# Cluster: Sage Chroot

### From Earlham Cluster Department

In order to chroot the Sage notebook, I used a mix of steps from the following guides:

- MSRI SAGE Installation Guide: Running the SAGE Notebook Securely
- [sage-support] Re: How to run the notebook in the background
- [sage-support] chroot jail -- unable to mount image file
- [sage-devel] Re: SAGE in chroot - This one is for RedHat

## Chroot

The image itself is at /mounts/bobsced/sage_chroot.image (aka /cluster/bobscednew/sage_chroot.image). It gets mounted in the same directory as sage_chroot (it's an ext3 filesystem). The chroot needs to have /dev and /proc, so here's a copy of the relevant parts of `/etc/fstab`

:

/mounts/bobsced/sage_chroot.image /mounts/bobsced/sage_chroot ext3 loop 0 0 /dev /mounts/bobsced/sage_chroot/dev none rbind,dev 0 0 /proc /mounts/bobsced/sage_chroot/proc none bind 0 0 /selinux /mounts/bobsced/sage_chroot/selinux none bind 0 0

In order to get yum to install there, I had to edit `/etc/yum.repos.d/CentOS-Base.repo`

and hard code $releasever to 3.5. I also commented out all the repositories except the top one. Then I was able to run:

`yum --installroot=/mounts/bobsced/sage_chroot install bash fileutils sed which make gcc gcc-c++ m4 tar gzip bzip2 flex bison findutils yum rpm passwd perl diffutils sudo`

to set up the base install of the OS for the chroot. It also needs a copy of /etc/hosts for the localhost entry.

## Sage Install

I downloaded the tar ball normally and then moved it into the chroot from the base filesystem. I untarred it from the base filesystem, too, and put it in the directory /home/sage in the chroot, then ran (as the `sage`

user in the chroot, which has id 5000, which isn't used in the main filesystem)

`make`

`make test`

Make sure to run `./sage`

once inside the chroot so it sets up its variables and everything.

## Sage Setup on the Base Filesystem

I followed the post above for Red Hat. On the filesystem outside the chroot, I populated `/etc/sysconfig/sage-config`

:

SAGE_SERVER=/mounts/bobsced/sage_image ADDRESS=159.28.234.200 PORT=8000 USER=5000

And `/usr/local/bin/sage-notebook`

:

#!/bin/bash . /etc/sysconfig/sage-config COMMAND="notebook(address='$ADDRESS', port=$PORT, accounts=True, open_viewer=false, secure=true)" nohup /usr/sbin/chroot $SAGE_SERVER su - sage -c "./sage -c \"$COMMAND\" " print >>/var/log/sage &

And `/usr/local/bin/sage-killer`

:

#!/bin/bash . /etc/sysconfig/sage-config kill -INT `cat $SAGE_SERVER/home/sage/.sage/sage_notebook/twistd.pid` 2>&1 >>/var/log/sage

And finally, `/etc/rc.d/init.d/sage`

:

#!/bin/sh # # This script starts up a sage notebook in a chroot environment. # Copied from http://www.mail-archive.com/sage-devel@googlegroups.com/msg03545.html # # chkconfig: 2345 35 98 # description: Run a notebook in chroot environment # . /etc/rc.d/init.d/functions start() { echo -n $"Starting sage " if [ ! -f /var/lock/subsys/sage ]; then nohup /usr/local/bin/sage-notebook print >>/var/log/sage & fi touch /var/lock/subsys/sage success echo return 0 } stop() { echo -n $"Stopping sage " /usr/local/bin/sage-killer rm -f /var/lock/subsys/sage success echo return 0 } status () { if [ ! -f /var/lock/subsys/sage ]; then echo $"Sage is not currently running" return 1 else echo $"Sage is running" return 0 fi } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status ;; restart) stop start ;; *) echo $"Usage: $0 {start|stop|restart|status}" exit 1 esac exit 0