mirror of
https://src.koozali.org/infra/smeserver-koji.git
synced 2024-11-25 02:57:28 +01:00
supress duplicate httpd stuff when web on hub
This commit is contained in:
parent
d6b94a4538
commit
fdc0aa0b3b
@ -101,6 +101,7 @@ export SCRIPT_GIT=$SCRIPT_GIT
|
|||||||
export KOJI_DIR=$KOJI_DIR
|
export KOJI_DIR=$KOJI_DIR
|
||||||
export KOJI_HUB_FQDN=$KOJI_HUB_FQDN
|
export KOJI_HUB_FQDN=$KOJI_HUB_FQDN
|
||||||
export KOJI_URL=http://$KOJI_HUB_FQDN
|
export KOJI_URL=http://$KOJI_HUB_FQDN
|
||||||
|
export KOJI_WEB_URL=http://$KOJI_WEB_FQDN
|
||||||
export KOJID_CAPACITY=$KOJID_CAPACITY
|
export KOJID_CAPACITY=$KOJID_CAPACITY
|
||||||
export TAG_NAME='$TAG_NAME'
|
export TAG_NAME='$TAG_NAME'
|
||||||
# Use for koji SSL certificates
|
# Use for koji SSL certificates
|
||||||
@ -241,5 +242,5 @@ else
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#
|
# bootstrap the targets etc.
|
||||||
koji-bootstrap-build.sh
|
koji-bootstrap-build.sh
|
||||||
|
@ -195,7 +195,7 @@ KojiDir = $KOJI_DIR
|
|||||||
DNUsernameComponent = CN
|
DNUsernameComponent = CN
|
||||||
ProxyDNs = C=$COUNTRY_CODE,ST=$STATE,L=$LOCATION,O=$ORGANIZATION,OU=kojiweb,CN=$KOJI_HUB_FQDN
|
ProxyDNs = C=$COUNTRY_CODE,ST=$STATE,L=$LOCATION,O=$ORGANIZATION,OU=kojiweb,CN=$KOJI_HUB_FQDN
|
||||||
LoginCreatesUser = On
|
LoginCreatesUser = On
|
||||||
KojiWebURL = $KOJI_URL/koji
|
KojiWebURL = $KOJI_WEB_URL/koji
|
||||||
DisableNotifications = True
|
DisableNotifications = True
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
@ -223,38 +223,6 @@ EOF
|
|||||||
# SELinux changes to allow db access
|
# SELinux changes to allow db access
|
||||||
setsebool -P httpd_can_network_connect_db 1
|
setsebool -P httpd_can_network_connect_db 1
|
||||||
|
|
||||||
# Koji Web
|
|
||||||
mkdir -p /etc/kojiweb
|
|
||||||
cat > /etc/kojiweb/web.conf <<- EOF
|
|
||||||
[web]
|
|
||||||
SiteName = koji
|
|
||||||
KojiHubURL = $KOJI_URL/kojihub
|
|
||||||
KojiFilesURL = $KOJI_URL/kojifiles
|
|
||||||
WebCert = $KOJI_PKI_DIR/kojiweb.pem
|
|
||||||
ClientCA = $KOJI_PKI_DIR/koji_ca_cert.crt
|
|
||||||
KojiHubCA = $KOJI_PKI_DIR/koji_ca_cert.crt
|
|
||||||
LoginTimeout = 72
|
|
||||||
Secret = NITRA_IS_NOT_CLEAR
|
|
||||||
LibPath = /usr/share/koji-web/lib
|
|
||||||
LiteralFooter = True
|
|
||||||
EOF
|
|
||||||
|
|
||||||
mkdir -p /etc/httpd/conf.d
|
|
||||||
cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF
|
|
||||||
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
|
|
||||||
<Directory "/usr/share/koji-web/scripts">
|
|
||||||
Options ExecCGI
|
|
||||||
SetHandler wsgi-script
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
Alias /koji-static "/usr/share/koji-web/static"
|
|
||||||
<Directory "/usr/share/koji-web/static">
|
|
||||||
Options None
|
|
||||||
AllowOverride None
|
|
||||||
Require all granted
|
|
||||||
</Directory>
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# SELinux changes to allow httpd network access
|
# SELinux changes to allow httpd network access
|
||||||
setsebool -P httpd_can_network_connect 1
|
setsebool -P httpd_can_network_connect 1
|
||||||
|
|
||||||
|
@ -54,7 +54,7 @@ LibPath = /usr/share/koji-web/lib
|
|||||||
LiteralFooter = True
|
LiteralFooter = True
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
mkdir -p /etc/httpd/conf.d
|
if [[ ! -d /etc/httpd/conf.d ]] ; then mkdir -p /etc/httpd/conf.d ; fi
|
||||||
cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF
|
cat > /etc/httpd/conf.d/kojiweb.conf <<- EOF
|
||||||
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
|
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
|
||||||
<Directory "/usr/share/koji-web/scripts">
|
<Directory "/usr/share/koji-web/scripts">
|
||||||
@ -73,12 +73,12 @@ Alias /koji-static "/usr/share/koji-web/static"
|
|||||||
</Location>
|
</Location>
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# SELinux changes to allow httpd network access
|
|
||||||
setsebool -P httpd_can_network_connect 1
|
|
||||||
|
|
||||||
## Apache Configuration Files
|
# if NOT on the hub, setup the standard httpd settings
|
||||||
mkdir -p /etc/httpd/conf.d
|
if [[ ! $KOJI_WEB_FQDN = $KOJI_HUB_FQDN ]] ; then
|
||||||
cat > /etc/httpd/conf.d/ssl.conf <<- EOF
|
|
||||||
|
## Apache ssl Configuration File
|
||||||
|
cat > /etc/httpd/conf.d/ssl.conf <<- EOF
|
||||||
ServerName $KOJI_WEB_FQDN
|
ServerName $KOJI_WEB_FQDN
|
||||||
|
|
||||||
Listen 443 https
|
Listen 443 https
|
||||||
@ -118,18 +118,26 @@ SSLRandomSeed connect builtin
|
|||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
mkdir -p /etc/httpd/conf.modules.d
|
# SELinux changes to allow httpd network access
|
||||||
cat > /etc/httpd/conf.modules.d/wsgi.conf <<- EOF
|
setsebool -P httpd_can_network_connect 1
|
||||||
|
|
||||||
|
mkdir -p /etc/httpd/conf.modules.d
|
||||||
|
cat > /etc/httpd/conf.modules.d/wsgi.conf <<- EOF
|
||||||
WSGISocketPrefix /run/httpd/wsgi
|
WSGISocketPrefix /run/httpd/wsgi
|
||||||
EOF
|
EOF
|
||||||
cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF
|
cat > /etc/httpd/conf.modules.d/ssl.conf <<- EOF
|
||||||
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
|
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# allow httpd access through firewall
|
# allow httpd access through firewall
|
||||||
firewall-cmd --permanent --add-service=http
|
firewall-cmd --permanent --add-service=http
|
||||||
firewall-cmd --permanent --add-service=https
|
firewall-cmd --permanent --add-service=https
|
||||||
firewall-cmd --reload
|
firewall-cmd --reload
|
||||||
|
|
||||||
# enable and start the httpd service
|
# enable and start the httpd service
|
||||||
systemctl enable --now httpd
|
systemctl enable --now httpd
|
||||||
|
|
||||||
|
else
|
||||||
|
# we need to restart the httpd service
|
||||||
|
systemctl restart httpd
|
||||||
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user