#34 Updated documentation, Should now be complete, but not perfect yet :)
Closed 6 years ago by clime. Opened 7 years ago by mrmeee.
copr/ mrmeee/copr EL7-documentation  into  master

file modified
+123 -17
@@ -28,6 +28,15 @@ 

  TODO: should be changed to the copr/copr repo, when the packages are

  ready...

  

+ TODO: copr-backend should now be available in the copr-dev repo.. so you can

+ use that for the backend... I'm still working on the frontend...

+ 

+ Cloud repo:

+ 

+ yum -y install centos-release-openstack-kilo

+ 

+ yum -y install python-novaclient

+ 

  

  yum -y install copr-frontend copr-selinux

  systemctl start redis
@@ -131,12 +140,6 @@ 

  

  service postgresql reload

  

- cd /usr/share/copr/coprs_frontend/

- ./manage.py create_db --alembic alembic.ini

- COPR_CONFIG=/etc/copr/copr.conf alembic downgrade 3ec22e1db75a

- COPR_CONFIG=/etc/copr/copr.conf alembic upgrade head

- 

- 

  yum install mod_auth_kerb.x86_64

  /etc/httpd/conf.d/auth-kerb.conf:

      <Location "/krb5_login/casalogic/">
@@ -159,8 +162,12 @@ 

      

  systemctl start httpd

  systemctl enable httpd

+ 

+ 

  systemctl disable firewalld

  systemctl stop firewalld

+ TODO: Define the firewall rules needed, instead of disabling the firewall

+ 

  

  dist-git:

  
@@ -177,9 +184,17 @@ 

  gpasswd -a copr-dist-git cvsadmin 

  gpasswd -a copr-dist-git packager

  useradd copr-service

+ 

+ 

  gpasswd -a copr-service packager

  gpasswd -a copr-service apache

  

+ cd /home/copr && ln -s /usr/share/doc/copr-backend-*/playbooks/ provision

+ su - copr && ssh root@localhost && ssh root@127.0.0.1 # Accept certificates..

+ TODO: clime: The bottom two lines are related to cop-backend setup. Also the last line should not be required.

+ I need to test this...

+ 

+ 

  su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P \"\""

  echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr-service/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys

  
@@ -220,6 +235,15 @@ 

  

  useradd -m mockbuilder

  

+ usermod -aG gitolite3 apache

+ 

+ /usr/share/dist-git/dist_git_sync.sh

+ /usr/share/dist-git/cgit_pkg_list.sh

+ 

+ enable:

+ /etc/cron.d/dist-git/cgit_pkg_list.cron

+ /etc/cron.d/dist-git/dist_git_sync.cron

+ 

  --- /usr/lib/python2.7/site-packages/pyrpkg/__init__.py.old     2017-01-03 17:00:28.439908995 +0100

  +++ /usr/lib/python2.7/site-packages/pyrpkg/__init__.py 2017-01-03 17:00:52.971164701 +0100

  @@ -2381,6 +2381,9 @@
@@ -233,21 +257,20 @@ 

               # TODO: Skip empty file needed?

               file_hash = self.lookasidecache.hash_file(f)

  

- TODO: Get it fixed in pyrpkg upstream..

- 

- 

- 

- yum -y install copr-mocks

- 

-  systemctl enable copr-mocks-frontend.service

-  systemctl start copr-mocks-frontend.service

- 

- TODO: Fix copr-mocks with python3 depends..

+ TODO: Get it fixed in pyrpkg upstream.. Might be fixed now, clime has

+ indicated that this works in production.. might be related to versions used

+ in CentOS/EPEL

  

  

  /etc/copr/copr-be.conf:

  

  dist_git_url=ssh://copr-dist-git@localhost

+ frontend_base_url=http://copr03.casalogic.lan 

+ results_baseurl=https://copr03.casalogic.lan

+ group0_spawn_playbook=/usr/share/doc/copr-backend-1.94/playbooks/spawn_local.yml

+ group0_terminate_playbook=/usr/share/doc/copr-backend-1.94/playbooks/terminate_local.yml

+ group0_max_vm_total=10

+ 

  

  mkdir /home/copr

  chown copr:copr /home/copr
@@ -258,9 +281,30 @@ 

  

  echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys

  echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/mockbuilder/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys

+ echo `cat /home/copr/.ssh/id_rsa.pub` >> /home/mockbuilder/.ssh/authorized_keys

  

  yum -y install fedpkg-copr

  

+ --- /root/fedpkg-copr.conf      2017-01-19 23:27:11.804206133 +0100

+ +++ /etc/rpkg/fedpkg-copr.conf  2017-01-05 10:19:57.083673352 +0100

+ @@ -1,10 +1,11 @@

+  [fedpkg-copr]

+ -lookaside = http://209.132.184.41/repo/pkgs

+ -lookasidehash = md5

+ -lookaside_cgi = https://209.132.184.41/repo/pkgs/upload.cgi

+ -gitbaseurl = ssh://%(user)s@209.132.184.41/%(module)s

+ -anongiturl = git://209.132.184.41/%(module)s

+ +lookaside = http://localhost/repo/pkgs

+ +lookasidehash = sha1

+ +lookaside_cgi = https://localhost/repo/pkgs/upload.cgi

+ +gitbaseurl = ssh://%(user)s@localhost/%(module)s

+ +anongiturl = git://localhost/%(module)s

+  tracbaseurl = https://%(user)s:%(password)s@fedorahosted.org/rel-eng/login/xmlrpc

+ -branchre = f\d$|f\d\d$|el\d$|olpc\d$|mga\d$|cauldron$|master$

+ -kojiconfig = /etc/koji.conf

+ +branchre = f\d$|f\d\d$|el\d$|olpc\d$|master$

+ +kojiconfig = /etc/koji.conf 

+  build_client = koji

  

  gpasswd -a mockbuilder mock

  
@@ -305,8 +349,70 @@ 

  

  SSLCERT:

  

- openssl genrsa -des3 -out server.key 1024

+ mkdir /etc/pki/tls/copr

+ 

+ cd /etc/pki/tls/copr/

+ 

+ openssl genrsa -des3 -out server.key 1024 #Assign key

  openssl req -new -key server.key -out server.csr

  mv server.key server.key.org

  openssl rsa -in server.key.org -out server.key

  openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt

+ 

+ --- /etc/httpd/conf.d/ssl.conf.old      2017-01-16 17:12:30.139427507 +0100

+ +++ /etc/httpd/conf.d/ssl.conf  2017-01-16 17:12:58.427665886 +0100

+ @@ -104,14 +104,14 @@

+  # the certificate is encrypted, then you will be prompted for a

+  # pass phrase.  Note that a kill -HUP will prompt again.  A new

+  # certificate can be generated using the genkey(1) command.

+ -SSLCertificateFile /etc/pki/tls/certs/localhost.crt

+ +SSLCertificateFile /etc/pki/tls/copr/server.crt

+  

+  #   Server Private Key:

+  #   If the key is not combined with the certificate, use this

+  #   directive to point at the key file.  Keep in mind that if

+  #   you've both a RSA and a DSA private key you can configure

+  #   both in parallel (to also allow the use of DSA ciphers, etc.)

+ -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

+ +SSLCertificateKeyFile /etc/pki/tls/copr/server.key

+  

+  #   Server Certificate Chain:

+  #   Point SSLCertificateChainFile at a file containing the

+ 

+ 

+ systemctl enable copr-backend

+ systemctl start copr-backend

+ 

+ 

+ --- /root/lighttpd.conf 2017-01-19 22:54:34.442080177 +0100

+ +++ /etc/lighttpd/lighttpd.conf 2016-12-05 12:26:06.032601228 +0100

+ @@ -85,7 +85,7 @@

+  ##  Basic Configuration

+  ## ---------------------

+  ##

+ -server.port = 80

+ +server.port = 8080

+  

+  ##

+  ## Use IPv6?

+ @@ -112,7 +112,8 @@

+  ##

+  ## Document root

+  ##

+ -server.document-root = server_root + "/lighttpd"

+ +#server.document-root = server_root + "/lighttpd"

+ +server.document-root = "/var/lib/copr/public_html"

+  

+  ##

+  ## The value for the "Server:" response field.

+ 

+ 

+ systemctl enable lighttpd

+ systemctl start lighttpd

+ 

+ gpasswd -a lighttpd copr

+ 

+ 

+ /etc/lighttpd/conf.d/dirlisting.conf:

+ dir-listing.activate      = "enable"

+ 

no initial comment

General notes to the resulting README.EL7 file that would be nice to account in:

l:36

/etc/yum.repos.d/cloud.repo:
[cloud]
name=Cloud
baseurl=http://ftp.klid.dk/ftp/centos/7.2.1511/cloud/x86_64/openstack-kilo/

baseurl is now invalid.

l:152

  ./manage.py create_db --alembic alembic.ini
  COPR_CONFIG=/etc/copr/copr.conf alembic downgrade 3ec22e1db75a
  COPR_CONFIG=/etc/copr/copr.conf alembic upgrade head

downgrade to 3ec22e1db75a should no longer be required.

l:178

systemctl disable firewalld
systemctl stop firewalld

It would be nicer to play around with firewalld rules for a bit, although, I understand this is the simplest.

~l:199

gpasswd -a copr-service packager
gpasswd -a copr-service apache

cd /home/copr && ln -s /usr/share/doc/copr-backend-1.94/playbooks/ provision

su - copr && ssh root@localhost && ssh root@127.0.0.1 # Accept certificates..

The bottom two lines are related to cop-backend setup. Also the last line should not be required.

l:258

    gitignore = GitIgnore(os.path.join(self.path, '.gitignore'))

    +        oldpath = os.getcwd()
    +        os.chdir(self.path)
    +

Please, keep an eye on this bug. It should not be needed with the latest version of copr-dist-git (0.24) and pyrpkg-1.47 as we run production server on these packages.

l:269

yum -y install copr-mocks

systemctl enable copr-mocks-frontend.service
systemctl start copr-mocks-frontend.service

Note that, strictly, copr-mocks-frontend does not be included in this tutorial as it is only good for testing purposes (which might be useful to test the setup we are making in the end).

~l:292:

 su - mockbuilder -c "ssh-keygen -f /home/mockbuilder/.ssh/id_rsa -P \"\""
 su - copr-dist-git -c "ssh-keygen -f /home/copr-dist-git/.ssh/id_rsa -P \"\""
 su - copr -c "ssh-keygen -f /home/copr/.ssh/id_rsa -P \"\""

echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/mockbuilder/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
echo `cat /home/copr/.ssh/id_rsa.pub` >> /home/mockbuilder/.ssh/authorized_keys

This is probably meant to be part of the backend setup but then, this is not required. You only need to run

su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P ...

and that is already covered in the docs.

l:329

+from __future__ import print_function
+import sys
+def writeStdErr(message):
+    print(message, file=sys.stderr)

Is this required in prunerepo? Could you explain and send a patch if so?

l:341

--- /etc/httpd/conf.d/ssl.conf.orig     2017-01-05 16:10:51.778329623 +0100
+++ /etc/httpd/conf.d/ssl.conf  2017-01-05 16:18:00.317226333 +0100
@@ -56,9 +56,15 @@
 <VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
-#DocumentRoot "/var/www/html"
+DocumentRoot "/var/lib/copr/public_html/results"

Results are provided by lighttpd so this also should not be needed on a backend machine.

l:362

SSLCERT:

mkdir /etc/pki/tls/copr

cd /etc/pki/tls/copr/

...

This setup related to copr-dist-git machine is also not required. Certificates are needed for pushing into the lookaside cache but in COPR, currently, source rpms are not being pushed at the moment by the upload.cgi script. They are instead locally copied into appropriate location by copr-dist-git daemon. It is nice that you have mentioned the way how to generate the certs though so maybe just note that they are not currently required.


Apart from the concrete line notes, I would like to point out that it would be nice to make clear what part of the config is for copr-frontend, what part for copr-dist-git and what part for copr-backend.

In future, we might try include copr-keygen.

Hello, do you plan to continue on the docs? It would be nice to get this sorted out...

Hi..

Yes.. I will.. but trying to get all the packages together first :)

You can improve docs just on the bits that are done. I would like to try to make copr-backend work now according to the docs.

1 new commit added

  • Corrections...
6 years ago

The COPR repository mrmeee/coprtos now contains quite outdated version of copr-backend. I could not make it work on a CentOS machine because that version of copr-backend requires no longer available ansible1.9. However, I managed to install and successfully run a build with copr-backend-1.98 installed from @copr/copr-dev (epel7 chroot). It required quite a few steps, however.

If you would like, you could verify and perhaps extend these steps and update the EL7 docs accordingly. It would be useful to separate what was necessary to do for backend itself (i.e. redis service start or the copr user setup) and what was needed just for the builder(s) to run (installing fedpkg-copr, rpm-build, expect) but I can help you with that.

What I miss the most in the current docs for COPR in el7 are separate section for copr-backend, copr-frontend, and copr-dist-git.

Hi

Thanks for all the feedback...

I'm currently working on getting all the dependecies into EPEL.. as soon as they are in place, I'll do a rebase with the newest packages in my repo, and fix the docs... (including splitting into seperate chapters for each component)..

Hi
Thanks for all the feedback...
I'm currently working on getting all the dependecies into EPEL.. as soon as they are in place, I'll do a rebase with the newest packages in my repo, and fix the docs... (including splitting into seperate chapters for each component)..

Alright, great. Note that we could probably already get something into EPEL now...like copr-backend I think.

I have created this dependency repo:

https://copr.fedorainfracloud.org/coprs/mrmeee/elcopr-depends/packages/

Containing:

gcab - build dep for libappstream-glib
libappstream-glib - install dep for copr-backend (libappstream-glib-builder)
python-requests - build/install dep for copr-backend
python-urllib3 - build dep for python-requests in version 1.10.4, only 1.10.2 in CentOS

Python packages needed for copr-frontend:
python34-blinker
python34-flask
python34-flask-sqlalchemy
python34-itsdangerous
python34-sphinx
python34-sqlalchemy
python34-werkzeug

I think that the four packages on top needs to be added to the copr repo?

The others we can probably get into EPEL with some work??? Do anyone know the exact procedure for getting them in???

I have created this dependency repo:
https://copr.fedorainfracloud.org/coprs/mrmeee/elcopr-depends/packages/
Containing:
gcab - build dep for libappstream-glib
libappstream-glib - install dep for copr-backend (libappstream-glib-builder)
python-requests - build/install dep for copr-backend
python-urllib3 - build dep for python-requests in version 1.10.4, only 1.10.2 in CentOS
Python packages needed for copr-frontend:
python34-blinker
python34-flask
python34-flask-sqlalchemy
python34-itsdangerous
python34-sphinx
python34-sqlalchemy
python34-werkzeug
I think that the four packages on top needs to be added to the copr repo?
The others we can probably get into EPEL with some work??? Do anyone know the exact procedure for getting them in???

Sorry but this is unrelated. What we really need is a good documentation of how to setup COPR on CentOS. You did that originally but you didn't make the improvements and updates.

The packages you mention are all for copr-frontend. You can get other packages like copr-backend, copr-keygen, or copr-dist-git into EPEL already. You should focus on that.

Sorry, closing this for long inactivity. Feel free to reopen and if you want to take on this again.

Pull-Request has been closed by clime

6 years ago
Metadata