Difference between revisions of "Fedora Arm Secondary Architecture/Koji Hub"

From CDOT Wiki
Jump to: navigation, search
Line 39: Line 39:
 
And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
 
And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
  
Location /kojihub>
 
  
SSLOptions +StdEnvVars
 
  
/Location>'''
+
'''Location /kojihub>'''
 +
 
 +
'''SSLOptions +StdEnvVars'''
 +
 
 +
'''/Location>'''''
 +
 
 +
 
 +
Using the certificates created by Sadiki, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section
 +
‘VirtualHost _default_:443′:
 +
 
 +
 
 +
'''SSLCertificateFile      /etc/pki/koji/certs/kojihub.crt'''
 +
'''SSLCertificateKeyFile  /etc/pki/koji/certs/kojihub.key'''
 +
'''SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt'''
 +
'''SSLCACertificateFile    /etc/pki/koji/koji_ca_cert.crt'''
 +
'''SSLVerifyClient        require'''
 +
'''SSLVerifyDepth          10'''
  
Using the certificates created by Sadiki, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:
 
SSLCertificateFile      /etc/pki/koji/certs/kojihub.crt
 
SSLCertificateKeyFile  /etc/pki/koji/certs/kojihub.key
 
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
 
SSLCACertificateFile    /etc/pki/koji/koji_ca_cert.crt
 
SSLVerifyClient        require
 
SSLVerifyDepth          10
 
  
 
Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
 
Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
[root@hongkong ~]#setsebool -P httpd_can_network_connect_db 1
 
  
To allow Koji to work, a skeleton filesystem needs to be created and the ownership changed so Apache can write to it as required. The follwing commands were executed:
 
cd /mnt
 
mkdir koji
 
cd koji
 
mkdir {packages,repos,work,scratch}
 
chown apache.apache *
 
  
Then edited the ‘/etc/koji.conf’ file and changed the following lines:
+
'''[root@hongkong ~]#setsebool -P httpd_can_network_connect_db 1'''
;url of XMLRPC server
+
 
 +
 
 +
 
 +
To allow Koji to work, a skeleton filesystem needs to be created and the ownership changed so Apache can write to it as required. The following commands were executed:
 +
 
 +
 
 +
'''cd /mnt'''
 +
 
 +
'''mkdir koji'''
 +
 
 +
'''cd koji'''
 +
 
 +
'''mkdir {packages,repos,work,scratch}'''
 +
 
 +
'''chown apache.apache *'''
 +
 
 +
 
 +
 
 +
Then edited the ‘''/etc/koji.conf''’ file and changed the following lines:
 +
 
 +
 
 +
'';url of XMLRPC server''
 
server = http://hongkong.proximity.on.ca/kojihub
 
server = http://hongkong.proximity.on.ca/kojihub
 
;url of web interface
 
;url of web interface
Line 85: Line 106:
  
 
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
 
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
[kojiadmin@hongkong ~]$ koji add-host arm-001-001 arm
+
 
[kojiadmin@hongkong ~]$ koji add-host arm-001-002 arm
+
 
[kojiadmin@hongkong ~]$ koji add-host arm-001-003 arm
+
'''[kojiadmin@hongkong ~]$ koji add-host arm-001-001 arm'''
 +
 
 +
'''[kojiadmin@hongkong ~]$ koji add-host arm-001-002 arm'''
 +
 
 +
'''[kojiadmin@hongkong ~]$ koji add-host arm-001-003 arm'''
  
  

Revision as of 14:43, 16 April 2010

Koji Hub Configuration


This is an exert from Paul Whalen's http://paulfedora.wordpress.com/2010/04/12/koji-hub-configuration/


It was agreed that all parts of our Koji build system would reside on Hong Kong. After successfully installing and configuring Postgresql the next step is the Koji Hub. In order for the Koji Hub to work Apache should be installed as well as a few additional modules. Run the following command as root:


[root@hongkong ~]# yum install koji-hub httpd mod_ssl mod_python


Then edit the Apache conf file – ‘/etc/httpd/conf/httpd.conf’ and change the “MaxRequestsPerChild” to 100 . On Hong Kong these setting were already in place as Apache was running and configured. Next edit the ‘/etc/koji-hub/hub.conf’ file and add the following lines:

DBName = koji

DBUser = koji

DBHost = localhost

KojiDir = /mnt/koji

LoginCreatesUser = On

KojiWebURL = http://hongkong.proximity.on.ca/koji


Since we are using SSL for authentication, also add:


DNUsernameComponent = CN

ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="


And in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:


Location /kojihub>

SSLOptions +StdEnvVars

/Location>


Using the certificates created by Sadiki, we need to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:


SSLCertificateFile /etc/pki/koji/certs/kojihub.crt SSLCertificateKeyFile /etc/pki/koji/certs/kojihub.key SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt SSLVerifyClient require SSLVerifyDepth 10


Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:


[root@hongkong ~]#setsebool -P httpd_can_network_connect_db 1


To allow Koji to work, a skeleton filesystem needs to be created and the ownership changed so Apache can write to it as required. The following commands were executed:


cd /mnt

mkdir koji

cd koji

mkdir {packages,repos,work,scratch}

chown apache.apache *


Then edited the ‘/etc/koji.conf’ file and changed the following lines:


;url of XMLRPC server server = http://hongkong.proximity.on.ca/kojihub

url of web interface

weburl = http://hongkong.proximity.on.ca/koji

url of package download site

pkgurl = http://hongkong.proximity.on.ca/packages

path to the koji top directory

topdir = /mnt/koji

configuration for SSL athentication
client certificate

cert = ~/.koji/client.crt

certificate of the CA that issued the client certificate

ca = ~/.koji/clientca.crt

certificate of the CA that issued the HTTP server certificate

serverca = ~/.koji/serverca.crt After this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) : [root@hongkong ~]# su - kojiadmin [kojiadmin@hongkong ~]$ koji add-user kojira [kojiadmin@hongkong ~]$ koji grant-permission repo kojira

Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):


[kojiadmin@hongkong ~]$ koji add-host arm-001-001 arm

[kojiadmin@hongkong ~]$ koji add-host arm-001-002 arm

[kojiadmin@hongkong ~]$ koji add-host arm-001-003 arm



Next… Koji Web.