Open main menu

CDOT Wiki β

Changes

Fedora-ARM,Dogfood - koji Hub

91 bytes added, 08:42, 26 November 2010
3. Using SSL for authentication
 
Add this line.
DNUsernameComponent = CN
ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="
And in the /etc/httpd/conf.d/kojihub.conf’ conf uncomment the following lines:
<Location /kojihub>
</Location>
4.Using [http://zenit.senecac.on.ca/wiki/index.php/Fedora_Arm_Secondary_Architecture/Koji_Certificates the Koji certificates] , we need to and add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under the section ‘VirtualHost _default_:443′:
SSLCertificateFile /etc/pki/koji/certs/kojihub.crt
SSLCertificateKeyFile /etc/pki/koji/certs/kojihub.key
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt
SSLVerifyClient require
SSLVerifyDepth 10
Even though  5. SE Linux is not currently in use on IRAQ,it may be in In the futureIRAQ. In order to allow Apache to connect to the Postgresql database run the following command as root:
setsebool -P httpd_can_network_connect_db 1
 
6.A skeleton filesystem
 
To allow Koji to work, a skeleton filesystem needs to be created and the ownership
 
changed so Apache can write to it as required. The following commands were executed:
mkdir -p /mnt/koji/{packages,repos,work,scratch}
chown -R apache.apache /mnt/koji
 
Then edited the '/etc/koji.conf' file and changed the following lines:
;url of XMLRPC server server = http://iraqong.proximity.on.ca/koji;url of package download site pkgurl = http://iraq.proximity.on.ca/packages;path to the koji top directory topdir = /mnt/koji;configuration for SSL athentication;client certificate cert = ~/.koji/client.crt;certificate of the CA that issued the client certificate ca = ~/.koji/clientca.crt;certificate of the CA that issued the HTTP server certificate serverca = ~/.koji/serverca.crtAfter this is competed, the 7. Build accountsThe final step is the addition of the user and builder accounts.  First add the kojira account and grant repo privileges with the following command( this should be done before running kojira for the first time) :
su - kojiadmin
koji add-user kojira
koji grant-permission repo kojira
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):
koji add-host arm-001-001 arm koji add-host arm-001-002 arm
koji add-host arm-001-003 arm
1
edit