| layout | title |
|---|---|
page |
Maintainer Guide |
This guide is intended for anybody interested in:
- building their own instance of ViPER;
- updating the ViPER operating system;
- updating any of the bundled tools when new versions become available; or
- adding new tools to the existing tool set.
It's not intended as a primer on the underpinning technologies, we assume that readers are technically proficient. If you just want to use ViPER and you're looking for help the please refer to the setup guide or user's guide.
ViPER is an easy-to-install virtual machine running popular open source preservation tools with graphical user interfaces. It was created by the Open Preservation Foundation (OPF) and funded by the Dutch Digital Heritage Network (DDHN). ViPER is now maintained by the OPF and the National Archives of the Netherlands.
You'll need at least familiarity with the following software and technologies to follow the guide.
{{ site.data.vars.guest_os }} {{ site.data.vars.guest_os_version }} ({{ site.data.vars.guest_os_nickname }}) is the base OS. The two main criteria that guided the decision were stability and long update cycles.
- VirtualBox was chosen as the virtualisation platform because of its cross platform ubiquity.
- Vagrant is a tool designed for building and managing virtual machine environments. It was chosen to speed up the initial VirtualBox provisioning.
- Vagrant Cloud provides a collection of cookie-cut virtual machines. The Vagrant machine chosen as a starting point was an official Debian Bookworm build with the addition of the VirtualBox shared folder kernel module: https://app.vagrantup.com/debian/boxes/bookworm64.
Provisioning covers installation of the software tools and dependencies as well as configuration of the OS and user environment. Ansible is a cross platform IT automation tool that simply requires SSH access to the target machine. We use this to roll out the configuration and tools.
The vagrant machine is configured by a Vagrantfile which can be set up with the appropriate virtual machine template:
The VirtualBox VM is initialised with on the following line, which also selects the guest OS version:
config.vm.box = "debian/bookworm64"This choses a 64 bit {{ site.data.vars.guest_os }} {{ site.data.vars.guest_os_version }} ({{ site.data.vars.guest_os_nickname }}) image as the base OS.
Before starting the machine we want to configure a few things out of the box. By default Vagrant machines are headless, i.e. all access via terminal and SSH with no GUI. We also need to provision the memory and number of CPUs available to the machine. While cores and memory are plentiful on a development workstation, 2 virtual CPUs and 4GB or RAM are sensible starting parameters. Anything requiring significantly more compute power would struggle to satisfy the accessible research environment brief. These parameters can be adjusted in situ regardless.
We can set these up for a VirtualBox VM by adding the following lines to our Vagrantfile, we'll also set a VM name while we're at it:
config.vm.provider "virtualbox" do |vb|
# Name the prototype machine
vb.name = "VIPER v1.2"
# Display the VirtualBox GUI when booting the machine
vb.gui = true
# Customize the CPUs (2x) and memory (4GB) on the VM:
vb.cpus = 2
vb.memory = "4096"
# Now set an execution cap at 50 % if required
# vb.customize ["modifyvm", :id, "--cpuexecutioncap", "50"]
# We need extra Video RAM for display flexibility
vb.customize ["modifyvm", :id, "--vram", "128"]
# Set up bi-directional clipboard
vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
# Setup Drag and Drop
vb.customize ["modifyvm", :id, "--draganddrop", "bidirectional"]
endFrom the VirtalBox documentation site:
Guest Additions are designed to be installed inside a virtual machine after the guest operating system has been installed. They consist of device drivers and system applications that optimize the guest operating system for better performance and usability.
VirtualBox Guest Additions are installed via the vagrant-vbguest Vagrant plugin. This can be installed using the command:
vagrant plugin install vagrant-vbguestThis will automatically install the Guest Additions on the guest machine when it is started. We can now bring the machine up with the command vagrant up, this takes a while first time, that's because the initial provisioning tasks.
Vagrant features built in support for Ansible provisioning out of the box. The following section of the Vagrantfile invokes Ansible
provisioning the first time that the VM is started using the vagrant up command. After first start the provisioning section can be
invoked alone by using the vagrant provision command. The Vagrantfile section looks like:
config.vm.provision "ansible" do |ansible|
# Use the playbook ./ansible/initialise-env.yaml
ansible.playbook = "ansible/initialise-env.yml"
# Let's ask for verbose output in case of problems
ansible.verbose = "vv"
# Limit the use of this playbok to a particular host
ansible.limit = "env.viper.test"
# The inventory file that sets up details for the vagrant machine
ansible.inventory_path = "ansible/vagrant.yml"
endThe playbook ansible/initialise-env.yaml is the list of roles that set up the ViPER environment.
An Ansible role is simply a set of tasks that achieve a desired state, e.g. install software, copy files, etc..
The next sections break down the sub-roles describing the general steps taken and the rationale.
The viper.setup role handles the setup of the environment, updating the OS, installing dependencies, creating accounts and the like. The main role simply calls four sub-roles.
The 'server.yml' sub-role:
- updates apt packages;
- sets up the hostname; and
- sets the timezone.
The prerequisites.yml sub-role installs any apt package dependencies. The package list is the viper_env_apt_defaults variable in the roles' main default file.
The user.yml sub-role creates a sudo user to administer the environment. Again, the task is configurable using variables in the roles' main default file.
Note that this role requires that the user's has an RSA public key is available in a file: ~/.ssh/id_rsa. The public key is added to the user's ~/.ssh/authorized_keys file using the Ansible authorized_key module. If no such file exists, the role/task will fail. This can be fixed by generating a key pair with the command `ssh-keygen -t rsa" and accepting the defaults.
The security role hardens SSH access, no password and no root access, while setting up firewall rules. The thinking is that the environment should be secure with port access only opened where required.
The viper.tools role installs the digital preservation tools. It comprises a series of sub-roles, one for each tool. The general workflow for a tool is:
- download the tool source to '/usr/local/src/';
- download the tool installation package and install to
/usr/local/lib/<tool-name>; - add any required symlinks to
/usr/local/binso that tool executables are effectively on the path; and - put an icon for the tool GUI on the desktop.