smedev/smeserver-koji
5
0
Fork 0
mirror of https://src.koozali.org/infra/smeserver-koji.git synced 2025-10-31 14:21:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add selinux settings

Browse Source
This commit is contained in:
Trevor Batley
2023-08-29 11:00:22 +10:00
parent 450305499e
commit 180cc1c36f
3 changed files with 28 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
koji-setup/deploy-koji.sh
View File

@@ -7,11 +7,12 @@ SCRIPT_DIR="$(dirname "$(realpath "$0")")"
source "$SCRIPT_DIR"/globals.sh
source "$SCRIPT_DIR"/parameters.sh
swupd bundle-add koji || :
check_dependency koji
check_dependency httpd
check_dependency kojira
check_dependency postgres
# Install all the required packages (some live in the epel repo, so we need to install that too)
dnf config-manager --set-enabled powertools
dnf install epel-release
dnf install koji-hub mod_ssl koji koji-web koji-utils
dnf module enable postgresql:10
dnf install postgresql-server
## SETTING UP SSL CERTIFICATES FOR AUTHENTICATION
mkdir -p "$KOJI_PKI_DIR"/{certs,private}
@@ -202,6 +203,9 @@ Alias /kojifiles "$KOJI_DIR"
</Location>
EOF
# SELinux changes to allow db access
setsebool -P httpd_can_network_connect_db 1
# Koji Web
mkdir -p /etc/kojiweb
cat > /etc/kojiweb/web.conf <<- EOF
@@ -252,6 +256,11 @@ chown kojiadmin:kojiadmin "$ADMIN_KOJI_DIR"/config
mkdir -p "$KOJI_DIR"/{packages,repos,work,scratch,repos-dist}
chown -R "$HTTPD_USER":"$HTTPD_USER" "$KOJI_DIR"
# twealk SELinux to allow $HTTPD_USER write access
setsebool -P allow_httpd_anon_write=1
semanage fcontext -a -t public_content_rw_t "/mnt/koji(/.*)?"
restorecon -r -v /mnt/koji
## Apache Configuration Files
mkdir -p /etc/httpd/conf.d
cat > /etc/httpd/conf.d/ssl.conf <<- EOF
@@ -302,6 +311,12 @@ cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
EOF
# allow httpd access through firewall
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
# enable and start the httpd service
systemctl enable --now httpd

2
koji-setup/globals.sh
View File

@@ -9,7 +9,7 @@ export GIT_DEFAULT_DIR=/var/lib/gitolite
export POSTGRES_USER=postgres
export POSTGRES_DEFAULT_DIR=/var/lib/pgsql
export HTTPD_USER=httpd
export HTTPD_USER=apache
export HTTPD_DOCUMENT_ROOT=/var/www/html
export KOJI_PKI_DIR=/etc/pki/koji