From bcd69adf5fb41b41bdd6435b525c2ef7bc75a75d Mon Sep 17 00:00:00 2001
From: Trevor Batley <trevor@batley.id.au>
Date: Tue, 29 Aug 2023 16:08:48 +1000
Subject: [PATCH] mostly adding selinux stuff

---
 README.md                            | 20 +++++++++++++++-----
 koji-setup/deploy-koji-builder.sh    |  3 +--
 koji-setup/deploy-koji-nfs-server.sh | 12 +++++++++---
 koji-setup/parameters.sh             |  8 ++++----
 4 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index ab4b50a..18ba76e 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@ The purpose of these scripts it to enable setting up a koji environment quickly
 with reasonable configurations.
 
 These scripts have been borrowed from Clear Linux and modified to suit the smeserver (Koozali.org) setup.
+Thanks to George T Kramer for doing a lot of the prework for these over at ClearLinux.
 
 ## Assumptions
 
@@ -20,11 +21,15 @@ These scripts have been borrowed from Clear Linux and modified to suit the smese
 1. Copy these scripts into your ~/bin directory and make sure they are executeable
 
         mkdir -p ~/bin
-        cp <path where you copied the scripts> ~/bin/.
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/gencert.sh > ~/bin/gencert.sh
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/globals.sh > ~/bin/globals.sh
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/parameters.sh > ~/bin/parameters.sh
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji.sh > ~/bin/deploy-koji.sh
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/bootstrap-build.sh > ~/bin/bootstrap-builld.sh
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji-nfs-server.sh > ~/bin/deploy-koji-nfs-server.sh
         chmod a+x ~/bin/*.sh
 
-1. Edit parameters.sh as needed. If running in a production environment, be
-sure to supply reasonable SSL certificate field values.
+1. Edit parameters.sh as needed. If running in a production environment, be sure to supply reasonable SSL certificate field values.
 
 1. Run the required following scripts
 
@@ -43,12 +48,17 @@ If koji builder machine is not the same as koji master machine:
 
         deploy-koji-nfs-server.sh
 
-1. Copy the koji builder certificate from the koji master machine to the koji
-builder machine
+1. Copy the koji builder certificate from the koji master machine to the koji builder machine
 
         scp "$KOJI_PKI_DIR/$KOJI_SLAVE_FQDN.pem" "$KOJI_SLAVE_FQDN":"$KOJI_PKI_DIR"
+        ssh "root@$KOJI_SLAVE_FQDN" "mkdir -p ~/bin"
+        scp "~/bin/globals.sh" "root@$KOJI_SLAVE_FQDN":"/root/bin/."
+        scp "~/bin/parameters.sh" "root@$KOJI_SLAVE_FQDN":"/root/bin/."
 
 1. On the koji builder machine, run
 
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji-nfs-client.sh > ~/bin/deploy-koji-nfs-client.sh
+        curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji-builder.sh > ~/bin/deploy-koji-builder.sh
+        chmod a+x ~/bin/*.sh
         deploy-koji-nfs-client.sh
         deploy-koji-builder.sh
diff --git a/koji-setup/deploy-koji-builder.sh b/koji-setup/deploy-koji-builder.sh
index 3883d91..6ae3992 100755
--- a/koji-setup/deploy-koji-builder.sh
+++ b/koji-setup/deploy-koji-builder.sh
@@ -7,8 +7,7 @@ SCRIPT_DIR="$(dirname "$(realpath "$0")")"
 source "$SCRIPT_DIR"/globals.sh
 source "$SCRIPT_DIR"/parameters.sh
 
-swupd bundle-add koji || :
-check_dependency kojid
+dnf install koji-builder
 
 # Create mock folders and permissions
 mkdir -p /etc/mock/koji
diff --git a/koji-setup/deploy-koji-nfs-server.sh b/koji-setup/deploy-koji-nfs-server.sh
index 25585e3..f84642d 100755
--- a/koji-setup/deploy-koji-nfs-server.sh
+++ b/koji-setup/deploy-koji-nfs-server.sh
@@ -7,12 +7,18 @@ SCRIPT_DIR="$(dirname "$(realpath "$0")")"
 source "$SCRIPT_DIR"/globals.sh
 source "$SCRIPT_DIR"/parameters.sh
 
-swupd bundle-add nfs-utils || :
-check_dependency rpcbind
-check_dependency rpc.nfsd
+dnf install nfs-utils
 
 # Export server directory to be mounted by clients
 echo "$KOJI_DIR $KOJI_SLAVE_FQDN(ro,no_root_squash)" >> /etc/exports
 
+# allow nfs usage in selinux and firewall
+setsebool -P httpd_use_nfs=1
+
+firewall-cmd --permanent --add-service=nfs
+firewall-cmd --permanent --add-service=mountd
+firewall-cmd --permanent --add-service=rpc-bind
+firewall-cmd --reload
+
 systemctl enable --now rpcbind
 systemctl enable --now nfs-server
diff --git a/koji-setup/parameters.sh b/koji-setup/parameters.sh
index 2a12c58..c4b4cf6 100644
--- a/koji-setup/parameters.sh
+++ b/koji-setup/parameters.sh
@@ -3,7 +3,7 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ## KOJI RPM BUILD AND TRACKER
-export KOJI_DIR=/mnt/koji
+export KOJI_DIR=/srv/koji
 export KOJI_MOUNT_DIR=/mnt/koji
 export KOJI_MASTER_FQDN="$(hostname -f)"
 export KOJI_SLAVE_FQDN="$KOJI_MASTER_FQDN"
@@ -25,7 +25,7 @@ export DEBUG_RPM_DIR=
 export EXTERNAL_REPO=http://mirrorlist.centos.org/releases/10/smeos/
 
 ## POSTGRESQL DATABASE
-export POSTGRES_DIR=/var/lib/pgsql
+export POSTGRES_DIR=/srv/pgsql
 
 ## GIT REPOSITORIES
 export GIT_DIR=
@@ -34,8 +34,8 @@ export IS_ANONYMOUS_GIT_NEEDED=false
 export GITOLITE_PUB_KEY=''
 
 ## UPSTREAMS CACHE
-export UPSTREAMS_DIR=/mnt/upstreams
+export UPSTREAMS_DIR=/srv/upstreams
 
 ## MASH RPMS
-export MASH_DIR=/mnt/mash
+export MASH_DIR=/srv/mash
 export MASH_SCRIPT_DIR=/usr/local/bin