supress duplicate httpd stuff when web on hub

This commit is contained in:
Trevor Batley 2023-09-12 16:59:13 +10:00
parent d6b94a4538
commit fdc0aa0b3b
3 changed files with 26 additions and 49 deletions

View File

@ -101,6 +101,7 @@ export SCRIPT_GIT=$SCRIPT_GIT
export KOJI_DIR=$KOJI_DIR export KOJI_DIR=$KOJI_DIR
export KOJI_HUB_FQDN=$KOJI_HUB_FQDN export KOJI_HUB_FQDN=$KOJI_HUB_FQDN
export KOJI_URL=http://$KOJI_HUB_FQDN export KOJI_URL=http://$KOJI_HUB_FQDN
export KOJI_WEB_URL=http://$KOJI_WEB_FQDN
export KOJID_CAPACITY=$KOJID_CAPACITY export KOJID_CAPACITY=$KOJID_CAPACITY
export TAG_NAME='$TAG_NAME' export TAG_NAME='$TAG_NAME'
# Use for koji SSL certificates # Use for koji SSL certificates
@ -241,5 +242,5 @@ else
done done
fi fi
# # bootstrap the targets etc.
koji-bootstrap-build.sh koji-bootstrap-build.sh

View File

@ -195,7 +195,7 @@ KojiDir = $KOJI_DIR
DNUsernameComponent = CN DNUsernameComponent = CN
ProxyDNs = C=$COUNTRY_CODE,ST=$STATE,L=$LOCATION,O=$ORGANIZATION,OU=kojiweb,CN=$KOJI_HUB_FQDN ProxyDNs = C=$COUNTRY_CODE,ST=$STATE,L=$LOCATION,O=$ORGANIZATION,OU=kojiweb,CN=$KOJI_HUB_FQDN
LoginCreatesUser = On LoginCreatesUser = On
KojiWebURL = $KOJI_URL/koji KojiWebURL = $KOJI_WEB_URL/koji
DisableNotifications = True DisableNotifications = True
EOF EOF
@ -223,38 +223,6 @@ EOF
# SELinux changes to allow db access # SELinux changes to allow db access
setsebool -P httpd_can_network_connect_db 1 setsebool -P httpd_can_network_connect_db 1
# Koji Web
mkdir -p /etc/kojiweb
cat > /etc/kojiweb/web.conf <<- EOF
[web]
SiteName = koji
KojiHubURL = $KOJI_URL/kojihub
KojiFilesURL = $KOJI_URL/kojifiles
WebCert = $KOJI_PKI_DIR/kojiweb.pem
ClientCA = $KOJI_PKI_DIR/koji_ca_cert.crt
KojiHubCA = $KOJI_PKI_DIR/koji_ca_cert.crt
LoginTimeout = 72
Secret = NITRA_IS_NOT_CLEAR
LibPath = /usr/share/koji-web/lib
LiteralFooter = True
EOF
mkdir -p /etc/httpd/conf.d
cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
<Directory "/usr/share/koji-web/scripts">
Options ExecCGI
SetHandler wsgi-script
Require all granted
</Directory>
Alias /koji-static "/usr/share/koji-web/static"
<Directory "/usr/share/koji-web/static">
Options None
AllowOverride None
Require all granted
</Directory>
EOF
# SELinux changes to allow httpd network access # SELinux changes to allow httpd network access
setsebool -P httpd_can_network_connect 1 setsebool -P httpd_can_network_connect 1

View File

@ -54,7 +54,7 @@ LibPath = /usr/share/koji-web/lib
LiteralFooter = True LiteralFooter = True
EOF EOF
mkdir -p /etc/httpd/conf.d if [[ ! -d /etc/httpd/conf.d ]] ; then mkdir -p /etc/httpd/conf.d ; fi
cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py" Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
<Directory "/usr/share/koji-web/scripts"> <Directory "/usr/share/koji-web/scripts">
@ -73,12 +73,12 @@ Alias /koji-static "/usr/share/koji-web/static"
</Location> </Location>
EOF EOF
# SELinux changes to allow httpd network access
setsebool -P httpd_can_network_connect 1
## Apache Configuration Files # if NOT on the hub, setup the standard httpd settings
mkdir -p /etc/httpd/conf.d if [[ ! $KOJI_WEB_FQDN = $KOJI_HUB_FQDN ]] ; then
cat > /etc/httpd/conf.d/ssl.conf <<- EOF
## Apache ssl Configuration File
cat > /etc/httpd/conf.d/ssl.conf <<- EOF
ServerName $KOJI_WEB_FQDN ServerName $KOJI_WEB_FQDN
Listen 443 https Listen 443 https
@ -118,18 +118,26 @@ SSLRandomSeed connect builtin
</VirtualHost> </VirtualHost>
EOF EOF
mkdir -p /etc/httpd/conf.modules.d # SELinux changes to allow httpd network access
cat > /etc/httpd/conf.modules.d/wsgi.conf <<- EOF setsebool -P httpd_can_network_connect 1
mkdir -p /etc/httpd/conf.modules.d
cat > /etc/httpd/conf.modules.d/wsgi.conf <<- EOF
WSGISocketPrefix /run/httpd/wsgi WSGISocketPrefix /run/httpd/wsgi
EOF EOF
cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF
LoadModule ssl_module lib/httpd/modules/mod_ssl.so LoadModule ssl_module lib/httpd/modules/mod_ssl.so
EOF EOF
# allow httpd access through firewall # allow httpd access through firewall
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-service=https
firewall-cmd --reload firewall-cmd --reload
# enable and start the httpd service # enable and start the httpd service
systemctl enable --now httpd systemctl enable --now httpd
else
# we need to restart the httpd service
systemctl restart httpd
fi