Important: You are required to change your passwords used for Gentoo services and set an email address for your Wiki account if you haven't done so. See the full announcement and Wiki email policy change for more information.

OpenRC/Prefix

From Gentoo Wiki
Jump to: navigation, search

This work is a reponse to bug #196294.

The following guideline applies to a Gentoo Prefix on RHEL-5.6 amd64 and on Debian 6.0 amd64, for other setups it should be similar. Feel free to documents corner cases here.

Using heroxbd's overlay

This is a developer's overlay by heroxbd. The changes will be reviewed and included in the official tree gradually. As of Aug 11, 2012, the overlay includes sys-apps/portage-9999 (for keeping /etc/{init,conf}.d and fixing shebangs inside), sys-apps/openrc-9999 (for adding back Prefix support and exporting EPREFIX).

Let's add heroxbd's overlay with Layman from app-portage/layman,

user $ layman -a heroxbd

Make sure overlays from layman are effective,

File${EPREFIX}/etc/portage/make.confpopulate overlay in make.conf

...
source /gentoo/var/lib/layman/make.conf
...

replace /gentoo with your own $EPREFIX.

Details for playing with layman can be found at Layman.

install portage from the overlay

  • Default portage in prefix removes /etc/{init,conf}.d directories with prompts like
Codeebuilds with files into /etc/{init,conf}.d

* removed /etc/init.d and /etc/conf.d directories until bug #196294 has been resolved

emerge portage from heroxbd's overlay to disable this behavior.

root # emerge --autounmask-write =sys-apps/portage-9999
Note
sys-apps/portage-9999 is from git and provides no keyword. One easy way to unmask is autounmask feature of Portage, as the command line above.

install masked version of baselayout-prefix from the main tree

  • baselayout-prefix comes from baselayout-1, which has file-collision with openrc. emerge sys-apps/baselayout-prefix-1.12.14-r1 to remove the offending files.
root # emerge --autounmask-write =sys-apps/baselayout-prefix-1.12.14-r1
Note
sys-apps/baselayout-prefix-1.12.14-r1 is masked for testing. One easy way to unmask is autounmask feature of Portage, as the command line above.

Getting openrc-9999 emerged on prefix

(optional) using an external service supervisor

Usually, OpenRC starts process in background via start-stop-daemon. This custom comes from the BSD world, and have intrinsic drawbacks as discussed by GreyCat. To track the status of service reliably and restart critical services (e.g. remote shell daemon on a headless server) when accidentally killed, a process supervisor may be used.

There is an experimental support of OpenRC to work together with runit.

To try this out, enable the runit USE flag for OpenRC,

File${EPREFIX}/etc/portage/profile/package.userunit USE flag for OpenRC

...
sys-apps/openrc runit
...

first trial

openrc is not out of box now, first attempt

root # emerge --ask =sys-apps/openrc-9999
These are the packages that would be merged, in reverse order:

Calculating dependencies... done!
[ebuild  N    *] sys-apps/openrc-9999::prefix-openrc  USE="ncurses unicode -debug (-pam) (-selinux) -static-libs" 0 kB
[ebuild  N    *]  sys-libs/glibc-9999::tauon  USE="-debug -gd -glibc-omitfp (-hardened) (-multilib) -profile (-selinux) -vanilla" 0 kB
[ebuild  N     ]  virtual/init-0::gentoo  0 kB
[ebuild  N    *]   sys-apps/sysvinit-2.88-r3::gentoo  USE="(-ibm) (-selinux) -static" 104 kB
[nomerge       ] sys-libs/glibc-9999::tauon  USE="-debug -gd -glibc-omitfp (-hardened) (-multilib) -profile (-selinux) -vanilla" 
[ebuild  N     ]  sys-libs/timezone-data-2012c::gentoo  USE="nls" 334 kB
[blocks B      ] <sys-apps/util-linux-2.20 ("<sys-apps/util-linux-2.20" is blocking sys-apps/sysvinit-2.88-r3)

Let's eliminate the blocks.

glibc and sysvinit

In Gentoo Prefix, glibc and sysvinit are supposed to be provided outside Prefix by host OS. Let's tell portage that we have any version of glibc and sysvinit she wants:

File${EPREFIX}/etc/portage/profile/package.providedExample for providing glibc and sysvinit from outside

sys-libs/glibc-9999
sys-apps/sysvinit-9999

now it we can go on,

root # emerge --autounmask-write =sys-apps/openrc-9999
Note
sys-apps/openrc-9999 is from git and provides no keyword. One easy way to unmask is autounmask feature of Portage, as the command line above.

Example: tinc

tinc is a decentralized VPN. A tinc started from Gentoo Prefix can serve as a relay node in the VPN, if tun/tap is not available for normal user.

emerge tinc, or re-emerge to get its {init,conf}.d files back with our new portage

root # emerge --ask tinc

prefixify init script

root # for d in usr var etc; do sed -i "s,/${d},${EPREFIX}/${d},g" ${EPREFIX}/etc/init.d/tincd; done

fire up tincd from OpenRC

Make necessary changes in ${EPREFIX}/etc/conf.d/tinc.networks and ${EPREFIX}/etc/tinc according to your specific setup.

Add tincd into default runlevel

root # rc-update add tincd default

Finally we are done with

root # rc default
 * Starting tinc VPN networks ...
 * Starting tinc network manifold ... [ ok ]
 * Starting local                     [ ok ]

Example: nginx

nginx is a small, robust and high-performance web server.

Emerge nginx, or re-emerge to get its initd and confd files back with our new portage:

root # emerge --ask nginx

prefixify init script

root # for d in usr var etc; do sed -i "s,/${d},${EPREFIX}/${d},g" ${EPREFIX}/etc/init.d/nginx; done

prefixify nginx.conf

root # for d in usr var etc; do sed -i "s,/${d},${EPREFIX}/${d}," ${EPREFIX}/etc/nginx/nginx.conf; done

normal privilege

  • remove "user nginx nginx;" from the first line of ${EPREFIX}/etc/nginx/nginx.conf
  • You cannot listen on port 80 without root privilege. Change it to 8008,
File${EPREFIX}/etc/nginx/nginx.conflisten on 8008

...
http {
    ...
    server {
        ...
        listen [::]:8008;
        ...
    }
    ...
}

add nginx to default runlevel and fire up

root # rc-update add nginx default
root # rc default
 * Checking nginx' configuration ... [ ok ]
 * Starting nginx ...                [ ok ]
root # netstat -nlp | grep nginx
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp6       0      0 :::8008                 :::*                    LISTEN      570/nginx: master p

See also

External resources

Benda's OpenRC page