From 197dc1688d02dd56e7941d30e06e70adede6e825 Mon Sep 17 00:00:00 2001 From: Martin Juhl Date: Jan 17 2017 10:31:49 +0000 Subject: Initial EL7 Documentation.. BEWARE... Dragons live here... and they are messy... --- diff --git a/README.EL7 b/README.EL7 new file mode 100644 index 0000000..775ceb7 --- /dev/null +++ b/README.EL7 @@ -0,0 +1,312 @@ +THIS DOCUMENTATION IS A WORK IN PROGRESS!!!!! USE IT AT YOUR OWN RISK.... + +This is a bloody mess.. But I have a working COPR server running here on a +RHEL7 server... + +Please submit any questions or recommendations to m@rtinjuhl.dk + + +---------------------------------------------------------------- + +subscription-manager repos --disable='*' --enable='rhel-7-server-rpms' --enable='rhel-7-server-optional-rpms' --enable='rhel-7-server-extras-rpms' + +Enable EPEL: +rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + +/etc/yum.repos.d/coprs.conf: +[mrmeee-coprtos] +name=Copr repo for coprtos owned by mrmeee +baseurl=https://copr-be.cloud.fedoraproject.org/results/mrmeee/coprtos/epel-7-$basearch/ +type=rpm-md +skip_if_unavailable=True +gpgcheck=1 +gpgkey=https://copr-be.cloud.fedoraproject.org/results/mrmeee/coprtos/pubkey.gpg +repo_gpgcheck=0 +enabled=1 +enabled_metadata=1 + +TODO: should be changed to the copr/copr repo, when the packages are +ready... + + +yum -y install copr-frontend copr-selinux +systemctl start redis +systemctl enable redis + + +cp /usr/share/doc/copr-frontend-1.103/coprs.conf.example /etc/httpd/conf.d/coprs.conf + +/etc/httpd/conf.d/coprs.conf: + + --> + + +/etc/copr/copr.conf: +-#DATA_DIR = '/var/lib/copr/data' +-#DATABASE = '/var/lib/copr/data/copr.db' +-#OPENID_STORE = '/var/lib/copr/data/openid_store' +-#WHOOSHEE_DIR = '/var/lib/copr/data/whooshee' ++DATA_DIR = '/var/lib/copr/data' ++DATABASE = '/var/lib/copr/data/copr.db' ++OPENID_STORE = '/var/lib/copr/data/openid_store' ++WHOOSHEE_DIR = '/var/lib/copr/data/whooshee' + + # salt for CSRF codes +-#SECRET_KEY = 'put_some_secret_here' ++SECRET_KEY = 'mjp123' + +-#BACKEND_PASSWORD = 'password_here' ++BACKEND_PASSWORD = 'mjp123' + + # restrict access to a set of users + #USE_ALLOWED_USERS = False + #ALLOWED_USERS = ['bonnie', 'clyde'] + +-SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@/coprdb' ++SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://copr-fe:coprpass@localhost/coprdb' + + # Token length, defaults to 30 (max 255) + #API_TOKEN_LENGTH = 30 +@@ -68,19 +68,19 @@ + # kerberos user user@REDHAT.COM is expected to have + # user@redhat.com email address. + +-#KRB5_LOGIN = { +-# 'RH': { +-# 'URI': "redhat", +-# 'log_text': "Krb5 login", +-# 'email_domain': "redhat.com", +-# } +-#} +- +-PUBLIC_COPR_HOSTNAME = "copr.fedoraproject.org" +- +-BACKEND_BASE_URL = "http://copr-be-dev.cloud.fedoraproject.org" +-DIST_GIT_URL = "http://copr-dist-git-dev.fedorainfracloud.org/cgit" +-COPR_DIST_GIT_LOGS_URL = "http://copr-dist-git-dev.fedorainfracloud.org/per-task-logs" ++KRB5_LOGIN = { ++ 'RH': { ++ 'URI': "casalogic", ++ 'log_text': "Krb5 login", ++ 'email_domain': "CASALOGIC.LAN", ++ } ++} ++ ++PUBLIC_COPR_HOSTNAME = "copr01.casalogic.lan" ++ ++BACKEND_BASE_URL = "http://copr01.casalogic.lan" ++DIST_GIT_URL = "http://copr01.casalogic.lan/cgit" ++COPR_DIST_GIT_LOGS_URL = "http://copr01.casalogic.lan/per-task-logs" + + # primary + LOG_FILENAME = "/var/log/copr-frontend/frontend.log" +@@ -88,7 +88,7 @@ + + # Internal network, used to accept statistics without auth + # list of IP or subnet +-INTRANET_IPS = ["127.0.0.1", "192.168.1.0/24"] ++INTRANET_IPS = ["127.0.0.1", "192.168.20.0/24"] + + # Builder VMs network, used to avoid requests from builders in popularity statistics + # list of IP or subnet, optional + + +yum install -y postgresql-server +systemctl enable postgresql +service postgresql initdb +systemctl start postgresql + +su - postgres -c 'PGPASSWORD=coprpass ; createdb -E UTF8 coprdb ; yes $PGPASSWORD | createuser -P -sDR copr-fe' + +vi /var/lib/pgsql/data/pg_hba.conf + +local coprdb copr-fe md5 + +host coprdb copr-fe 127.0.0.1/8 md5 + +host coprdb copr-fe ::1/128 md5 + +local coprdb postgres ident + + +service postgresql reload + +cd /usr/share/copr/coprs_frontend/ +./manage.py create_db --alembic alembic.ini +COPR_CONFIG=/etc/copr/copr.conf alembic downgrade 3ec22e1db75a +COPR_CONFIG=/etc/copr/copr.conf alembic upgrade head + + +yum install mod_auth_kerb.x86_64 +/etc/httpd/conf.d/auth-kerb.conf: + + + KrbVerifyKDC off + AuthType Kerberos + AuthName "Casalogic Kerberos Credentials" + KrbMethodNegotiate on + KrbMethodK5Passwd on + KrbServiceName HTTP/copr01.casalogic.lan + KrbAuthRealms CASALOGIC.LAN + Krb5Keytab /etc/httpd/conf/httpd.keytab + KrbSaveCredentials off + Require valid-user + #KrbLocalUserMapping On + + +TODO: AD JOIN + KEYTAB!!! + + +systemctl start httpd +systemctl enable httpd +systemctl disable firewalld +systemctl stop firewalld + +dist-git: + +yum install dist-git copr-dist-git + +/etc/copr/copr-dist-git.conf: + +frontend_base_url=http://copr02.casalogic.lan +log_dir=/var/log/copr-dist-git +frontend_auth=mjp123 + + +useradd copr-dist-git +gpasswd -a copr-dist-git cvsadmin +gpasswd -a copr-dist-git packager +useradd copr-service +gpasswd -a copr-service packager +gpasswd -a copr-service apache + +su - copr-service -c "ssh-keygen -f /home/copr-service/.ssh/id_rsa -P \"\"" +echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr-service/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys + +Rediger /etc/httpd/conf.d/dist-git/lookaside.conf: + +AliasMatch "/repo(/.*)/md5(/.*)" "/var/lib/dist-git/cache/lookaside$1$2" +Alias /lookaside /var/lib/dist-git/cache/lookaside +Alias /repo/ /var/lib/dist-git/cache/lookaside/ + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +echo "project-list=/var/lib/dist-git/git/pkgs-git-repos-list" >> /etc/cgitrc +echo "scan-path=/var/lib/dist-git/git/rpms/" >> /etc/cgitrc + +mkdir -p /var/log/copr-dist-git +chown copr-service:copr-service /var/log/copr-dist-git +chown copr-service:copr-service /var/lib/copr-dist-git/ + +systemctl enable docker +systemctl start docker +gpasswd -a copr-service docker +systemctl start copr-dist-git +systemctl enable copr-dist-git + +systemctl restart httpd +systemctl enable dist-git.socket +systemctl restart dist-git.socket + +su - copr-service -c "git config --global user.email \"copr-devel@localhost\"" +su - copr-service -c "git config --global user.name \"Copr dist git\"" + +chown copr-service:copr-service -R /var/log/copr-dist-git/ +chown copr-service:copr-service /etc/copr/copr-dist-git.conf + +useradd -m mockbuilder + +--- /usr/lib/python2.7/site-packages/pyrpkg/__init__.py.old 2017-01-03 17:00:28.439908995 +0100 ++++ /usr/lib/python2.7/site-packages/pyrpkg/__init__.py 2017-01-03 17:00:52.971164701 +0100 +@@ -2381,6 +2381,9 @@ + replace=replace) + gitignore = GitIgnore(os.path.join(self.path, '.gitignore')) + ++ oldpath = os.getcwd() ++ os.chdir(self.path) ++ + for f in files: + # TODO: Skip empty file needed? + file_hash = self.lookasidecache.hash_file(f) + +TODO: Get it fixed in pyrpkg upstream.. + + + +yum -y install copr-mocks + + systemctl enable copr-mocks-frontend.service + systemctl start copr-mocks-frontend.service + +TODO: Fix copr-mocks with python3 depends.. + + +/etc/copr/copr-be.conf: + +dist_git_url=ssh://copr-dist-git@localhost + +mkdir /home/copr +chown copr:copr /home/copr + +su - mockbuilder -c "ssh-keygen -f /home/mockbuilder/.ssh/id_rsa -P \"\"" +su - copr-dist-git -c "ssh-keygen -f /home/copr-dist-git/.ssh/id_rsa -P \"\"" +su - copr -c "ssh-keygen -f /home/copr/.ssh/id_rsa -P \"\"" + +echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/copr/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys +echo 'command="HOME=/var/lib/dist-git/git/ /usr/share/gitolite3/gitolite-shell $USER"' `cat /home/mockbuilder/.ssh/id_rsa.pub` >> /home/copr-dist-git/.ssh/authorized_keys + +yum -y install fedpkg-copr + + +gpasswd -a mockbuilder mock + + +--- /usr/bin/prunerepo.old 2017-01-05 12:39:09.149867627 +0100 ++++ /usr/bin/prunerepo 2017-01-05 12:02:32.199963170 +0100 +@@ -1,5 +1,10 @@ + #!/usr/bin/python2 -s + ++from __future__ import print_function ++import sys ++def writeStdErr(message): ++ print(message, file=sys.stderr) ++ + import subprocess + import sys + import argparse + +TODO: include in Prunerepo + + +--- /etc/httpd/conf.d/ssl.conf.orig 2017-01-05 16:10:51.778329623 +0100 ++++ /etc/httpd/conf.d/ssl.conf 2017-01-05 16:18:00.317226333 +0100 +@@ -56,9 +56,15 @@ + + + # General setup for the virtual host, inherited from global configuration +-#DocumentRoot "/var/www/html" ++DocumentRoot "/var/lib/copr/public_html/results" + #ServerName www.example.com:443 + ++ ++ Options Indexes FollowSymLinks ++ AllowOverride None ++ Require all granted ++ ++ + # Use separate log files for the SSL virtual host; note that LogLevel + # is not inherited from httpd.conf. + ErrorLog logs/ssl_error_log + + +SSLCERT: + +openssl genrsa -des3 -out server.key 1024 +openssl req -new -key server.key -out server.csr +mv server.key server.key.org +openssl rsa -in server.key.org -out server.key +openssl x509 -req -days 10000 -in server.csr -signkey server.key -out server.crt