| |
@@ -28,6 +28,15 @@
|
| |
TODO: should be changed to the copr/copr repo, when the packages are
|
| |
ready...
|
| |
|
| |
+ TODO: copr-backend should now be available in the copr-dev repo.. so you can
|
| |
+ use that for the backend... I'm still working on the frontend...
|
| |
+
|
| |
+ Cloud repo:
|
| |
+
|
| |
+ yum -y install centos-release-openstack-kilo
|
| |
+
|
| |
+ yum -y install python-novaclient
|
| |
+
|
| |
|
| |
yum -y install copr-frontend copr-selinux
|
| |
systemctl start redis
|
| |
@@ -131,12 +140,6 @@
|
| |
|
| |
service postgresql reload
|
| |
|
| |
- cd /usr/share/copr/coprs_frontend/
|
| |
- ./manage.py create_db --alembic alembic.ini
|
| |
- COPR_CONFIG=/etc/copr/copr.conf alembic downgrade 3ec22e1db75a
|
| |
- COPR_CONFIG=/etc/copr/copr.conf alembic upgrade head
|
| |
-
|
| |
-
|
| |
yum install mod_auth_kerb.x86_64
|
| |
/etc/httpd/conf.d/auth-kerb.conf:
|
| |
<Location "/krb5_login/casalogic/">
|
| |
@@ -159,8 +162,12 @@
|
| |
|
| |
systemctl start httpd
|
| |
systemctl enable httpd
|
| |
+
|
| |
+
|
| |
systemctl disable firewalld
|
| |
systemctl stop firewalld
|
| |
+ TODO: Define the firewall rules needed, instead of disabling the firewall
|
| |
+
|
| |
|
| |
dist-git:
|
| |
|
| |
@@ -177,9 +184,17 @@
|
| |
gpasswd -a copr-dist-git cvsadmin
|
| |
gpasswd -a copr-dist-git packager
|
| |
useradd copr-service
|
| |
+
|
| |
+
|
| |
gpasswd -a copr-service packager
|
| |
gpasswd -a copr-service apache
|
| |
|
| |
+ cd /home/copr && ln -s /usr/share/doc/copr-backend-*/playbooks/ provision
|
| |
+ su - copr && ssh root@localhost && ssh root@127.0.0.1 # Accept certificates..
|
| |
+ TODO: clime: The bottom two lines are related to cop-backend setup. Also the last line should not be required.
|
| |
+ I need to test this...
|
| |
+
|
| |
+
|
| |
su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P \"\""
|
| |
echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr-service/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
|
| |
|
| |
@@ -220,6 +235,15 @@
|
| |
|
| |
useradd -m mockbuilder
|
| |
|
| |
+ usermod -aG gitolite3 apache
|
| |
+
|
| |
+ /usr/share/dist-git/dist_git_sync.sh
|
| |
+ /usr/share/dist-git/cgit_pkg_list.sh
|
| |
+
|
| |
+ enable:
|
| |
+ /etc/cron.d/dist-git/cgit_pkg_list.cron
|
| |
+ /etc/cron.d/dist-git/dist_git_sync.cron
|
| |
+
|
| |
--- /usr/lib/python2.7/site-packages/pyrpkg/__init__.py.old 2017-01-03 17:00:28.439908995 +0100
|
| |
+++ /usr/lib/python2.7/site-packages/pyrpkg/__init__.py 2017-01-03 17:00:52.971164701 +0100
|
| |
@@ -2381,6 +2381,9 @@
|
| |
@@ -233,21 +257,20 @@
|
| |
# TODO: Skip empty file needed?
|
| |
file_hash = self.lookasidecache.hash_file(f)
|
| |
|
| |
- TODO: Get it fixed in pyrpkg upstream..
|
| |
-
|
| |
-
|
| |
-
|
| |
- yum -y install copr-mocks
|
| |
-
|
| |
- systemctl enable copr-mocks-frontend.service
|
| |
- systemctl start copr-mocks-frontend.service
|
| |
-
|
| |
- TODO: Fix copr-mocks with python3 depends..
|
| |
+ TODO: Get it fixed in pyrpkg upstream.. Might be fixed now, clime has
|
| |
+ indicated that this works in production.. might be related to versions used
|
| |
+ in CentOS/EPEL
|
| |
|
| |
|
| |
/etc/copr/copr-be.conf:
|
| |
|
| |
dist_git_url=ssh://copr-dist-git@localhost
|
| |
+ frontend_base_url=http://copr03.casalogic.lan
|
| |
+ results_baseurl=https://copr03.casalogic.lan
|
| |
+ group0_spawn_playbook=/usr/share/doc/copr-backend-1.94/playbooks/spawn_local.yml
|
| |
+ group0_terminate_playbook=/usr/share/doc/copr-backend-1.94/playbooks/terminate_local.yml
|
| |
+ group0_max_vm_total=10
|
| |
+
|
| |
|
| |
mkdir /home/copr
|
| |
chown copr:copr /home/copr
|
| |
@@ -258,9 +281,30 @@
|
| |
|
| |
echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
|
| |
echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/mockbuilder/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys
|
| |
+ echo `cat /home/copr/.ssh/id_rsa.pub` >> /home/mockbuilder/.ssh/authorized_keys
|
| |
|
| |
yum -y install fedpkg-copr
|
| |
|
| |
+ --- /root/fedpkg-copr.conf 2017-01-19 23:27:11.804206133 +0100
|
| |
+ +++ /etc/rpkg/fedpkg-copr.conf 2017-01-05 10:19:57.083673352 +0100
|
| |
+ @@ -1,10 +1,11 @@
|
| |
+ [fedpkg-copr]
|
| |
+ -lookaside = http://209.132.184.41/repo/pkgs
|
| |
+ -lookasidehash = md5
|
| |
+ -lookaside_cgi = https://209.132.184.41/repo/pkgs/upload.cgi
|
| |
+ -gitbaseurl = ssh://%(user)s@209.132.184.41/%(module)s
|
| |
+ -anongiturl = git://209.132.184.41/%(module)s
|
| |
+ +lookaside = http://localhost/repo/pkgs
|
| |
+ +lookasidehash = sha1
|
| |
+ +lookaside_cgi = https://localhost/repo/pkgs/upload.cgi
|
| |
+ +gitbaseurl = ssh://%(user)s@localhost/%(module)s
|
| |
+ +anongiturl = git://localhost/%(module)s
|
| |
+ tracbaseurl = https://%(user)s:%(password)s@fedorahosted.org/rel-eng/login/xmlrpc
|
| |
+ -branchre = f\d$|f\d\d$|el\d$|olpc\d$|mga\d$|cauldron$|master$
|
| |
+ -kojiconfig = /etc/koji.conf
|
| |
+ +branchre = f\d$|f\d\d$|el\d$|olpc\d$|master$
|
| |
+ +kojiconfig = /etc/koji.conf
|
| |
+ build_client = koji
|
| |
|
| |
gpasswd -a mockbuilder mock
|
| |
|
| |
@@ -305,8 +349,70 @@
|
| |
|
| |
SSLCERT:
|
| |
|
| |
- openssl genrsa -des3 -out server.key 1024
|
| |
+ mkdir /etc/pki/tls/copr
|
| |
+
|
| |
+ cd /etc/pki/tls/copr/
|
| |
+
|
| |
+ openssl genrsa -des3 -out server.key 1024 #Assign key
|
| |
openssl req -new -key server.key -out server.csr
|
| |
mv server.key server.key.org
|
| |
openssl rsa -in server.key.org -out server.key
|
| |
openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt
|
| |
+
|
| |
+ --- /etc/httpd/conf.d/ssl.conf.old 2017-01-16 17:12:30.139427507 +0100
|
| |
+ +++ /etc/httpd/conf.d/ssl.conf 2017-01-16 17:12:58.427665886 +0100
|
| |
+ @@ -104,14 +104,14 @@
|
| |
+ # the certificate is encrypted, then you will be prompted for a
|
| |
+ # pass phrase. Note that a kill -HUP will prompt again. A new
|
| |
+ # certificate can be generated using the genkey(1) command.
|
| |
+ -SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
| |
+ +SSLCertificateFile /etc/pki/tls/copr/server.crt
|
| |
+
|
| |
+ # Server Private Key:
|
| |
+ # If the key is not combined with the certificate, use this
|
| |
+ # directive to point at the key file. Keep in mind that if
|
| |
+ # you've both a RSA and a DSA private key you can configure
|
| |
+ # both in parallel (to also allow the use of DSA ciphers, etc.)
|
| |
+ -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
| |
+ +SSLCertificateKeyFile /etc/pki/tls/copr/server.key
|
| |
+
|
| |
+ # Server Certificate Chain:
|
| |
+ # Point SSLCertificateChainFile at a file containing the
|
| |
+
|
| |
+
|
| |
+ systemctl enable copr-backend
|
| |
+ systemctl start copr-backend
|
| |
+
|
| |
+
|
| |
+ --- /root/lighttpd.conf 2017-01-19 22:54:34.442080177 +0100
|
| |
+ +++ /etc/lighttpd/lighttpd.conf 2016-12-05 12:26:06.032601228 +0100
|
| |
+ @@ -85,7 +85,7 @@
|
| |
+ ## Basic Configuration
|
| |
+ ## ---------------------
|
| |
+ ##
|
| |
+ -server.port = 80
|
| |
+ +server.port = 8080
|
| |
+
|
| |
+ ##
|
| |
+ ## Use IPv6?
|
| |
+ @@ -112,7 +112,8 @@
|
| |
+ ##
|
| |
+ ## Document root
|
| |
+ ##
|
| |
+ -server.document-root = server_root + "/lighttpd"
|
| |
+ +#server.document-root = server_root + "/lighttpd"
|
| |
+ +server.document-root = "/var/lib/copr/public_html"
|
| |
+
|
| |
+ ##
|
| |
+ ## The value for the "Server:" response field.
|
| |
+
|
| |
+
|
| |
+ systemctl enable lighttpd
|
| |
+ systemctl start lighttpd
|
| |
+
|
| |
+ gpasswd -a lighttpd copr
|
| |
+
|
| |
+
|
| |
+ /etc/lighttpd/conf.d/dirlisting.conf:
|
| |
+ dir-listing.activate = "enable"
|
| |
+
|
| |