Poudriere in a jail
From TykWiki
Jump to navigationJump to search
- Create a normal ezjail
- Create a ZFS dataset for the jail
$ sudo zfs create -o jailed=on tyktank/poudriere
- Change settings in ezjail config
export jail_poudriere_tyknet_dk_zfs_datasets="tyktank/poudriere" export jail_poudriere_tyknet_dk_parameters="children.max=100 allow.mount allow.mount.tmpfs allow.mount.devfs allow.mount.procfs allow.mount.zfs allow.mount.nullfs allow.raw_sockets allow.socket_af allow.sysvipc allow.chflags enforce_statfs=1 ip6=inherit ip4=inherit"
- Add needed kld modules to rc.conf (and load them manually)
kld_list="zfs aesni geom_mirror tmpfs linux linprocfs nullfs procfs fdescfs"
- Install needed ports
$ sudo portmaster www/nginx ports-mgmt/poudriere
- Create key and cert for signing packages
$ sudo mkdir -p /usr/local/etc/ssl/{keys,certs} $ sudo chmod 0600 /usr/local/etc/ssl/keys $ sudo openssl genrsa -out /usr/local/etc/ssl/keys/poudriere.key 4096 $ sudo openssl rsa -in /usr/local/etc/ssl/keys/poudriere.key -pubout -out /usr/local/etc/ssl/certs/poudriere.crt
- Create
/usr/local/etc/poudriere.conf
with the following contents:
ZPOOL=tyktank ZROOTFS=/poudriere FREEBSD_HOST=ftp://ftp.dk.freebsd.org RESOLV_CONF=/etc/resolv.conf BASEFS=/usr/local/poudriere USE_PORTLINT=no USE_TMPFS=yes DISTFILES_CACHE=/usr/ports/distfiles PKG_REPO_SIGNING_KEY=/usr/local/etc/pki/poudriere/poudriere.key NOLINUX=yes BUILDER_HOSTNAME=poudriere.tyknet.dk # https://gist.github.com/gynter/86ed7a6cae20927d6ef0 USE_MASTERMNT_HASH=yes
- The last line is not a default setting but one that is neccesary due to path length restrictions combined with jails. To make it work apply the patch in the link above.
- Create one or more jails for the versions you need to build for
sudo poudriere jail -c -j freebsd_10_3_amd64 -v 10.3-RELEASE
- Create (one or more) ports tree. I name the default tree "default" and if I want to experiment with, say, one of the quarterly ports trees, I'd name it as such.
sudo poudriere ports -c -p default