Difference between revisions of "Fedora-ARM,Dogfood - koji Hub"

From CDOT Wiki
Jump to: navigation, search
Line 81: Line 81:
  
 
1. introduction
 
1. introduction
 +
 
It was agreed that all parts of our Koji build system would reside on IRAQ.
 
It was agreed that all parts of our Koji build system would reside on IRAQ.
 +
 
After successfully installing and configuring Postgresql the next step is the Koji Hub.
 
After successfully installing and configuring Postgresql the next step is the Koji Hub.
 +
 
In order for the Koji Hub to work Apache should be installed as well as a few additional modules.
 
In order for the Koji Hub to work Apache should be installed as well as a few additional modules.
 +
 
Run the following command as root:
 
Run the following command as root:
  
'''yum install koji-hub httpd mod_ssl mod_python'''
 
 
 
Then edit the Apache conf file – ‘/etc/httpd/conf/httpd.conf’ and change the “MaxRequestsPerChild” to 100.
 
On IRAQ these setting were already in place as Apache was running and configured.
 
 
Next edit the ‘/etc/koji-hub/hub.conf’ file and add the following lines:
 
DBName = koji
 
DBUser = koji
 
DBHost = localhost
 
KojiDir = /mnt/koji
 
LoginCreatesUser = On
 
KojiWebURL = http://iraq.proximity.on.ca/koji
 
Since we are using SSL for authentication, also add
 
 
DNUsernameComponent = CN
 
ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="
 
 
And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
 
 
<Location /kojihub>
 
SSLOptions +StdEnvVars
 
</Location>
 
 
Using the Koji certificates, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:
 
 
SSLCertificateFile      /etc/pki/koji/certs/kojihub.crt
 
SSLCertificateKeyFile  /etc/pki/koji/certs/kojihub.key
 
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
 
SSLCACertificateFile    /etc/pki/koji/koji_ca_cert.crt
 
SSLVerifyClient        require
 
SSLVerifyDepth          10
 
Even though SE Linux is not currently in use on IRAQ,
 
it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
 
 
setsebool -P httpd_can_network_connect_db 1
 
To allow Koji to work, a skeleton filesystem needs to be created and the ownership
 
changed so Apache can write to it as required. The following commands were executed:
 
 
mkdir -p /mnt/koji/{packages,repos,work,scratch}
 
chown -R apache.apache /mnt/koji
 
Then edited the '/etc/koji.conf' file and changed the following lines:
 
 
;url of XMLRPC server
 
server = http://iraqong.proximity.on.ca/koji
 
;url of package download site
 
pkgurl = http://iraq.proximity.on.ca/packages
 
;path to the koji top directory
 
topdir = /mnt/koji
 
;configuration for SSL athentication
 
;client certificate
 
cert = ~/.koji/client.crt
 
;certificate of the CA that issued the client certificate
 
ca = ~/.koji/clientca.crt
 
;certificate of the CA that issued the HTTP server certificate
 
serverca = ~/.koji/serverca.crt
 
After this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) :
 
 
su - kojiadmin
 
koji add-user kojira
 
koji grant-permission repo kojira
 
 
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
 
 
koji add-host arm-001-001 arm
 
koji add-host arm-001-002 arm
 
koji add-host arm-001-003 arm
 
 
== Project Plan ==
 
 
Goals for each release:
 
* 0.1 - '''Koji Certificates '''
 
      Koji Hub setup - Certificates/security
 
* 0.2 - '''Koji Hub setup and Koji Database'''
 
      Koji Hub Setup- Configuration
 
      To setup PostgreSQL for use with Koji
 
* 0.3 - '''Koji Web'''
 
      Build software with koji hub
 
== Project News ==
 
 
1,November I will do Project Plan 0.1- I set up Koji Certificates
 
 
5,November I did build and create Koji Certifacation on IRAQ server.
 
 
19,November I set up Koji Database.
 
 
26,November I set up Koji hub Configuration
 
 
== Resources ==
 
 
[http://zenit.senecac.on.ca/wiki/index.php/Fedora_Arm_Secondary_Architecture/Koji_Certificates How to get koji certificate?]
 
 
[http://zenit.senecac.on.ca/wiki/index.php/CDOT_Development_Systems Configuration of CDOT_Development system]
 
 
[http://fedoraproject.org/wiki/Koji How To Setting up and Using Koji on Fedora]
 
 
[http://developer.postgresql.org/pgdocs/postgres/index.html PostgreSQL9.1 devel Document]
 
  
[http://fedoraproject.org/wiki/Koji/ServerHowTo#PostgreSQL_Server PostgreSQL_Server]
+
{| class="wikitable" border="1"
 +
| yum install koji-hub httpd mod_ssl mod_python
 +
|-
 +
|
 +
|-
 +
|
 +
|-
 +
| Then edit the Apache conf file – ‘/etc/httpd/conf/httpd.conf’ and change the “MaxRequestsPerChild” to 100.
 +
|-
 +
| On IRAQ these setting were already in place as Apache was running and configured.
 +
|-
 +
|
 +
|-
 +
| Next edit the ‘/etc/koji-hub/hub.conf’ file and add the following lines:
 +
|-
 +
| DBName = koji
 +
|-
 +
| DBUser = koji
 +
|-
 +
| DBHost = localhost
 +
|-
 +
| KojiDir = /mnt/koji
 +
|-
 +
| LoginCreatesUser = On
 +
|-
 +
| KojiWebURL = http://iraq.proximity.on.ca/koji
 +
|-
 +
| Since we are using SSL for authentication, also add
 +
|-
 +
|
 +
|-
 +
| DNUsernameComponent = CN
 +
|-
 +
| ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="
 +
|-
 +
|
 +
|-
 +
| And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
 +
|-
 +
|
 +
|-
 +
| <Location /kojihub>
 +
|-
 +
| SSLOptions +StdEnvVars
 +
|-
 +
| </Location>
 +
|-
 +
|
 +
|-
 +
| Using the Koji certificates, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:
 +
|-
 +
|
 +
|-
 +
| SSLCertificateFile      /etc/pki/koji/certs/kojihub.crt
 +
|-
 +
| SSLCertificateKeyFile  /etc/pki/koji/certs/kojihub.key
 +
|-
 +
| SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
 +
|-
 +
| SSLCACertificateFile    /etc/pki/koji/koji_ca_cert.crt
 +
|-
 +
| SSLVerifyClient        require
 +
|-
 +
| SSLVerifyDepth          10
 +
|-
 +
| Even though SE Linux is not currently in use on IRAQ,
 +
|-
 +
| it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
 +
|-
 +
|
 +
|-
 +
| setsebool -P httpd_can_network_connect_db 1
 +
|-
 +
| To allow Koji to work, a skeleton filesystem needs to be created and the ownership
 +
|-
 +
| changed so Apache can write to it as required. The following commands were executed:
 +
|-
 +
|
 +
|-
 +
| mkdir -p /mnt/koji/{packages,repos,work,scratch}
 +
|-
 +
| chown -R apache.apache /mnt/koji
 +
|-
 +
| Then edited the '/etc/koji.conf' file and changed the following lines:
 +
|-
 +
|
 +
|-
 +
| ;url of XMLRPC server
 +
|-
 +
| server = http://iraqong.proximity.on.ca/koji
 +
|-
 +
| ;url of package download site
 +
|-
 +
| pkgurl = http://iraq.proximity.on.ca/packages
 +
|-
 +
| ;path to the koji top directory
 +
|-
 +
| topdir = /mnt/koji
 +
|-
 +
| ;configuration for SSL athentication
 +
|-
 +
| ;client certificate
 +
|-
 +
| cert = ~/.koji/client.crt
 +
|-
 +
| ;certificate of the CA that issued the client certificate
 +
|-
 +
| ca = ~/.koji/clientca.crt
 +
|-
 +
| ;certificate of the CA that issued the HTTP server certificate
 +
|-
 +
| serverca = ~/.koji/serverca.crt
 +
|-
 +
| After this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) :
 +
|-
 +
|
 +
|-
 +
| su - kojiadmin
 +
|-
 +
| koji add-user kojira
 +
|-
 +
| koji grant-permission repo kojira
 +
|-
 +
|
 +
|-
 +
| Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
 +
|-
 +
|
 +
|-
 +
| koji add-host arm-001-001 arm
 +
|-
 +
| koji add-host arm-001-002 arm
 +
|-
 +
| koji add-host arm-001-003 arm
 +
|-
 +
|
 +
|-
 +
| == Project Plan ==
 +
|-
 +
|
 +
|-
 +
| Goals for each release:
 +
|-
 +
| * 0.1 - '''Koji Certificates '''
 +
|-
 +
| Koji Hub setup - Certificates/security
 +
|-
 +
| * 0.2 - '''Koji Hub setup and Koji Database'''
 +
|-
 +
| Koji Hub Setup- Configuration
 +
|-
 +
| To setup PostgreSQL for use with Koji
 +
|-
 +
| * 0.3 - '''Koji Web'''
 +
|-
 +
| Build software with koji hub
 +
|-
 +
| == Project News ==
 +
|-
 +
|
 +
|-
 +
| 1,November I will do Project Plan 0.1- I set up Koji Certificates
 +
|-
 +
|
 +
|-
 +
| 5,November I did build and create Koji Certifacation on IRAQ server.
 +
|-
 +
|
 +
|-
 +
| 19,November I set up Koji Database.
 +
|-
 +
|
 +
|-
 +
| 26,November I set up Koji hub Configuration
 +
|-
 +
|
 +
|-
 +
| == Resources ==
 +
|-
 +
|
 +
|-
 +
| [http://zenit.senecac.on.ca/wiki/index.php/Fedora_Arm_Secondary_Architecture/Koji_Certificates How to get koji certificate?]
 +
|-
 +
|
 +
|-
 +
| [http://zenit.senecac.on.ca/wiki/index.php/CDOT_Development_Systems Configuration of CDOT_Development system]
 +
|-
 +
|
 +
|-
 +
| [http://fedoraproject.org/wiki/Koji How To Setting up and Using Koji on Fedora]
 +
|-
 +
|
 +
|-
 +
| [http://developer.postgresql.org/pgdocs/postgres/index.html PostgreSQL9.1 devel Document]
 +
|-
 +
|
 +
|-
 +
| [http://fedoraproject.org/wiki/Koji/ServerHowTo#PostgreSQL_Server PostgreSQL_Server]
 +
|-
 +
|
 +
|}

Revision as of 08:20, 26 November 2010

Project Name

Fedora-ARM Dogfood -Koji Hub

Project Description

The Fedora-ARM koji system uese HongKong,an x86_64 system, as the Koji hub.

The Fedora-ARM project to use ARM system as the Koji hub(this is called "Eating own dogfood" in the industry)

The project involves configuring the OpenRD-Client system as koji hub.

The Fedora ARM Koji system is running. It is currently building F13 under the supervision of Whalen and Chris Tyler. Koji have 22 hardware ARM builders. I am in the progress of building Fedora 13 under IRAQ.

Project Leader(s)

Young Chol Shon

Project Contributor(s)

No one contributed to this project

Project Details

First stage

  • Koji Authentication Selection
    Koji primarily supports Kerberos and SSL Certificate authentication. For basic koji command line access,     
    plain user/pass combinations are possible.  However, kojiweb does not support plain user/pass authentication.
    Furthermore, once either Kerberos or SSL Certificate authentication is enabled so that kojiweb will work,
    the plain user/pass method will stop working entirely. 
    As such plain user/pass authentication is a stop gap measure at best unless you intend to never setup
    a fully functional kojiweb instance.

    The Kerberos credentials of the initial admin user will be necessary to bootstrap the user database.

    For SSL authentication, SSL certificates for the xmlrpc server, for the various koji components,
    and one for the admin user will need to be setup

    1.Setting up SSL Certificates for authentication

    2.Setting up Kerberos for authentication

So,Release 0.1 results here in my blog

Second stage

  • Koji Database

1.Create Database 

yum install postgresql-server

2. Once installed you will then need to initialize the Database with the following command: 

service postgresql initdb

3.Start the Postgresql service with: 

service postgresql start

4. At this point the Postgresql server is installed and operational provided no errors were reported with the database initialized.

The next steps is to create a user named “koji”, set up Postgresql and populate the schema: 

useradd koji
passwd -d koji
su - postgres
createuser koji
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles?(y/n) n

createdb -O koji koji
logout
su - koji
psql koji koji < /usr/share/doc/koji*/docs/schema.sql
exit
  • Koji Hub Configuration

1. introduction

It was agreed that all parts of our Koji build system would reside on IRAQ.

After successfully installing and configuring Postgresql the next step is the Koji Hub.

In order for the Koji Hub to work Apache should be installed as well as a few additional modules.

Run the following command as root:


yum install koji-hub httpd mod_ssl mod_python
Then edit the Apache conf file – ‘/etc/httpd/conf/httpd.conf’ and change the “MaxRequestsPerChild” to 100.
On IRAQ these setting were already in place as Apache was running and configured.
Next edit the ‘/etc/koji-hub/hub.conf’ file and add the following lines:
DBName = koji
DBUser = koji
DBHost = localhost
KojiDir = /mnt/koji
LoginCreatesUser = On
KojiWebURL = http://iraq.proximity.on.ca/koji
Since we are using SSL for authentication, also add
DNUsernameComponent = CN
ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="
And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
<Location /kojihub>
SSLOptions +StdEnvVars
</Location>
Using the Koji certificates, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:
SSLCertificateFile /etc/pki/koji/certs/kojihub.crt
SSLCertificateKeyFile /etc/pki/koji/certs/kojihub.key
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt
SSLVerifyClient require
SSLVerifyDepth 10
Even though SE Linux is not currently in use on IRAQ,
it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
setsebool -P httpd_can_network_connect_db 1
To allow Koji to work, a skeleton filesystem needs to be created and the ownership
changed so Apache can write to it as required. The following commands were executed:
mkdir -p /mnt/koji/{packages,repos,work,scratch}
chown -R apache.apache /mnt/koji
Then edited the '/etc/koji.conf' file and changed the following lines:
 ;url of XMLRPC server
server = http://iraqong.proximity.on.ca/koji
 ;url of package download site
pkgurl = http://iraq.proximity.on.ca/packages
 ;path to the koji top directory
topdir = /mnt/koji
 ;configuration for SSL athentication
 ;client certificate
cert = ~/.koji/client.crt
 ;certificate of the CA that issued the client certificate
ca = ~/.koji/clientca.crt
 ;certificate of the CA that issued the HTTP server certificate
serverca = ~/.koji/serverca.crt
After this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) :
su - kojiadmin
koji add-user kojira
koji grant-permission repo kojira
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
koji add-host arm-001-001 arm
koji add-host arm-001-002 arm
koji add-host arm-001-003 arm
== Project Plan ==
Goals for each release:
* 0.1 - Koji Certificates
Koji Hub setup - Certificates/security
* 0.2 - Koji Hub setup and Koji Database
Koji Hub Setup- Configuration
To setup PostgreSQL for use with Koji
* 0.3 - Koji Web
Build software with koji hub
== Project News ==
1,November I will do Project Plan 0.1- I set up Koji Certificates
5,November I did build and create Koji Certifacation on IRAQ server.
19,November I set up Koji Database.
26,November I set up Koji hub Configuration
== Resources ==
How to get koji certificate?
Configuration of CDOT_Development system
How To Setting up and Using Koji on Fedora
PostgreSQL9.1 devel Document
PostgreSQL_Server
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/w/index.php?title=Fedora-ARM,Dogfood_-_koji_Hub&oldid=50778"