[[Category:Fedora ARM Secondary Architecture]]
<u>'''Koji Hub Configuration'''</u>
This is an exert from Paul Whalen's http://paulfedora.wordpress.com/2010/04/12/koji-hub-configuration/
It was agreed that all parts of our Koji build system would reside on Hong Kong. After successfully installing and configuring Postgresql the next step is the Koji Hub. In order for the Koji Hub to work Apache should be installed as well as a few additional modules. Run the following command as root:
yum install koji-hub httpd mod_ssl mod_python'''
Then edit the Apache conf file – ‘'''[root@hongkong ~]# yum install koji-hub /etc/httpd mod_ssl mod_python/conf/httpd.conf'''’ and change the '''“MaxRequestsPerChild”'''to 100. On Hong Kong these setting were already in place as Apache was running and configured.
Then edit the Apache conf file – ‘'''/etc/httpd/conf/httpd.conf'''’ and change the '''“MaxRequestsPerChild”''' to 100 . On Hong Kong these setting were already in place as Apache was running and configured.
Next edit the ‘'''/etc/koji-hub/hub.conf'''’ file and add the following lines:
'''''' DBName = koji DBUser = koji DBHost = localhost KojiDir = /mnt/koji LoginCreatesUser = On KojiWebURL = http://hongkong.proximity.on.ca/koji
DBUser = koji
DBHost = localhostSince we are using SSL for authentication, also add:
KojiDir DNUsernameComponent = CN ProxyDNs = "/C=CA/mntST=Ontario/kojiO=Seneca CDOT/OU=/CN=kojiweb/emailAddress="
LoginCreatesUser = OnAnd in the ‘/etc/httpd/conf.d/kojihub.conf’ uncomment the following lines:
KojiWebURL = http: <Location /kojihub> SSLOptions +StdEnvVars </hongkong.proximity.on.ca/kojiLocation>
Since Using the [[Fedora_Arm_Secondary_Architecture/Koji_Certificates|Koji certificates]], we are using SSL for authenticationneed to add the following lines to ‘/etc/httpd/conf.d/ssl.conf’, also addunder the section‘VirtualHost _default_:443′:
DNUsernameComponent = CN SSLCertificateFile /etc/pki/koji/certs/kojihub.crt SSLCertificateKeyFile /etc/pki/koji/certs/kojihub.key SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt SSLVerifyClient require SSLVerifyDepth 10
ProxyDNs = "/C=CA/ST=Ontario/O=Seneca CDOT/OU=/CN=kojiweb/emailAddress="Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root:
setsebool -P httpd_can_network_connect_db 1
And in To allow Koji to work, a skeleton filesystem needs to be created and the ‘/etc/httpd/confownership changed so Apache can write to it as required.d/kojihub.conf’ uncomment the The following linescommands were executed:
Location mkdir -p /kojihub>mnt/koji/{packages,repos,work,scratch} chown -R apache.apache /mnt/koji
SSLOptions +StdEnvVarsThen edited the '/etc/koji.conf' file and changed the following lines:
;url of XMLRPC server server = http:/Location>'''/hongkong.proximity.on.ca/kojihub ;url of web interface weburl = http://hongkong.proximity.on.ca/koji ;url of package download site pkgurl = http://hongkong.proximity.on.ca/packages ;path to the koji top directory topdir = /mnt/koji ;configuration for SSL athentication ;client certificate cert = ~/.koji/client.crt ;certificate of the CA that issued the client certificate ca = ~/.koji/clientca.crt ;certificate of the CA that issued the HTTP server certificate serverca = ~/.koji/serverca.crt
Using After this is competed, the final step is the addition of the certificates created by Sadiki, we need to user and builder accounts. First add the kojira account and grant repo privileges with the following lines to ‘/etc/httpd/conf.d/ssl.conf’, under command( this should be done before running kojira for the section ‘VirtualHost _default_:443′first time) :SSLCertificateFile /etc/pki/koji/certs/kojihub.crtSSLCertificateKeyFile /etc/pki/koji/certs/kojihub.keySSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crtSSLCACertificateFile /etc/pki/koji/koji_ca_cert.crtSSLVerifyClient requireSSLVerifyDepth 10
Even though SE Linux is not currently in use on Hong Kong, it may be in the future. In order to allow Apache to connect to the Postgresql database run the following command as root: su - kojiadmin koji add-user kojira[root@hongkong ~]#setsebool koji grant-P httpd_can_network_connect_db 1permission repo kojira
To allow Koji to work, a skeleton filesystem needs to be created and the ownership changed so Apache can write to it Then add as many builders as required. The follwing commands were executed:cd /mntmkdir kojicd kojimkdir {packages,repos,work,scratch}chown apache.apache * Then edited the ‘/etc/koji.conf’ file and changed using the following lines:;url of XMLRPC serverserver = http://hongkong.proximity.on.ca/kojihub;url of web interfaceweburl = http://hongkong.proximity.on.ca/koji;url of package download sitepkgurl = http://hongkong.proximity.on.ca/packages;path to the koji top directorytopdir = /mnt/koji;configuration for SSL athentication;client certificatecert = ~/.koji/client.crt;certificate of the CA that issued the client certificateca = ~/.koji/clientca.crt;certificate of the CA that issued the HTTP server certificateserverca = ~/.koji/serverca.crtAfter this is competed, the final step is the addition of the user and builder accounts. First add the kojira account and grant repo privileges with the following commandcommands editing where required ( this should also be done before prior to running kojira for the first timekojid on each host) :[root@hongkong ~]# su - kojiadmin[kojiadmin@hongkong ~]$ koji add-user kojira[kojiadmin@hongkong ~]$ koji grant-permission repo kojira
Then add as many builders as required using the following commands editing where required (this should also be done prior to running kojid on each host):[kojiadmin@hongkong ~]$ koji add-host arm-001-001 arm[kojiadmin@hongkong ~]$ koji add-host arm-001-002 arm[kojiadmin@hongkong ~]$ koji add-host arm-001-003 arm
Next… Koji Web.
