Skip to content
Mark Theng edited this page Nov 27, 2017 · 18 revisions

Welcome to the Hyades wiki!

  1. Containers
  2. rkt
  3. Kubernetes
  4. Flannel
  5. The Key System
  6. Spire
  7. Spike
  8. Ceph and Faraday
  9. Debian Packaging
  10. Homeworld's Build Process
  11. Homeworld's Deployment Process
  12. Things You Can Do With Homeworld Right Now
  13. Spike's Architecture

TLS is used to authenticate connections. This means that everything must have their set of keys. A keyserver is used to manage key creation and distribution. This raises the question of how you could distribute keys without existing keys.

When an administrator creates a new node, the keyserver gives the administrator a token that he can give the node that it can use to authenticate with the keyserver, which will then give the node an initial set of keys.

Building Homeworld

First, build Go. The Go 1.8.3 compiler is written in Go, so it is necessary to bootstrap by building Go 1.4, which is written in C. The compiled binary can then be used to build Go 1.8.3.

Next, build acbuild. It's a tool used to build App Container Images. No idea what that is. Also the project appears to be unmaintained. Presumably for rkt, which uses ACI.

Now, we need to build a whole set of upstream packages. Homeworld does this using Debian packaging. No idea how that works. Or why you need to "set up an sbuild chroot".

The packages are:

  • admin-tools, or Spire. These are a set of custom tools written in Python used to manage the cluster.
  • apt-setup. Used to make output packages work with apt, I think. Not sure exactly what it does, probably something to do with Debian packaging.
  • bootstrap-registry. "This hostname exists to provide a location for autodiscovery of rkt ACIs for homeworld clusters." No idea. Probably a skeleton configuration for servers?
  • etcd. Used by Kubernetes to coordinate information between nodes.
  • hyperkube. An all-in-one Kubernetes executable, which is actually composed of many smaller component programs. Kubernetes manages container lifecycle and provisioning -- Hyades' core feature.
  • keysystem. Custom Go code. Manages Kerberos authentication. Not sure if it manages other stuff too, looks like a lot of code. Seems to do some RSA stuff, possibly to give Kerberos-authenticated clients SSH access to containers.
  • knc, or Kerberised NetCat. netcat is a tool that transfers data over TCP/IP. Presumably knc is just that except with Kerberos authentication. Not sure where this feature is used in homeworld.
  • rkt. The container system to be used by Kubernetes. Apparently it's Better and More Secure than Docker.
  • services. Not sure. As far as I can tell, it just contains scripts to start all the relevant services (components of Kubernetes and etcd) with the correct configuration.

build-all.sh calls build-package.sh for each package, which sets up the environment with functions from common/package-build-helpers.sh, then calls build(), also from common/package-build-helpers.sh. This calls sbuild, which presumably creates debs according to instructions in the debian directory.

Most of the time, a build procedure is provided in inner-build.sh. sbuild is told to run that in debian/rules. The deb provides instructions to copy files to various locations in the system according to debian/install.

Accessing

You need Kerberos tickets.

Clone this wiki locally