container: support for koji web

Install and configure koji web.

container/hub/Dockerfile

@@ -1,8 +1,19 @@
 FROM quay.io/osbuild/koji:v1
 
+RUN dnf -y upgrade \
+    && dnf -y \
+            --setopt=fastestmirror=True \
+            --setopt=install_weak_deps=False \
+            install \
+	koji-web \
+	&& dnf clean all
+
 COPY container/hub/hub.conf /etc/koji-hub/hub.conf
 COPY container/hub/ssl.conf /etc/httpd/conf.d/ssl.conf
 COPY plugins/hub/osbuild.py /usr/lib/koji-hub-plugins/
 COPY container/hub/run-hub.sh /app/run-hub.sh
 
+COPY container/hub/web.conf /etc/kojiweb/web.conf
+COPY container/hub/kojiweb.conf /etc/httpd/conf.d/kojiweb.conf
+
 ENTRYPOINT /app/run-hub.sh

container/hub/kojiweb.conf

@@ -0,0 +1,45 @@
+#We use wsgi by default
+Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
+#(configuration goes in /etc/kojiweb/web.conf)
+
+# Python 3 Cheetah expectes unicode everywhere, apache's default lang is C
+# which is not sufficient to open our templates
+WSGIDaemonProcess koji lang=C.UTF-8
+WSGIProcessGroup koji
+
+<Directory "/usr/share/koji-web/scripts/">
+    Options ExecCGI
+    SetHandler wsgi-script
+    WSGIApplicationGroup %{GLOBAL}
+    # ^ works around an OpenSSL issue
+    # see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine
+    <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all granted
+    </IfVersion>
+</Directory>
+
+<Location /koji/login>
+     AuthType GSSAPI
+     AuthName "Koji Web UI"
+     GssapiCredStore keytab:/share/kojiweb.keytab
+     Require valid-user
+     ErrorDocument 401 /koji-static/errors/unauthorized.html
+</Location>
+
+Alias /koji-static/ "/usr/share/koji-web/static/"
+
+<Directory "/usr/share/koji-web/static/">
+    Options None
+    AllowOverride None
+    <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all granted
+    </IfVersion>
+</Directory>

container/hub/web.conf

@@ -0,0 +1,16 @@
+
+[web]
+SiteName = koji
+KojiHubURL = http://org.osbuild.koji.koji/kojihub
+KojiFilesURL = http://org.osbuild.koji.koji/kojifiles
+
+KrbRDNS = False
+WebPrincipal = HTTP/org.osbuild.koji.web@LOCAL
+WebKeytab = /share/kojiweb.keytab
+WebCCache = /var/tmp/kojiweb.ccache
+
+KojiHubCA = /share/ca-crt.pem
+LoginTimeout = 72
+# Secret = CHANGE_ME
+LibPath = /usr/share/koji-web/lib
+LiteralFooter = True

run-koji-container.sh

@@ -85,6 +85,11 @@ koji_start() {
   kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/localhost@LOCAL
   kdc_exec kadmin.local -r LOCAL ktadd -k /share/koji.keytab HTTP/localhost@LOCAL
 
+  # for koji web
+  kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/org.osbuild.koji.web@LOCAL
+  kdc_exec kadmin.local -r LOCAL ktadd -k /share/kojiweb.keytab HTTP/org.osbuild.koji.web@LOCAL
+  kdc_exec chmod 644 /share/kojiweb.keytab
+
   # compile/org.osbuild.koji.kojid@LOCAL for koji builder
   kdc_exec kadmin.local -r LOCAL add_principal -randkey compile/org.osbuild.koji.kojid@LOCAL
   kdc_exec kadmin.local -r LOCAL ktadd -k /share/kojid.keytab compile/org.osbuild.koji.kojid@LOCAL