-
Notifications
You must be signed in to change notification settings - Fork 1
/
setup-kojihub-new
executable file
·193 lines (153 loc) · 5.9 KB
/
setup-kojihub-new
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
#!/bin/sh
echo "====================="
echo "=== setup-kojihub ==="
echo "====================="
. `pwd`/defaults
# Check that all the externally defined variables we use in this script are initailized
echo -n "Checking the defaults of the following: "
for i in TOP HTTPDIR HOSTNAME HUBFILE KOJIHUBCONF SSL_SUBJ KOJIPASS HTTPDIR REMOTEKOJI EMAILDOMAIN; do
if [ \$$i ]; then
echo -n "$i "
eval n=\$$i
if [ ! $n ]; then
echo
echo "conf error: $i is NOT defined/set in the defaults file. exiting."
exit 1
fi
fi
done
echo " (OK)"
TOPDIR=$TOP/koji
# ------------------------------------------------------------------------
# kojihub.conf
cat > $HTTPDIR/$KOJIHUBCONF << EOF
#
# koji-hub is an xmlrpc interface to the Koji database
#
Alias /kojihub "/usr/share/koji-hub/XMLRPC"
<Directory /usr/share/koji-hub>
SetHandler mod_python
PythonHandler kojixmlrpc
PythonOption ConfigFile HUBFILE
PythonDebug Off
# autoreload is mostly useless to us (it would only reload kojixmlrpc.py)
PythonAutoReload Off
</Directory>
Alias /packages "TOP/koji/packages/"
<Directory "TOP/koji/packages">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /REMOTEKOJI "TOPDIR"
<Directory "TOPDIR">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# uncomment this to enable authentication via SSL client certificates
<Location /kojihub>
SSLOptions +StdEnvVars
</Location>
# these options *must* be enabled globally (in ssl.conf)
# SSLVerifyClient require
# SSLVerifyDepth 10
EOF
perl -p -i -e "s{HUBFILE}{$HUBFILE}" $HTTPDIR/$KOJIHUBCONF
perl -p -i -e "s{TOPDIR}{$TOPDIR}" $HTTPDIR/$KOJIHUBCONF
perl -p -i -e "s{REMOTEKOJI}{$REMOTEKOJI}" $HTTPDIR/$KOJIHUBCONF
#the line below has to be after the TOPDIR one above otherwise TOP in TOPDIR
#Gets replaced
perl -p -i -e "s{TOP}{$TOP}" $HTTPDIR/$KOJIHUBCONF
# ------------------------------------------------------------------------
# hub.conf
cat > $HUBFILE << EOF
[hub]
## Basic options ##
DBName = koji
DBUser = koji
DBHost = HOSTNAME
DBPass = KOJIPASS
KojiDir = TOPDIR
## Kerberos authentication options ##
# AuthPrincipal = [email protected]
# AuthKeytab = /etc/koji.keytab
# ProxyPrincipals = [email protected]
## format string for host principals (%s = hostname)
# HostPrincipalFormat = compile/%[email protected]
## end Kerberos auth configuration
## SSL client certificate auth configuration ##
## note: ssl auth may also require editing the httpd config (conf.d/kojihub.conf)
## the client username is the common name of the subject of their client certificate
DNUsernameComponent = CN
## separate multiple DNs with |
## eg
## ProxyDNs = SSL_SUBJ/CN=koji/emailAddress=kojiweb@HOSTNAME |
## SSL_SUBJ/CN=fred/emailAddress=fred@HOSTNAME |
## SSL_SUBJ/CN=joe/emailAddress=joe@HOSTNAME
ProxyDNs = SSL_SUBJ/CN=HOSTNAME/emailAddress=kojiweb@HOSTNAME
## end SSL client certificate auth configuration
## Other options ##
LoginCreatesUser = On
KojiWebURL = http://HOSTNAME/koji
# The domain name that will be appended to Koji usernames
# when creating email notifications
EmailDomain = EMAILDOMAIN
# whether to send the task owner and package owner email or not on success. this still goes to watchers
NotifyOnSuccess = True
## Disables all notifications
# DisableNotifications = False
## Koji hub plugins
## The path where plugins are found
# PluginPath = /usr/lib/koji-hub-plugins
## A space-separated list of plugins to load
# Plugins = echo
## If KojiDebug is on, the hub will be /very/ verbose and will report exception
## details to clients for anticipated errors (i.e. koji's own exceptions --
## subclasses of koji.GenericError).
# KojiDebug = On
## Determines how much detail about exceptions is reported to the client (via faults)
## Meaningful values:
## normal - a basic traceback (format_exception)
## extended - an extended traceback (format_exc_plus)
## anything else - no traceback, just the error message
## The extended traceback is intended for debugging only and should NOT be
## used in production, since it may contain sensitive information.
# KojiTraceback = normal
## These options are intended for planned outages
ServerOffline = False
# OfflineMessage = temporary outage
LockOut = False
## If ServerOffline is True, the server will always report a ServerOffline fault (with
## OfflineMessage as the fault string).
## If LockOut is True, the server will report a ServerOffline fault for all non-admin
## requests.
EOF
perl -p -i -e "s/HOSTNAME/"$HOSTNAME"/g" $HUBFILE
perl -p -i -e "s/KOJIPASS/"$KOJIPASS"/" $HUBFILE
perl -p -i -e "s{SSL_SUBJ}{$SSL_SUBJ}" $HUBFILE
perl -p -i -e "s{TOPDIR}{$TOPDIR}" $HUBFILE
perl -p -i -e "s{EMAILDOMAIN}{$EMAILDOMAIN}" $HUBFILE
# cat $HUBFILE
# ------------------------------------------------------------------------
# httpd welcome.conf file annoyance
RESULT=`rpm -qVf --nomtime $HTTPDIR/welcome.conf | grep welcome.conf`
# if welcome.conf is a listed file then we need not do anything
# if it IS listed then it's in the default state which must be changed
# in which case comment out ALL lines (which ar't already commented out
if [ -z "${RESULT}" ]; then
perl -p -i -e 's/^(?!\s*#)/#/' $HTTPDIR/welcome.conf
fi
# ------------------------------------------------------------------------
# httpd httpd.conf
# sometimes the /etc/hosts file is written in such a way that ::1 (IPv6 localhost)
# gets assigned the hostname but 127.0.0.1 doesn't
# Make surethat ServerName is set as the machines honstname and not 'localhost*'
# which would smash the SSL setup
#RESULT=`grep $HOSTNAME /etc/hosts | grep ::`
#if [ -z "${RESULT}" ]; then
# perl -p -i -e '
perl -p -i -e 's/(^.*)#ServerName/ServerName '$HOSTNAME':80\n#ServerName/g' $HTTPDCONF
#fi