Gentoo – initramfs with busybox, lvm and some more…

Preparations

mkdir -p /usr/src/initramfs/{bin,lib/modules,dev,etc,mnt/root,proc,root,sbin,sys}
cp -a /dev/{null,console,tty,sda*} /usr/src/initramfs/dev/

busybox

USE="static make-symlinks -pam -savedconfig" emerge --root=/usr/src/initramfs/ -av busybox

LVM
LVM provides already a static binary 🙂

cp /sbin/lvm.static /usr/src/initramfs/lvm

Apache2 & Jenkins & SSL

$JAVA_HOME/bin/java -DJENKINS_HOME=/var/lib/jenkins -Xms=512m -Djava.awt.headless=true -server -jar /var/lib/jenkins.war --httpPort=8080 --httpListenAddress=127.0.0.1 --ajp13Port=-1 --logfile=/var/log/jenkins.log
<VirtualHost *:443>
  ServerAdmin admin@example.com
  DocumentRoot "/srv/www/"
  ServerName jenkins.example.com

  SSLEngine On
  SSLVerifyClient none
  SSLVerifyDepth 3
  SSLCertificateFile /etc/ssl/example.crt
  SSLCertificateKeyFile /etc/ssl/example.key

  ProxyRequests Off
  ProxyPreserveHost On

  <Proxy http://127.0.0.1:8080/*>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass / http://127.0.0.1:8080/
  ProxyPassReverse / http://127.0.0.1:8080/

  <Location />
    Order allow,deny
    Allow from all
    AuthType basic
    AuthName Build
    AuthUserFile /etc/apache2/jenkins-http.user
    Require vaild-user
  </Location>

  Header edit Location ^http://jenkins.server/ https://jenkins.server/
</VirtualHost>

Note: Jenkins with AJP and SSL via Apache was not working…maybe a bug?

Gentoo – Jenkins startup script

Not the best but its working for me…maybe JENKINS_* and JAVA_OPTS can be moved to /etc/conf.d/jenkins or something else.

#!/sbin/runscript

depend() {
        use logger dns
        need apache2
        provide jenkins
}

JENKINS_USER=jenkins
LOCKFILE=/var/run/jenkins.pid

JENKINS_HOME=/home/jenkins
JAVA_HOME=/usr/java/jdk1.6.0_25

JAVA_OPTS="-DJENKINS_HOME=${JENKINS_HOME}/jenkins-home -Xmx512m -Djava.awt.headless=true -server"

JENKINS_OPTS="--httpPort=8080 --httpListenAddress=127.0.0.1 --ajp13Port=-1"
JENKINS_OPTS="${JENKINS_OPTS} --logfile=${JENKINS_HOME}/jenkins.log"

ARGS="${JAVA_OPTS} -jar ${JENKINS_HOME}/jenkins.war ${JENKINS_OPTS}"

start() {
        ebegin "Starting ${SVCNAME}"
        start-stop-daemon --user ${JENKINS_USER} --make-pidfile --pidfile ${LOCKFILE} \
        --background -1 ${JENKINS_HOME}/jenkins-console.log -2 ${JENKINS_HOME}/jenkins-console.log \
        --start --exec ${JAVA_HOME}/bin/java -- ${ARGS}
        eend $?
}

stop() {
        ebegin "Stopping ${SVCNAME}"
        start-stop-daemon --stop --pidfile ${LOCKFILE} --exec ${JAVA_HOME}/bin/java
        eend $?
}

Gentoo and libvirt-0.9.12

Yesterday i’ve started the update process for my system…so far, so good.

After a while emerge finished successfully…of course with a lot of messages, even some messages (from libvirt) that in my kernel config some features are missing e.g.

[...]
CONFIG_DEVPTS_MULTIPLE_INSTANCES
CONFIG_VETH
CONFIG_MACVLAN
CONFIG_NETFILTER_XT_TARGET_CHECKSUM
CONFIG_NETFILTER_ADVANCED
CONFIG_BRIDGE_NF_EBTABLES
[...]

As usually i’ve ignored these messages 🙁 After a reboot i try’d to start one of my several VMs – without success. Only with a error message

Could not access KVM kernel module: Permission denied 
failed to initialize KVM: Permission denied 
No accelerator found!

Uhm what is this now? I’ve try’d to start qemu-kvm on a shell..that worked. So it must be anything with libvirt and qemu-kvm. After some research on my system i’ve found out that qemu-kvm try’d to start the VMs as the user qemu but /dev/kvm belongs to root:kvm.

Adding the user qemu to the group kvm should help

gpasswd -a qemu kvm

Maybe this is Bug in the ebuild file!?

Gentoo / ArchLinux – NetworkManager and policykit

If you want to use the NM (especially the nm-applet) in Gentoo or ArchLinux, you have to grant the user to access the NM. Therefor you create the following file

# cat /etc/polkit-1/localauthority/50-local.d/org.freedesktop.NetworkManager.pkla 
[nm-applet]
Identity=unix-group:plugdev
Action=org.freedesktop.NetworkManager.*
ResultAny=yes
ResultInactive=no
ResultActive=yes

Thats necessary because polkit-auth was removed from the policykit package. Also you must add the user to plugdev group

# usermod -a -G plugdev $USERNAME

Gentoo Binary Packages

GCC (4.5.3) flags for

* Intel(R) Core(TM) i7 CPU M 620
* Intel(R) Core(TM) i7 CPU 920
* Intel(R) Core(TM)2 Duo CPU T7700
CFLAGS="-march=core2 -mtune=generic -O2 -pipe -msse -msse2 -msse3 -mssse3 -msse4.1 -msse4.2 -msse4 -mmmx"
CXXFLAGS="${CFLAGS}"
CHOST="x86_64-pc-linux-gnu"

USE flags

USE="64bit X a52 aac alsa apng bash-completion bluetooth chroot
     connection-sharing consolekit dbus dhcpcd dts dvb dvd extras faac ffmpeg
     fontconfig gcj gif gnutls gpg graphics gtk gudev icu imap iproute2 iscsi
     jpeg kpathsea lame lvm mmx mp3 mysql network networkmanager ogg opengl
     perl pkcs11 png policykit pstricks pulseaudio python qemu resolvconf sasl
     sdl smtp spice sse sse2 ssl tiff truetype udev vim-syntax virt-network
     vorbis wifi x264 xcb xvid -kde -qt4 -ruby"

additional flags

MAKEOPTS="-j10"
FEATURES="buildpkg"
VIDEO_CARDS="intel"
LINGUAS="en de"
INPUT_DEVICES="evdev keyboard mouse synaptics"
QEMU_SOFTMMU_TARGETS="x86_64 arm i386 ppc ppc64 sparc sparc64"
QEMU_USER_TARGETS="arm i386 ppc ppc64 sparc sparc64 x86_64"

Usage
Host system http://mirror.devnu11.net/gentoo/

PORTAGE_BINHOST="http://mirror.devnu11.net/gentoo/packages/"
FEATURES="getbinpkg"

If you still need more information? Ask!