Instructions on How To Install Flume

Target OS/Distro = Ubuntu Linux 8.04

• First apt-get install a whole bunch of software, which you may already have:

# apt-get install subversion python2.5-dev gawk g++ texinfo libgmp3-dev \
   flex bison libmysqlclient15-dev mysql-server make patch autoconf automake\
   textutils gettext libtool swig python-pygresql python-gadfly python-medusa \
   python-pgsql python-psycopg2 python-flup libapache2-mod-fcgid

• Also, get the exact Linux header files for your running kernel:

# apt-get install linux-headers-`uname -r`

• Now make one directory for your source files and another for your object files. For instance, my home directory in on NFS, so I keep my source there and put my objects on a local disk.

$ export SRC=~/src
$ export OBJ=/disk/$USER/obj
$ mkdir $SRC
$ mkdir $OBJ

• When building Flume, one often has a build tag that dictates what compile options to be used in the build. In general, the two to pick between are shared and shopt, which turn optimization on and off respectively. Both use shared/dynamic linking.

% echo "export FLUME_TAG=shared" >> ~/.bashrc
% source ~/.bashrc

% cd $SRC
% wget http://dist.okws.org/dist/sfslite-1.2.3.tar.gz
% tar -zxf sfslite-1.2.3.tar.gz
% cd $OBJ
% mkdir sfslite ; cd sfslite
% $SRC/sfslite-1.2.3/configure --with-mode=$FLUME_TAG --enable-libsfs
% make -j4
% sudo make install

This last install step will put sfslite libraries and include files into /usr/local/{lib,include}/sfslite/$SFSLITE_TAG. Sfslite is a C++ development library for event programming.

Without a kernel patch, Flume will run properly, but confined applications will be able to leak data by manipulating PIDs, session IDs, process group IDs, etc. A kernel patch can close this hole.

We're basing our kernel patch/recompile on suggestions from the Ubuntu docs, which you might consult for further information.

$ mkdir $OBJ/linux
$ cd $OBJ/linux
$ sudo apt-get build-dep linux-image-$(uname -r)
$ apt-get source linux-image-$(uname -r)
$ sudo apt-get build-dep linux-ubuntu-modules-$(uname -r)
$ apt-get source linux-ubuntu-modules-$(uname -r)
$ cd linux-2.6.24
$ patch -p0 < $SRC/kern/linux-2.6.24.patch
$ debian/rules updateconfigs
$ debian/scripts/misc/oldconfig i386
$ AUTOBUILD=1 fakeroot debian/rules binary-debs
$ cd ../linux-ubuntu-modules-2.6.24-2.6.24
$ AUTOBUILD=1 fakeroot debian/rules binary-debs
$ cd ..
$ sudo bash
# dpkg -i linux-headers-2.6.24-16-server_2.6.24-16.30_i386.deb
# dpkg -i linux-image-2.6.24-16-server_2.6.24-16.30_i386.deb
# dpkg -i linux-ubuntu-modules-2.6.24-16-server_2.6.24-16.23_i386.deb

% cd $SRC
% svn co svn://flume.csail.mit.edu:3691/flume/pub/trunk flume

Update 12/14/2008 The anonymous subversion server is giving me headaches, but an SVN snapshot is available here:

% wget http://am.lcs.mit.edu/~max/flume-svn-5084.tbz
% tar -cjvf flume-svn-5048.tbz
% mv flume-co flume

• Export some more variables in your RC-file. The LC_CTYPE=C thing is only useful if you run an old terminal emulator, like xterm, that doesn't support UTF-8, I believe.

% echo 'export "FLUME_USER=$USER"' >> ~/.bashrc
% echo 'export LC_CTYPE=C' >> ~/.bashrc
% source ~/.bashrc

• It's also necessary to make a small modification to your /etc/group file — add your username to be a member of the group users.

• While you're at it, make nobody a group. Add the following line to /etc/group:

nobody:x:65534:nobody

% cd $SRC/flume/linux
% mkdir -p $OBJ/flume/build-tree
% ln -s $OBJ/flume/build-tree build-tree
% make

Installing Flume happens in two steps: first non-root and then root. The root install piece is potentially risk, since it will replace the dynamic linker on your machine.

% make install

The root-install will replace /lib/ld-2.5.so with a new, backwards-compatible Flume equivalent. This is slightly scary, since if it goes wrong, nothing on your machine will work. We've taken some precautions. First, we back up your preexisting linker at /lib/ld-2.5.so.bkp, so if worse comes to worse, you can boot an emergency start-up disk, and then restore it. However, will also install a small static binary /bin/flume-ldso-recover, which you will note is setuid u+s to root. Meaning, if your machine gets hosed due to our new dynamic linker, you can run /bin/flume-ldso-recover as any user and it will recover the backed-up ld-2.5.so, and everything should work as before.

The second thing going on here is that you're install the Flume Linux Security Module (LSM) with root-insmod. This module will not do anything by default, but will turn off most system calls if its features are enabled (via prctl(2)). As of now, this LSM is not compatible with the capability LSM, so we rmmod it for you as we install root-insmod.

% sudo make root-install
% sudo make root-insmod

The Flume system requires a tag registry to persistently store the meanings of tags and labels on your Flume system. We've chosen to base the tag registry on a MySQL database. For now, we're running the registry on the same machine as your Flume system, though that need not be in general.

• First ensure that mysqld server is running on your machine.
• Then setup the MySQL tables and principals required for running Flume's Idd. Note the password that it will prompt you for is the root password for your MySQL. If you don't have one, just press <enter> when prompted. Otherwise, enter that PW.

% cd $SRC/flume/linux
% sh bin/flume-initdb

• Now you're ready to fire it up:

% cd /var/tmp ; nohup `flume-cfg srvbin`/idd -f `flume-cfg confdir`/idd.conf.dist &

• First, you'll need extended attributes available on your /disk partition, will Flume will eventually store its data. To get these, edit your /etc/fstab file and add user_xattr as mountpoint option. You will of course have to remount your partition to get these options working.

• Now, you're ready to initalize the Flume directories that will store you files:

% cd $SRC/flume/linux
% python bin/flume-initrm `flume-cfg confdir`/flume.conf.dist

% sudo bash
# `flume-cfg srvbin`/flumerm -f  `flume-cfg confdir`/flume.conf.dist

It should work….