├── .gitignore ├── inv └── hosts.example ├── koji-setup ├── deploy-koji-nfs-server.sh ├── deploy-upstreams.sh ├── globals.sh ├── deploy-koji-nfs-client.sh ├── gencert.sh ├── deploy-mash.sh ├── parameters.sh ├── deploy-koji-builder.sh ├── bootstrap-build.sh ├── mash.sh ├── deploy-git.sh └── deploy-koji.sh ├── koji.yaml └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | inv/hosts 2 | -------------------------------------------------------------------------------- /inv/hosts.example: -------------------------------------------------------------------------------- 1 | all: 2 | hosts: 3 | koji-all-in-one: 4 | ansible_port: 22 5 | ansible_host: localhost 6 | ansible_user: test 7 | -------------------------------------------------------------------------------- /koji-setup/deploy-koji-nfs-server.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | swupd bundle-add nfs-utils || : 11 | check_dependency rpcbind 12 | check_dependency rpc.nfsd 13 | 14 | # Export server directory to be mounted by clients 15 | echo "$KOJI_DIR $KOJI_SLAVE_FQDN(ro,no_root_squash)" >> /etc/exports 16 | 17 | systemctl enable --now rpcbind 18 | systemctl enable --now nfs-server 19 | -------------------------------------------------------------------------------- /koji-setup/deploy-upstreams.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | mkdir -p "$UPSTREAMS_DIR" 11 | chown -R "$GIT_USER":"$GIT_USER" "$UPSTREAMS_DIR" 12 | mkdir -p "$HTTPD_DOCUMENT_ROOT" 13 | UPSTREAMS_LINK="$HTTPD_DOCUMENT_ROOT"/"$(basename "$UPSTREAMS_DIR")" 14 | ln -sf "$UPSTREAMS_DIR" "$UPSTREAMS_LINK" 15 | chown -h "$GIT_USER":"$GIT_USER" "$UPSTREAMS_LINK" 16 | usermod -a -G "$GIT_USER" "$HTTPD_USER" 17 | -------------------------------------------------------------------------------- /koji-setup/globals.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | #### START DO NOT EDIT #### 6 | export GIT_USER=gitolite 7 | export GIT_DEFAULT_DIR=/var/lib/gitolite 8 | 9 | export POSTGRES_USER=postgres 10 | export POSTGRES_DEFAULT_DIR=/var/lib/pgsql 11 | 12 | export HTTPD_USER=httpd 13 | export HTTPD_DOCUMENT_ROOT=/var/www/html 14 | 15 | export KOJI_PKI_DIR=/etc/pki/koji 16 | 17 | check_dependency() { 18 | if [[ "$#" -ne 1 ]]; then 19 | echo "Incorrect number of arguments!" >&2 20 | exit 1 21 | fi 22 | if ! type "$1"; then 23 | echo "$1 not found!" >&2 24 | exit 1 25 | fi 26 | } 27 | 28 | #### END DO NOT EDIT #### 29 | -------------------------------------------------------------------------------- /koji-setup/deploy-koji-nfs-client.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | KOJI_MOUNT_SERVICE="${KOJI_MOUNT_DIR:1}" 11 | KOJI_MOUNT_SERVICE="${KOJI_MOUNT_SERVICE/\//-}".mount 12 | mkdir -p /etc/systemd/system 13 | cat > /etc/systemd/system/"$KOJI_MOUNT_SERVICE" <<- EOF 14 | [Unit] 15 | Description=Koji NFS Mount 16 | After=network.target 17 | 18 | [Mount] 19 | What=$KOJI_MASTER_FQDN:$KOJI_DIR 20 | Where=$KOJI_MOUNT_DIR 21 | Type=nfs 22 | Options=defaults,ro 23 | 24 | [Install] 25 | WantedBy=multi-user.target 26 | EOF 27 | systemctl daemon-reload 28 | systemctl enable --now "$KOJI_MOUNT_SERVICE" 29 | -------------------------------------------------------------------------------- /koji-setup/gencert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | KOJI_USER="$1" 6 | CERT_SUBJECT="$2" 7 | CERT_EXT="$3" 8 | 9 | openssl genrsa -out private/"$KOJI_USER".key 2048 10 | if [ -z "$CERT_SUBJECT" ]; then 11 | openssl req -config ssl.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key 12 | else 13 | openssl req -subj "$CERT_SUBJECT" -addext "$CERT_EXT" -config ssl.cnf -new -nodes -out certs/"$KOJI_USER".csr -key private/"$KOJI_USER".key 14 | fi 15 | openssl ca -batch -config ssl.cnf -keyfile private/koji_ca_cert.key -cert koji_ca_cert.crt -out certs/"$KOJI_USER".crt -outdir certs -infiles certs/"$KOJI_USER".csr 16 | cat certs/"$KOJI_USER".crt private/"$KOJI_USER".key > "$KOJI_USER".pem 17 | # Browser certificate is not password-protected, ask users to change their password 18 | openssl pkcs12 -export -inkey private/"$KOJI_USER".key -in certs/"$KOJI_USER".crt -CAfile koji_ca_cert.crt -out certs/"$KOJI_USER"_browser_cert.p12 -passout pass: 19 | -------------------------------------------------------------------------------- /koji.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: koji-all-in-one 3 | tasks: 4 | - name: Add required bundles for koji 5 | swupd: 6 | name: koji postgresql web-server-basic 7 | state: present 8 | become: true 9 | - name: copy koji-setup scripts 10 | copy: 11 | src: koji-setup 12 | dest: /tmp/ 13 | owner: "{{ ansible_ssh_user }}" 14 | group: "{{ ansible_ssh_user }}" 15 | - name: update bootstrap-build file permissions 16 | file: 17 | path: /tmp/koji-setup/bootstrap-build.sh 18 | mode: 0755 19 | - name: update deploy-koji file permissions 20 | file: 21 | path: /tmp/koji-setup/deploy-koji.sh 22 | mode: 0755 23 | - name: update gencert file permissions 24 | file: 25 | path: /tmp/koji-setup/gencert.sh 26 | mode: 0755 27 | - name: run koji deployment 28 | command: 29 | ./deploy-koji.sh 30 | become: true 31 | args: 32 | chdir: /tmp/koji-setup 33 | - name: bootstrap build tags and targets 34 | command: 35 | ./bootstrap-build.sh 36 | become: true 37 | args: 38 | chdir: /tmp/koji-setup 39 | -------------------------------------------------------------------------------- /koji-setup/deploy-mash.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | swupd bundle-add package-utils || : 11 | check_dependency dnf 12 | check_dependency createrepo_c 13 | 14 | mkdir -p "$MASH_DIR" 15 | chown -R kojiadmin:kojiadmin "$MASH_DIR" 16 | mkdir -p "$HTTPD_DOCUMENT_ROOT" 17 | MASH_LINK="$HTTPD_DOCUMENT_ROOT"/"$(basename "$MASH_DIR")" 18 | ln -sf "$MASH_DIR"/latest "$MASH_LINK" 19 | chown -h kojiadmin:kojiadmin "$MASH_LINK" 20 | usermod -a -G kojiadmin "$HTTPD_USER" 21 | rpm --initdb 22 | 23 | mkdir -p "$MASH_SCRIPT_DIR" 24 | cp -f "$SCRIPT_DIR"/mash.sh "$MASH_SCRIPT_DIR" 25 | mkdir -p /etc/systemd/system 26 | cat > /etc/systemd/system/mash.service <<- EOF 27 | [Unit] 28 | Description=Mash script to loop local repository creation for local image builds 29 | 30 | [Service] 31 | User=kojiadmin 32 | Group=kojiadmin 33 | ExecStart=$MASH_SCRIPT_DIR/mash.sh 34 | Restart=always 35 | RestartSec=10s 36 | 37 | [Install] 38 | WantedBy=multi-user.target 39 | EOF 40 | systemctl daemon-reload 41 | systemctl enable --now mash 42 | -------------------------------------------------------------------------------- /koji-setup/parameters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | ## KOJI RPM BUILD AND TRACKER 6 | export KOJI_DIR=/srv/koji 7 | export KOJI_MOUNT_DIR=/mnt/koji 8 | export KOJI_MASTER_FQDN="$(hostname -f)" 9 | export KOJI_MASTER_IP="$(hostname -i)" 10 | export KOJI_SLAVE_FQDN="$KOJI_MASTER_FQDN" 11 | export KOJI_SLAVE_IP="$KOJI_MASTER_IP" 12 | export KOJI_URL=https://"$KOJI_MASTER_FQDN" 13 | export KOJID_CAPACITY=16 14 | export TAG_NAME=clear 15 | # Use for koji SSL certificates 16 | export COUNTRY_CODE='EX' 17 | export STATE='Example' 18 | export LOCATION='Example' 19 | export ORGANIZATION='Example' 20 | export ORG_UNIT='Example' 21 | # Use for importing existing RPMs 22 | export RPM_ARCH='x86_64' 23 | export SRC_RPM_DIR= 24 | export BIN_RPM_DIR= 25 | export DEBUG_RPM_DIR= 26 | # Comment the following if supplying all RPMs as an upstream and not a downstream 27 | export EXTERNAL_REPO=https://cdn.download.clearlinux.org/releases/"$(curl https://download.clearlinux.org/latest)"/clear/\$arch/os/ 28 | 29 | ## POSTGRESQL DATABASE 30 | export POSTGRES_DIR=/srv/pgsql 31 | 32 | ## GIT REPOSITORIES 33 | export GIT_DIR=/srv/gitolite 34 | export GIT_FQDN="$KOJI_MASTER_FQDN" 35 | export IS_ANONYMOUS_GIT_NEEDED=false 36 | export GITOLITE_PUB_KEY='' 37 | 38 | ## UPSTREAMS CACHE 39 | export UPSTREAMS_DIR=/srv/upstreams 40 | 41 | ## MASH RPMS 42 | export MASH_DIR=/srv/mash 43 | export MASH_SCRIPT_DIR=/usr/local/bin 44 | -------------------------------------------------------------------------------- /koji-setup/deploy-koji-builder.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | swupd bundle-add koji || : 11 | check_dependency kojid 12 | 13 | # Create mock folders and permissions 14 | mkdir -p /etc/mock/koji 15 | mkdir -p /var/lib/mock 16 | chown -R root:mock /var/lib/mock 17 | 18 | # Setup User Accounts 19 | useradd -r kojibuilder 20 | usermod -G mock kojibuilder 21 | 22 | # Kojid Configuration Files 23 | if [[ "$KOJI_SLAVE_FQDN" = "$KOJI_MASTER_FQDN" ]]; then 24 | KOJI_TOP_DIR="$KOJI_DIR" 25 | else 26 | KOJI_TOP_DIR="$KOJI_MOUNT_DIR" 27 | fi 28 | mkdir -p /etc/kojid 29 | cat > /etc/kojid/kojid.conf <<- EOF 30 | [kojid] 31 | sleeptime=5 32 | maxjobs=16 33 | topdir=$KOJI_TOP_DIR 34 | workdir=/tmp/koji 35 | mockdir=/var/lib/mock 36 | mockuser=kojibuilder 37 | mockhost=generic-linux-gnu 38 | user=$KOJI_SLAVE_FQDN 39 | server=$KOJI_URL/kojihub 40 | topurl=$KOJI_URL/kojifiles 41 | use_createrepo_c=True 42 | allowed_scms=$GIT_FQDN:/packages/* 43 | cert = $KOJI_PKI_DIR/$KOJI_SLAVE_FQDN.pem 44 | serverca = $KOJI_PKI_DIR/koji_ca_cert.crt 45 | EOF 46 | 47 | if env | grep -q proxy; then 48 | echo "yum_proxy = $https_proxy" >> /etc/kojid/kojid.conf 49 | mkdir -p /etc/systemd/system/kojid.service.d 50 | cat > /etc/systemd/system/kojid.service.d/00-proxy.conf <<- EOF 51 | [Service] 52 | Environment="http_proxy=$http_proxy" 53 | Environment="https_proxy=$https_proxy" 54 | Environment="no_proxy=$no_proxy" 55 | EOF 56 | systemctl daemon-reload 57 | fi 58 | 59 | systemctl enable --now kojid 60 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## DISCONTINUATION OF PROJECT. 2 | 3 | This project will no longer be maintained by Intel. 4 | 5 | Intel will not provide or guarantee development of or support for this project, including but not limited to, maintenance, bug fixes, new releases or updates. Patches to this project are no longer accepted by Intel. If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the community, please create your own fork of the project. 6 | 7 | Contact: webadmin@linux.intel.com 8 | # Koji Setup Scripts 9 | 10 | The purpose of these scripts it to enable setting up a koji environment quickly 11 | with reasonable configurations. 12 | 13 | ## Assumptions 14 | 15 | * All scripts are run as the root user 16 | * The root user has a password set 17 | * Basic configurations (e.g. network, time, etc.) have been applied 18 | * Only one koji builder is required 19 | 20 | ## Unsupported Environments 21 | 22 | * Systems that are not starting as dedicated and clean 23 | * Systems that are not based on Clear Linux OS* 24 | 25 | For unsupported environments, it will be up to the sysadmin to proceed at their 26 | own discretion and fix issues that may arise on their own. 27 | 28 | ## Getting Going 29 | 30 | 1. Edit parameters.sh as needed. If running in a production environment, be 31 | sure to supply reasonable SSL certificate field values. 32 | 33 | 1. Run the required following scripts 34 | 35 | deploy-koji.sh 36 | bootstrp-build.sh 37 | 38 | 1. Optionally, for supporting a full DevOps workflow, also run 39 | 40 | deploy-mash.sh 41 | deploy-git.sh 42 | deploy-upstreams.sh 43 | 44 | If koji builder machine is not the same as koji master machine: 45 | 46 | 1. On the koji master machine, run 47 | 48 | deploy-koji-nfs-server.sh 49 | 50 | 1. Copy the koji builder certificate from the koji master machine to the koji 51 | builder machine 52 | 53 | scp "$KOJI_PKI_DIR/$KOJI_SLAVE_FQDN.pem" "$KOJI_SLAVE_FQDN":"$KOJI_PKI_DIR" 54 | 55 | 1. On the koji builder machine, run 56 | 57 | deploy-koji-nfs-client.sh 58 | deploy-koji-builder.sh 59 | 60 | *Other names and brands may be claimed as the property of others. 61 | -------------------------------------------------------------------------------- /koji-setup/bootstrap-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | STAGING_RPM_DIR="$KOJI_DIR/work/imported-rpms" 11 | STAGING_RPM_SRC_DIR="$STAGING_RPM_DIR/src" 12 | STAGING_RPM_BIN_DIR="$STAGING_RPM_DIR/bin" 13 | STAGING_RPM_DEBUG_DIR="$STAGING_RPM_DIR/debug" 14 | 15 | import_koji_pkg() { 16 | local src_dir="$1" 17 | local dst_dir="$2" 18 | local search_pattern="$3" 19 | cp -r "$src_dir" "$dst_dir" 20 | chown -R "$HTTPD_USER":"$HTTPD_USER" "$dst_dir" 21 | find "$dst_dir" -name "$search_pattern" -exec koji import --link {} + > /dev/null 22 | } 23 | 24 | if [[ -n "$SRC_RPM_DIR" && -n "$BIN_RPM_DIR" ]]; then 25 | ADMIN_KOJI_DIR="$(echo ~kojiadmin)/.koji" 26 | cp -r "$ADMIN_KOJI_DIR" "$HOME/.koji" 27 | mkdir -p "$STAGING_RPM_DIR" 28 | chown -R "$HTTPD_USER":"$HTTPD_USER" "$STAGING_RPM_DIR" 29 | 30 | import_koji_pkg "$SRC_RPM_DIR" "$STAGING_RPM_SRC_DIR" "*.src.rpm" 31 | import_koji_pkg "$BIN_RPM_DIR" "$STAGING_RPM_BIN_DIR" "*.$RPM_ARCH.rpm" 32 | if [[ -n "$DEBUG_RPM_DIR" ]]; then 33 | import_koji_pkg "$DEBUG_RPM_DIR" "$STAGING_RPM_DEBUG_DIR" "*.$RPM_ARCH.rpm" 34 | fi 35 | 36 | rm -rf "$STAGING_RPM_DIR" "$HOME/.koji" 37 | fi 38 | sudo -u kojiadmin koji add-tag dist-"$TAG_NAME" 39 | sudo -u kojiadmin koji edit-tag dist-"$TAG_NAME" -x mock.package_manager=dnf 40 | if [[ -n "$SRC_RPM_DIR" && -n "$BIN_RPM_DIR" ]]; then 41 | sudo -u kojiadmin koji list-pkgs --quiet | xargs sudo -u kojiadmin koji add-pkg --owner kojiadmin dist-"$TAG_NAME" 42 | sudo -u kojiadmin koji list-untagged | xargs -n 1 -P 100 sudo -u kojiadmin koji call tagBuildBypass dist-"$TAG_NAME" > /dev/null 43 | fi 44 | sudo -u kojiadmin koji add-tag --parent dist-"$TAG_NAME" --arches "$RPM_ARCH" dist-"$TAG_NAME"-build 45 | sudo -u kojiadmin koji add-target dist-"$TAG_NAME" dist-"$TAG_NAME"-build 46 | sudo -u kojiadmin koji add-group dist-"$TAG_NAME"-build build 47 | sudo -u kojiadmin koji add-group dist-"$TAG_NAME"-build srpm-build 48 | sudo -u kojiadmin koji add-group-pkg dist-"$TAG_NAME"-build build autoconf automake automake-dev binutils bzip2 clr-rpm-config coreutils cpio diffutils elfutils file gawk gcc gcc-dev gettext gettext-bin git glibc-dev glibc-locale glibc-utils grep gzip hostname libc6-dev libcap libtool libtool-dev linux-libc-headers m4 make netbase nss-altfiles patch pigz pkg-config pkg-config-dev rpm sed shadow systemd-lib tar unzip which xz 49 | sudo -u kojiadmin koji add-group-pkg dist-"$TAG_NAME"-build srpm-build coreutils cpio curl-bin elfutils file git glibc-utils grep gzip make pigz plzip rpm sed shadow tar unzip wget xz 50 | if [[ -n "$EXTERNAL_REPO" ]]; then 51 | sudo -u kojiadmin koji add-external-repo -t dist-"$TAG_NAME"-build dist-"$TAG_NAME"-external-repo "$EXTERNAL_REPO" 52 | fi 53 | sudo -u kojiadmin koji regen-repo dist-"$TAG_NAME"-build 54 | -------------------------------------------------------------------------------- /koji-setup/mash.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -e 6 | . /etc/profile.d/proxy.sh || : 7 | 8 | BUILD_ARCH="${BUILD_ARCH:-x86_64}" 9 | KOJI_DIR="${KOJI_DIR:-/srv/koji}" 10 | MASH_DIR="${MASH_DIR:-/srv/mash}" 11 | MASH_TRACKER_FILE="$MASH_DIR"/latest-mash-build 12 | MASH_TRACKER_DIR="$MASH_DIR"/latest 13 | MASH_DIR_OLD="$MASH_TRACKER_DIR".old 14 | MASH_DIR_NEW="$MASH_TRACKER_DIR".new 15 | 16 | create_dist_repos() { 17 | local source_dir="${1}" 18 | local output_dir="${2}" 19 | 20 | local work_dir="$(mktemp -d)" 21 | 22 | local nvr_pkg_list="${work_dir}/nvr-pkg-list" 23 | local bin_rpm_paths="${work_dir}/bin-rpm-paths" 24 | local debuginfo_rpm_paths="${work_dir}/debuginfo-rpm-paths" 25 | local src_rpm_paths="${work_dir}/src-rpm-paths" 26 | local comps_file="${work_dir}/comps.xml" 27 | 28 | sed -r -e 's|[^/]+/||' -e "s|^|${KOJI_DIR}/|" "${KOJI_REPO_PATH}/${BUILD_ARCH}/pkglist" > "${bin_rpm_paths}" 29 | cut -d/ -f3-5 "${KOJI_REPO_PATH}/${BUILD_ARCH}/pkglist" | sort -u > "${nvr_pkg_list}" 30 | while IFS='/' read -r name version release; do 31 | local debuginfo_rpm_path="${KOJI_DIR}/packages/${name}/${version}/${release}/${BUILD_ARCH}/${name}-debuginfo-${version}-${release}.${BUILD_ARCH}.rpm" 32 | if [[ -s "${debuginfo_rpm_path}" ]]; then 33 | echo "${debuginfo_rpm_path}" >> "${debuginfo_rpm_paths}" 34 | fi 35 | echo "${KOJI_DIR}/packages/${name}/${version}/${release}/src/${name}-${version}-${release}.src.rpm" >> "${src_rpm_paths}" 36 | done < "${nvr_pkg_list}" 37 | 38 | cp -f "${KOJI_REPO_PATH}/groups/comps.xml" "${comps_file}" 39 | 40 | make_repo "${source_dir}" "${output_dir}" "clear/${BUILD_ARCH}/os" "Packages" "${bin_rpm_paths}" "${comps_file}" & 41 | make_repo "${source_dir}" "${output_dir}" "clear/${BUILD_ARCH}/debug" "." "${debuginfo_rpm_paths}" & 42 | make_repo "${source_dir}" "${output_dir}" "clear/source/SRPMS" "." "${src_rpm_paths}" & 43 | wait 44 | 45 | create_dnf_conf "${work_dir}/dnf-os.conf" "${output_dir}/clear/${BUILD_ARCH}/os" clear-os 46 | create_dnf_conf "${work_dir}/dnf-debug.conf" "${output_dir}/clear/${BUILD_ARCH}/debug" clear-debug 47 | create_dnf_conf "${work_dir}/dnf-SRPMS.conf" "${output_dir}/clear/source/SRPMS" clear-SRPMS 48 | 49 | write_packages_file "${work_dir}/dnf-os.conf" "$output_dir/clear/$BUILD_ARCH/packages-os" 50 | write_packages_file "${work_dir}/dnf-debug.conf" "$output_dir/clear/$BUILD_ARCH/packages-debug" 51 | write_packages_file "${work_dir}/dnf-SRPMS.conf" "$output_dir/clear/source/packages-SRPMS" 52 | 53 | rm -rf "${work_dir}" 54 | } 55 | 56 | make_repo() { 57 | local previous_repo_dir="${1}/${3}" 58 | local repo_dir="${2}/${3}" 59 | local rpm_dir="${repo_dir}/${4}" 60 | local file_list="${5}" 61 | local comps_file="${6}" 62 | 63 | local create_repo_cmd="createrepo_c --quiet --database --compress-type xz --workers $(nproc --all)" 64 | if [[ -e "${previous_repo_dir}" ]]; then 65 | create_repo_cmd="${create_repo_cmd} --update --update-md-path ${previous_repo_dir}" 66 | fi 67 | 68 | mkdir -p "${rpm_dir}" 69 | xargs -a "${file_list}" -I {} ln -sf {} "${rpm_dir}" 70 | if [[ -z "${comps_file}" ]]; then 71 | ${create_repo_cmd} "${repo_dir}" 72 | else 73 | ${create_repo_cmd} --groupfile "${comps_file}" "${repo_dir}" 74 | fi 75 | } 76 | 77 | create_dnf_conf() { 78 | local dnf_conf="${1}" 79 | local repo_path="${2}" 80 | local repo_name="${3:-clear}" 81 | cat > "${dnf_conf}" < "${output_file}" 95 | } 96 | 97 | if [[ -e "$MASH_TRACKER_FILE" ]]; then 98 | MASH_BUILD_NUM="$(< "$MASH_TRACKER_FILE")" 99 | else 100 | MASH_BUILD_NUM=0 101 | fi 102 | KOJI_TAG="${KOJI_TAG:-"dist-clear"}" 103 | KOJI_REPO_PATH="$(realpath "$KOJI_DIR/repos/$KOJI_TAG-build/latest")" 104 | KOJI_BUILD_NUM="$(basename "$KOJI_REPO_PATH")" 105 | if [[ "$MASH_BUILD_NUM" -ne "$KOJI_BUILD_NUM" ]]; then 106 | rm -rf "$MASH_DIR_NEW" 107 | mkdir -p "$MASH_DIR_NEW" 108 | create_dist_repos "$MASH_TRACKER_DIR" "$MASH_DIR_NEW" 109 | if [[ -e "$MASH_TRACKER_DIR" ]]; then 110 | mv "$MASH_TRACKER_DIR" "$MASH_DIR_OLD" 111 | fi 112 | mv "$MASH_DIR_NEW" "$MASH_TRACKER_DIR" 113 | rm -rf "$MASH_DIR_OLD" 114 | 115 | echo "$KOJI_BUILD_NUM" > "$MASH_TRACKER_FILE" 116 | fi 117 | -------------------------------------------------------------------------------- /koji-setup/deploy-git.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | swupd bundle-add scm-server || : 11 | check_dependency gitolite 12 | check_dependency git 13 | 14 | ## GITOLITE SETUP 15 | mkdir -p "$GIT_DIR" 16 | chown -R "$GIT_USER":"$GIT_USER" "$GIT_DIR" 17 | # Add symlink for backwards compatibility 18 | if [[ "$GIT_DIR" != "$GIT_DEFAULT_DIR" ]]; then 19 | if [ "$(ls -A "$GIT_DEFAULT_DIR")" ]; then 20 | mv "$GIT_DEFAULT_DIR" "$GIT_DEFAULT_DIR".old 21 | else 22 | rm -rf "$GIT_DEFAULT_DIR" 23 | fi 24 | ln -sf "$GIT_DIR" "$GIT_DEFAULT_DIR" 25 | chown -h "$GIT_USER":"$GIT_USER" "$GIT_DEFAULT_DIR" 26 | fi 27 | GITOLITE_PUB_KEY_FILE="$GIT_DEFAULT_DIR/gitolite.pub" 28 | echo "$GITOLITE_PUB_KEY" > "$GITOLITE_PUB_KEY_FILE" 29 | chown "$GIT_USER":"$GIT_USER" "$GITOLITE_PUB_KEY_FILE" 30 | sudo -u "$GIT_USER" gitolite setup -pk "$GITOLITE_PUB_KEY_FILE" 31 | usermod -s /bin/bash gitolite 32 | 33 | if $IS_ANONYMOUS_GIT_NEEDED; then 34 | swupd bundle-add httpd || : 35 | check_dependency httpd 36 | 37 | ## GIT PROTOCOL CLONING 38 | mkdir -p /etc/systemd/system 39 | cat > /etc/systemd/system/git-daemon.service <<- EOF 40 | [Unit] 41 | Description=Git Daemon 42 | 43 | [Service] 44 | ExecStart=/usr/bin/git daemon --export-all --reuseaddr --base-path=$GIT_DEFAULT_DIR/repositories $GIT_DEFAULT_DIR/repositories 45 | 46 | Restart=always 47 | RestartSec=500ms 48 | 49 | User=$GIT_USER 50 | Group=$GIT_USER 51 | 52 | [Install] 53 | WantedBy=multi-user.target 54 | EOF 55 | systemctl daemon-reload 56 | systemctl enable --now git-daemon 57 | 58 | 59 | ## CGIT WEB INTERFACE 60 | cat > /etc/cgitrc <<- EOF 61 | # Enable caching of up to 1000 output entries 62 | cache-size=10 63 | 64 | # Specify the css url 65 | css=/cgit-data/cgit.css 66 | 67 | # Show extra links for each repository on the index page 68 | enable-index-links=1 69 | 70 | # Enable ASCII art commit history graph on the log pages 71 | enable-commit-graph=1 72 | 73 | # Show number of affected files per commit on the log pages 74 | enable-log-filecount=1 75 | 76 | # Show number of added/removed lines per commit on the log pages 77 | enable-log-linecount=1 78 | 79 | # Use a custom logo 80 | logo=/cgit-data/cgit.png 81 | 82 | # Enable statistics per week, month and quarter 83 | max-stats=quarter 84 | 85 | # Allow download of tar.gz, tar.bz2, and tar.xz formats 86 | snapshots=tar.gz tar.bz2 tar.xz 87 | 88 | ## 89 | ## List of common mimetypes 90 | ## 91 | mimetype.gif=image/gif 92 | mimetype.html=text/html 93 | mimetype.jpg=image/jpeg 94 | mimetype.jpeg=image/jpeg 95 | mimetype.pdf=application/pdf 96 | mimetype.png=image/png 97 | mimetype.svg=image/svg+xml 98 | 99 | # Enable syntax highlighting and about formatting 100 | source-filter=/usr/libexec/cgit/filters/syntax-highlighting.py 101 | about-filter=/usr/libexec/cgit/filters/about-formatting.sh 102 | 103 | ## 104 | ## List of common readmes 105 | ## 106 | readme=:README.md 107 | readme=:readme.md 108 | readme=:README.mkd 109 | readme=:readme.mkd 110 | readme=:README.rst 111 | readme=:readme.rst 112 | readme=:README.html 113 | readme=:readme.html 114 | readme=:README.htm 115 | readme=:readme.htm 116 | readme=:README.txt 117 | readme=:readme.txt 118 | readme=:README 119 | readme=:readme 120 | readme=:INSTALL.md 121 | readme=:install.md 122 | readme=:INSTALL.mkd 123 | readme=:install.mkd 124 | readme=:INSTALL.rst 125 | readme=:install.rst 126 | readme=:INSTALL.html 127 | readme=:install.html 128 | readme=:INSTALL.htm 129 | readme=:install.htm 130 | readme=:INSTALL.txt 131 | readme=:install.txt 132 | readme=:INSTALL 133 | readme=:install 134 | 135 | # Direct cgit to repository location managed by gitolite 136 | remove-suffix=1 137 | project-list=$GIT_DEFAULT_DIR/projects.list 138 | scan-path=$GIT_DEFAULT_DIR/repositories 139 | EOF 140 | 141 | mkdir -p /etc/httpd/conf.modules.d 142 | cat > /etc/httpd/conf.modules.d/cgid.conf <<- EOF 143 | LoadModule cgid_module lib/httpd/modules/mod_cgid.so 144 | ScriptSock /run/httpd/cgid.sock 145 | EOF 146 | 147 | mkdir -p /etc/httpd/conf.d 148 | cat > /etc/httpd/conf.d/cgit.conf <<- EOF 149 | Alias /cgit-data /usr/share/cgit 150 | 151 | AllowOverride None 152 | Options None 153 | Require all granted 154 | 155 | 156 | ScriptAlias /cgit /usr/libexec/cgit/cgi-bin/cgit 157 | 158 | AllowOverride None 159 | Options ExecCGI 160 | Require all granted 161 | 162 | EOF 163 | usermod -a -G "$GIT_USER" "$HTTPD_USER" 164 | 165 | systemctl restart httpd 166 | systemctl enable httpd 167 | fi 168 | -------------------------------------------------------------------------------- /koji-setup/deploy-koji.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (C) 2019 Intel Corporation 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -xe 6 | SCRIPT_DIR="$(dirname "$(realpath "$0")")" 7 | source "$SCRIPT_DIR"/globals.sh 8 | source "$SCRIPT_DIR"/parameters.sh 9 | 10 | swupd bundle-add koji || : 11 | check_dependency koji 12 | check_dependency httpd 13 | check_dependency kojira 14 | check_dependency postgres 15 | 16 | ## SETTING UP SSL CERTIFICATES FOR AUTHENTICATION 17 | mkdir -p "$KOJI_PKI_DIR"/{certs,private} 18 | RANDFILE="$KOJI_PKI_DIR"/.rand 19 | dd if=/dev/urandom of="$RANDFILE" bs=256 count=1 20 | 21 | # Certificate generation 22 | cat > "$KOJI_PKI_DIR"/ssl.cnf <<- EOF 23 | HOME = $KOJI_PKI_DIR 24 | RANDFILE = $RANDFILE 25 | 26 | [ca] 27 | default_ca = ca_default 28 | 29 | [ca_default] 30 | dir = $KOJI_PKI_DIR 31 | certs = \$dir/certs 32 | crl_dir = \$dir/crl 33 | database = \$dir/index.txt 34 | new_certs_dir = \$dir/newcerts 35 | certificate = \$dir/%s_ca_cert.pem 36 | private_key = \$dir/private/%s_ca_key.pem 37 | serial = \$dir/serial 38 | crl = \$dir/crl.pem 39 | x509_extensions = usr_cert 40 | name_opt = ca_default 41 | cert_opt = ca_default 42 | default_days = 3650 43 | default_crl_days = 30 44 | default_md = sha512 45 | preserve = no 46 | policy = policy_match 47 | copy_extensions = copy 48 | 49 | [policy_match] 50 | countryName = match 51 | stateOrProvinceName = match 52 | organizationName = match 53 | organizationalUnitName = optional 54 | commonName = supplied 55 | emailAddress = optional 56 | 57 | [req] 58 | default_bits = 4096 59 | default_keyfile = privkey.pem 60 | default_md = sha512 61 | distinguished_name = req_distinguished_name 62 | attributes = req_attributes 63 | x509_extensions = v3_ca # The extensions to add to the self signed cert 64 | string_mask = MASK:0x2002 65 | 66 | [req_distinguished_name] 67 | countryName = Country Name (2 letter code) 68 | countryName_min = 2 69 | countryName_max = 2 70 | stateOrProvinceName = State or Province Name (full name) 71 | localityName = Locality Name (eg, city) 72 | 0.organizationName = Organization Name (eg, company) 73 | organizationalUnitName = Organizational Unit Name (eg, section) 74 | commonName = Common Name (eg, your name or your server\'s hostname) 75 | commonName_max = 64 76 | emailAddress = Email Address 77 | emailAddress_max = 64 78 | 79 | [req_attributes] 80 | challengePassword = A challenge password 81 | challengePassword_min = 8 82 | challengePassword_max = 64 83 | unstructuredName = An optional company name 84 | 85 | [usr_cert] 86 | basicConstraints = CA:FALSE 87 | nsComment = "OpenSSL Generated Certificate" 88 | subjectKeyIdentifier = hash 89 | authorityKeyIdentifier = keyid,issuer:always 90 | 91 | [v3_ca] 92 | subjectKeyIdentifier = hash 93 | authorityKeyIdentifier = keyid:always,issuer:always 94 | basicConstraints = CA:TRUE 95 | subjectAltName = @alternate_names 96 | 97 | [alternate_names] 98 | DNS.1 = $KOJI_MASTER_FQDN 99 | IP.1 = $KOJI_MASTER_IP 100 | EOF 101 | 102 | # Generate and trust CA 103 | touch "$KOJI_PKI_DIR"/index.txt 104 | echo 01 > "$KOJI_PKI_DIR"/serial 105 | openssl genrsa -out "$KOJI_PKI_DIR"/private/koji_ca_cert.key 2048 106 | openssl req -subj "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=koji_ca/CN=$KOJI_MASTER_FQDN" -addext "subjectAltName=DNS:$KOJI_MASTER_FQDN,IP:$KOJI_MASTER_IP" -config "$KOJI_PKI_DIR"/ssl.cnf -new -x509 -days 3650 -key "$KOJI_PKI_DIR"/private/koji_ca_cert.key -out "$KOJI_PKI_DIR"/koji_ca_cert.crt -extensions v3_ca 107 | mkdir -p /etc/ca-certs/trusted 108 | cp -a "$KOJI_PKI_DIR"/koji_ca_cert.crt /etc/ca-certs/trusted 109 | while true; do 110 | if clrtrust generate; then 111 | break 112 | fi 113 | done 114 | 115 | # Generate the koji component certificates and the admin certificate and generate a PKCS12 user certificate (for web browser) 116 | cp "$SCRIPT_DIR"/gencert.sh "$KOJI_PKI_DIR" 117 | pushd "$KOJI_PKI_DIR" 118 | ./gencert.sh kojiweb "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=kojiweb/CN=$KOJI_MASTER_FQDN" "subjectAltName=DNS:$KOJI_MASTER_FQDN,IP:$KOJI_MASTER_IP" 119 | ./gencert.sh kojihub "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=kojihub/CN=$KOJI_MASTER_FQDN" "subjectAltName=DNS:$KOJI_MASTER_FQDN,IP:$KOJI_MASTER_IP" 120 | ./gencert.sh kojiadmin "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=$ORG_UNIT/CN=kojiadmin" "subjectAltName=DNS:kojiadmin,IP:$KOJI_MASTER_IP" 121 | ./gencert.sh kojira "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=$ORG_UNIT/CN=kojira" "subjectAltName=DNS:kojira,IP:$KOJI_MASTER_IP" 122 | popd 123 | 124 | # Copy certificates into ~/.koji for kojiadmin 125 | useradd kojiadmin 126 | ADMIN_KOJI_DIR="$(echo ~kojiadmin)"/.koji 127 | mkdir -p "$ADMIN_KOJI_DIR" 128 | cp -f "$KOJI_PKI_DIR"/kojiadmin.pem "$ADMIN_KOJI_DIR"/client.crt 129 | cp -f "$KOJI_PKI_DIR"/koji_ca_cert.crt "$ADMIN_KOJI_DIR"/clientca.crt 130 | cp -f "$KOJI_PKI_DIR"/koji_ca_cert.crt "$ADMIN_KOJI_DIR"/serverca.crt 131 | chown -R kojiadmin:kojiadmin "$ADMIN_KOJI_DIR" 132 | 133 | 134 | ## POSTGRESQL SERVER 135 | # Initialize PostgreSQL DB 136 | mkdir -p "$POSTGRES_DIR" 137 | chown -R "$POSTGRES_USER":"$POSTGRES_USER" "$POSTGRES_DIR" 138 | if [[ "$POSTGRES_DIR" != "$POSTGRES_DEFAULT_DIR" ]]; then 139 | if [ "$(ls -A "$POSTGRES_DEFAULT_DIR")" ]; then 140 | mv "$POSTGRES_DEFAULT_DIR" "$POSTGRES_DEFAULT_DIR".old 141 | else 142 | rm -rf "$POSTGRES_DEFAULT_DIR" 143 | fi 144 | ln -sf "$POSTGRES_DIR" "$POSTGRES_DEFAULT_DIR" 145 | chown -h "$POSTGRES_USER":"$POSTGRES_USER" "$POSTGRES_DEFAULT_DIR" 146 | fi 147 | sudo -u "$POSTGRES_USER" initdb --pgdata "$POSTGRES_DEFAULT_DIR"/data 148 | systemctl enable --now postgresql 149 | 150 | # Setup User Accounts 151 | useradd -r koji 152 | 153 | # Setup PostgreSQL and populate schema 154 | sudo -u "$POSTGRES_USER" createuser --no-superuser --no-createrole --no-createdb koji 155 | sudo -u "$POSTGRES_USER" createdb -O koji koji 156 | sudo -u koji psql koji koji < /usr/share/koji/schema.sql 157 | 158 | # Authorize Koji-web and Koji-hub resources 159 | cat > "$POSTGRES_DEFAULT_DIR"/data/pg_hba.conf <<- EOF 160 | #TYPE DATABASE USER CIDR-ADDRESS METHOD 161 | host koji all 127.0.0.1/32 trust 162 | host koji all ::1/128 trust 163 | local koji all trust 164 | EOF 165 | systemctl reload postgresql 166 | 167 | # Bootstrapping the initial koji admin user into the PostgreSQL database 168 | # SSL Certificate authentication 169 | sudo -u koji psql -c "insert into users (name, status, usertype) values ('kojiadmin', 0, 0);" 170 | 171 | # Give yourself admin permissions 172 | sudo -u koji psql -c "insert into user_perms (user_id, perm_id, creator_id) values (1, 1, 1);" 173 | 174 | 175 | ## KOJI CONFIGURATION FILES 176 | # Koji Hub 177 | mkdir -p /etc/koji-hub 178 | cat > /etc/koji-hub/hub.conf <<- EOF 179 | [hub] 180 | DBName = koji 181 | DBUser = koji 182 | KojiDir = $KOJI_DIR 183 | DNUsernameComponent = CN 184 | ProxyDNs = C=$COUNTRY_CODE,ST=$STATE,L=$LOCATION,O=$ORGANIZATION,OU=kojiweb,CN=$KOJI_MASTER_FQDN 185 | LoginCreatesUser = On 186 | KojiWebURL = $KOJI_URL/koji 187 | DisableNotifications = True 188 | EOF 189 | 190 | mkdir -p /etc/httpd/conf.d 191 | cat > /etc/httpd/conf.d/kojihub.conf <<- EOF 192 | Alias /kojihub /usr/share/koji-hub/kojiapp.py 193 | 194 | Options ExecCGI 195 | SetHandler wsgi-script 196 | Require all granted 197 | WSGIApplicationGroup %{GLOBAL} 198 | WSGIScriptReloading Off 199 | 200 | Alias /kojifiles "$KOJI_DIR" 201 | 202 | Options Indexes SymLinksIfOwnerMatch 203 | AllowOverride None 204 | Require all granted 205 | 206 | 207 | SSLVerifyClient require 208 | SSLVerifyDepth 10 209 | SSLOptions +StdEnvVars 210 | 211 | EOF 212 | 213 | # Koji Web 214 | mkdir -p /etc/kojiweb 215 | cat > /etc/kojiweb/web.conf <<- EOF 216 | [web] 217 | SiteName = koji 218 | KojiHubURL = $KOJI_URL/kojihub 219 | KojiFilesURL = $KOJI_URL/kojifiles 220 | WebCert = $KOJI_PKI_DIR/kojiweb.pem 221 | ClientCA = $KOJI_PKI_DIR/koji_ca_cert.crt 222 | KojiHubCA = $KOJI_PKI_DIR/koji_ca_cert.crt 223 | LoginTimeout = 72 224 | Secret = NITRA_IS_NOT_CLEAR 225 | LibPath = /usr/share/koji-web/lib 226 | LiteralFooter = True 227 | EOF 228 | 229 | mkdir -p /etc/httpd/conf.d 230 | cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF 231 | Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py" 232 | WSGIDaemonProcess koji lang=C.UTF-8 233 | 234 | Options ExecCGI 235 | WSGIProcessGroup koji 236 | WSGIApplicationGroup %{GLOBAL} 237 | SetHandler wsgi-script 238 | Require all granted 239 | 240 | Alias /koji-static "/usr/share/koji-web/static" 241 | 242 | Options None 243 | AllowOverride None 244 | Require all granted 245 | 246 | EOF 247 | 248 | # Koji CLI 249 | cat > "$ADMIN_KOJI_DIR"/config <<- EOF 250 | [koji] 251 | server = $KOJI_URL/kojihub 252 | weburl = $KOJI_URL/koji 253 | topurl = $KOJI_URL/kojifiles 254 | topdir = $KOJI_DIR 255 | cert = ~/.koji/client.crt 256 | serverca = ~/.koji/serverca.crt 257 | anon_retry = true 258 | EOF 259 | chown kojiadmin:kojiadmin "$ADMIN_KOJI_DIR"/config 260 | 261 | ## KOJI APPLICATION HOSTING 262 | # Koji Filesystem Skeleton 263 | mkdir -p "$KOJI_DIR"/{packages,repos,work,scratch,repos-dist} 264 | chown -R "$HTTPD_USER":"$HTTPD_USER" "$KOJI_DIR" 265 | 266 | ## Apache Configuration Files 267 | mkdir -p /etc/httpd/conf.d 268 | cat > /etc/httpd/conf.d/ssl.conf <<- EOF 269 | ServerName $KOJI_MASTER_FQDN 270 | 271 | Listen 443 https 272 | 273 | #SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog 274 | 275 | #SSLSessionCache shmcb:/run/httpd/sslcache(512000) 276 | 277 | SSLRandomSeed startup file:/dev/urandom 256 278 | SSLRandomSeed connect builtin 279 | 280 | 281 | ErrorLog /var/log/httpd/ssl_error_log 282 | TransferLog /var/log/httpd/ssl_access_log 283 | LogLevel warn 284 | 285 | SSLEngine on 286 | SSLProtocol -all +TLSv1.2 287 | SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!DH:!SHA1 288 | SSLHonorCipherOrder on 289 | 290 | SSLCertificateFile $KOJI_PKI_DIR/kojihub.pem 291 | SSLCertificateKeyFile $KOJI_PKI_DIR/private/kojihub.key 292 | SSLCertificateChainFile $KOJI_PKI_DIR/koji_ca_cert.crt 293 | SSLCACertificateFile $KOJI_PKI_DIR/koji_ca_cert.crt 294 | SSLVerifyClient optional 295 | SSLVerifyDepth 10 296 | 297 | 298 | SSLOptions +StdEnvVars 299 | 300 | 301 | SSLOptions +StdEnvVars 302 | 303 | 304 | CustomLog /var/log/httpd/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 305 | 306 | EOF 307 | 308 | mkdir -p /etc/httpd/conf.modules.d 309 | cat > /etc/httpd/conf.modules.d/wsgi.conf <<- EOF 310 | WSGISocketPrefix /run/httpd/wsgi 311 | EOF 312 | cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF 313 | LoadModule ssl_module lib/httpd/modules/mod_ssl.so 314 | EOF 315 | 316 | systemctl enable --now httpd 317 | 318 | 319 | ## TEST KOJI CONNECTIVITY 320 | sudo -u kojiadmin koji moshimoshi 321 | 322 | 323 | ## KOJI DAEMON - BUILDER 324 | # Add the host entry for the koji builder to the database 325 | sudo -u kojiadmin koji add-host "$KOJI_SLAVE_FQDN" "$RPM_ARCH" 326 | 327 | # Add the host to the createrepo channel 328 | sudo -u kojiadmin koji add-host-to-channel "$KOJI_SLAVE_FQDN" createrepo 329 | 330 | # A note on capacity 331 | sudo -u kojiadmin koji edit-host --capacity="$KOJID_CAPACITY" "$KOJI_SLAVE_FQDN" 332 | 333 | # Generate certificates 334 | pushd "$KOJI_PKI_DIR" 335 | ./gencert.sh "$KOJI_SLAVE_FQDN" "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/CN=$KOJI_SLAVE_FQDN" "subjectAltName=DNS:$KOJI_SLAVE_FQDN,IP:$KOJI_SLAVE_IP" 336 | popd 337 | 338 | if [[ "$KOJI_SLAVE_FQDN" = "$KOJI_MASTER_FQDN" ]]; then 339 | "$SCRIPT_DIR"/deploy-koji-builder.sh 340 | fi 341 | 342 | 343 | ## KOJIRA - DNF|YUM REPOSITORY CREATION AND MAINTENANCE 344 | # Add the user entry for the kojira user 345 | sudo -u kojiadmin koji add-user kojira 346 | sudo -u kojiadmin koji grant-permission repo kojira 347 | 348 | # Kojira Configuration Files 349 | mkdir -p /etc/kojira 350 | cat > /etc/kojira/kojira.conf <<- EOF 351 | [kojira] 352 | server=$KOJI_URL/kojihub 353 | topdir=$KOJI_DIR 354 | logfile=/var/log/kojira.log 355 | cert = $KOJI_PKI_DIR/kojira.pem 356 | serverca = $KOJI_PKI_DIR/koji_ca_cert.crt 357 | EOF 358 | 359 | # Ensure postgresql is started prior to running kojira service 360 | mkdir -p /etc/systemd/system/kojira.service.d 361 | cat > /etc/systemd/system/kojira.service.d/after-postgresql.conf <