Koji
Koji Build Server Hub
kojihub
22
80
443
sudo -u postgres PGDATA=/var/lib/pgsql/data initdb
/mnt/koji/packages
/mnt/koji/repos
/mnt/koji/work
/mnt/koji/scratch
/etc/pki/koji
serial
openssl genrsa -out private/koji_ca_cert.key 2048
openssl req -batch -config ssl.cnf -new -x509 -days 3650 \
-key private/koji_ca_cert.key -out koji_ca_cert.crt -extensions v3_ca \
-subj "/C=US/ST=North\ Carolina/L=Raleigh/O=aeolus/CN=`hostname`"
]]>
ssl2.cnf
openssl req -batch -config ssl2.cnf -new -nodes -out certs/${user}.csr -key certs/${user}.key \
-subj "/C=US/ST=North Carolina/L=Raleigh/O=aeolus/CN=${user}"
openssl ca -batch -config ssl2.cnf -keyfile private/${caname}_ca_cert.key -cert ${caname}_ca_cert.crt \
-out certs/${user}.crt -outdir certs -infiles certs/${user}.csr
cat certs/${user}.crt certs/${user}.key > ${user}.pem
if [ -d /home/${user} ] ; then
mkdir /home/${user}/.koji
cp /etc/pki/koji/${user}.pem /home/${user}/.koji/client.crt
cp /etc/pki/koji/koji_ca_cert.crt /home/${user}/.koji/clientca.crt
cp /etc/pki/koji/koji_ca_cert.crt /home/${user}/.koji/serverca.crt
fi
]]>
Options ExecCGI
SetHandler wsgi-script
Order allow,deny
Allow from all
Alias /kojifiles "/mnt/koji/"
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
Alias /packages/ /mnt/koji/packages/
Options Indexes
AllowOverride None
Order allow,deny
Allow from all
]]>
Options ExecCGI
SetHandler wsgi-script
Order allow,deny
Allow from all
Alias /koji-static/ "/usr/share/koji-web/static/"
Options None
AllowOverride None
Order allow,deny
Allow from all
PythonOption KojiHubURL http://kojihub/kojihub
PythonOption KojiWebURL http://kojihub/koji
PythonOption KojiPackagesURL http://kojihub/mnt/koji/packages
PythonOption WebCert /etc/pki/koji/kojiweb.pem
PythonOption ClientCA /etc/pki/koji/koji_ca_cert.crt
PythonOption KojiHubCA /etc/pki/koji/koji_ca_cert.crt
PythonOption LoginTimeout 72
PythonOption Secret kojipass
SSLOptions +StdEnvVars
]]>
SSLCertificateFile /etc/pki/koji/certs/kojihub.crt
SSLCertificateKeyFile /etc/pki/koji/certs/kojihub.key
SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt
SSLVerifyClient require
SSLVerifyDepth 10
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
]]>
setenforce 0
pg_ctl -D /var/lib/pgsql/data reload
/etc/pki/koji/kca.sh
/etc/pki/koji/kjc.sh kojihub
/etc/pki/koji/kjc.sh kojiweb
/etc/pki/koji/kjc.sh kojiadmin
createuser koji -S -D -R
dropdb koji
createdb -O koji koji
psql koji koji -f /usr/share/doc/koji*/docs/schema.sql
psql koji koji -f /root/koji.sql
service httpd reload