From f1811bc44d1a7f49e667f3a923555c9d171a242b Mon Sep 17 00:00:00 2001 From: Trevor Batley Date: Fri, 1 Sep 2023 14:07:07 +1000 Subject: [PATCH] flesh out install script --- koji-setup/deploy-koji.sh | 8 +-- koji-setup/install_koji_farm.sh | 114 ++++++++++++++++++++++++++++++-- 2 files changed, 113 insertions(+), 9 deletions(-) diff --git a/koji-setup/deploy-koji.sh b/koji-setup/deploy-koji.sh index 8993d90..2d44fa2 100755 --- a/koji-setup/deploy-koji.sh +++ b/koji-setup/deploy-koji.sh @@ -104,10 +104,10 @@ mkdir -p /etc/ca-certs/trusted # Generate the koji component certificates and the admin certificate and generate a PKCS12 user certificate (for web browser) cp "$SCRIPT_DIR"/gencert.sh "$KOJI_PKI_DIR" pushd "$KOJI_PKI_DIR" -./gencert.sh kojiweb "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=kojiweb/CN=$KOJI_HUB_FQDN" -./gencert.sh kojihub "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=kojihub/CN=$KOJI_HUB_FQDN" -./gencert.sh kojiadmin "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=$ORG_UNIT/CN=kojiadmin" -./gencert.sh kojira "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=$ORG_UNIT/CN=kojira" +gencert.sh kojiweb "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=kojiweb/CN=$KOJI_HUB_FQDN" +gencert.sh kojihub "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=kojihub/CN=$KOJI_HUB_FQDN" +gencert.sh kojiadmin "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=$ORG_UNIT/CN=kojiadmin" +gencert.sh kojira "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/OU=$ORG_UNIT/CN=kojira" popd # Copy certificates into ~/.koji for kojiadmin diff --git a/koji-setup/install_koji_farm.sh b/koji-setup/install_koji_farm.sh index c2d1339..3dfcc4c 100644 --- a/koji-setup/install_koji_farm.sh +++ b/koji-setup/install_koji_farm.sh @@ -1,21 +1,94 @@ #!/bin/bash -set -xe -SCRIPT_DIR="$(dirname "$(realpath "$0")")" +for param in $1 $2 $3 $4 $5 $6; do + if [ $param ] ; then + case $param in + local ) + GITEAUser=${local_USER} + GITEAACCESSTOKEN=${local_GITEAACCESSTOKEN} + GITEAHOST=${local_GITEAHOST} + ;; + debug ) + DEBUG=true ;; + noisy ) + NOISY=true ;; + * ) + EXTRAPARAMS=$EXTRAPARAMS" "$param ;; + esac + else + break + fi +done +if [ $DEBUG ] ; then + set -xe +else + set -e +fi + +# pull down the deploy scripts +SCRIPT_GIT="https://src.koozali.org/smedev/smeserver-koji/raw/branch/master/koji-setup" +SCRIPT_DIR="$(echo ~)/bin" +mkdir -p $SCRIPT_DIR +curl $SCRIPT_GIT/gencert.sh > $SCRIPT_DIR/gencert.sh +curl $SCRIPT_GIT/deploy-koji.sh > $SCRIPT_DIR/deploy-koji.sh +curl $SCRIPT_GIT/bootstrap-build.sh > $SCRIPT_DIR/bootstrap-build.sh + +# ask for required parameters (ssh settings and build server FQDN) KOJI_HUB_FQDN="$(hostname -f)" +while true ; do + read -n 2 -p "Country Code (eg, US) " COUNTRY_CODE + if [ ${#COUNTRY_CODE} ne 2 ] ; then + echo "You must enter a 2 character country code" + else + break + fi +done +while true ; do + read -p "State (eg. Ohio) " STATE + if [ $STATE ] ; then break ; else echo "State MUST be entered" ; fi +done +while true ; do + read -p "City (eg. Columbus) " LOCATION + if [ $LOCATION ] ; then break ; else echo "City MUST be entered" ; fi +done +while true ; do + read -p "Organisation (eg. Koozali) " ORGANIZATION + if [ $ORGANIZATION ] ; then break ; else echo "Organization MUST be entered" ; fi +done +while true ; do + read -p "Org Unit (eg. Koji) " ORG_UNIT + if [ $ORG_UNIT ] ; then break ; else echo "Organizational Unit MUST be entered" ; fi +done +read -p "Build server FQDN (will default to hub FQDN '$KOJI_HUB_FQDN' if left blank) " KOJI_BUILD_FQDN +if [ $KOJI_BUILD_FQDN ] ; then + echo "$KOJI_BUILD_FQDN will be made a Koji Build server" + break +else + KOJI_BUILD_FQDN=$KOJI_HUB_FQDN + echo "All-in-one: Hub will now be a build server as well" +fi -cat > $SCRIPT_DIR/parameters.sh <<- EOT +# create the parameter scripts used by deploy scripts +cat > $SCRIPT_DIR/globals.sh <<- EOT #!/bin/bash -## GLOBALS +# Copyright (C) 2019 Intel Corporation +# SPDX-License-Identifier: Apache-2.0 + +#### START DO NOT EDIT #### export POSTGRES_USER=postgres export POSTGRES_DEFAULT_DIR=/var/lib/pgsql export HTTPD_USER=apache export HTTPD_DOCUMENT_ROOT=/var/www/html export KOJI_PKI_DIR=/etc/pki/koji +#### END DO NOT EDIT +EOT + +cat > $SCRIPT_DIR/parameters.sh <<- EOT +#!/bin/bash ## KOJI RPM BUILD AND TRACKER export KOJI_DIR=/mnt/koji -export KOJI_HUB_FQDN="$KOJI_HB_FQDN" +export KOJI_HUB_FQDN="$KOJI_HUB_FQDN" export KOJI_BUILD_FQDN="$KOJI_BUILD_FQDN" export KOJI_URL=http://"$KOJI_HUB_FQDN" export KOJID_CAPACITY=16 @@ -36,3 +109,34 @@ export EXTERNAL_REPO=http://mirrorlist.centos.org/releases/10/smeos/ ## POSTGRESQL DATABASE export POSTGRES_DIR=/var/lib/pgsql EOT + +# deploy thecentral koji components +deploy-koji.sh + +# if there is a separate koji builder deploy that +if [ $KOJI_BUILD_FQDN ne $KOJI_HUB_FQDN ] ; then + # add nfs share for koji files direcory + deploy-koji-nfs-server.sh + # create a ssh key and add to authorized keys on build server + mkdir -p ~/.ssh + ssh-keygen -t rsa -f /root/.ssh/id_rsa -N "" + ssh-copy-id -i ~/.ssh/id_rsa.pub $KOJI_BUILD_FQDN + # copy across the ssl keys + ssh root@$KOJI_BUILD_FQDN mkdir $KOJI_PKI_DIR + scp $KOJI_PKI_DIR/$KOJI_BUILD_FQDN.pem root@$KOJI_BUILD_FQDN:$KOJI_PKI_DIR/. + scp $KOJI_PKI_DIR/koji_ca_cert.crt root@$KOJI_BUILD_FQDN:$KOJI_PKI_DIR/. + # copy across the parameter files + ssh root@$KOJI_BUILD_FQDN + scp $SCRIPT_DIR/globals.sh root@$KOJI_BUILD_FQDN:$SCRIPT_DIR/. + scp $SCRIPT_DIR/parameters.sh root@$KOJI_BUILD_FQDN:$SCRIPT_DIR/. + # pull down the required scripts + ssh root@$KOJI_BUILD_FQDN curl $SCRIPT_GIT/deploy-koji-nfs-client.sh > $SCRIPT_DIR/. + ssh root@$KOJI_BUILD_FQDN curl $SCRIPT_GIT/deploy-koji-builder.sh > $SCRIPT_DIR/. + # connect to nfs share + ssh root@$KOJI_BUILD_FQDN deploy-koji-nfs-client.sh + # deploy koji builder + ssh root@$KOJI_BUILD_FQDN deploy-koji-builder.sh +fi + +# +bootstrap-build.sh \ No newline at end of file