIED BY 'pmanager_agent'; GRANT SELECT ON `package_management`.* TO 'pmanager_agent'@'1192.168.0.0/255.255.255.0'; GRANT SELECT ON `tinderbox`.* TO 'pmanager_agent'@'1192.168.0.0/255.255.255.0';
All of the servers also require the following ports installed:
You should deploy the pmanager_agent to all hosts that you want to install packages on automatically. You will also need to copy pmanager_agent.conf to /usr/local/etc/ and adjust it to match your server configuration.
Once you have done this you can run pmanager_agent by hand or add it to the root's cronttab.
The agent is compatible with cfengine, in order to make it work from your action sequence you need to install the agent into your cfengine modules directory (Default: /var/cfengine/modules) with the file name: module:installpkgs. Now you can add "module:installpkgs" (including quotes) to your actionsequence. and wait for cfengine to do its thing.
In order to take advantage of the special role to prevent package installation from inside cfengine you can set cfengine=1 in the pmanager_agent.conf. Then on hosts that have the class ROLE_NoAutoPackageInstallation defined no automated installation will take place.
./pmanager delServerFromRole --server=web2.example.com --role="Web Server"
./pmanager delPackageFromRole --package=www/apache22 --build=8.1-amd64 --role="Web Server"