381
edits
Changes
Jump to navigation
Jump to search
Line 33:
Line 33: − + + + Line 217:
Line 219: − + Line 288:
Line 290: − + − dnf install nfs-utils+ − systemctl enable --now nfs-server+ − nano /etc/exports − − </syntaxhighlight>we only have one build server, but you can add additional to the line, separated by a space<syntaxhighlight lang="ini"> − /mnt/koji build1.koozali.org(rw,sync,root_squash) − </syntaxhighlight>export, verify and allow Apache access via SELinux<syntaxhighlight lang="bash"> − exportfs -ra − exportfs -v − setsebool -P httpd_use_nfs=1 − </syntaxhighlight>Allow nfs access through the firewall<syntaxhighlight lang="bash"> − firewall-cmd --permanent --add-service=nfs − − − Line 352:
Line 341: − + Line 380:
Line 369: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→Koji Web Service
Disk: 20GB (but I'm only using ~25%)
Disk: 20GB (but I'm only using ~25%)
You'll need to set up your network:
FQDN: koji.koozali.org
You'll need to set up your network: either during install or post install (enable adapter, FQDN, IP address, Gateway, DNS)
Log into your server as root and<syntaxhighlight lang="bash">
Log into your server as root and<syntaxhighlight lang="bash">
</syntaxhighlight>Authorize the Koji-hub service to PostgreSQL. As the hub and DB are on the same server we are using Unix sockets for connection<syntaxhighlight lang="bash">
</syntaxhighlight>Authorize the Koji-hub service to PostgreSQL. As the hub and DB are on the same server we are using Unix sockets for connection<syntaxhighlight lang="bash">
nano /var/lib/pgsql/data/pg_hba.conf
nano /var/lib/pgsql/data/pg_hba.conf
</syntaxhighlight>and add the following lines<syntaxhighlight lang="text">
</syntaxhighlight>and add the following lines (before the other settings)<syntaxhighlight lang="text">
#TYPE DATABASE USER CIDR-ADDRESS METHOD
#TYPE DATABASE USER CIDR-ADDRESS METHOD
local koji koji trust
local koji koji trust
semanage fcontext -a -t public_content_rw_t "/mnt/koji(/.*)?"
semanage fcontext -a -t public_content_rw_t "/mnt/koji(/.*)?"
restorecon -r -v /mnt/koji
restorecon -r -v /mnt/koji
</syntaxhighlight>We'll want the build servers to have access to the koji filesystem via nfs<syntaxhighlight lang="bash">
</syntaxhighlight>Make sure that the firewall will allow http & https access<syntaxhighlight lang="bash">
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
firewall-cmd --reload
</syntaxhighlight>Restart httpd<syntaxhighlight lang="bash">
</syntaxhighlight>Restart httpd<syntaxhighlight lang="bash">
systemctl restart httpd
systemctl restart httpd
</syntaxhighlight>edit the web config file to point at the right urls and SSL certificates<syntaxhighlight lang="bash">
</syntaxhighlight>edit the web config file to point at the right urls and SSL certificates<syntaxhighlight lang="bash">
nano /etc/kojiweb/web.conf
nano /etc/kojiweb/web.conf
</syntaxhighlight><syntaxhighlight lang="ini">
</syntaxhighlight>Please insert a random string into the secret (replace CHANGE_ME)<syntaxhighlight lang="ini">
[web]
[web]
SiteName = koji
SiteName = koji
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
firewall-cmd --reload
</syntaxhighlight>
==== Koji Build Servers ====
For this exercise I only created 1 build server. You can have as many as you like...
OS: Rocky 8.8-minimal
Memory: 8GB
Disk: 20GB (can apparently use a lot of disk, depending on how active a build server it is)
FQDN: build1.koozali.org
You'll need to set up your network: You can do this during the install or post install (ensure network activated, IP address, FQDN, DNS)
Log into your server as root and<syntaxhighlight lang="bash">
nmtui
ip addr
ping google.com
</syntaxhighlight>Let's bring the server up to date<syntaxhighlight lang="bash">
dnf update
</syntaxhighlight>
===== Koji Hub setup =====
We'll want the build servers to have access to the koji filesystem via nfs, so on the koji hub server<syntaxhighlight lang="bash">
dnf install nfs-utils
systemctl enable --now nfs-server
nano /etc/exports
</syntaxhighlight>we only have one build server, but you can add additional to the line, separated by a space<syntaxhighlight lang="ini">
/mnt/koji build1.koozali.org(rw,sync,root_squash)
</syntaxhighlight>export, verify and allow Apache access via SELinux<syntaxhighlight lang="bash">
exportfs -ra
exportfs -v
setsebool -P httpd_use_nfs=1
</syntaxhighlight>Allow nfs access through the firewall<syntaxhighlight lang="bash">
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
</syntaxhighlight>
</syntaxhighlight>