mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2024-11-21 17:17:28 +01:00
mostly adding selinux stuff
This commit is contained in:
parent
180cc1c36f
commit
bcd69adf5f
20
README.md
20
README.md
@ -6,6 +6,7 @@ The purpose of these scripts it to enable setting up a koji environment quickly
|
||||
with reasonable configurations.
|
||||
|
||||
These scripts have been borrowed from Clear Linux and modified to suit the smeserver (Koozali.org) setup.
|
||||
Thanks to George T Kramer for doing a lot of the prework for these over at ClearLinux.
|
||||
|
||||
## Assumptions
|
||||
|
||||
@ -20,11 +21,15 @@ These scripts have been borrowed from Clear Linux and modified to suit the smese
|
||||
1. Copy these scripts into your ~/bin directory and make sure they are executeable
|
||||
|
||||
mkdir -p ~/bin
|
||||
cp <path where you copied the scripts> ~/bin/.
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/gencert.sh > ~/bin/gencert.sh
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/globals.sh > ~/bin/globals.sh
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/parameters.sh > ~/bin/parameters.sh
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji.sh > ~/bin/deploy-koji.sh
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/bootstrap-build.sh > ~/bin/bootstrap-builld.sh
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji-nfs-server.sh > ~/bin/deploy-koji-nfs-server.sh
|
||||
chmod a+x ~/bin/*.sh
|
||||
|
||||
1. Edit parameters.sh as needed. If running in a production environment, be
|
||||
sure to supply reasonable SSL certificate field values.
|
||||
1. Edit parameters.sh as needed. If running in a production environment, be sure to supply reasonable SSL certificate field values.
|
||||
|
||||
1. Run the required following scripts
|
||||
|
||||
@ -43,12 +48,17 @@ If koji builder machine is not the same as koji master machine:
|
||||
|
||||
deploy-koji-nfs-server.sh
|
||||
|
||||
1. Copy the koji builder certificate from the koji master machine to the koji
|
||||
builder machine
|
||||
1. Copy the koji builder certificate from the koji master machine to the koji builder machine
|
||||
|
||||
scp "$KOJI_PKI_DIR/$KOJI_SLAVE_FQDN.pem" "$KOJI_SLAVE_FQDN":"$KOJI_PKI_DIR"
|
||||
ssh "root@$KOJI_SLAVE_FQDN" "mkdir -p ~/bin"
|
||||
scp "~/bin/globals.sh" "root@$KOJI_SLAVE_FQDN":"/root/bin/."
|
||||
scp "~/bin/parameters.sh" "root@$KOJI_SLAVE_FQDN":"/root/bin/."
|
||||
|
||||
1. On the koji builder machine, run
|
||||
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji-nfs-client.sh > ~/bin/deploy-koji-nfs-client.sh
|
||||
curl https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup/deploy-koji-builder.sh > ~/bin/deploy-koji-builder.sh
|
||||
chmod a+x ~/bin/*.sh
|
||||
deploy-koji-nfs-client.sh
|
||||
deploy-koji-builder.sh
|
||||
|
||||
@ -7,8 +7,7 @@ SCRIPT_DIR="$(dirname "$(realpath "$0")")"
|
||||
source "$SCRIPT_DIR"/globals.sh
|
||||
source "$SCRIPT_DIR"/parameters.sh
|
||||
|
||||
swupd bundle-add koji || :
|
||||
check_dependency kojid
|
||||
dnf install koji-builder
|
||||
|
||||
# Create mock folders and permissions
|
||||
mkdir -p /etc/mock/koji
|
||||
|
||||
@ -7,12 +7,18 @@ SCRIPT_DIR="$(dirname "$(realpath "$0")")"
|
||||
source "$SCRIPT_DIR"/globals.sh
|
||||
source "$SCRIPT_DIR"/parameters.sh
|
||||
|
||||
swupd bundle-add nfs-utils || :
|
||||
check_dependency rpcbind
|
||||
check_dependency rpc.nfsd
|
||||
dnf install nfs-utils
|
||||
|
||||
# Export server directory to be mounted by clients
|
||||
echo "$KOJI_DIR $KOJI_SLAVE_FQDN(ro,no_root_squash)" >> /etc/exports
|
||||
|
||||
# allow nfs usage in selinux and firewall
|
||||
setsebool -P httpd_use_nfs=1
|
||||
|
||||
firewall-cmd --permanent --add-service=nfs
|
||||
firewall-cmd --permanent --add-service=mountd
|
||||
firewall-cmd --permanent --add-service=rpc-bind
|
||||
firewall-cmd --reload
|
||||
|
||||
systemctl enable --now rpcbind
|
||||
systemctl enable --now nfs-server
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
## KOJI RPM BUILD AND TRACKER
|
||||
export KOJI_DIR=/mnt/koji
|
||||
export KOJI_DIR=/srv/koji
|
||||
export KOJI_MOUNT_DIR=/mnt/koji
|
||||
export KOJI_MASTER_FQDN="$(hostname -f)"
|
||||
export KOJI_SLAVE_FQDN="$KOJI_MASTER_FQDN"
|
||||
@ -25,7 +25,7 @@ export DEBUG_RPM_DIR=
|
||||
export EXTERNAL_REPO=http://mirrorlist.centos.org/releases/10/smeos/
|
||||
|
||||
## POSTGRESQL DATABASE
|
||||
export POSTGRES_DIR=/var/lib/pgsql
|
||||
export POSTGRES_DIR=/srv/pgsql
|
||||
|
||||
## GIT REPOSITORIES
|
||||
export GIT_DIR=
|
||||
@ -34,8 +34,8 @@ export IS_ANONYMOUS_GIT_NEEDED=false
|
||||
export GITOLITE_PUB_KEY=''
|
||||
|
||||
## UPSTREAMS CACHE
|
||||
export UPSTREAMS_DIR=/mnt/upstreams
|
||||
export UPSTREAMS_DIR=/srv/upstreams
|
||||
|
||||
## MASH RPMS
|
||||
export MASH_DIR=/mnt/mash
|
||||
export MASH_DIR=/srv/mash
|
||||
export MASH_SCRIPT_DIR=/usr/local/bin
|
||||
|
||||
Loading…
Reference in New Issue
Block a user