From 61e78b9f37a1e87602ab224d2f193aeea11518b5 Mon Sep 17 00:00:00 2001 From: Martin Juhl Date: Jan 24 2017 10:34:04 +0000 Subject: [PATCH 1/2] Updated documentation, Should now be complete, but not perfect yet :) --- diff --git a/README.EL7 b/README.EL7 index 775ceb7..9b1cccb 100644 --- a/README.EL7 +++ b/README.EL7 @@ -28,6 +28,22 @@ enabled_metadata=1 TODO: should be changed to the copr/copr repo, when the packages are ready... +Cloud repo: + +/etc/yum.repos.d/cloud.repo: +[cloud] +name=Cloud +baseurl=http://ftp.klid.dk/ftp/centos/7.2.1511/cloud/x86_64/openstack-kilo/ +type=rpm-md +skip_if_unavailable=True +gpgcheck=0 +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 + + +yum install python-novaclient + yum -y install copr-frontend copr-selinux systemctl start redis @@ -180,6 +196,10 @@ useradd copr-service gpasswd -a copr-service packager gpasswd -a copr-service apache +cd /home/copr && ln -s /usr/share/doc/copr-backend-1.94/playbooks/ provision + +su - copr && ssh root@localhost && ssh root@127.0.0.1 # Accept certificates.. + su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P \"\"" echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr-service/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys @@ -220,6 +240,15 @@ chown copr-service:copr-service /etc/copr/copr-dist-git.conf useradd -m mockbuilder +usermod -aG gitolite3 apache + +/usr/share/dist-git/dist_git_sync.sh +/usr/share/dist-git/cgit_pkg_list.sh + +enable: +/etc/cron.d/dist-git/cgit_pkg_list.cron +/etc/cron.d/dist-git/dist_git_sync.cron + --- /usr/lib/python2.7/site-packages/pyrpkg/__init__.py.old 2017-01-03 17:00:28.439908995 +0100 +++ /usr/lib/python2.7/site-packages/pyrpkg/__init__.py 2017-01-03 17:00:52.971164701 +0100 @@ -2381,6 +2381,9 @@ @@ -248,6 +277,12 @@ TODO: Fix copr-mocks with python3 depends.. /etc/copr/copr-be.conf: dist_git_url=ssh://copr-dist-git@localhost +frontend_base_url=http://copr03.casalogic.lan +results_baseurl=https://copr03.casalogic.lan +group0_spawn_playbook=/usr/share/doc/copr-backend-1.94/playbooks/spawn_local.yml +group0_terminate_playbook=/usr/share/doc/copr-backend-1.94/playbooks/terminate_local.yml +group0_max_vm_total=10 + mkdir /home/copr chown copr:copr /home/copr @@ -258,9 +293,30 @@ su - copr -c "ssh-keygen -f /home/copr/.ssh/id_rsa -P \"\"" echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/mockbuilder/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys +echo `cat /home/copr/.ssh/id_rsa.pub` >> /home/mockbuilder/.ssh/authorized_keys yum -y install fedpkg-copr +--- /root/fedpkg-copr.conf 2017-01-19 23:27:11.804206133 +0100 ++++ /etc/rpkg/fedpkg-copr.conf 2017-01-05 10:19:57.083673352 +0100 +@@ -1,10 +1,11 @@ + [fedpkg-copr] +-lookaside = http://209.132.184.41/repo/pkgs +-lookasidehash = md5 +-lookaside_cgi = https://209.132.184.41/repo/pkgs/upload.cgi +-gitbaseurl = ssh://%(user)s@209.132.184.41/%(module)s +-anongiturl = git://209.132.184.41/%(module)s ++lookaside = http://localhost/repo/pkgs ++lookasidehash = sha1 ++lookaside_cgi = https://localhost/repo/pkgs/upload.cgi ++gitbaseurl = ssh://%(user)s@localhost/%(module)s ++anongiturl = git://localhost/%(module)s + tracbaseurl = https://%(user)s:%(password)s@fedorahosted.org/rel-eng/login/xmlrpc +-branchre = f\d$|f\d\d$|el\d$|olpc\d$|mga\d$|cauldron$|master$ +-kojiconfig = /etc/koji.conf ++branchre = f\d$|f\d\d$|el\d$|olpc\d$|master$ ++kojiconfig = /etc/koji.conf + build_client = koji gpasswd -a mockbuilder mock @@ -305,8 +361,70 @@ TODO: include in Prunerepo SSLCERT: -openssl genrsa -des3 -out server.key 1024 +mkdir /etc/pki/tls/copr + +cd /etc/pki/tls/copr/ + +openssl genrsa -des3 -out server.key 1024 #Assign key openssl req -new -key server.key -out server.csr mv server.key server.key.org openssl rsa -in server.key.org -out server.key openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt + +--- /etc/httpd/conf.d/ssl.conf.old 2017-01-16 17:12:30.139427507 +0100 ++++ /etc/httpd/conf.d/ssl.conf 2017-01-16 17:12:58.427665886 +0100 +@@ -104,14 +104,14 @@ + # the certificate is encrypted, then you will be prompted for a + # pass phrase. Note that a kill -HUP will prompt again. A new + # certificate can be generated using the genkey(1) command. +-SSLCertificateFile /etc/pki/tls/certs/localhost.crt ++SSLCertificateFile /etc/pki/tls/copr/server.crt + + # Server Private Key: + # If the key is not combined with the certificate, use this + # directive to point at the key file. Keep in mind that if + # you've both a RSA and a DSA private key you can configure + # both in parallel (to also allow the use of DSA ciphers, etc.) +-SSLCertificateKeyFile /etc/pki/tls/private/localhost.key ++SSLCertificateKeyFile /etc/pki/tls/copr/server.key + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + + +systemctl enable copr-backend +systemctl start copr-backend + + +--- /root/lighttpd.conf 2017-01-19 22:54:34.442080177 +0100 ++++ /etc/lighttpd/lighttpd.conf 2016-12-05 12:26:06.032601228 +0100 +@@ -85,7 +85,7 @@ + ## Basic Configuration + ## --------------------- + ## +-server.port = 80 ++server.port = 8080 + + ## + ## Use IPv6? +@@ -112,7 +112,8 @@ + ## + ## Document root + ## +-server.document-root = server_root + "/lighttpd" ++#server.document-root = server_root + "/lighttpd" ++server.document-root = "/var/lib/copr/public_html" + + ## + ## The value for the "Server:" response field. + + +systemctl enable lighttpd +systemctl start lighttpd + +gpasswd -a lighttpd copr + + +/etc/lighttpd/conf.d/dirlisting.conf: +dir-listing.activate = "enable" + From 53008a3a827f430bbca617213c28c81b88fbaac1 Mon Sep 17 00:00:00 2001 From: Martin Juhl Date: Apr 05 2017 12:26:27 +0000 Subject: [PATCH 2/2] Corrections... --- diff --git a/README.EL7 b/README.EL7 index 9b1cccb..2a4397c 100644 --- a/README.EL7 +++ b/README.EL7 @@ -28,21 +28,14 @@ enabled_metadata=1 TODO: should be changed to the copr/copr repo, when the packages are ready... -Cloud repo: +TODO: copr-backend should now be available in the copr-dev repo.. so you can +use that for the backend... I'm still working on the frontend... -/etc/yum.repos.d/cloud.repo: -[cloud] -name=Cloud -baseurl=http://ftp.klid.dk/ftp/centos/7.2.1511/cloud/x86_64/openstack-kilo/ -type=rpm-md -skip_if_unavailable=True -gpgcheck=0 -repo_gpgcheck=0 -enabled=1 -enabled_metadata=1 +Cloud repo: +yum -y install centos-release-openstack-kilo -yum install python-novaclient +yum -y install python-novaclient yum -y install copr-frontend copr-selinux @@ -147,12 +140,6 @@ local coprdb postgres ident service postgresql reload -cd /usr/share/copr/coprs_frontend/ -./manage.py create_db --alembic alembic.ini -COPR_CONFIG=/etc/copr/copr.conf alembic downgrade 3ec22e1db75a -COPR_CONFIG=/etc/copr/copr.conf alembic upgrade head - - yum install mod_auth_kerb.x86_64 /etc/httpd/conf.d/auth-kerb.conf: @@ -175,8 +162,12 @@ TODO: AD JOIN + KEYTAB!!! systemctl start httpd systemctl enable httpd + + systemctl disable firewalld systemctl stop firewalld +TODO: Define the firewall rules needed, instead of disabling the firewall + dist-git: @@ -193,12 +184,16 @@ useradd copr-dist-git gpasswd -a copr-dist-git cvsadmin gpasswd -a copr-dist-git packager useradd copr-service + + gpasswd -a copr-service packager gpasswd -a copr-service apache -cd /home/copr && ln -s /usr/share/doc/copr-backend-1.94/playbooks/ provision - +cd /home/copr && ln -s /usr/share/doc/copr-backend-*/playbooks/ provision su - copr && ssh root@localhost && ssh root@127.0.0.1 # Accept certificates.. +TODO: clime: The bottom two lines are related to cop-backend setup. Also the last line should not be required. +I need to test this... + su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P \"\"" echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr-service/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys @@ -262,16 +257,9 @@ enable: # TODO: Skip empty file needed? file_hash = self.lookasidecache.hash_file(f) -TODO: Get it fixed in pyrpkg upstream.. - - - -yum -y install copr-mocks - - systemctl enable copr-mocks-frontend.service - systemctl start copr-mocks-frontend.service - -TODO: Fix copr-mocks with python3 depends.. +TODO: Get it fixed in pyrpkg upstream.. Might be fixed now, clime has +indicated that this works in production.. might be related to versions used +in CentOS/EPEL /etc/copr/copr-be.conf: