Changes

From SME Server
Jump to navigationJump to search

Koji Build Farm (view source)

Revision as of 08:51, 18 July 2023

2,543 bytes added ,  08:51, 18 July 2023
no edit summary
Line 185: Line 185:  
cp /etc/pki/koji/koji_ca_cert.crt ~/.koji/serverca.crt
 
cp /etc/pki/koji/koji_ca_cert.crt ~/.koji/serverca.crt
 
exit
 
exit
 +
</syntaxhighlight>
 +
 +
====== POSTGRES setup ======
 +
As root we need to do the initial config<syntaxhighlight lang="bash">
 +
postgresql-setup --initdb --unit postgresql
 +
systemctl enable postgresql --now
 +
</syntaxhighlight>We have a different account for managing the database (i.e. create the koji user and add a password)<syntaxhighlight lang="bash">
 +
useradd koji
 +
passwd koji
 +
</syntaxhighlight>Create the koji user and database and add password for user<syntaxhighlight lang="bash">
 +
su - postgres
 +
createuser --no-superuser --no-createrole --no-createdb koji
 +
createdb -O koji koji
 +
psql -c "alter user koji with encrypted password 'mypassword';"
 +
logout
 +
 +
</syntaxhighlight>Create the koji db schema from the included script (need to be the koji user)<syntaxhighlight lang="bash">
 +
su - koji
 +
psql koji koji < /usr/share/doc/koji*/docs/schema.sql
 +
exit
 +
</syntaxhighlight>Authorize the Koji-hub service to PostgreSQL. As the hub and DB are on the same server we are using Unix sockets for connection<syntaxhighlight lang="bash">
 +
nano /var/lib/pgsql/data/pg_hba.conf
 +
</syntaxhighlight>and add the following lines<syntaxhighlight lang="text">
 +
#TYPE  DATABASE    USER    CIDR-ADDRESS      METHOD
 +
local  koji        koji                      trust
 +
local  all        postgres                  peer
 +
</syntaxhighlight>and blank out the listen address (we are using sockets, not via IP)<syntaxhighlight lang="bash">
 +
nano /var/lib/pgsql/data/postgresql.conf
 +
</syntaxhighlight>by changing this line<syntaxhighlight lang="text">
 +
listen_addresses = ''
 +
</syntaxhighlight>and reload the PostgreSQL daemon<syntaxhighlight lang="bash">
 +
systemctl reload postgresql
 +
</syntaxhighlight>add the initial admin user manually to the user database (we need to be the koji user to do this)
 +
 +
We can add additional users and change privileges of those users via the koji command line tool<syntaxhighlight lang="bash">
 +
su - koji
 +
psql
 +
koji=> insert into users (name, status, usertype) values ('admin-user-name', 0, 0);
 +
koji=> select * from users;
 +
koji=> insert into user_perms (user_id, perm_id, creator_id) values (<id of user inserted above>, 1, <id of user inserted above>);
 +
\q
 +
</syntaxhighlight>We can now set up the hub itself<syntaxhighlight lang="bash">
 +
nano /etc/httpd/conf.d/kojihub.conf
 +
</syntaxhighlight>and uncomment the lines as below<syntaxhighlight lang="ini">
 +
# uncomment this to enable authentication via SSL client certificates
 +
<Location /kojihub/ssllogin>
 +
#        SSLVerifyClient require
 +
#        SSLVerifyDepth  10
 +
        SSLOptions +StdEnvVars
 +
</Location>
 
</syntaxhighlight>
 
</syntaxhighlight>
TrevorB
381

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/42139"

Navigation menu