Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

Imageserver plus

From Livedoc - The Documentation Repository
Jump to: navigation, search

Introduction

Imageserver Plus is an improvement upon the original Imageserver, a homegrown set of scripts that could push images to the workstations in the syslab via rsync. With this system, images had to be pushed manually onto an imageserver, and the workstation administrator had to run the pull command across a number of workstations at a time. Imageserver Plus aims to improve upon that by automating the imaging process, so that admin intervention is only necessary to fix problems that may crop up. Note that Imageserver Plus is designed for Gentoo Linux, and will not work with other distros without extensive tweaking. Use something like SystemImager instead. Really.

How it works

Imageserver has two functions: keep configuration files in sync among the workstations and rapidly deploy packages. The configuration files are kept in sync by rsyncing from the golden client, with the use of exclude files in order to keep the clients from copying files such as /etc/conf.d/hostname. The packages are deployed via prebuilt binary packages. With the current setup, the package deployment is a one-stage setup. Meson is set to sync and emerge new packages nightly, building them as binary packages. These packages are then synced to haimageserver:/var/export/staging as user goldenclient, authenticated by the host keytab. This repository is then synced by haimageserver to a read-only repository at /var/export/deployment. This is the repository from which the workstations pull binary packages. The workstations have an update script at /var/imageserver/bin/clientpull. They have a cron job which will run this at scheduled intervals, or an admin can run it manually to update the workstation. The script will rsync the world file from the golden client, then run emerge -KuDN world to update using only binary packages, and then run emerge @preserved-rebuild and emerge --depclean. The latter is to remove packages that are no longer in world (that is, they have been removed from the golden client) as well as any packages that are no longer required. It will then rsync several directories, including /etc, /root, and /boot, to the client workstation. Finally, it runs each script in /var/imageserver/scripts to set per-workstation attributes, such as whether to use an LVM or normal config and whether the workstation has a graphics card installed. Some workstations update nightly, while others update weekly; the former are differentiated by a red GDM theme, and are used to ensure that no problems appear in the main, weekly image.

What you need to do

If Imageserver Plus is not set up on a workstation, copy over /var/imageserver/ and run /var/imageserver/bin/clientpull manually. That should work. To emerge a new package, first emerge it on meson. Then, run the "updatehaimageserver" script in root's homedir. That will add it to the read-write repository, which is a staging area. To move it to the read-only deployment repo that the workstations pull from, ssh to haimageserver and run the "deployment" script in root's homedir manually. You can also wait until the next day, as meson runs the update after its nightly emerge anyway and haimageserver copies over the packages every morning. To initally image a workstation, use a CSL imager USB.

Imager USB

The imager USB is a customized Gentoo LiveUSB with a modified image.squashfs file. That file, which has the root filesystem that the live environment mounts, has been customized by the addition of rsync and nslookup, along with their respective required libraries. It also contains copies of /usr/csl and /var/imageserver in root's homedirectory, as well as two scripts, autoinstall and chrootscript. The former script deletes all existing partitions, automatically partitions the workstation using the current LVM setup, and then runs a modified version of the old imageserver to rsync a (hopefully) recent image from haimageserver onto the workstation. It then uses DNS to determine and set the workstation's hostname, then chroots into /mnt/gentoo and runs the latter script, "chrootscript," which runs a couple of basic scripts, syncs portage, and runs Imageserver Plus to bring the workstation fully up to date. As a warning, if Imageserver Plus is not run completely, then the workstation will believe that it is the golden client. After the image runs, the script will prompt for an administrator to copy over meson's /etc/shadow manually (not exported for security reasons) and generate a kerberos keytab.

The master image of the USB can be found on king, in /root/USBimage, and is used by following the Gentoo LiveUSB guide with the exception of copying USBimage over during the steps where the guide calls for you to use a Gentoo LiveCD ISO. The files that go into the custom image.squashfs are in /root/USBfiles. To generate a new version of the image.squashfs, delete the existing one from /root, run mksquashfs USBfiles/ image.squashfs, and copy the image into USBimage and onto any existing imager USBs. Take note, it is imperative that you only use the USBimage files and not the ISO files, because the ISO files have a different kernel version. In short, if you use a newer set of files, you need to completely rebuild the image.squashfs from scratch.

Tips and tricks

-Imageserver Plus will not image a workstation if the file /usr/csl/etc/noimage exists. Touch that file if you would like to keep a workstation from being imaged, such as if you have a specific program installed on it on a temporary basis, or are testing something.

-If changing make.conf, make sure you edit the .nogolden version as well. If editing the crontab for some reason, make sure that you get the .weekly and .daily versions.

-You can change the GDM theme by changing the tj symlink in /usr/share/gdm/themes.

-If you change the golden client, remember to update the keytab in goldenclient's .k5login on haimageserver.

-Put configuration files to be copied over in /usr/csl/etc/. This makes sure that we don't clutter the directories up by keeping a bunch of versions of the same file (i.e. the nagios config) in the same dir.