-
Notifications
You must be signed in to change notification settings - Fork 1
/
setup-kojiweb
executable file
·117 lines (97 loc) · 4.1 KB
/
setup-kojiweb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/bin/sh
echo "====================="
echo "=== setup-kojiweb ==="
echo "====================="
# Pull in default vars
. `pwd`/defaults
# Check that all the externally defined variables we use in this script are initailized
echo -n "Checking the defaults of the following: "
for i in TOP CANAME HUBCA KOJIWEBFILE HOSTNAME PKI SSLCONF; do
if [ \$$i ]; then
echo -n "$i "
eval n=\$$i
if [ ! $n ]; then
echo
echo "conf error: $i is NOT defined/set in the defaults file. exiting."
exit 1
fi
fi
done
echo " (OK)"
TOPDIR=$TOP/koji
# There should be no need to change this I think
SECRET=`uuidgen | cut -c 1-8`
cat > $KOJIWEBFILE << EOF
Alias /koji "/usr/share/koji-web/scripts/"
<Directory "/usr/share/koji-web/scripts/">
# Config for the publisher handler
SetHandler mod_python
# Use kojiweb's publisher (which handles errors more gracefully)
# You can also use mod_python.publisher, but you will lose the pretty tracebacks
PythonHandler kojiweb.publisher
# General settings
PythonDebug On
PythonOption SiteName Koji
PythonOption KojiHubURL http://HOSTNAME/kojihub
PythonOption KojiPackagesURL http://HOSTNAME/packages
PythonOption KojiImagesURL http://HOSTNAMETOPDIR/images
# PythonOption WebPrincipal koji/web@HOSTNAME
# PythonOption WebKeytab /etc/httpd.keytab
PythonOption WebCCache /var/tmp/kojiweb.ccache
PythonOption WebCert PKI/kojiweb.pem
PythonOption ClientCA PKI/CANAME_ca_cert.crt
PythonOption KojiHubCA PKI/CANAME_ca_cert.crt
PythonOption LoginTimeout 72
# This must be changed before deployment
PythonOption Secret SECRET
PythonPath "sys.path + ['/usr/share/koji-web/lib']"
PythonCleanupHandler kojiweb.handlers::cleanup
PythonAutoReload Off
</Directory>
# uncomment this to enable authentication via Kerberos
# <Location /koji/login>
# AuthType Kerberos
# AuthName "Koji Web UI"
# KrbMethodNegotiate on
# KrbMethodK5Passwd off
# KrbServiceName HTTP
# KrbAuthRealm EXAMPLE.COM
# Krb5Keytab /etc/httpd.keytab
# KrbSaveCredentials off
# Require valid-user
# ErrorDocument 401 /koji-static/errors/unauthorized.html
# </Location>
# uncomment this to enable authentication via SSL client certificates
<Location /koji/login>
SSLOptions +StdEnvVars
</Location>
# these options must be enabled globally (in ssl.conf)
# SSLVerifyClient require
# SSLVerifyDepth 10
Alias /koji-static/ "/usr/share/koji-web/static/"
<Directory "/usr/share/koji-web/static/">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
EOF
perl -p -i -e s{HOSTNAME}{$HOSTNAME} $KOJIWEBFILE
perl -p -i -e s{TOPDIR}{$TOPDIR} $KOJIWEBFILE
perl -p -i -e s{PKI}{$PKI} $KOJIWEBFILE
perl -p -i -e s{CANAME}{$CANAME} $KOJIWEBFILE
perl -p -i -e s{SECRET}{$SECRET} $KOJIWEBFILE
# ------------------------------------------------------------------------
# ssl.conf
#
# Lazy replace rather than concat a file from shell out as above
#perl -p -i -e "s/((^.*)SSLCertificateFile \/etc(.*$))/SSLCertificateFile \/etc\/pki\/koji\/"$CANAME"_ca_cert.pem/" $SSLCONF
#perl -p -i -e "s/((^.*)SSLCertificateKeyFile \/etc(.*$))/SSLCertificateKeyFile \/etc\/pki\/koji\/private\/"$CANAME"_ca_cert.key/" $SSLCONF
#perl -p -i -e "s/((^.*)SSLCertificateChainFile \/etc(.*$))/SSLCertificateChainFile \/etc\/pki\/koji\/"$CANAME"_ca_cert.pem/" $SSLCONF
#perl -p -i -e "s/((^.*)SSLCACertificateFile \/etc(.*$))/SSLCACertificateFile \/etc\/pki\/koji\/"$CANAME"_ca_cert.pem/" $SSLCONF
perl -p -i -e "s/((^.*)SSLCertificateFile \/etc(.*$))/SSLCertificateFile \/etc\/pki\/koji\/certs\/"$HUBCA".crt/" $SSLCONF
perl -p -i -e "s/((^.*)SSLCertificateKeyFile \/etc(.*$))/SSLCertificateKeyFile \/etc\/pki\/koji\/certs\/"$HUBCA".key/" $SSLCONF
perl -p -i -e "s/((^.*)SSLCertificateChainFile \/etc(.*$))/SSLCertificateChainFile \/etc\/pki\/koji\/"$CANAME"_ca_cert.crt/" $SSLCONF
perl -p -i -e "s/((^.*)SSLCACertificateFile \/etc(.*$))/SSLCACertificateFile \/etc\/pki\/koji\/"$CANAME"_ca_cert.crt/" $SSLCONF
perl -p -i -e "s/#SSLVerifyClient require/SSLVerifyClient require/" $SSLCONF
perl -p -i -e "s/#SSLVerifyDepth 10/SSLVerifyDepth 10/" $SSLCONF