Stork Tutorial
For a simple walkthrough of using Stork to manage package installation on a PlanetLab
system, use the following instructions:
1. Install Stork and Storkutil
2. Create a package
3. Create an identity
4. Modify the Stork configuration
5. Modify your Trusted Packages File
6. Set packages for installation using Pacman, or install manually
7. Upload files to the Stork repository
1. Installing Stork and Storkutil
To use Stork on your slice, you must run the Stork initscript from PlanetLab. Log into
PlanetLab, choose a slice, and select Add New Attribute. Select
pl_initscript, and then select arizona_stork2.
After finishing installation, download the Stork Enduser tarball and
unpack it to obtain the Stork enduser utilities. This tarball also includes a sample stork
configuration file, named sample-stork.conf which will need to be modified in order
to successfully use the stork utilities.
2. Creating a Package
Stork currently supports two types of packages: RPMs and tarballs.
Stork will install RPM packages according to the package scripts. RPMs
are generally suggested for complex installations, or where the package needs
to be installed outside of /root. However, for simple packages, it can be more
efficient to use a simple tarball package.
Creating a tarball package can be a great way to distribute your own
applications. With Stork, you can easily distribute your software to every
node that needs it. Stork also allows you to execute scripts before and
after you install or uninstall, making tarballs even more powerful.
Including scripts in your tarball is very simple. Just package
'.preinstall', '.postinstall', '.preremove', and/or '.postremove' scripts
along with your own files. Stork will automatically execute the script when
the user decides to install or uninstall your package. The scripts will run
from the same directory the tarball is unpacked (typically '/root/' or what
ever is defined to be the home directory). Note that these scripts are
completely optional.
For example, consider a simple directory called directory full
of dummy files, and also four scripts, .preinstall,
.postinstall, .preremove, .postremove. We can create a
simple zipped tarball by running the command:
tar -czf mypackage.tar.gz directory ...
Where "mypackage" is the name of the tarball to be created, and the
directory is the directory we wish to make into a package. Instead
directories, files can also be used.
Upon installing this package with
Stork, Stork will automatically run .preinstall, and will run
.postinstall after installation. This allows the package creator to
include scripts to confirm that installation is going to occur, and confirm
that it worked. Likewise, when the package is uninstalled, the preremove and
postremove scripts work in the same way.
3. Creating an Identity
To start using Stork's enduser utilities, you will first need to
create an identity. You can do this using the 'genpair' function. This
will create a private key and a public key, which will identify you and the
software you wish to distribute. The privatekey is used to sign the files
that Stork uses to install your software, so be sure to keep it safe. The
public key is distributed to all your nodes (and all others that wish to use
your software). Note that Stork will generate an error if you attempt to use
it before creating a pair of keys and setting it as your default identity.
To create your keys, just run the command:
./storkutil.py genpair USERNAME
where USERNAME is any username you desire. The username exsits
so that users can recognize each other without having to base interaction
solely on public and private keys. After running the genpair command,
Stork will ask you if you want this to be your default identity; if this is
your first time using Stork, it is best to set this key as your default. If
you've already created keys and would like to use those, you can use the
'storkutil.py setdefault USERNAME' command.
./storkutil.py genpair foo
Generated foo.privatekey...
Extracted foo.publickey...
Would you like to make 'foo' your default identity? (y/n) > y
'foo' is now your default identity
./storkutil.py genpair foo
Error: Key files for 'foo' already exist
|
or, if you have already created foo.privatekey and foo.publickey:
./storkutil.py setdefault foo
Previous Identity: someguy
'foo' is now your default identity
|
Be sure that the privatekey and publickey are in your current directory
while using storkutil. The publickey can be distributed to all your nodes
through the upload website.
Also, note that your public key is embedded in your TPFile filename, such that
the filename should be *publickey*Username.tpfile, without the *.
4. Configuration File
You will need to change the stork configuration file included in the
Storkutil tarball to match the
identity you created. Simply open up the file which should be named
sample-stork.conf and change the 'username = ' line
to match the username you chose for your keys. You will also need to modify the
'publickeyfile = ' line, to match the location of your publickey. By default, this should be
"publickeyfile = /usr/local/stork/var/keys/.publickey", where is the
name you generated your keys for.
You will need to distribute this
configuration file to all your
nodes through the upload website.
Note! The stork configuration file is different from the storkutil
configuration file. The setdefault command will appropriately change
the storkutil configuration file, but you will still need to change and distribute
the Stork configuration file manually.
5. Trusted Packages File
The Trusted Packages File (TPFILE) defines which files you trust to be autmoatically
downloaded and install. This helps your nodes stay secure and autonomous, as files will be
verified through a set of hash codes. Even if
two files share the same name, your nodes will only recieve the one that
matches the hash obtained when the Trusted Packages File was created
(preventing your nodes from downloading maliciously modified packages in the
repository). You are also allowed to trust other users, allowing your nodes
to accept packages from those users exclusively. This will let your nodes
download and install applications created by other users. Note that adding packages to
your TPFILE will not download the packages; it just notifies Stork which packages
you trust to be downloaded.
Adding a package to your tpfile:
To add a package to your tpfile, use the command
./storkutil.py
addfile FILE [FILE]...
where FILE is the location of the package you would
like to trust. If the tpfile does not exist, storkutil will create one for
you. Storkutil will look at the file, create a hash, and write it to your
tpfile. If you upload
the package to the repository and run
stork to install the package, your node will select your specific file and
install it.
For example, we will add packages 'package1' and 'package2'.
./storkutil.py addfile package1.tar.gz package2.tar.gz
No tpfile found for foo. Generating new tpfile.
File 'foo.tpfile' successfully signed
File 'foo.tpfile' has been copied to 'foo.~~~.tpfile'
Unembeded trusted packages file 'foo.tpfile' removed.
|
This script will run whenever Stork fails to find a trusted package
file for the default user. It will then continue to the regular package adding script:
Using trustedpackages file '~~~~.tpfile'
Successfully added file 'package1.tar.gz'.
Successfully added file 'package2.tar.gz'.
File '~~~.tpfile' successfully signed
|
Storkutil will automatically sign your trusted packages file using
your key. Also note that your TPFile will be named as your public key followed by
your username, with the .tpfile extension.
Viewing your tpfile:
Afterwards, we can look at the trusted packages file by running:
./storkutil.py view tpfile
Viewing: foo.~~.tpfile
TRUSTED PACKAGES FILE
ALLOW package1.tar.gz
ALLOW package2.tar.gz
|
We can confirm that the packages were added to our trusted packages
file in this way.
Removing a package from the tpfile:
You can remove a file from your TPFile, just use the 'removefile' command.
./storkutil.py removefile package1.tar.gz
Adding and removing trusted users:
Before adding a user to your TPFile, you will need to obtain their
publickey.
To trust users, you can use the adduser command:
storkutil adduser USER USER.publickey (allow|deny|any) AFFECTEDPACKAGES
Where USER is the name of the user you want to trust, followed by the
public key that user has made available. AFFECTEDPACKAGES is a pattern
that defines the packages you want to accept. If the tpfile does not exist,
storkutil will create one for you.
Examples:
storkutil.py adduser USER1 USER1.publickey allow user-4-2.tar.gz
storkutil.py adduser USER2 USER2.publickey deny java\*
storkutil.py adduser PlanetLab PlanetLab.publickey allow \*
storkutil.py adduser USER3
The first example shows how to accept a single package from the user
USER1. The second example will deny all files from USER2 that have the
pattern java*. The third example shows how to accept all packages from the
user PlanetLab (be sure to shell escape the * character instead of using * by itself).
Note that this is not necessary; the PlanetLab node is trusted by default when
a tpfile is created to allow default PlanetLab files to be installed,
and the PlanetLab publickey is included in the enduser tarball.
You can again use the view tpfile
command to see the contents of your TPFILE. You can also remove users using
the removeuser command.
./storkutil.py removeuser USER2
When you are done, you can upload the trusted packages file to your nodes
through the upload
website.
6b. Pacman
Stork's package manager (pacman) can help you manage your packages
across all your nodes. Rather than installing or uninstalling packages on
each of your nodes individually, you can assign your nodes to groups and
instruct stork to install or remove packages on those groups. Pacman
is therefore efficient to use when a package needs to be installed on
a large number of nodes. Pacman also allows packages to be automatically
updated when the package creator updates them in the repository; this
allows Stork to work near autonomously when set up for use.
Pacman uses two files; groups and packages. Using storkutil, you can create these two
files and upload them. Stork will then distribute these files to your nodes
and perform the tasks you assigned.
Pacman Groups
Your groups.pacman file allows you organize your nodes into separate
groups. You are allowed to include a node into a group or exclude a node
from a group. You can also include, exclude, or intersect groups with each
other. To define our groups, we can use:
./storkutil pacgroups (include|exclude|intersect|remove) group NAME [NAME...]
where group is the name of the group to be affected, and
NAME are the names of the nodes or groups to be included/excluded/removed.
We start by adding a node to a group. If a pacman group file for your
username does not exist, then storkutil will create a new one.
./storkutil.py pacgroups include myGroup foo1.node foo2.node
Using groups file: ./foo.~~~.groups.pacman
File Not Found, Creating New File
File './foo.~~~.groups.pacman' successfully signed
./storkutil.py view groups
Viewing: foo.~~~.groups.pacman
PACMAN GROUP FILE
GROUP: myGroup
INCLUDE: foo1.node
INCLUDE: foo2.node
|
Storkutil will automatically sign the file using your default private key
file, which you created when you generated your first key pairs. If
you want to use a username that is not your default, you can use the --username
option to work on a different file.
We can continue adding more data
into our group definitions. For instance, if we want myGroup to include all the
nodes in the group oldGroup, except for the node badNode which is a member of oldGroup,
we can run the following commands:
./storkutil.py pacgroups include myGroup oldGroup
./storkutil.py pacgroups exclude myGroup badNode
This means that installing a package to myGroup will install it to every node
included in oldGroup except for badNode.
We can remove groups or nodes from a group by simply using the remove
command, as such:
./storkutil.py pacgroups remove myGroup
If you want to
view the contents of the group file, you can use the view groups command in
storkutil, but you will first need to add a node to a group to generate a group file.
When you are done, you will need to upload the groups.pacman file to the Stork repository.
Pacman Packages
The packages.pacman file allows you to manage which packages to
install on which nodes. With the pacman packages file, you can tell a node
or group (as defined by your groups.pacman file) to install or
uninstall a package. To create and modify our packages file, we will use:
./storkutil.py pacpackages (node|group|all) NAME (install|remove|upgrade) PACKAGE
|
We can start by assigning a node to install a package. Be sure your
filename follows the pattern .packages.pacman, where the name is the
one your configured in your Stork configuration file. This will aid
your nodes in finding the correct group file to use. If the file you
specified does not exist, then storkutil will create a new one.
./storkutil.py pacpackages node planetlab.foo.edu install gnuchess
This will assign the planetlab.foo.edu node to install gnuchess.
We can also assign groups to install or remove packages:
./storkutil.py pacpackages group myGroup install lynx man gnuchess
This command will tell myGroup to install the lynx, man, and gnuchess packages
in all the nodes in the group.
We can also instruct Pacman to install packages on multiple nodes without grouping them,
using the all command:
./storkutil.py pacpackages all install gnuchess
Note that in this example, the group and node commands are replaced
with all command, and also that there is no group or node name required. This command
will instruct Stork to install gnuchess on every node to which the packages.pacman file is distributed.
Using the upgrade command, Stork will also instruct all nodes in a group
to update a preexisting package:
./storkutil.py pacpackages group myGroup upgrade gnuchess
This will instruct all myGroup nodes to upgrade gnuchess when necessary.
Storkutil will automatically sign the file using your default private key
file, which you created when you generated your first key pairs.
If you want to work using a different set of keys and files, you can use the
--username option.
You can view the contents of your package file using the view packages
command. When you are done,
upload your Pacman config file to the Stork repository.
6a. Manual Install
To manually install a package on a node, simply run the command Stork
followed by the package name, from root. For instance:
./stork.py gnuchess
will install gnuchess on the node on which it is run. To install gnuchess
on three separate nodes, then, the user would need to log into each node
separately and run Stork gnuchess on that node. This is an efficient way
to install packages when the package only needs to be installed on a single or small
number of nodes.
7. Uploading to the Repository
The Stork repository upload site is located at:
https://stork-repository.cs.arizona.edu .
From this site, you can upload packages,
your public keys, your
Stork configuration file,
trusted packages files, and pacman files
(both groups.pacman and packages.pacman files). All of these files will need
to be uploaded to the repository in order for Stork to work correctly with your
nodes.
|