- installing from source
- kernel namespace manipulation
- boot process
- admin namespace
- other namespace scripts
- grid utilities
- venti and fossil management
- divergences from 9front
- preinstalled images
- Bell Labs and 9legacy support
ANTS is a set of tools to structure and manage Plan 9 namespaces to make systems and grids more flexible, reliable, and easy to administer. It primarily supports the 9front distribution of Plan 9, although an older version can be installed to the Bell Labs or 9legacy versions also. ANTS is well suited to cloud based hosting and scripts for use with vultr.com are provided.
9gridchan has a set of services online. They are usable from any client which can mount 9p fileservers - ANTS usage is not required. The services include an irc-like hubfs chat, acme-editable wiki, shared writable ramdisk, read-only root filesystem, publicly writable service registry, and a shared plumber to transmit web, image, and document links to connected clients.
Download .iso images
- development repo : latest code, follows 9front hg tip
- stable repo : builds against latest 9front release iso, currently 9front-6350
- archival repo : old repo from 2017 and before, labs/legacy support is here
- instructions : instructions for building and installing from source
ANTS tries to stay current with 9front updates. The general flow for updating is: run the 9front sysupdate script, build/install the changed applications, then pull updates from the "antshill" repository and build/install. Exactly what is required depends on what has been changed. The summary provided below covers cases where the changes are extensive to both userspace and the kernel. The standard flow for extensive 9front userspace updates is:
sysupdate cd /sys/src mk clean mk install mk clean
To then update and install latest ANTS:
cd /sys/src/ants #or wherever your ANTS repo is located if not installed from livecd hg pull https://bitbucket.org/mycroftiv/antshill hg update rm frontmods/include/libc.rebuild.complete build 9front build fronthost 9fs 9fat cp 9ants /n/9fat #or 9ants64 cp tools.tgz /n/9fat
The above assumes that you did a full mk install in /sys/src and that a new kernel version is desired. In the case of smaller updates where you just built/installed individually updated applications and don't need/want a new kernel version, it is generally only necessary to pull and update the ants repo and then "build fronthost".
The ANTS kernel is modified to allow modification of process namespace via the 'ns' files contained in /proc. You may only modify the ns file of processes you own. The modifications are performed by writing standard ns operations to the file.
echo 'mount -c /srv/kremvax /n/kremvax' >/proc/979/ns echo 'bind -bc /n/kremvax/lib /lib' >/proc/979/ns
Process 979 will now see a union of kremvax' lib at /lib and writes will go to kremvax. Note that this example assumes the /srv is mountable without authentication. Authentication during mounts is not supported by this mechanism. As with almost everything in plan9, this operation is network transparent - you can import the /proc of a remote machine and edit the namespace of processes on which you have appropriate write permissions.
Independent /srv namespaces
The ANTS kernel provides independent /srv namespaces implemented analogously to be behavior of /env. A process can add the RFCSRVG flag to rfork to receive a new clean /srv. All of its children will share this /srv. The new /srv behaves identically. File descriptors attached to the previous /srv remain usable, so the process and its children continue to have access to the root filesystem and services they have already mounted. The rc shell offers support for
to enter a new /srv namespace.
Global zrv device
If different process groups are using independent /srv namespaces, it is sometimes useful to provide services which are available globally. The "zrv" device, available at #z provides this functionality. It behaves exactly as traditional /srv and is unaffected by the new rfork options. It is not bound anywhere in the namespace by default. If bound to a location other than /srv, programs may require modification to make use of it.
The ANTS boot process is rewritten to provide additional options for connecting to the root fileserver, and to create an administrative namespace which is independent of the root fs. It makes use of the kernel's paqfs and an optional tools.tgz stored in 9fat to create a ramdisk-rooted environment with a useful set of binaries. This independent environment runs its own cpu listener, conventionally on port 17060, to provide access.
The ANTS boot/admin namespace is independent of the root fileserver, and offers access to the tools compiled into the kernel paqfs and optionally loaded from an additional rootfs.tgz. The kernel paqfs offers the following programs:
9660srv fossil/fossil tar aan cwfs64x test awk grep tlsclient auth/newns grio tlssrv auth/secstore gunzip touch aux/kbdfs hubfs tr aux/listen1 hubshell unmount aux/wpa ip/ipconfig nusb/usbd basename ip/rexexec nusb/ether bind ls nusb/disk cat mkdir nusb/kb cfs mntgen venti/venti chmod mount wc cp mv xd cpu ndb/dnsgetip fstype dd hjfs diskparts disk ramfs hub disk/cryptsetup rc rconnect disk/edisk read rcpu disk/fdisk rm rexport disk/prep rx rimport dossrv sed save9cfg echo sleep srvtls ed srv nusbrc exportfs srvfs bootrc
The following additional programs are present in the default tools.tgz:
9fs dns memory seq vacfs Kill flfmt mkfs sha1sum vga acme format mouse slay vncs as fortune netstat stats vncv authdebug fossilast ns stub webfs authsrv fshalt p sync window changeuser hget ping syncindex wrarena con hoc ps syscall yesterday cs htmlfmt pwd telnet zerotrunc date import rdarena telnetd diff keyfs realemu traceroute dircp kill reboot vac
The rerootwin script serves a similar function to "chroot" in unix - it moves into a new namespace built from the specified file in /srv. It allows you to change root while using a remote cpu server without losing the input devices from /mnt/term.
The central mechanism of "saving" the attached input/output devices via srvfs is provided for independent use by the 'savedevs' and 'getdevs' scripts.
The ANTS kernel modification to allow process namespace alterations via writes to the ns file can be scripted into higher level operations. A set of scripts to compare and rewrite the namespace of different processes is provided. These scripts are rather primitive and may not always function exactly as intended because they operate on simple textual comparison without a detailed understanding of the dependency of later operations on previous ones.
There are some additional namespace modification utility scripts which do not depend on the modified ANTS kernel. These scripts simply act to make a remote root fileserver usable in the local context, without a full 'rerootwin' operation. Their main purpose is to allow easy access to the binaries of a full system from the boot/admin namespace.
Hubfs is a lightweight fs which uses pipelike files to provide functionality similar to screen/tmux. It can also be viewed as a "pub/sub" server and used for purposes similar to irc or map-reduce data processing. The ANTS boot process starts a hubfs in the boot/admin namespace, and grio makes use by default of another hubfs within the standard namespace.
Grio is a modified rio with hubfs integration, a user-configurable additional menu command, and full color theming options.
9gridchan.org provides a set of public 9p services which work together to create a simple and secure collaborative environment. It offers an irc-like chat, acme-editable wiki, a plumber for web and file links, a shared ramfs, a read-only rootfs, and registries for 9gridchan services and services provided by other users. Most of the documentation is located at the wiki.
ANTS includes some scripts and utilities for its use.
- chat script
- chat manpage
- gridstart script
- gridstart manpage
- gridlisten1 source code
- gridlisten1 manpage
ANTS can be used with any root filesystem, but the use of fossil in combination with venti makes it easier to work with multiple independent roots and create them on demand. A goal of ANTS is creating highly reliable grids of systems, so tools are included to assist in replicating data between independent venti servers and tracking fossil rootscores.
The ramfossil script creates a ramdisk which servers fossil from the given rootscore. Because fossil only retrieves blocks from venti as they are actually used, even a relatively small ramdisk can provide access to a much larger root filesystem.
There are additional fossil utility scripts for managing rootscores and some other operations.
In most aspects, ANTS adds additional features without changing the standard behavior and configuration of 9front. There are a few administrative/configuration differences which should be mentioned, however. The following lists some of the most notable. They are mostly the result of additional configuration variables in plan9.ini to set up the ants boot/admin namespace.
Privpassword and cpu service
If the variable "privpassword=" is set to a password in plan9.ini, this is used to create a factotum key for cpu service, which runs from both the ants boot/admin namespace and (if ANTS was installed from the iso) in the main namespace on the standard cpu port, even if service is set to terminal. If privpassword is not set and no other key is provided, the listeners still run but will not be usable. The 9fat containing plan9.ini and the /dev/kmesg which prints plan9.ini variables are hostowner-access only and must not be publicly exposed if privpassword= is used.
If you convert an install from terminal to cpu service, you probably want to remove the privpassword= setting from plan9.ini and use only the machine key from nvram read by factotum at boot.
Static IP configuration
Because of the boot/admin cpu listener, as well as the possible use of venti/fossil, ipconfig in ANTS usually happens in boot prior to mounting the rootfs. As a result, static ip needs to be configured via plan9.ini variables. To use a static ip, add the following variables with correct values to plan9.ini. (The iso installer will do this for you if you select static ip configuration at install time).
System name configuration
Also due to the boot/admin namespace and early ipconfig, the system name should be set with a plan9.ini variable. Simply set sysname= in plan9.ini. You still need to match this name in your /lib/ndb/local configuration.
ANTS user henesy has contributed a pair of preinstalled images for use with virtual machines. There is a vbox (virtualbox) and qcow2 (qemu) format image of the 64-bit install of the "Gridscape Navigator" release of 31 January 2018.
The images include a preset password for remote access, so the first step on booting them should be to change the password, stored in the plan9.ini file 9fat. "9fs 9fat" and edit plan9.ini to chage the privpassword= to a secure personal password, save, and then fshalt -r to reboot.
The current ANTS repos do not include support for Bell Labs or 9legacy versions of the operating system. Support was dropped at the end of 2017. The old repo, which should still build and be usable with Bell Labs, still exists.