Forum: 

TurnKey Portable Development Environment (PDE)

John Carver's picture

At my home office, I've been doing TurnKey development work on a Dell PowerEdge 2950 server running ProxMox VE software.  It has served me well for several years, but when I decided to take the show on the road, it was not a practical solution for development.  I started searching for a way to do development on my Dell Inspiron laptop without the burden of running VirtualBox.   I liked what I saw in LXD, the second version of Linux Containers (LXC).  I became convinced it was possible, but found there were significant challenges as discussed in this forum thread.

In the interest of getting more people involved in the development of TurnKey GNU/Linux appliances, I'm sharing the results of my work on GitHub at https://github.com/Dude4Linux/turnkey-pde. Setting up the development environment on a Ubuntu 16.04 laptop or workstation is as simple as cloning the project and running the included pde-setup script.

Make a user directory for development work, or use one you already have.

$ mkdir -p ~/devops
$ cd ~/devops

Clone the TurnKey PDE from github.

$ git clone https://github.com/Dude4Linux/turnkey-pde.git
$ cd turnkey-pde

Run the PDE installation script.

$ ./pde-setup

Note that the script is run in user mode.  The user must have sudo privileges and you will be prompted for the sudo password when needed.

Examples of using the development environment and setting up a TKLdev container can be found in the README.md.

Most TurnKey appliances will run just fine in a user-space, non-privileged container.  The TKLdev and LXC appliances require special configuration.  TKLdev must run in a security.privileged container while the LXC appliance needs security.nesting enabled.

I hope I have identified all of the necessary components and configurations.  If you experience problems running the tests, please open an issue on GitHub.

Peter C. (Benchwork)'s picture

This is fantastic, I will be testing this out soon!!

Jeremy Davis's picture

Thanks for sharing your work John. I'm sure this will be useful for others. We'll certainly look at how we might be able to integrate some of this for v15.0 if possible. As per usual, we'll focus on ISOs first, we actually have ~75% of the library ready to build once we have a stable v15.0 Core. Then we'll make sure that the other builds are up to scratch. Hopefully that should all go fairly smoothly.

Once we've got to that point, then we can start looking further afield to things such as adding some more new appliances, and other builds, such as LXD.

John Carver's picture

When working remotely with a limited bandwidth available, it is important to minimize as much as possible the repeated downloading of Debian packages via Apt. One way of doing this is to add an Apt Cache Proxy to the host running the TurnKey GNU/Linux Portable Development Environment (PDE). On the other hand, we wish to avoid multiple caches of the same file. The LXC appliance caches downloaded proxmox formated images. The TKLdev appliance, by default, uses Polipo to cache all downloaded files including deb packages.

1) Choosing an Apt Cache Proxy

a) squid-deb-proxy

  • Installs squid3 and sets up two proxies, one for HTTP and one for Apt
  • Could not get the apt proxy to accept PPA or TurnKey packages

b) polipo

c) apt-cacher-ng

  • Next generation replacing apt-cacher
  • This is the package we choose to use

2) Install apt-cacher-ng

sudo apt-get -qy update
sudo apt-get -qy install -t xenial-backports apt-cacher-ng

3) Create 01proxy and Install on all clients

Set the proxy for host to localhost.

echo "Acquire::http { Proxy "http://127.0.0.1:3142"; };" | sudo tee /etc/apt/apt.conf.d/01proxy

Set the proxy for containers to the LXD bridge interface.

PROXY=$(lxc network get lxdbr0 ipv4.address)
echo "Acquire::http { Proxy "http://${PROXY%/[0-9]*}:3142"; };" > 01proxy

For each container, push the 01proxy file and restart apt if the container is running

for container in $(lxc list --format=csv -cn); do
lxc file push 01proxy ${container}/etc/apt/apt.conf.d/01proxy --uid=0 --gid=0
done

4) Ensure clients only use http:// urls in source lists.
apt-cacher-ng refuses to cache https:// urls.

5) Configure apt-cacher-ng to pass through HTTPS requests
Add the following line to /etc/apt-cacher-ng/acng.conf

PassThroughPattern: .* # this will allow CONNECT to everything including HTTPS

and then restart

sudo service apt-cacher-ng restart

6) Configure firewall to allow containers to access apt-cacher-ng

sudo ufw allow in on lxcbr0 to any port 3142 proto tcp
sudo ufw allow in on lxdbr0 to any port 3142 proto tcp

7) The TKLdev appliance needs some additional configuration
Change the FAB_APT_PROXY in the container /root/.bashrc.d/fab to use apt-cacher-ng.
Replace 10.76.85.1 with the PROXY address from step 3. 

export FAB_APT_PROXY=http://10.76.85.1:3142

Leave the FAB_HTTP_PROXY pointing to polipo on the localhost

export FAB_HTTP_PROXY=http://127.0.0.1:8124

Note: Edited 02/21/2018 to use 01proxy which may exist in some appliances and to push files as root:root.

Information is free, knowledge is acquired, but wisdom is earned.

Jeremy Davis's picture

We probably should consider including apt-cacher-ng in the LXC appliance too perhaps? And if your testing suggests that it provides a better experience than polipo for package caching, then perhaps we should consider using that in TKLDev too?

Regarding TKLDev and polipo, perhaps we should consider replacing the generic http proxy bit with squid in the near future? It's also worth revisiting the idea of supporting https caching in TKLdev (essentially via a MITM cache mechanism, i.e. the https connection terminates at the proxy).

Post new comment