#30 Initial EL7 Documentation..
Merged 7 years ago by clime. Opened 7 years ago by mrmeee.
copr/ mrmeee/copr EL7-documentation  into  master

Initial EL7 Documentation..
Martin Juhl • 7 years ago  
file added
+312
@@ -0,0 +1,312 @@ 

+ THIS DOCUMENTATION IS A WORK IN PROGRESS!!!!! USE IT AT YOUR OWN RISK....

+ 

+ This is a bloody mess.. But I have a working COPR server running here on a

+ RHEL7 server...

+ 

+ Please submit any questions or recommendations to m@rtinjuhl.dk

+ 

+ 

+ ----------------------------------------------------------------

+ 

+ subscription-manager repos --disable='*' --enable='rhel-7-server-rpms' --enable='rhel-7-server-optional-rpms' --enable='rhel-7-server-extras-rpms'

+ 

+ Enable EPEL:

+ rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

+ 

+ /etc/yum.repos.d/coprs.conf:

+ [mrmeee-coprtos]

+ name=Copr repo for coprtos owned by mrmeee

+ baseurl=https://copr-be.cloud.fedoraproject.org/results/mrmeee/coprtos/epel-7-$basearch/

+ type=rpm-md

+ skip_if_unavailable=True

+ gpgcheck=1

+ gpgkey=https://copr-be.cloud.fedoraproject.org/results/mrmeee/coprtos/pubkey.gpg

+ repo_gpgcheck=0

+ enabled=1

+ enabled_metadata=1

+ 

+ TODO: should be changed to the copr/copr repo, when the packages are

+ ready...

+ 

+ 

+ yum -y install copr-frontend copr-selinux

+ systemctl start redis

+ systemctl enable redis

+ 

+ 

+ cp /usr/share/doc/copr-frontend-1.103/coprs.conf.example /etc/httpd/conf.d/coprs.conf

+ 

+ /etc/httpd/conf.d/coprs.conf:

+ 

+ <VirtualHost 127.0.0.1:8000> --> <VirtualHost *:80>

+ 

+ 

+ /etc/copr/copr.conf:

+ -#DATA_DIR = '/var/lib/copr/data'

+ -#DATABASE = '/var/lib/copr/data/copr.db'

+ -#OPENID_STORE = '/var/lib/copr/data/openid_store'

+ -#WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'

+ +DATA_DIR = '/var/lib/copr/data'

+ +DATABASE = '/var/lib/copr/data/copr.db'

+ +OPENID_STORE = '/var/lib/copr/data/openid_store'

+ +WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'

+  

+  # salt for CSRF codes

+ -#SECRET_KEY = 'put_some_secret_here'

+ +SECRET_KEY = 'mjp123'

+  

+ -#BACKEND_PASSWORD = 'password_here'

+ +BACKEND_PASSWORD = 'mjp123'

+  

+  # restrict access to a set of users

+  #USE_ALLOWED_USERS = False

+  #ALLOWED_USERS = ['bonnie', 'clyde']

+  

+ -SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@/coprdb'

+ +SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@localhost/coprdb'

+  

+  # Token length, defaults to 30 (max 255)

+  #API_TOKEN_LENGTH = 30

+ @@ -68,19 +68,19 @@

+  #                   kerberos user user@REDHAT.COM is expected to have

+  #                   user@redhat.com email address.

+  

+ -#KRB5_LOGIN = {

+ -#    'RH': {

+ -#        'URI':          "redhat",

+ -#        'log_text':     "Krb5 login",

+ -#        'email_domain': "redhat.com",

+ -#    }

+ -#}

+ -

+ -PUBLIC_COPR_HOSTNAME = "copr.fedoraproject.org"

+ -

+ -BACKEND_BASE_URL = "http://copr-be-dev.cloud.fedoraproject.org"

+ -DIST_GIT_URL = "http://copr-dist-git-dev.fedorainfracloud.org/cgit"

+ -COPR_DIST_GIT_LOGS_URL = "http://copr-dist-git-dev.fedorainfracloud.org/per-task-logs"

+ +KRB5_LOGIN = {

+ +    'RH': {

+ +        'URI':          "casalogic",

+ +        'log_text':     "Krb5 login",

+ +        'email_domain': "CASALOGIC.LAN",

+ +    }

+ +}

+ +

+ +PUBLIC_COPR_HOSTNAME = "copr01.casalogic.lan"

+ +

+ +BACKEND_BASE_URL = "http://copr01.casalogic.lan"

+ +DIST_GIT_URL = "http://copr01.casalogic.lan/cgit"

+ +COPR_DIST_GIT_LOGS_URL = "http://copr01.casalogic.lan/per-task-logs"

+  

+  # primary

+  LOG_FILENAME = "/var/log/copr-frontend/frontend.log"

+ @@ -88,7 +88,7 @@

+  

+  # Internal network, used to accept statistics without auth

+  # list of IP or subnet

+ -INTRANET_IPS = ["127.0.0.1", "192.168.1.0/24"]

+ +INTRANET_IPS = ["127.0.0.1", "192.168.20.0/24"]

+  

+  # Builder VMs network, used to avoid requests from builders in popularity statistics

+  # list of IP or subnet, optional

+  

+  

+ yum install -y postgresql-server

+ systemctl enable postgresql

+ service postgresql initdb

+ systemctl start postgresql

+  

+ su - postgres -c 'PGPASSWORD=coprpass ; createdb -E UTF8 coprdb ; yes $PGPASSWORD | createuser -P -sDR copr-fe'

+  

+ vi /var/lib/pgsql/data/pg_hba.conf

+  

+ local coprdb copr-fe md5

+ 

+ host  coprdb copr-fe 127.0.0.1/8 md5

+ 

+ host  coprdb copr-fe ::1/128 md5

+ 

+ local coprdb postgres  ident

+ 

+ 

+ service postgresql reload

+ 

+ cd /usr/share/copr/coprs_frontend/

+ ./manage.py create_db --alembic alembic.ini

+ COPR_CONFIG=/etc/copr/copr.conf alembic downgrade 3ec22e1db75a

+ COPR_CONFIG=/etc/copr/copr.conf alembic upgrade head

+ 

+ 

+ yum install mod_auth_kerb.x86_64

+ /etc/httpd/conf.d/auth-kerb.conf:

+     <Location "/krb5_login/casalogic/">

+         

+         KrbVerifyKDC off

+         AuthType Kerberos

+         AuthName "Casalogic Kerberos Credentials"

+         KrbMethodNegotiate on

+         KrbMethodK5Passwd on

+         KrbServiceName HTTP/copr01.casalogic.lan

+         KrbAuthRealms CASALOGIC.LAN

+         Krb5Keytab /etc/httpd/conf/httpd.keytab

+         KrbSaveCredentials off

+         Require valid-user

+         #KrbLocalUserMapping On

+     </Location>

+  

+ TODO: AD JOIN + KEYTAB!!!

+    

+     

+ systemctl start httpd

+ systemctl enable httpd

+ systemctl disable firewalld

+ systemctl stop firewalld

+ 

+ dist-git:

+ 

+ yum install dist-git copr-dist-git

+ 

+ /etc/copr/copr-dist-git.conf:

+ 

+ frontend_base_url=http://copr02.casalogic.lan

+ log_dir=/var/log/copr-dist-git

+ frontend_auth=mjp123

+ 

+ 

+ useradd copr-dist-git

+ gpasswd -a copr-dist-git cvsadmin 

+ gpasswd -a copr-dist-git packager

+ useradd copr-service

+ gpasswd -a copr-service packager

+ gpasswd -a copr-service apache

+ 

+ su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P \"\""

+ echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr-service/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys

+ 

+ Rediger /etc/httpd/conf.d/dist-git/lookaside.conf:

+ 

+ AliasMatch "/repo(/.*)/md5(/.*)" "/var/lib/dist-git/cache/lookaside$1$2"

+ Alias /lookaside        /var/lib/dist-git/cache/lookaside

+ Alias /repo/ /var/lib/dist-git/cache/lookaside/

+ 

+ <Directory /var/lib/dist-git/cache/lookaside>

+     Options Indexes FollowSymLinks

+     AllowOverride None

+     Require all granted

+ </Directory>

+ 

+ echo "project-list=/var/lib/dist-git/git/pkgs-git-repos-list" >> /etc/cgitrc

+ echo "scan-path=/var/lib/dist-git/git/rpms/" >> /etc/cgitrc

+ 

+ mkdir -p /var/log/copr-dist-git

+ chown copr-service:copr-service /var/log/copr-dist-git

+ chown copr-service:copr-service /var/lib/copr-dist-git/

+ 

+ systemctl enable docker

+ systemctl start docker

+ gpasswd -a copr-service docker

+ systemctl start copr-dist-git

+ systemctl enable copr-dist-git

+ 

+ systemctl restart httpd

+ systemctl enable dist-git.socket

+ systemctl restart dist-git.socket

+ 

+ su - copr-service -c "git config --global user.email \"copr-devel@localhost\""

+ su - copr-service -c "git config --global user.name \"Copr dist git\""

+ 

+ chown copr-service:copr-service -R /var/log/copr-dist-git/

+ chown copr-service:copr-service /etc/copr/copr-dist-git.conf

+ 

+ useradd -m mockbuilder

+ 

+ --- /usr/lib/python2.7/site-packages/pyrpkg/__init__.py.old     2017-01-03 17:00:28.439908995 +0100

+ +++ /usr/lib/python2.7/site-packages/pyrpkg/__init__.py 2017-01-03 17:00:52.971164701 +0100

+ @@ -2381,6 +2381,9 @@

+                                 replace=replace)

+          gitignore = GitIgnore(os.path.join(self.path, '.gitignore'))

+  

+ +        oldpath = os.getcwd()

+ +        os.chdir(self.path)

+ +

+          for f in files:

+              # TODO: Skip empty file needed?

+              file_hash = self.lookasidecache.hash_file(f)

+ 

+ TODO: Get it fixed in pyrpkg upstream..

+ 

+ 

+ 

+ yum -y install copr-mocks

+ 

+  systemctl enable copr-mocks-frontend.service

+  systemctl start copr-mocks-frontend.service

+ 

+ TODO: Fix copr-mocks with python3 depends..

+ 

+ 

+ /etc/copr/copr-be.conf:

+ 

+ dist_git_url=ssh://copr-dist-git@localhost

+ 

+ mkdir /home/copr

+ chown copr:copr /home/copr

+ 

+ su - mockbuilder -c "ssh-keygen -f /home/mockbuilder/.ssh/id_rsa -P \"\""

+ su - copr-dist-git -c "ssh-keygen -f /home/copr-dist-git/.ssh/id_rsa -P \"\""

+ su - copr -c "ssh-keygen -f /home/copr/.ssh/id_rsa -P \"\""

+ 

+ echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys

+ echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/mockbuilder/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys

+ 

+ yum -y install fedpkg-copr

+ 

+ 

+ gpasswd -a mockbuilder mock

+ 

+ 

+ --- /usr/bin/prunerepo.old      2017-01-05 12:39:09.149867627 +0100

+ +++ /usr/bin/prunerepo  2017-01-05 12:02:32.199963170 +0100

+ @@ -1,5 +1,10 @@

+  #!/usr/bin/python2 -s

+  

+ +from __future__ import print_function

+ +import sys

+ +def writeStdErr(message):

+ +    print(message, file=sys.stderr)

+ +

+  import subprocess

+  import sys

+  import argparse

+ 

+ TODO: include in Prunerepo

+ 

+ 

+ --- /etc/httpd/conf.d/ssl.conf.orig     2017-01-05 16:10:51.778329623 +0100

+ +++ /etc/httpd/conf.d/ssl.conf  2017-01-05 16:18:00.317226333 +0100

+ @@ -56,9 +56,15 @@

+  <VirtualHost _default_:443>

+  

+  # General setup for the virtual host, inherited from global configuration

+ -#DocumentRoot "/var/www/html"

+ +DocumentRoot "/var/lib/copr/public_html/results"

+  #ServerName www.example.com:443

+  

+ +<Directory /var/lib/copr/public_html/results>

+ +    Options Indexes FollowSymLinks

+ +    AllowOverride None

+ +    Require all granted

+ +</Directory>

+ +

+  # Use separate log files for the SSL virtual host; note that LogLevel

+  # is not inherited from httpd.conf.

+  ErrorLog logs/ssl_error_log

+ 

+ 

+ SSLCERT:

+ 

+ openssl genrsa -des3 -out server.key 1024

+ openssl req -new -key server.key -out server.csr

+ mv server.key server.key.org

+ openssl rsa -in server.key.org -out server.key

+ openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt

BEWARE... Dragons live here... and they are messy...

Pull-Request has been merged by clime

7 years ago
Metadata