Difference between revisions of "Fedora Arm Secondary Architecture/Koji Hub"

From CDOT Wiki
Jump to: navigation, search
 
(11 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Category:Fedora ARM Secondary Architecture]]
 +
<u>'''Koji Hub Configuration'''</u>
 +
 
This is an exert from Paul Whalen's http://paulfedora.wordpress.com/2010/04/12/koji-hub-configuration/
 
This is an exert from Paul Whalen's http://paulfedora.wordpress.com/2010/04/12/koji-hub-configuration/
  
 
It was agreed that all parts of our Koji build system would reside on Hong Kong. After successfully installing and configuring Postgresql the next step is the Koji Hub. In order for the Koji Hub to work Apache should be installed as well as a few additional modules. Run the following command as root:
 
It was agreed that all parts of our Koji build system would reside on Hong Kong. After successfully installing and configuring Postgresql the next step is the Koji Hub. In order for the Koji Hub to work Apache should be installed as well as a few additional modules. Run the following command as root:
  
 +
yum install koji-hub httpd mod_ssl mod_python'''
 +
 +
Then edit the Apache conf file – ‘'''/etc/httpd/conf/httpd.conf'''’ and change the '''“MaxRequestsPerChild”''' to 100. On Hong Kong these setting were already in place as Apache was running and configured.
  
'''[root@hongkong ~]# yum install koji-hub httpd mod_ssl mod_python'''
+
Next edit the ‘'''/etc/koji-hub/hub.conf'''’ file and add the following lines:
  
 +
  DBName = koji
 +
  DBUser = koji
 +
  DBHost = localhost
 +
  KojiDir = /mnt/koji
 +
  LoginCreatesUser = On
 +
  KojiWebURL = http://hongkong.proximity.on.ca/koji
  
Then edit the Apache conf file – ‘'''/etc/httpd/conf/httpd.conf'''’ and change the '''“MaxRequestsPerChild”''' to 100 . On Hong Kong these setting were already in place as Apache was running and configured.
 
Next edit the ‘'''/etc/koji-hub/hub.conf'''’ file and add the following lines:
 
  
'''DBName = koji
 
DBUser = koji
 
DBHost = localhost
 
KojiDir = /mnt/koji
 
LoginCreatesUser = On
 
KojiWebURL = http://hongkong.proximity.on.ca/koji
 
 
Since we are using SSL for authentication, also add:
 
Since we are using SSL for authentication, also add:
DNUsernameComponent = CN
+
 
ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="
+
DNUsernameComponent = CN
 +
ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="
  
 
And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
 
And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
Location /kojihub>
 
SSLOptions +StdEnvVars
 
/Location>'''
 
  
Using the certificates created by Sadiki, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:
+
<Location /kojihub>
SSLCertificateFile      /etc/pki/koji/certs/kojihub.crt
+
SSLOptions +StdEnvVars
SSLCertificateKeyFile  /etc/pki/koji/certs/kojihub.key
+
</Location>
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
+
 
SSLCACertificateFile    /etc/pki/koji/koji_ca_cert.crt
+
Using the [[Fedora_Arm_Secondary_Architecture/Koji_Certificates|Koji certificates]], we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section
SSLVerifyClient        require
+
‘VirtualHost _default_:443′:
SSLVerifyDepth          10
+
 
 +
SSLCertificateFile      /etc/pki/koji/certs/kojihub.crt
 +
SSLCertificateKeyFile  /etc/pki/koji/certs/kojihub.key
 +
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
 +
SSLCACertificateFile    /etc/pki/koji/koji_ca_cert.crt
 +
SSLVerifyClient        require
 +
SSLVerifyDepth          10
  
 
Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
 
Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
[root@hongkong ~]#setsebool -P httpd_can_network_connect_db 1
 
  
To allow Koji to work, a skeleton filesystem needs to be created and the ownership changed so Apache can write to it as required. The follwing commands were executed:
+
setsebool -P httpd_can_network_connect_db 1
cd /mnt
+
 
mkdir koji
+
To allow Koji to work, a skeleton filesystem needs to be created and the ownership changed so Apache can write to it as required. The following commands were executed:
cd koji
+
 
mkdir {packages,repos,work,scratch}
+
mkdir -p /mnt/koji/{packages,repos,work,scratch}
chown apache.apache *
+
chown -R apache.apache /mnt/koji
 +
 
 +
Then edited the '/etc/koji.conf' file and changed the following lines:
 +
 
 +
  ;url of XMLRPC server
 +
server = http://hongkong.proximity.on.ca/kojihub
 +
;url of web interface
 +
weburl = http://hongkong.proximity.on.ca/koji
 +
;url of package download site
 +
pkgurl = http://hongkong.proximity.on.ca/packages
 +
;path to the koji top directory
 +
topdir = /mnt/koji
 +
;configuration for SSL athentication
 +
;client certificate
 +
cert = ~/.koji/client.crt
 +
;certificate of the CA that issued the client certificate
 +
ca = ~/.koji/clientca.crt
 +
;certificate of the CA that issued the HTTP server certificate
 +
serverca = ~/.koji/serverca.crt
  
Then edited the ‘/etc/koji.conf’ file and changed the following lines:
 
;url of XMLRPC server
 
server = http://hongkong.proximity.on.ca/kojihub
 
;url of web interface
 
weburl = http://hongkong.proximity.on.ca/koji
 
;url of package download site
 
pkgurl = http://hongkong.proximity.on.ca/packages
 
;path to the koji top directory
 
topdir = /mnt/koji
 
;configuration for SSL athentication
 
;client certificate
 
cert = ~/.koji/client.crt
 
;certificate of the CA that issued the client certificate
 
ca = ~/.koji/clientca.crt
 
;certificate of the CA that issued the HTTP server certificate
 
serverca = ~/.koji/serverca.crt
 
 
After this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) :
 
After this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) :
[root@hongkong ~]# su - kojiadmin
+
 
[kojiadmin@hongkong ~]$ koji add-user kojira
+
su - kojiadmin
[kojiadmin@hongkong ~]$ koji grant-permission repo kojira
+
koji add-user kojira
 +
koji grant-permission repo kojira
  
 
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
 
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
[kojiadmin@hongkong ~]$ koji add-host arm-001-001 arm
+
 
[kojiadmin@hongkong ~]$ koji add-host arm-001-002 arm
+
koji add-host arm-001-001 arm
[kojiadmin@hongkong ~]$ koji add-host arm-001-003 arm
+
koji add-host arm-001-002 arm
 +
koji add-host arm-001-003 arm
  
 
Next… Koji Web.
 
Next… Koji Web.

Latest revision as of 10:36, 8 February 2011

Koji Hub Configuration

This is an exert from Paul Whalen's http://paulfedora.wordpress.com/2010/04/12/koji-hub-configuration/

It was agreed that all parts of our Koji build system would reside on Hong Kong. After successfully installing and configuring Postgresql the next step is the Koji Hub. In order for the Koji Hub to work Apache should be installed as well as a few additional modules. Run the following command as root:

yum install koji-hub httpd mod_ssl mod_python

Then edit the Apache conf file – ‘/etc/httpd/conf/httpd.conf’ and change the “MaxRequestsPerChild” to 100. On Hong Kong these setting were already in place as Apache was running and configured.

Next edit the ‘/etc/koji-hub/hub.conf’ file and add the following lines:

 DBName = koji
 DBUser = koji
 DBHost = localhost
 KojiDir = /mnt/koji
 LoginCreatesUser = On
 KojiWebURL = http://hongkong.proximity.on.ca/koji


Since we are using SSL for authentication, also add:

DNUsernameComponent = CN
ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="

And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:

<Location /kojihub>
SSLOptions +StdEnvVars
</Location>

Using the Koji certificates, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:

SSLCertificateFile      /etc/pki/koji/certs/kojihub.crt
SSLCertificateKeyFile   /etc/pki/koji/certs/kojihub.key
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
SSLCACertificateFile    /etc/pki/koji/koji_ca_cert.crt
SSLVerifyClient         require
SSLVerifyDepth          10

Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:

setsebool -P httpd_can_network_connect_db 1

To allow Koji to work, a skeleton filesystem needs to be created and the ownership changed so Apache can write to it as required. The following commands were executed:

mkdir -p /mnt/koji/{packages,repos,work,scratch}
chown -R apache.apache /mnt/koji

Then edited the '/etc/koji.conf' file and changed the following lines:

 ;url of XMLRPC server
server = http://hongkong.proximity.on.ca/kojihub
;url of web interface
weburl = http://hongkong.proximity.on.ca/koji
;url of package download site
pkgurl = http://hongkong.proximity.on.ca/packages
;path to the koji top directory
topdir = /mnt/koji
;configuration for SSL athentication
;client certificate
cert = ~/.koji/client.crt
;certificate of the CA that issued the client certificate
ca = ~/.koji/clientca.crt
;certificate of the CA that issued the HTTP server certificate
serverca = ~/.koji/serverca.crt

After this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) :

su - kojiadmin
koji add-user kojira
koji grant-permission repo kojira

Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):

koji add-host arm-001-001 arm
koji add-host arm-001-002 arm
koji add-host arm-001-003 arm

Next… Koji Web.