test: move container/ into test/

Move the container directory, containing the container definitions
for all the test containers, to test/, where all the other test-
related files are located (with the exception of `Schutzbot`).
Use `test/build-container.sh` to build the container, instead of
replicating that in `test-integration.sh`.

test/container/hub/Dockerfile.fedora

@@ -0,0 +1,20 @@
+FROM quay.io/osbuild/koji:v1
+
+RUN dnf -y upgrade \
+    && dnf -y \
+            --setopt=fastestmirror=True \
+            --setopt=install_weak_deps=False \
+            install \
+	koji-web \
+	python3-jsonschema \
+	&& dnf clean all
+
+COPY test/container/hub/hub.conf /etc/koji-hub/hub.conf
+COPY test/container/hub/ssl.conf /etc/httpd/conf.d/ssl.conf
+COPY plugins/hub/osbuild.py /usr/lib/koji-hub-plugins/
+COPY test/container/hub/run-hub.sh /app/run-hub.sh
+
+COPY test/container/hub/web.conf /etc/kojiweb/web.conf
+COPY test/container/hub/kojiweb.conf /etc/httpd/conf.d/kojiweb.conf
+
+ENTRYPOINT /app/run-hub.sh

test/container/hub/Dockerfile.rhel

@@ -0,0 +1,29 @@
+FROM registry.access.redhat.com/ubi8/ubi:latest
+
+COPY test/container/rhel.repo /etc/yum.repos.d/
+COPY test/container/brew.repo /etc/yum.repos.d/
+
+# koji db schema is in docs, remove nodocs from from dnf config
+RUN sed  -i '/^tsflags=nodocs$/d' /etc/dnf/dnf.conf
+
+RUN dnf -y upgrade \
+    && dnf -y \
+            --setopt=fastestmirror=True \
+            --setopt=install_weak_deps=False \
+	install \
+	koji-hub \
+	postgresql \
+	mod_ssl \
+	koji-web \
+	python3-jsonschema \
+	&& dnf clean all
+
+COPY test/container/hub/hub.conf /etc/koji-hub/hub.conf
+COPY test/container/hub/ssl.conf /etc/httpd/conf.d/ssl.conf
+COPY plugins/hub/osbuild.py /usr/lib/koji-hub-plugins/
+COPY test/container/hub/run-hub.sh /app/run-hub.sh
+
+COPY test/container/hub/web.conf /etc/kojiweb/web.conf
+COPY test/container/hub/kojiweb.conf /etc/httpd/conf.d/kojiweb.conf
+
+ENTRYPOINT /app/run-hub.sh

test/container/hub/hub.conf

@@ -0,0 +1,38 @@
+[hub]
+
+##  DB
+DBName = koji
+DBUser = koji
+DBHost = localhost
+#DBPort = 5432
+DBPass = kojipass
+
+## FS
+KojiDir = /mnt/koji
+
+## Logging
+KojiDebug = On
+KojiTraceback = extended
+
+## Kerberos
+AuthPrincipal = koji@LOCAL
+AuthKeytab = /share/koji.keytab
+HostPrincipalFormat = compile/%s@LOCAL
+ProxyPrincipals = koji@LOCAL
+
+##  SSL client certificate auth configuration  ##
+DNUsernameComponent = CN
+ProxyDNs = CN=koji,OU=kojiweb,O=RH,L=BE,ST=BE,C=DE
+#ProxyDNs = /C=DE/ST=BE/L=BE/O=RH/CN=kojiweb
+## end SSL client certificate auth configuration
+
+##  Other options  ##
+LoginCreatesUser = Off
+KojiWebURL = http://localhost:8080/koji
+EmailDomain = kojihub.local
+NotifyOnSuccess = False
+DisableNotifications = True
+
+## Plugins
+PluginPath = /usr/lib/koji-hub-plugins
+Plugins = osbuild

test/container/hub/kojiweb.conf

@@ -0,0 +1,45 @@
+#We use wsgi by default
+Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
+#(configuration goes in /etc/kojiweb/web.conf)
+
+# Python 3 Cheetah expectes unicode everywhere, apache's default lang is C
+# which is not sufficient to open our templates
+WSGIDaemonProcess koji lang=C.UTF-8
+WSGIProcessGroup koji
+
+<Directory "/usr/share/koji-web/scripts/">
+    Options ExecCGI
+    SetHandler wsgi-script
+    WSGIApplicationGroup %{GLOBAL}
+    # ^ works around an OpenSSL issue
+    # see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine
+    <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all granted
+    </IfVersion>
+</Directory>
+
+<Location /koji/login>
+     AuthType GSSAPI
+     AuthName "Koji Web UI"
+     GssapiCredStore keytab:/share/kojiweb.keytab
+     Require valid-user
+     ErrorDocument 401 /koji-static/errors/unauthorized.html
+</Location>
+
+Alias /koji-static/ "/usr/share/koji-web/static/"
+
+<Directory "/usr/share/koji-web/static/">
+    Options None
+    AllowOverride None
+    <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all granted
+    </IfVersion>
+</Directory>

test/container/hub/plugin/osbuild.py

@@ -0,0 +1,31 @@
+import koji
+
+from koji.tasks import BaseTaskHandler
+
+
+class OSBuildImage(BaseTaskHandler):
+    Methods = ['osbuildImage']
+    _taskWeight = 2.0
+
+    def handler(self, name, version, arches, target, opts):
+        self.logger.debug("Building image %s, %s, %s, %s",
+                          name, str(arches), str(target), str(opts))
+
+        #self.logger.debug("Event id: %s", str(self.event_id))
+
+        target_info = self.session.getBuildTarget(target, strict=True)
+        build_tag = target_info['build_tag']
+        repo_info = self.getRepo(build_tag)
+        buildconfig = self.session.getBuildConfig(build_tag)
+
+        if repo_info:
+            self.logger.debug("repo info: %s", str(repo_info))
+
+        if buildconfig:
+            self.logger.debug("build-config: %s", str(buildconfig))
+
+        return {
+            'repositories': [],
+            'koji_builds': [],
+            'build': 'skipped',
+        }

test/container/hub/run-hub.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+set -eux
+
+if ls /share/rpms/*.rpm 1> /dev/null 2>&1; then
+  echo "Using RPMs"
+  rm /usr/lib/koji-hub-plugins/osbuild.py
+  rpm -i /share/rpms/koji-osbuild-?-0.*.rpm \
+         /share/rpms/koji-osbuild-hub-*.rpm
+fi
+
+# Set DB credentials
+sed -i  -e "s/.*DBHost =.*/DBHost = ${POSTGRES_HOST}/" \
+        -e "s/.*DBUser =.*/DBUser = ${POSTGRES_USER}/" \
+        -e "s/.*DBPass =.*/DBPass = ${POSTGRES_PASSWORD}/" \
+        -e "s/.*DBName =.*/DBName = ${POSTGRES_DB}/" \
+        -e "s|.*AuthPrincipal =.*|AuthPrincipal = host/kojihub@LOCAL|" \
+        -e "s|.*AuthKeytab =.*|AuthKeytab = /share/koji.keytab|" \
+        -e "s|.*KojiDebug =.*|KojiDebug = On|" \
+        -e "s|.*LogLevel =.*|LogLevel = DEBUG|" \
+        /etc/koji-hub/hub.conf
+
+sed -i -e "s|LogLevel warn|LogLevel debug|" /etc/httpd/conf/httpd.conf
+
+tee -a /etc/httpd/conf.d/kojihub.conf <<END
+<Location /kojihub/ssllogin>
+        AuthType GSSAPI
+        GssapiSSLonly Off
+        GssapiLocalName Off
+        AuthName "GSSAPI Single Sign On Login"
+        GssapiCredStore keytab:/share/koji.keytab
+        Require valid-user
+</Location>
+END
+
+sed -i  -e "s|^#ServerName.*|ServerName localhost|" \
+        /etc/httpd/conf/httpd.conf
+
+# wait for postgres to come on-line
+timeout 10 bash -c "until printf '' 2>/dev/null >/dev/tcp/${POSTGRES_HOST}/5432; do sleep 0.1; done"
+
+# psql uses PGPASSWORD env variable
+export PGPASSWORD="${POSTGRES_PASSWORD}"
+
+# create an "alias" for the long psql command
+psql_cmd() {
+  psql -h "${POSTGRES_HOST}" -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" "$@"
+}
+
+# initialize the database if it isn't initialized already
+if ! psql_cmd -c "select * from users" &>/dev/null; then
+  psql_cmd -f /usr/share/doc/koji/docs/schema.sql >/dev/null
+fi
+
+# ensure /mnt/koji is owned by apache
+chown -R apache:apache /mnt/koji
+
+# signal we are ready via a file
+touch /share/hub.init
+
+# run apache
+httpd -DFOREGROUND

test/container/hub/ssl.conf

@@ -0,0 +1,80 @@
+Listen 443 https
+
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+SSLCryptoDevice builtin
+
+## SSL Virtual Host Context
+# localhost
+<VirtualHost _default_:443>
+ServerName localhost
+
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel debug
+
+
+SSLEngine on
+SSLHonorCipherOrder on
+SSLCipherSuite PROFILE=SYSTEM
+SSLProxyCipherSuite PROFILE=SYSTEM
+SSLCertificateFile /share/crt.pem
+SSLCertificateKeyFile /share/key.pem
+SSLCertificateChainFile /share/ca-crt.pem
+SSLCACertificateFile /share/ca-crt.pem
+SSLVerifyDepth 1
+
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+    SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+
+# Full Qualified Domain Name, org.osbuild.koji.koji
+<VirtualHost _default_:443>
+ServerName org.osbuild.koji.koji
+
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel debug
+
+SSLEngine on
+SSLHonorCipherOrder on
+SSLCipherSuite PROFILE=SYSTEM
+SSLProxyCipherSuite PROFILE=SYSTEM
+SSLCertificateFile /share/crt-fqdn.pem
+SSLCertificateKeyFile /share/key.pem
+SSLCertificateChainFile /share/ca-crt.pem
+SSLCACertificateFile /share/ca-crt.pem
+SSLVerifyDepth 1
+
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+    SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>

test/container/hub/web.conf

@@ -0,0 +1,16 @@
+
+[web]
+SiteName = koji
+KojiHubURL = http://org.osbuild.koji.koji/kojihub
+KojiFilesURL = http://org.osbuild.koji.koji/kojifiles
+
+KrbRDNS = False
+WebPrincipal = HTTP/org.osbuild.koji.web@LOCAL
+WebKeytab = /share/kojiweb.keytab
+WebCCache = /var/tmp/kojiweb.ccache
+
+KojiHubCA = /share/ca-crt.pem
+LoginTimeout = 72
+# Secret = CHANGE_ME
+LibPath = /usr/share/koji-web/lib
+LiteralFooter = True