mirror of
https://github.com/rocky-linux/ansible-role-kojihub.git
synced 2024-11-21 12:21:26 +00:00
numerous fixes to address krb
This commit is contained in:
parent
0bccf61c87
commit
8225aa2626
@ -10,6 +10,8 @@ koji_hub_packages:
|
||||
- gnupg2
|
||||
- python3-paho-mqtt
|
||||
- nfs-utils
|
||||
- mod_ssl
|
||||
- mod_auth_gssapi
|
||||
|
||||
koji_default_directories:
|
||||
- packages
|
||||
@ -41,17 +43,27 @@ koji_web_tls_key: /etc/pki/tls/private/koji.rockylinux.org.key
|
||||
# Kojira
|
||||
koji_kojira: true
|
||||
koji_kojira_user: kojira
|
||||
koji_kojira_principal: koji/kojiria@ROCKYLINUX.ORG
|
||||
koji_kojira_keytab: /etc/kojira.keytab
|
||||
koji_kojira_principal: koji/kojira@ROCKYLINUX.ORG
|
||||
koji_kojira_keytab: /etc/koji.keytab
|
||||
|
||||
# Storage
|
||||
koji_mount: /mnt/koji
|
||||
koji_nfs_path: nfs.rockylinux.org:/exports/koji
|
||||
koji_nfs_path: nfs.rockylinux.org:/export/koji
|
||||
|
||||
# Koji Admin
|
||||
koji_admin_client: true
|
||||
koji_admin_user: rockykoji
|
||||
koji_admin_keytab: rockykoji@ROCKYLINUX.ORG
|
||||
koji_admin_principal: rockykoji@ROCKYLINUX.ORG
|
||||
koji_admin_localuser: true
|
||||
koji_admin_localuser_name: koji
|
||||
|
||||
# Hub Settings
|
||||
koji_hub_principal: HTTP/{{ inventory_hostname }}@ROCKYLINUX.ORG
|
||||
koji_hub_proxy_principals: koji/kojiweb@ROCKYLINUX.ORG
|
||||
koji_hub_keytab: /etc/koji.keytab
|
||||
koji_hub_principal_format: compile/%s@ROCKYLINUX.ORG
|
||||
# This should be sufficient even for LE
|
||||
koji_hub_ca: /etc/pki/tls/certs/ca-bundle.crt
|
||||
|
||||
# Koji FAS Syncing
|
||||
# This isn't implemented yet
|
||||
@ -60,9 +72,13 @@ koji_fas_url: https://accounts.rockylinux.org
|
||||
|
||||
# Koji Plugins
|
||||
koji_hub_plugins: false
|
||||
koji_hub_plugins_list: []
|
||||
koji_hub_plugins_list:
|
||||
- rockymsg
|
||||
|
||||
koji_hub_plugin_mqtt_host: mqtt.rockylinux.org
|
||||
koji_hub_plugin_mqtt_topic: koji
|
||||
koji_hub_plugin_mqtt_ca: {{ koji_hub_ca }}
|
||||
koji_hub_plugin_mqtt_tls_cert: /etc/pki/tls/certs/mqtt.pem
|
||||
koji_hub_plugin_mqtt_tls_key: /etc/pki/tls/certs/mqtt.pem
|
||||
koji_hub_plugin_mqtt_excluded_tags:
|
||||
- testing-tag
|
||||
|
162
files/plugins/rockymsg.py
Normal file
162
files/plugins/rockymsg.py
Normal file
@ -0,0 +1,162 @@
|
||||
# Koji callback sent to Rocky Linux mqtt
|
||||
#
|
||||
# Adapted from https://gitlab.cern.ch/linuxsupport/rpms/koji-hub-plugins-cern/blob/master/src/mash.py
|
||||
#
|
||||
# License: GPLv2
|
||||
# Authors:
|
||||
# Alex (dot) Iribarren (at) cern (dot) ch (original script)
|
||||
# Thomas (dot) Oulevey (at) cern (dot) ch (mqtt version)
|
||||
|
||||
import koji
|
||||
from koji import PluginError
|
||||
from koji.context import context
|
||||
from koji.plugin import callback, ignore_error
|
||||
import kojihub
|
||||
import ConfigParser
|
||||
import logging
|
||||
import base64, json
|
||||
import os
|
||||
|
||||
# mqtt client
|
||||
import paho.mqtt.client as mqtt
|
||||
|
||||
CONFIG_FILE = '/etc/koji-hub/plugins/rockymsg.conf'
|
||||
PLUGIN_NAME = 'koji.plugin.rockymsg'
|
||||
DEFAULT_ARCHES = 'x86_64'
|
||||
|
||||
config = None
|
||||
tagCache = {}
|
||||
|
||||
def get_config():
|
||||
global config
|
||||
if config:
|
||||
return config
|
||||
|
||||
config = ConfigParser.SafeConfigParser()
|
||||
config.read(CONFIG_FILE)
|
||||
|
||||
if not config.has_section('rockymsg'):
|
||||
config.add_section('rockymsg')
|
||||
if not config.has_option('rockymsg', 'host'):
|
||||
logging.getLogger(PLUGIN_NAME).error('No mqtt host specified in config file!')
|
||||
return None
|
||||
if not config.has_option('rockymsg', 'port'):
|
||||
logging.getLogger(PLUGIN_NAME).error('No mqtt port specified in config file!')
|
||||
return None
|
||||
if not config.has_option('rockymsg', 'topic'):
|
||||
logging.getLogger(PLUGIN_NAME).error('No mqtt topic specified in config file!')
|
||||
return None
|
||||
if not config.has_option('rockymsg', 'ca_cert'):
|
||||
logging.getLogger(PLUGIN_NAME).error('No mqtt cacert specified in config file!')
|
||||
return None
|
||||
if not config.has_option('rockymsg', 'tls_cert'):
|
||||
logging.getLogger(PLUGIN_NAME).error('No mqtt tls_cert specified in config file!')
|
||||
return None
|
||||
if not config.has_option('rockymsg', 'tls_key'):
|
||||
logging.getLogger(PLUGIN_NAME).error('No mqtt tls_key specified in config file!')
|
||||
return None
|
||||
if not config.has_option('rockymsg', 'tls_insecure'):
|
||||
config.set('rockymsg' 'tls_insecure', 'False')
|
||||
if not config.has_option('rockymsg', 'tls_version'):
|
||||
config.set('rockymsg' 'tls_version', '2')
|
||||
if not config.has_option('rockymsg', 'exclude_tags'):
|
||||
config.set('rockymsg', 'exclude_tags', '')
|
||||
|
||||
return config
|
||||
|
||||
def mqtt_on_publish(client,userdata,result):
|
||||
pass
|
||||
|
||||
def _dispatch_on_topic(payload):
|
||||
logger = logging.getLogger(PLUGIN_NAME)
|
||||
|
||||
config = get_config()
|
||||
if not config:
|
||||
raise PluginError('Unable to use the bus, config not found')
|
||||
|
||||
if not payload['tag']:
|
||||
logger.info('No tag specified')
|
||||
return None
|
||||
|
||||
exclude_tags = config.get('rockymsg', 'exclude_tags')
|
||||
if exclude_tags:
|
||||
exclude_tags = [x.strip() for x in exclude_tags.split(',')]
|
||||
else:
|
||||
exclude_tags = []
|
||||
|
||||
if payload['tag'] in exclude_tags:
|
||||
logger.info('Tag %s excluded' % payload['tag'])
|
||||
return None
|
||||
|
||||
mqtt_host = config.get('rockymsg', 'host')
|
||||
mqtt_port = config.get('rockymsg', 'port')
|
||||
mqtt_topic = config.get('rockymsg', 'topic')
|
||||
mqtt_cacert = config.get('rockymsg', 'ca_cert')
|
||||
mqtt_tls_cert = config.get('rockymsg', 'tls_cert')
|
||||
mqtt_tls_key = config.get('rockymsg', 'tls_key')
|
||||
mqtt_tls_insecure = config.get('rockymsg', 'tls_insecure')
|
||||
mqtt_tls_version = config.get('rockymsg', 'tls_version')
|
||||
|
||||
# Connect to the bus
|
||||
try:
|
||||
client = mqtt.Client()
|
||||
except Exception as e:
|
||||
logger.error('mqtt client error: %s' % e.message)
|
||||
client.tls_set(ca_certs=mqtt_cacert, certfile=mqtt_tls_cert, keyfile=mqtt_tls_key, tls_version=2)
|
||||
|
||||
client.tls_insecure_set('False')
|
||||
try:
|
||||
client.on_publish = mqtt_on_publish
|
||||
client.connect(mqtt_host,mqtt_port)
|
||||
except Exception as e:
|
||||
logger.error('mqtt connection error: %s' % e.message)
|
||||
|
||||
# Publish payload to the bus
|
||||
#
|
||||
ret = client.publish(mqtt_topic, json.dumps(payload))
|
||||
|
||||
# Disconnect from the bus
|
||||
client.disconnect()
|
||||
|
||||
return ret
|
||||
|
||||
def _get_build_target(task_id):
|
||||
try:
|
||||
task = kojihub.Task(task_id)
|
||||
info = task.getInfo(request=True)
|
||||
request = info['request']
|
||||
if info['method'] in ('build', 'maven'):
|
||||
# request is (source-url, build-target, map-of-other-options)
|
||||
if request[1]:
|
||||
return kojihub.get_build_target(request[1])
|
||||
elif info['method'] == 'winbuild':
|
||||
# request is (vm-name, source-url, build-target, map-of-other-options)
|
||||
if request[2]:
|
||||
return kojihub.get_build_target(request[2])
|
||||
except Exception as e:
|
||||
logger.error('Exception: %s', e)
|
||||
|
||||
return None
|
||||
|
||||
|
||||
@callback('postTag', 'postUntag')
|
||||
#@ignore_error
|
||||
def rockymsg(cbtype, *args, **kws):
|
||||
logger = logging.getLogger(PLUGIN_NAME)
|
||||
logger.debug('Called the %s callback, args: %s; kws: %s', cbtype, str(args), str(kws))
|
||||
|
||||
tag = kws['tag']['name']
|
||||
build_task_id = kws['build']['task_id']
|
||||
|
||||
build_target = _get_build_target(build_task_id)
|
||||
logger.debug('Build target: %s', build_target)
|
||||
|
||||
arches = DEFAULT_ARCHES
|
||||
if build_target:
|
||||
build_tag = kojihub.get_tag(build_target['build_tag_name'])
|
||||
arches = build_tag['arches']
|
||||
|
||||
payload = { 'action': cbtype, 'tag': tag, 'arches': arches }
|
||||
job = _dispatch_on_topic(payload)
|
||||
if job:
|
||||
logger.info('Sending payload: %s to mqtt - ret code: %s' % (payload, job))
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
# Note: We do not install postgresql. It's up to you to do so.
|
||||
# Note: We do not install postgresql. It's up to you to do so, whether locally or not.
|
||||
- name: Template for koji admin and kojira
|
||||
template:
|
||||
src: koji-pgsql.sql.j2
|
||||
|
@ -1,8 +1,5 @@
|
||||
---
|
||||
# Create the koji admin user
|
||||
- name: Create local koji admin user
|
||||
user: "{{ koji_admin_user }}"
|
||||
|
||||
# Setup the IPA service account
|
||||
- name: Create koji config directory
|
||||
file:
|
||||
path: "/home/{{ koji_admin_user }}/.koji"
|
46
tasks/koji-admin-local.yml
Normal file
46
tasks/koji-admin-local.yml
Normal file
@ -0,0 +1,46 @@
|
||||
---
|
||||
# Create the koji admin user
|
||||
- name: Create local koji admin user
|
||||
user: "{{ koji_admin_localuser_name }}"
|
||||
comment: "Local Koji Admin"
|
||||
|
||||
- name: Create koji config directory
|
||||
file:
|
||||
path: "/home/{{ koji_admin_localuser_name }}/.koji"
|
||||
state: directory
|
||||
owner: "{{ koji_admin_localuser_name }}"
|
||||
group: "{{ koji_admin_localuser_name }}"
|
||||
recurse: true
|
||||
|
||||
- name: Reset permissions
|
||||
file:
|
||||
path: "/home/{{ koji_admin_localuser_name }}"
|
||||
state: directory
|
||||
owner: "{{ koji_admin_localuser_name }}"
|
||||
group: "{{ koji_admin_localuser_name }}"
|
||||
mode: '0700'
|
||||
|
||||
- name: Configure the koji client
|
||||
template:
|
||||
src: koji-client-config.j2
|
||||
dest: "/home/{{ koji_admin_localuser_name }}/.koji/config"
|
||||
owner: "{{ koji_admin_localuser_name }}"
|
||||
group: "{{ koji_admin_localuser_name }}"
|
||||
mode: '0644'
|
||||
|
||||
- name: Ensuring we have our scripts store
|
||||
file:
|
||||
path: /opt/rocky-tools/scripts
|
||||
state: directory
|
||||
owner: "{{ koji_admin_localuser_name }}"
|
||||
group: "{{ koji_admin_localuser_name }}"
|
||||
mode: '0750'
|
||||
recurse: true
|
||||
|
||||
# name: Cron job to rebuild repos
|
||||
# cron:
|
||||
# name: "Regenerate repos"
|
||||
# job: "/opt/rocky-tools/scripts/regen_build_repos.sh > /dev/null 2>&1"
|
||||
# minute: "5"
|
||||
# hour: "3"
|
||||
# user: "{{ koji_admin_localuser_name }}"
|
14
tasks/koji-gc.yml
Normal file
14
tasks/koji-gc.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
# Configure gc
|
||||
- name: Configure garbage collector
|
||||
template:
|
||||
src: etc/koji-gc/koji-gc.conf.j2
|
||||
dest: /etc/koji-gc/koji-gc.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: Enable the gc timer
|
||||
service:
|
||||
name: koji-gc.timer
|
||||
enabled: true
|
@ -16,33 +16,47 @@
|
||||
- name: Configure koji database
|
||||
import_tasks: db.yml
|
||||
|
||||
- name: Configure koji admin
|
||||
import_tasks: koji-admin.yml
|
||||
when: koji_admin_client
|
||||
- name: Configure local koji admin
|
||||
import_tasks: koji-admin-local.yml
|
||||
when:
|
||||
- koji_admin_client
|
||||
- koji_admin_localuser
|
||||
|
||||
# This is specifically if we want the IPA account to also be an account on this
|
||||
# system. ymmv.
|
||||
- name: Configure ipa koji admin
|
||||
import_tasks: koji-admin-ipa.yml
|
||||
when:
|
||||
- koji_admin_client
|
||||
- not koji_admin_localuser
|
||||
|
||||
- name: Configure plugins
|
||||
import_tasks: plugins.yml
|
||||
when: koji_hub_plugins
|
||||
|
||||
- name: Configure kojira
|
||||
import_tasks: kojira.yml
|
||||
|
||||
- name: Configure kojihub and web
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "/{{ item }}"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
with_items:
|
||||
- etc/koji-hub/hub.conf
|
||||
- etc/kojiweb/web.conf
|
||||
notify:
|
||||
- restart_httpd
|
||||
|
||||
- name: Configure kojira
|
||||
import_tasks: kojira.yml
|
||||
|
||||
- name: Configure httpd for hub and web
|
||||
template:
|
||||
src: "etc/httpd/conf.d/{{ item }}.j2"
|
||||
dest: "/etc/httpd/conf.d/{{ item }}"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
with_items:
|
||||
- kojihub.conf
|
||||
- kojiweb.conf
|
||||
@ -55,6 +69,9 @@
|
||||
dest: /
|
||||
when: koji_theme
|
||||
|
||||
- name: Configure garbage collector
|
||||
import_tasks: koji-gc.yml
|
||||
|
||||
- name: User Sync from FAS
|
||||
import_tasks: user-sync.yml
|
||||
when: koji_fas_sync
|
||||
|
@ -22,14 +22,14 @@ Alias /kojihub /usr/share/koji-hub/kojixmlrpc.py
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
||||
# Also serve /mnt/koji
|
||||
Alias /kojifiles "/mnt/koji/"
|
||||
# Also serve {{ koji_mount }}
|
||||
Alias /kojifiles "{{ koji_mount }}/"
|
||||
|
||||
<Directory "/mnt/koji">
|
||||
Options Indexes SymLinksIfOwnerMatch
|
||||
<Directory "{{ koji_mount }}/">
|
||||
#Options Indexes SymLinksIfOwnerMatch
|
||||
#If your top /mnt/koji directory is not owned by the httpd user, then
|
||||
#you will need to follow all symlinks instead, e.g.
|
||||
#Options Indexes FollowSymLinks
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride None
|
||||
IndexOptions +NameWidth=*
|
||||
<IfVersion < 2.4>
|
||||
@ -41,21 +41,6 @@ Alias /kojifiles "/mnt/koji/"
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
||||
# uncomment this to enable authentication via SSL client certificates
|
||||
# <Location /kojihub/ssllogin>
|
||||
# SSLVerifyClient require
|
||||
# SSLVerifyDepth 10
|
||||
# SSLOptions +StdEnvVars
|
||||
# </Location>
|
||||
|
||||
# If you need to support koji < 1.4.0 clients using SSL authentication, then use the following instead:
|
||||
# <Location /kojihub>
|
||||
# SSLOptions +StdEnvVars
|
||||
# </Location>
|
||||
# In this case, you will need to enable these options globally (in ssl.conf):
|
||||
# SSLVerifyClient require
|
||||
# SSLVerifyDepth 10
|
||||
|
||||
# uncomment this to enable authentication via GSSAPI
|
||||
<Location /kojihub/ssllogin>
|
||||
AuthType GSSAPI
|
||||
|
@ -12,21 +12,6 @@ RewriteRule ^/$ /koji [R,L]
|
||||
Header always set X-Content-Type-Options "nosniff"
|
||||
Header always set Referrer-Policy "same-origin"
|
||||
|
||||
Alias /repos {{ koji_mount }}/repos
|
||||
<Directory "{{ koji_mount }}/repos">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride None
|
||||
# HeaderName /header/header.html
|
||||
<IfVersion < 2.4>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfVersion>
|
||||
<IfVersion >= 2.4>
|
||||
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
||||
# Python 3 Cheetah expectes unicode everywhere, apache's default lang is C
|
||||
# which is not sufficient to open our templates
|
||||
WSGIDaemonProcess koji lang=C.UTF-8
|
||||
@ -56,13 +41,6 @@ WSGIProcessGroup koji
|
||||
ErrorDocument 401 /koji-static/errors/unauthorized.html
|
||||
</Location>
|
||||
|
||||
# uncomment this to enable authentication via SSL client certificates
|
||||
# <Location /koji/login>
|
||||
# SSLVerifyClient require
|
||||
# SSLVerifyDepth 10
|
||||
# SSLOptions +StdEnvVars
|
||||
# </Location>
|
||||
|
||||
Alias /koji-static/ "/usr/share/koji-web/static/"
|
||||
|
||||
<Directory "/usr/share/koji-web/static/">
|
||||
@ -77,3 +55,18 @@ Alias /koji-static/ "/usr/share/koji-web/static/"
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
||||
Alias /repos {{ koji_mount }}/repos
|
||||
<Directory "{{ koji_mount }}/repos">
|
||||
Options Indexes FollowSymLinks
|
||||
AllowOverride None
|
||||
#HeaderName /header/header.html
|
||||
<IfVersion < 2.4>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfVersion>
|
||||
<IfVersion >= 2.4>
|
||||
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
|
||||
Require all granted
|
||||
</IfVersion>
|
||||
</Directory>
|
||||
|
||||
|
44
templates/etc/koji-gc/koji-gc.conf.j2
Normal file
44
templates/etc/koji-gc/koji-gc.conf.j2
Normal file
@ -0,0 +1,44 @@
|
||||
#test policy file
|
||||
#earlier = higher precedence!
|
||||
|
||||
[main]
|
||||
key_aliases =
|
||||
30C9ECF8 fedora-test
|
||||
4F2A6FD2 fedora-gold
|
||||
897DA07A redhat-beta
|
||||
1AC70CE6 fedora-extras
|
||||
|
||||
unprotected_keys =
|
||||
fedora-test
|
||||
fedora-extras
|
||||
redhat-beta
|
||||
|
||||
server = {{ koji_hub_url }}
|
||||
weburl = {{ koji_web_url }}
|
||||
|
||||
# The domain name that will be appended to Koji usernames
|
||||
# when creating email notifications
|
||||
#email_domain = fedoraproject.org
|
||||
|
||||
# SMTP user and pass (uncomment and fill in if your smtp server requires authentication)
|
||||
#smtp_user=user@example.com
|
||||
#smtp_pass=CHANGEME
|
||||
|
||||
[prune]
|
||||
policy =
|
||||
#stuff to protect
|
||||
#note that tags with master lock engaged are already protected
|
||||
tag *-updates :: keep
|
||||
age < 1 day :: skip
|
||||
sig fedora-gold :: skip
|
||||
sig fedora-test && age < 12 weeks :: keep
|
||||
|
||||
#stuff to chuck semi-rapidly
|
||||
tag *-testing *-candidate :: { # nested rules
|
||||
order >= 2 :: untag
|
||||
order > 0 && age > 6 weeks :: untag
|
||||
} #closing braces must be on a line by themselves (modulo comments/whitespace)
|
||||
tag *-candidate && age > 60 weeks :: untag
|
||||
|
||||
#default: keep the last 3
|
||||
order > 2 :: untag
|
@ -13,13 +13,13 @@ DBHost = {{ koji_db_host }}
|
||||
DBPass = {{ koji_db_pass }}
|
||||
KojiDir = {{ koji_mount }}
|
||||
|
||||
AuthPrincipal host/kojihub@ROCKYLINUX.ORG
|
||||
AuthKeytab /etc/koji.keytab
|
||||
ProxyPrincipals koji/kojiweb@ROCKYLINUX.ORG
|
||||
HostPrincipalFormat compile/%s@ROCKYLINUX.ORG
|
||||
AuthPrincipal {{ koji_hub_principal }}
|
||||
AuthKeytab {{ koji_hub_keytab }}
|
||||
ProxyPrincipals {{ koji_hub_proxy_principals }}
|
||||
HostPrincipalFormat {{ koji_hub_principal_format }}
|
||||
|
||||
## Other options ##
|
||||
LoginCreatesUser = Off
|
||||
LoginCreatesUser = On
|
||||
KojiWebURL = {{ koji_web_url }}
|
||||
|
||||
# The domain name that will be appended to Koji usernames
|
||||
|
9
templates/etc/koji-hub/plugins/rockymsg.conf.j2
Normal file
9
templates/etc/koji-hub/plugins/rockymsg.conf.j2
Normal file
@ -0,0 +1,9 @@
|
||||
[rockymsg]
|
||||
host = {{ koji_hub_plugin_mqtt_host }}
|
||||
port = 8883
|
||||
tls_cert = {{ koji_hub_plugin_mqtt_tls_cert }}
|
||||
tls_key = {{ koji_hub_plugin_mqtt_tls_key }}
|
||||
ca_cert = {{ koji_hub_plugin_mqtt_ca }}
|
||||
tls_insecure = False
|
||||
tls_version = 2
|
||||
exclude_tags = {% for tag in koji_hub_plugin_mqtt_excluded_tags %}{{ tag }}{%- if not loop.last -%},{% endif %}{% endfor %}
|
@ -1,49 +1,7 @@
|
||||
[kojira]
|
||||
; For user/pass authentication
|
||||
; user=kojira
|
||||
; password=kojira
|
||||
|
||||
; The URL for the koji hub server
|
||||
server={{ koji_hub_url }}
|
||||
|
||||
; The directory containing the repos/ directory
|
||||
topdir={{ koji_mount }}
|
||||
|
||||
; Logfile
|
||||
logfile=/var/log/kojira.log
|
||||
|
||||
with_src=no
|
||||
|
||||
;configuration for Kerberos authentication
|
||||
|
||||
;the kerberos principal to use
|
||||
;with_src=no
|
||||
principal = {{ koji_kojira_principal }}
|
||||
|
||||
;location of the keytab
|
||||
keytab = {{ koji_kojira_keytab }}
|
||||
|
||||
;configuration for SSL authentication
|
||||
|
||||
;client certificate
|
||||
;cert = /etc/kojira/client.crt
|
||||
|
||||
;certificate of the CA that issued the HTTP server certificate
|
||||
;serverca = /etc/kojira/serverca.crt
|
||||
|
||||
;how soon (in seconds) to clean up expired repositories. 1 week default
|
||||
;deleted_repo_lifetime = 604800
|
||||
|
||||
;how soon (in seconds) to clean up dist repositories. 1 week default here too
|
||||
;dist_repo_lifetime = 604800
|
||||
|
||||
;turn on debugging statements in the log
|
||||
;debug = false
|
||||
|
||||
; ignored repositories according to glob. Multiple masks separated by space.
|
||||
; ignore_tags =
|
||||
|
||||
; Monitor external repos and trigger the appropriate Koji repo regenerations
|
||||
; when they change. Note that you need to have your database set to use UTC,
|
||||
; as otherwise you can end with weird behaviour. For details see
|
||||
; https://pagure.io/koji/issue/2159
|
||||
; check_external_repos = false
|
||||
|
@ -8,12 +8,13 @@ KojiTheme = {{ koji_theme }}
|
||||
KojiHubURL = {{ koji_hub_url }}
|
||||
KojiFilesURL = {{ koji_files_url }}
|
||||
|
||||
# CA
|
||||
KojiHubCA = {{ koji_hub_ca }}
|
||||
|
||||
# Kerberos authentication options
|
||||
WebPrincipal = koji/web@ROCKYLINUX.ORG
|
||||
WebKeytab = /etc/httpd.keytab
|
||||
WebPrincipal = {{ koji_hub_proxy_principals }}
|
||||
WebKeytab = {{ koji_hub_keytab }}
|
||||
WebCCache = /var/tmp/kojiweb.ccache
|
||||
# The service name of the principal being used by the hub
|
||||
KrbService = host
|
||||
|
||||
LoginTimeout = 72
|
||||
|
||||
@ -21,3 +22,4 @@ LoginTimeout = 72
|
||||
Secret = {{ koji_hub_secret }}
|
||||
|
||||
LibPath = /usr/share/koji-web/lib
|
||||
LiteralFooter = True
|
||||
|
@ -11,3 +11,6 @@ topurl = {{ koji_files_url }}
|
||||
|
||||
;path to the koji top directory
|
||||
topdir = {{ koji_mount }}
|
||||
|
||||
; https ca, not for ssl auth
|
||||
serverca = {{ koji_hub_ca }}
|
||||
|
@ -1,5 +1,5 @@
|
||||
with user_id as (insert into users (name, status, usertype) values ('{{ koji_admin_user }}', 0, 0) returning id)
|
||||
insert into user_krb_principals (user_id, krb_principal) values ((select id from user_id),'{{ koji_admin_keytab }}');
|
||||
insert into user_krb_principals (user_id, krb_principal) values ((select id from user_id),'{{ koji_admin_principal }}');
|
||||
insert into user_perms (user_id, perm_id, creator_id) values (1, 1, 1);
|
||||
insert into users (name, status, usertype) values ('{{ koji_kojira_user }}', 0, 0);
|
||||
INSERT INTO user_perms (user_id, perm_id, creator_id) VALUES (2, 3, 1);
|
||||
INSERT INTO user_perms (user_id, perm_id, creator_id) VALUES (2, 10, 1);
|
||||
|
Loading…
Reference in New Issue
Block a user