From 7e99863c301b535b6225a490c7acae58883c368c Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Wed, 29 Mar 2017 09:59:01 +0200 Subject: Setup /build/tftp size-limited tmpfs, make accessible via TFTP --- bootstrap | 1 + doc/manual.cli | 41 +++++++++++++++++++++++++++++++++++++++++ init | 17 +++++++++++++++++ 3 files changed, 59 insertions(+) diff --git a/bootstrap b/bootstrap index c8707f6..7c82c18 100755 --- a/bootstrap +++ b/bootstrap @@ -150,6 +150,7 @@ if [ "$stage" -eq "1" ]; then pkgs+=",ifupdown,bridge-utils,dnsmasq,ntp,postfix" pkgs+=",iputils-ping,wget,curl" pkgs+=",openssh-client,openssh-server" + pkgs+=",tftp-hpa,tftpd-hpa" pkgs+=",less" diff --git a/doc/manual.cli b/doc/manual.cli index eaf8d93..04227f9 100644 --- a/doc/manual.cli +++ b/doc/manual.cli @@ -31,6 +31,47 @@ normally containers but can also be long-running virtual machines. Inside virtual machines/containers, \c{bbot} and \c{bslave} run in the \i{worker mode} and receive \i{build tasks} from their respective agents. +\h1#arch|Architecture| + +Build OS root filesystem (\c{rootfs}) resides entirely in RAM with all changes +(such as installation of the \c{build2} toolchain} discarded on the next +reboot. A small amount of persistent (but not precious) state is stored in +\c{/state} (see \l{#config-storage-state State}). + +After booting the kernel, the Build OS execution starts with a custom \c{init} +script which performs low-level configuration and setup and then hands off the +initialization to \c{systemd}. At the end of \c{systemd} startup the Build OS +monitor script (\c{buildos}) is started as a \c{systemd} service. On startup +this script bootstraps the \c{build2} toolchain, builds the \c{bbot} package, +and starts it (as another \c{systemd} service) in the agent mode. After that +the monitor starts monitoring for OS and toolchain changes. If either is +detected, the host is rebooted, which will trigger both booting the latest +OS and building of the latest \c{build2} toolchain and \c{bbot}. + +@@ TODO: init steps. + +The monitor service (and \c{bbot} that it starts) are executed as the +\c{build} user/group. The home directory of this user is \c{/build}. It has +the following subdirectories: + +\ul| + +\li|\n\c{/build/tftp}\n + + A size-limited \c{tmpfs} filesystem that is used to communicate with build + machines as well as for build host log access. + + This directory is read-accessible via the TFTP server running on the default + port. A \c{bbot} agent also makes sub-directories inside this directory + temporarily write-accessible to build machines by running custom instances + of the TFTP server on other ports.| + +\li|\n\c{/build/machines}\n + + Contains virtual machines and containers. See \l{#config-storage-machines + Machines} for details.|| + + \h1#boot|Booting| \c{buildos} is normally booted from the network using PXE but can also be diff --git a/init b/init index 8714955..e189bbc 100755 --- a/init +++ b/init @@ -357,6 +357,13 @@ if [ -z "$machines" ]; then error fi +# Create /build/tftp. We make it a size-limited tmpfs since potentially- +# compromized VMs will be able to upload to. +# +mkdir -p /build/tftp +o="nodev,noexec,nosuid,size=200M,mode=0755,uid=$(id -u build),gid=$(id -g build)" +echo "tmpfs /build/tftp tmpfs $o 0 0" >>$fstab + # Configure Postfix. # cat <<<"$hname" >/etc/mailname @@ -410,6 +417,16 @@ if [ -n "$ssh_key" ]; then chmod 600 /root/.ssh/authorized_keys fi +# Configure the TFTP server (tftpd-hpa). +# +# We could have ran it as user 'build' but since it is read-only, the default +# user 'tftp' works just as well. Note that by default it is running chroot'ed +# (--secure) so no symlinks pointing outside /build/tftp will work. +# +sed -r -i \ + -e "s%^(TFTP_DIRECTORY).*%\1=\"/build/tftp\"%" \ + /etc/default/tftpd-hpa + # Hand off to systemd. But first arrange to keep console output (which # becomes tty1). # -- cgit v1.1