mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2024-12-22 15:37:00 +01:00
supress duplicate httpd stuff when web on hub
This commit is contained in:
parent
d6b94a4538
commit
fdc0aa0b3b
@ -101,6 +101,7 @@ export SCRIPT_GIT=$SCRIPT_GIT
|
||||
export KOJI_DIR=$KOJI_DIR
|
||||
export KOJI_HUB_FQDN=$KOJI_HUB_FQDN
|
||||
export KOJI_URL=http://$KOJI_HUB_FQDN
|
||||
export KOJI_WEB_URL=http://$KOJI_WEB_FQDN
|
||||
export KOJID_CAPACITY=$KOJID_CAPACITY
|
||||
export TAG_NAME='$TAG_NAME'
|
||||
# Use for koji SSL certificates
|
||||
@ -241,5 +242,5 @@ else
|
||||
done
|
||||
fi
|
||||
|
||||
#
|
||||
# bootstrap the targets etc.
|
||||
koji-bootstrap-build.sh
|
||||
|
@ -195,7 +195,7 @@ KojiDir = $KOJI_DIR
|
||||
DNUsernameComponent = CN
|
||||
ProxyDNs = C=$COUNTRY_CODE,ST=$STATE,L=$LOCATION,O=$ORGANIZATION,OU=kojiweb,CN=$KOJI_HUB_FQDN
|
||||
LoginCreatesUser = On
|
||||
KojiWebURL = $KOJI_URL/koji
|
||||
KojiWebURL = $KOJI_WEB_URL/koji
|
||||
DisableNotifications = True
|
||||
EOF
|
||||
|
||||
@ -223,38 +223,6 @@ EOF
|
||||
# SELinux changes to allow db access
|
||||
setsebool -P httpd_can_network_connect_db 1
|
||||
|
||||
# Koji Web
|
||||
mkdir -p /etc/kojiweb
|
||||
cat > /etc/kojiweb/web.conf <<- EOF
|
||||
[web]
|
||||
SiteName = koji
|
||||
KojiHubURL = $KOJI_URL/kojihub
|
||||
KojiFilesURL = $KOJI_URL/kojifiles
|
||||
WebCert = $KOJI_PKI_DIR/kojiweb.pem
|
||||
ClientCA = $KOJI_PKI_DIR/koji_ca_cert.crt
|
||||
KojiHubCA = $KOJI_PKI_DIR/koji_ca_cert.crt
|
||||
LoginTimeout = 72
|
||||
Secret = NITRA_IS_NOT_CLEAR
|
||||
LibPath = /usr/share/koji-web/lib
|
||||
LiteralFooter = True
|
||||
EOF
|
||||
|
||||
mkdir -p /etc/httpd/conf.d
|
||||
cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF
|
||||
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
|
||||
<Directory "/usr/share/koji-web/scripts">
|
||||
Options ExecCGI
|
||||
SetHandler wsgi-script
|
||||
Require all granted
|
||||
</Directory>
|
||||
Alias /koji-static "/usr/share/koji-web/static"
|
||||
<Directory "/usr/share/koji-web/static">
|
||||
Options None
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
</Directory>
|
||||
EOF
|
||||
|
||||
# SELinux changes to allow httpd network access
|
||||
setsebool -P httpd_can_network_connect 1
|
||||
|
||||
|
@ -54,7 +54,7 @@ LibPath = /usr/share/koji-web/lib
|
||||
LiteralFooter = True
|
||||
EOF
|
||||
|
||||
mkdir -p /etc/httpd/conf.d
|
||||
if [[ ! -d /etc/httpd/conf.d ]] ; then mkdir -p /etc/httpd/conf.d ; fi
|
||||
cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF
|
||||
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
|
||||
<Directory "/usr/share/koji-web/scripts">
|
||||
@ -73,12 +73,12 @@ Alias /koji-static "/usr/share/koji-web/static"
|
||||
</Location>
|
||||
EOF
|
||||
|
||||
# SELinux changes to allow httpd network access
|
||||
setsebool -P httpd_can_network_connect 1
|
||||
|
||||
## Apache Configuration Files
|
||||
mkdir -p /etc/httpd/conf.d
|
||||
cat > /etc/httpd/conf.d/ssl.conf <<- EOF
|
||||
# if NOT on the hub, setup the standard httpd settings
|
||||
if [[ ! $KOJI_WEB_FQDN = $KOJI_HUB_FQDN ]] ; then
|
||||
|
||||
## Apache ssl Configuration File
|
||||
cat > /etc/httpd/conf.d/ssl.conf <<- EOF
|
||||
ServerName $KOJI_WEB_FQDN
|
||||
|
||||
Listen 443 https
|
||||
@ -118,18 +118,26 @@ SSLRandomSeed connect builtin
|
||||
</VirtualHost>
|
||||
EOF
|
||||
|
||||
mkdir -p /etc/httpd/conf.modules.d
|
||||
cat > /etc/httpd/conf.modules.d/wsgi.conf <<- EOF
|
||||
# SELinux changes to allow httpd network access
|
||||
setsebool -P httpd_can_network_connect 1
|
||||
|
||||
mkdir -p /etc/httpd/conf.modules.d
|
||||
cat > /etc/httpd/conf.modules.d/wsgi.conf <<- EOF
|
||||
WSGISocketPrefix /run/httpd/wsgi
|
||||
EOF
|
||||
cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF
|
||||
cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF
|
||||
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
|
||||
EOF
|
||||
|
||||
# allow httpd access through firewall
|
||||
firewall-cmd --permanent --add-service=http
|
||||
firewall-cmd --permanent --add-service=https
|
||||
firewall-cmd --reload
|
||||
# allow httpd access through firewall
|
||||
firewall-cmd --permanent --add-service=http
|
||||
firewall-cmd --permanent --add-service=https
|
||||
firewall-cmd --reload
|
||||
|
||||
# enable and start the httpd service
|
||||
systemctl enable --now httpd
|
||||
# enable and start the httpd service
|
||||
systemctl enable --now httpd
|
||||
|
||||
else
|
||||
# we need to restart the httpd service
|
||||
systemctl restart httpd
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user