| |
@@ -0,0 +1,312 @@
|
| |
+ THIS DOCUMENTATION IS A WORK IN PROGRESS!!!!! USE IT AT YOUR OWN RISK....
|
| |
+
|
| |
+ This is a bloody mess.. But I have a working COPR server running here on a
|
| |
+ RHEL7 server...
|
| |
+
|
| |
+ Please submit any questions or recommendations to m@rtinjuhl.dk
|
| |
+
|
| |
+
|
| |
+ ----------------------------------------------------------------
|
| |
+
|
| |
+ subscription-manager repos --disable='*' --enable='rhel-7-server-rpms' --enable='rhel-7-server-optional-rpms' --enable='rhel-7-server-extras-rpms'
|
| |
+
|
| |
+ Enable EPEL:
|
| |
+ rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
| |
+
|
| |
+ /etc/yum.repos.d/coprs.conf:
|
| |
+ [mrmeee-coprtos]
|
| |
+ name=Copr repo for coprtos owned by mrmeee
|
| |
+ baseurl=https://copr-be.cloud.fedoraproject.org/results/mrmeee/coprtos/epel-7-$basearch/
|
| |
+ type=rpm-md
|
| |
+ skip_if_unavailable=True
|
| |
+ gpgcheck=1
|
| |
+ gpgkey=https://copr-be.cloud.fedoraproject.org/results/mrmeee/coprtos/pubkey.gpg
|
| |
+ repo_gpgcheck=0
|
| |
+ enabled=1
|
| |
+ enabled_metadata=1
|
| |
+
|
| |
+ TODO: should be changed to the copr/copr repo, when the packages are
|
| |
+ ready...
|
| |
+
|
| |
+
|
| |
+ yum -y install copr-frontend copr-selinux
|
| |
+ systemctl start redis
|
| |
+ systemctl enable redis
|
| |
+
|
| |
+
|
| |
+ cp /usr/share/doc/copr-frontend-1.103/coprs.conf.example /etc/httpd/conf.d/coprs.conf
|
| |
+
|
| |
+ /etc/httpd/conf.d/coprs.conf:
|
| |
+
|
| |
+ <VirtualHost 127.0.0.1:8000> --> <VirtualHost *:80>
|
| |
+
|
| |
+
|
| |
+ /etc/copr/copr.conf:
|
| |
+ -#DATA_DIR = '/var/lib/copr/data'
|
| |
+ -#DATABASE = '/var/lib/copr/data/copr.db'
|
| |
+ -#OPENID_STORE = '/var/lib/copr/data/openid_store'
|
| |
+ -#WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'
|
| |
+ +DATA_DIR = '/var/lib/copr/data'
|
| |
+ +DATABASE = '/var/lib/copr/data/copr.db'
|
| |
+ +OPENID_STORE = '/var/lib/copr/data/openid_store'
|
| |
+ +WHOOSHEE_DIR = '/var/lib/copr/data/whooshee'
|
| |
+
|
| |
+ # salt for CSRF codes
|
| |
+ -#SECRET_KEY = 'put_some_secret_here'
|
| |
+ +SECRET_KEY = 'mjp123'
|
| |
+
|
| |
+ -#BACKEND_PASSWORD = 'password_here'
|
| |
+ +BACKEND_PASSWORD = 'mjp123'
|
| |
+
|
| |
+ # restrict access to a set of users
|
| |
+ #USE_ALLOWED_USERS = False
|
| |
+ #ALLOWED_USERS = ['bonnie', 'clyde']
|
| |
+
|
| |
+ -SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@/coprdb'
|
| |
+ +SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@localhost/coprdb'
|
| |
+
|
| |
+ # Token length, defaults to 30 (max 255)
|
| |
+ #API_TOKEN_LENGTH = 30
|
| |
+ @@ -68,19 +68,19 @@
|
| |
+ # kerberos user user@REDHAT.COM is expected to have
|
| |
+ # user@redhat.com email address.
|
| |
+
|
| |
+ -#KRB5_LOGIN = {
|
| |
+ -# 'RH': {
|
| |
+ -# 'URI': "redhat",
|
| |
+ -# 'log_text': "Krb5 login",
|
| |
+ -# 'email_domain': "redhat.com",
|
| |
+ -# }
|
| |
+ -#}
|
| |
+ -
|
| |
+ -PUBLIC_COPR_HOSTNAME = "copr.fedoraproject.org"
|
| |
+ -
|
| |
+ -BACKEND_BASE_URL = "http://copr-be-dev.cloud.fedoraproject.org"
|
| |
+ -DIST_GIT_URL = "http://copr-dist-git-dev.fedorainfracloud.org/cgit"
|
| |
+ -COPR_DIST_GIT_LOGS_URL = "http://copr-dist-git-dev.fedorainfracloud.org/per-task-logs"
|
| |
+ +KRB5_LOGIN = {
|
| |
+ + 'RH': {
|
| |
+ + 'URI': "casalogic",
|
| |
+ + 'log_text': "Krb5 login",
|
| |
+ + 'email_domain': "CASALOGIC.LAN",
|
| |
+ + }
|
| |
+ +}
|
| |
+ +
|
| |
+ +PUBLIC_COPR_HOSTNAME = "copr01.casalogic.lan"
|
| |
+ +
|
| |
+ +BACKEND_BASE_URL = "http://copr01.casalogic.lan"
|
| |
+ +DIST_GIT_URL = "http://copr01.casalogic.lan/cgit"
|
| |
+ +COPR_DIST_GIT_LOGS_URL = "http://copr01.casalogic.lan/per-task-logs"
|
| |
+
|
| |
+ # primary
|
| |
+ LOG_FILENAME = "/var/log/copr-frontend/frontend.log"
|
| |
+ @@ -88,7 +88,7 @@
|
| |
+
|
| |
+ # Internal network, used to accept statistics without auth
|
| |
+ # list of IP or subnet
|
| |
+ -INTRANET_IPS = ["127.0.0.1", "192.168.1.0/24"]
|
| |
+ +INTRANET_IPS = ["127.0.0.1", "192.168.20.0/24"]
|
| |
+
|
| |
+ # Builder VMs network, used to avoid requests from builders in popularity statistics
|
| |
+ # list of IP or subnet, optional
|
| |
+
|
| |
+
|
| |
+ yum install -y postgresql-server
|
| |
+ systemctl enable postgresql
|
| |
+ service postgresql initdb
|
| |
+ systemctl start postgresql
|
| |
+
|
| |
+ su - postgres -c 'PGPASSWORD=coprpass ; createdb -E UTF8 coprdb ; yes $PGPASSWORD | createuser -P -sDR copr-fe'
|
| |
+
|
| |
+ vi /var/lib/pgsql/data/pg_hba.conf
|
| |
+
|
| |
+ local coprdb copr-fe md5
|
| |
+
|
| |
+ host coprdb copr-fe 127.0.0.1/8 md5
|
| |
+
|
| |
+ host coprdb copr-fe ::1/128 md5
|
| |
+
|
| |
+ local coprdb postgres ident
|
| |
+
|
| |
+
|
| |
+ service postgresql reload
|
| |
+
|
| |
+ cd /usr/share/copr/coprs_frontend/
|
| |
+ ./manage.py create_db --alembic alembic.ini
|
| |
+ COPR_CONFIG=/etc/copr/copr.conf alembic downgrade 3ec22e1db75a
|
| |
+ COPR_CONFIG=/etc/copr/copr.conf alembic upgrade head
|
| |
+
|
| |
+
|
| |
+ yum install mod_auth_kerb.x86_64
|
| |
+ /etc/httpd/conf.d/auth-kerb.conf:
|
| |
+ <Location "/krb5_login/casalogic/">
|
| |
+
|
| |
+ KrbVerifyKDC off
|
| |
+ AuthType Kerberos
|
| |
+ AuthName "Casalogic Kerberos Credentials"
|
| |
+ KrbMethodNegotiate on
|
| |
+ KrbMethodK5Passwd on
|
| |
+ KrbServiceName HTTP/copr01.casalogic.lan
|
| |
+ KrbAuthRealms CASALOGIC.LAN
|
| |
+ Krb5Keytab /etc/httpd/conf/httpd.keytab
|
| |
+ KrbSaveCredentials off
|
| |
+ Require valid-user
|
| |
+ #KrbLocalUserMapping On
|
| |
+ </Location>
|
| |
+
|
| |
+ TODO: AD JOIN + KEYTAB!!!
|
| |
+
|
| |
+
|
| |
+ systemctl start httpd
|
| |
+ systemctl enable httpd
|
| |
+ systemctl disable firewalld
|
| |
+ systemctl stop firewalld
|
| |
+
|
| |
+ dist-git:
|
| |
+
|
| |
+ yum install dist-git copr-dist-git
|
| |
+
|
| |
+ /etc/copr/copr-dist-git.conf:
|
| |
+
|
| |
+ frontend_base_url=http://copr02.casalogic.lan
|
| |
+ log_dir=/var/log/copr-dist-git
|
| |
+ frontend_auth=mjp123
|
| |
+
|
| |
+
|
| |
+ useradd copr-dist-git
|
| |
+ gpasswd -a copr-dist-git cvsadmin
|
| |
+ gpasswd -a copr-dist-git packager
|
| |
+ useradd copr-service
|
| |
+ gpasswd -a copr-service packager
|
| |
+ gpasswd -a copr-service apache
|
| |
+
|
| |
+ su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P \"\""
|
| |
+ echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr-service/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
|
| |
+
|
| |
+ Rediger /etc/httpd/conf.d/dist-git/lookaside.conf:
|
| |
+
|
| |
+ AliasMatch "/repo(/.*)/md5(/.*)" "/var/lib/dist-git/cache/lookaside$1$2"
|
| |
+ Alias /lookaside /var/lib/dist-git/cache/lookaside
|
| |
+ Alias /repo/ /var/lib/dist-git/cache/lookaside/
|
| |
+
|
| |
+ <Directory /var/lib/dist-git/cache/lookaside>
|
| |
+ Options Indexes FollowSymLinks
|
| |
+ AllowOverride None
|
| |
+ Require all granted
|
| |
+ </Directory>
|
| |
+
|
| |
+ echo "project-list=/var/lib/dist-git/git/pkgs-git-repos-list" >> /etc/cgitrc
|
| |
+ echo "scan-path=/var/lib/dist-git/git/rpms/" >> /etc/cgitrc
|
| |
+
|
| |
+ mkdir -p /var/log/copr-dist-git
|
| |
+ chown copr-service:copr-service /var/log/copr-dist-git
|
| |
+ chown copr-service:copr-service /var/lib/copr-dist-git/
|
| |
+
|
| |
+ systemctl enable docker
|
| |
+ systemctl start docker
|
| |
+ gpasswd -a copr-service docker
|
| |
+ systemctl start copr-dist-git
|
| |
+ systemctl enable copr-dist-git
|
| |
+
|
| |
+ systemctl restart httpd
|
| |
+ systemctl enable dist-git.socket
|
| |
+ systemctl restart dist-git.socket
|
| |
+
|
| |
+ su - copr-service -c "git config --global user.email \"copr-devel@localhost\""
|
| |
+ su - copr-service -c "git config --global user.name \"Copr dist git\""
|
| |
+
|
| |
+ chown copr-service:copr-service -R /var/log/copr-dist-git/
|
| |
+ chown copr-service:copr-service /etc/copr/copr-dist-git.conf
|
| |
+
|
| |
+ useradd -m mockbuilder
|
| |
+
|
| |
+ --- /usr/lib/python2.7/site-packages/pyrpkg/__init__.py.old 2017-01-03 17:00:28.439908995 +0100
|
| |
+ +++ /usr/lib/python2.7/site-packages/pyrpkg/__init__.py 2017-01-03 17:00:52.971164701 +0100
|
| |
+ @@ -2381,6 +2381,9 @@
|
| |
+ replace=replace)
|
| |
+ gitignore = GitIgnore(os.path.join(self.path, '.gitignore'))
|
| |
+
|
| |
+ + oldpath = os.getcwd()
|
| |
+ + os.chdir(self.path)
|
| |
+ +
|
| |
+ for f in files:
|
| |
+ # TODO: Skip empty file needed?
|
| |
+ file_hash = self.lookasidecache.hash_file(f)
|
| |
+
|
| |
+ TODO: Get it fixed in pyrpkg upstream..
|
| |
+
|
| |
+
|
| |
+
|
| |
+ yum -y install copr-mocks
|
| |
+
|
| |
+ systemctl enable copr-mocks-frontend.service
|
| |
+ systemctl start copr-mocks-frontend.service
|
| |
+
|
| |
+ TODO: Fix copr-mocks with python3 depends..
|
| |
+
|
| |
+
|
| |
+ /etc/copr/copr-be.conf:
|
| |
+
|
| |
+ dist_git_url=ssh://copr-dist-git@localhost
|
| |
+
|
| |
+ mkdir /home/copr
|
| |
+ chown copr:copr /home/copr
|
| |
+
|
| |
+ su - mockbuilder -c "ssh-keygen -f /home/mockbuilder/.ssh/id_rsa -P \"\""
|
| |
+ su - copr-dist-git -c "ssh-keygen -f /home/copr-dist-git/.ssh/id_rsa -P \"\""
|
| |
+ su - copr -c "ssh-keygen -f /home/copr/.ssh/id_rsa -P \"\""
|
| |
+
|
| |
+ echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
|
| |
+ echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/mockbuilder/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
|
| |
+
|
| |
+ yum -y install fedpkg-copr
|
| |
+
|
| |
+
|
| |
+ gpasswd -a mockbuilder mock
|
| |
+
|
| |
+
|
| |
+ --- /usr/bin/prunerepo.old 2017-01-05 12:39:09.149867627 +0100
|
| |
+ +++ /usr/bin/prunerepo 2017-01-05 12:02:32.199963170 +0100
|
| |
+ @@ -1,5 +1,10 @@
|
| |
+ #!/usr/bin/python2 -s
|
| |
+
|
| |
+ +from __future__ import print_function
|
| |
+ +import sys
|
| |
+ +def writeStdErr(message):
|
| |
+ + print(message, file=sys.stderr)
|
| |
+ +
|
| |
+ import subprocess
|
| |
+ import sys
|
| |
+ import argparse
|
| |
+
|
| |
+ TODO: include in Prunerepo
|
| |
+
|
| |
+
|
| |
+ --- /etc/httpd/conf.d/ssl.conf.orig 2017-01-05 16:10:51.778329623 +0100
|
| |
+ +++ /etc/httpd/conf.d/ssl.conf 2017-01-05 16:18:00.317226333 +0100
|
| |
+ @@ -56,9 +56,15 @@
|
| |
+ <VirtualHost _default_:443>
|
| |
+
|
| |
+ # General setup for the virtual host, inherited from global configuration
|
| |
+ -#DocumentRoot "/var/www/html"
|
| |
+ +DocumentRoot "/var/lib/copr/public_html/results"
|
| |
+ #ServerName www.example.com:443
|
| |
+
|
| |
+ +<Directory /var/lib/copr/public_html/results>
|
| |
+ + Options Indexes FollowSymLinks
|
| |
+ + AllowOverride None
|
| |
+ + Require all granted
|
| |
+ +</Directory>
|
| |
+ +
|
| |
+ # Use separate log files for the SSL virtual host; note that LogLevel
|
| |
+ # is not inherited from httpd.conf.
|
| |
+ ErrorLog logs/ssl_error_log
|
| |
+
|
| |
+
|
| |
+ SSLCERT:
|
| |
+
|
| |
+ openssl genrsa -des3 -out server.key 1024
|
| |
+ openssl req -new -key server.key -out server.csr
|
| |
+ mv server.key server.key.org
|
| |
+ openssl rsa -in server.key.org -out server.key
|
| |
+ openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt
|
| |
BEWARE... Dragons live here... and they are messy...