Developing RPM packages for RHEL/CentOS with VirtualBox and Vagrant

TL;DR: Build and test RPM packages on local virtual CentOS machines before deploying to RHEL.

We've recently delivered our first round of packages in a project where the customer is running Red Hat Enterprise Linux (RHEL). The default way of distributing software for RHEL and similar operating systems is by packaging it into an RPM file, and ship it.

Choosing a distribution for local development

As many other dev shops, we pretty much use Macs for workstations, with Debian on our servers, so getting into RHEL meant learning some new Linux ways, and figuring out how to practice packaging on local virtual machines (with VirtualBox and Vagrant).

First we tried installing RHEL locally on VirtualBox, and this worked fine, but we didn't want to impose ourselves with the enterprisey licensing deals of RedHat, as we only wanted to do local development and testing, and the entire operating system is open source after all. It suffices that our customer has a RHEL support license, so if we ever run into any serious problems, we can call for help that way.

Luckily, there are several distributions which are very similar to RHEL, but come with fewer shackles (basically because they've removed all RedHat trademarks). The ones we considered were:

* CentOS - a functionally compatible fork of RHEL - this is the one we chose in the end because it seems identical to RHEL - just the name and some branding differs.
* Scientific Linux - also a RHEL derivative - but we couldn't figure out why we should choose this one over CentOS. It seems it adds some features we didn't need.
* Fedora - an upstream distribution of RHEL, or a community edition, where new features get time to mature before they are merged into RHEL. Again, we didn't see the point of getting features which aren't available in our target environment anyway.

So we ended up using CentOS, but we did also find a lot of documentation for Fedora that was helpful for developing RPMs. Our customer was using RHEL 6.5, so we went with CentOS 6.5 (they follow the same versioning).

Setting up a local build/test environment

In order to build and test RPMs on our laptops, we needed to set up a production-similar set of virtual machines. We picked VirtualBox as a platform, and used Vagrant for instrumenting the machines. We've also used Vagrant in the past to test/develop Puppet provisioning for our Debian servers, but in this round it was a lot simpler. We just wanted the machines up and running, and have a common mount point where we could build and use the RPMs.

The target environment is, with a few simplifications, is pretty much like this:

  • A database server
  • Two clustered application servers
  • A load balancer/web server in front of the app servers

We can have Vagrant set this up for us by creating a Vagrantfile with this multi-machine configuration:

  1. Vagrant.configure("2") do |config|
  2. config.vm.box = "centos"
  3. config.vm.box_url = "https://github.com/2creatives/vagrant-centos/releases/download/v6.5.3/centos65-x86_64-20140116.box"
  4.  
  5. # do vagrant plugin install vagrant-hostmanager
  6. config.hostmanager.enabled = true
  7. config.hostmanager.manage_host = true
  8. # do `vagrant hostmanager` to refresh the /etc/hosts files
  9.  
  10. config.vm.define "web" do |web|
  11. web.vm.hostname = 'WEB-01'
  12. web.vm.box = "centos"
  13. web.vm.network "forwarded_port", guest: 8080, host: 8080
  14. web.vm.network "private_network", ip: "192.168.34.10"
  15. web.vm.synced_folder "~/projects/rpms", "/rpm_builds"
  16. end
  17.  
  18. config.vm.define "app1" do |app1|
  19. app1.vm.hostname = 'APP-01'
  20. app1.vm.box = "centos"
  21. app1.vm.network "forwarded_port", guest: 8080, host: 8081
  22. app1.vm.network "private_network", ip: "192.168.34.11"
  23. app1.vm.synced_folder "~/projects/rpms", "/rpm_builds"
  24. end
  25.  
  26. config.vm.define "app2" do |app2|
  27. app2.vm.hostname = 'APP-02'
  28. app2.vm.box = "centos"
  29. app2.vm.network "forwarded_port", guest: 8080, host: 8082
  30. app2.vm.network "private_network", ip: "192.168.34.12"
  31. app2.vm.synced_folder "~/projects/rpms", "/rpm_builds"
  32. end
  33.  
  34. config.vm.define "db" do |db|
  35. db.vm.hostname = 'DB-01'
  36. db.vm.box = "centos"
  37. db.vm.network "private_network", ip: "192.168.34.13"
  38. db.vm.network "public_network"
  39. db.vm.synced_folder "~/projects/rpms", "/rpm_builds"
  40. end
  41. end

I found the starting point for this VirtualBox image on http://www.vagrantbox.es. I also toyed around with creating our own base-box from the official CentOS distribution, but in the end the ready Vagrant box came with some default network configuration and VirtualBox additions ready to use.

The linked box is a "minimal" CentOS distribution, meaning that there's next to no packages installed on it already.

The most exotic part of our Vagrant configuration file is the hostmanager plugin. We want to use nice short hostnames for addressing the servers instead of IP-addresses, and these happen to be the same in production. This means that from the app-server, we can hardcode the DB server host to be 'DB-01', and it will work fine in both local dev and live servers. One can achieve this with manually editing /etc/hosts on every system, but it's much easier to enable the hostmanager plugin. It will update the /etc/hosts file on each virtual server, and on the host-system (the Mac).

Also note that with a multi-vm Vagrantfile like this, we can refer to each vm by its shorthand name, or leave it out to operate on all vms:

vagrant up # brings up all four machines
vagrant ssh app2 # ssh to the 2nd app server
vagrant reload db # reload vagrant configuration for db server

Also note that I mount the same folder in all machines: ~/projects/rpms - this is where I've got all our RPM-sources checked out (each RPM is one Git repository, for example ActiveMQ).

Making our CentOS machines similar to the target servers

Being based on some vagrant box already introduces some difference from the production servers, but beyond that we wanted to keep difference in installed packages to a minimum.

Normally, if you're starting off with a minimal CentOS, you probably want to install the "Base" package group like this:

yum groupinstall "Base"

The above command will install around 150 packages including stuff like perl, cron, sudo, wget, man pages and more.

In our case, we decided to avoid the base package, and imitate our target environment tinstead. I first exported a list of packges from the respective target server:

rpm -qa > rpm-list.txt

.. then transferred the rpm-list.txt to the local virtual machine:

sudo yum -y install $(cat rpm-list.txt)

The RPM building machine

Having set up the runtime environment above, I prefer using a distinct RPM-builder machine, configured in a separate Vagrantfile in another folder:

  1. Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  2. config.vm.box = "centos"
  3. config.vm.network "private_network", ip: "192.168.33.10"
  4. config.vm.network "public_network"
  5. config.vm.synced_folder "~/projects/rpms", "/rpm_builds"
  6. end

This is just a simple machine that also mounts the RPM folder. I use this machine for building the RPMs themselves (we also have a machine like this set up in Jenkins for building the RPMs automatically, but that's a topic for another blog-post).

The traditional way of building an RPM is to invoke rpmbuild and build the binary. But it's consider a somewhat cleaner approach to use Mock, which contains the build dependencies within chroots (sort of like isolated filesystems).

In order to prepare for using Mock on a server, some tools have to be installed first:

# as root:
wget http://fedora.mirrors.pair.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uivh epel-release-6-8.noarch.rpm
yum install fedora-packager
usermod -a -G mock vagrant # add user vagrant to group mock
ln -s /etc/mock/default.cfg /etc/mock/db.cfg #some different environments
ln -s /etc/mock/default.cfg /etc/mock/app.cfg #some different environments
ln -s /etc/mock/default.cfg /etc/mock/web.cfg #some different environments

Here's an example, building our activemq package:

cd ~projects/build-server #here's the Vagrantfile for the build machine:
vagrant ssh # ssh into the build machine
cd /rpm_builds/rpm-activemq

#clean up after previous builds:
rm -rf target
rm -rf SRPMS/*

#build new RPM into the relative 'target' directory
rpmbuild --define '_topdir '`pwd` -bs SPECS/activemq.spec
mock -r app --init
mock -r app --no-clean --resultdir=target SRPMS/*.src.rpm

Once the build is done, the RPM binary can be accessed from the target server (via the common mount):

cd ~/projects/target-environment #this is where I have run the Vagrantfile
vagrant ssh app1 # ssh into the first app server
sudo -i #become root
rpm -U /rpm_builds/rpm-activemq/target/activemq-5.9.1.noarch.rpm

And with that we have completed a roundtrip of building and installing an RPM!

RPM - a quick guide

rpm is a very powerful utility, not only for installing packages but also for inspecting and provisioning them. There are plenty of resources dedicated to RPM online, but I'll include our quick-guide here, as I kept coming back to it for our most used RPM-commands:

commandWhatExample
file <rpmfile> See name, version, arch, build number, etc of an rpm file (usually part of the rpm file name as well) > file activemq.rpm
activemq-5.9.1-1.el6.noarch.rpm: RPM v3.0 bin i386/x86_64 activemq-5.9.1-1.el6
rpm -U <rpmfile> Install/update package
--prefix Install in alternative location (requires relocatable package, see below)
--root For installing into a chroot environment (see below)
--nodeps Ignore dependencies when installing (anti pattern, but useful if you just want to quickly a crappy package to test something)
--nosignature Ignore checking signatures (anti pattern, but maybe useful if installing from our own custom repos)
-v Verbose (works on lots of commands)
rpm -e <packagename> Erase package
rpm -qi <packagename> Package info (note that packagename is not always = rpm filename). A name like activemq-5.9.1-1.el6.noarch can also be referenced as activemq-5.9.1 or activemq (leave suffixes out)
rpm -pi <rpmfile> Run query on an rpm file instead of packagename > rpm -ip activemq-5.9.1-1.el6.noarch.rpm
package activemq-5.9.1-1.el6.noarch is already installed
rpm -qa List all installed packages (handy with grep). Add --last to get them ordered by install (newest on top). > rpm -qa --last | less
rpm -q --changelog <packagename> Show changelog for package
rpm -qc <packagename> Show config files
rpm -ql <packagename> List all files
rpm -qs <packagename> List state of package files
rpm -ql --dump <packagename> Show all information about files
rpm -q --scripts <packagename> Show scripts (%post, %pre, and so on) for a package > rpm -q --scripts gnutls
postinstall program: /sbin/ldconfig
postuninstall program: /sbin/ldconfig
rpm -qR <packagename> Show dependencies (requires)  > rpm -q -R activemq
rpm -q --provides <packagename> Show what capabilities package provides
rpm -q --whatprovides <capability> Find which rpm provides some library or thingie. Useful when you want to know what packages can be installed to satisfy dependencies. > rpm -q --whatprovides "libssl.so.10(libssl.so.10)(64bit)"
openssl-1.0.1e-16.el6_5.4.x86_64
rpm -q --whatrequires <capability> Find which rpms uses a capability, file or package. Note that it only checks direct uses of a package. If you want a "full" report of uses of all capabilities and indirect use, use "yum remove package" and select no when prompted.
rpm -V <packagename> Show any changes (manually) made to the files from a package after installing > rpm -V activemq
S.5....T. c /etc/activemq/activemq.xml
rpm -qf <filename> What package installed some file
rpm -qa --queryformat '%instprefixes}\n' With what --prefix was a package installed > rpm -qa --queryformat '%{name}-%{version} %{instprefixes}\n' jdk
jdk-1.6.0_45 /var/dhlnl/java
rpm --querytags Shows all tags that can be used for -queryformat

For more information, have a look at man rpm or look across the chapter http://www.rpm.org/max-rpm/p111.html

Working inside chroot (jails)

We did research how to operate within chroots, and although it was a very interesting approach to deploying our packages, the customer didn't go for it in the end. I still use it some times when I want to try out something without setting up a new CentOS virtual machine:

For example, say I want to try out installing out httpd in a chroot (source/inspiration):

CHROOT=/var/chroots/httpd
mkdir -p $CHROOT/var/lib/rpm
rpm --rebuilddb --root=$CHROOT
wget http://ftp.hosteurope.de/mirror/centos.org/6.5/os/x86_64/Packages/centos-release-6-5.el6.centos.11.1.x86_64.rpm
rpm -i --root=$CHROOT --nodeps centos-release-6-5.el6.centos.11.1.x86_64.rpm
yum --installroot=$CHROOT update
yum --installroot=$CHROOT install -y rpm-build yum
cp $CHROOT/etc/skel/.??* $CHROOT/root
#for dns:
cp /etc/resolv.conf $CHROOT/etc/resolv.conf

#optional: for access to proc and dev:
mount --bind /proc $CHROOT/proc # obligatory for running java (allocating heap fails if not mounted)
mount --bind /dev $CHROOT/dev # used by apache/ssl

#enter shell using bash:
chroot $CHROOT /bin/bash -l
 
#If the some process cannot write to /dev/null, it could be that permissions are messed up. As root:
rm /dev/null
mknod -m 0666 /dev/null c 1 3
#(via http://itsmyxprience.blogspot.de/2009/04/devnull-permission-denied-error.html)

Summary and Resources

This guide barely scratches the surface of working with RHEL/CentOS andRPMs. There's still a lot to be said or written about yum, repositories, RPM specs, versioning and best practices, but I think this is enough for one blog-post. For those who want to learn more, here are some starting points:

Comments are closed.