From c735ebc6d0cc1f2f9081d65339d320579c2b5719 Mon Sep 17 00:00:00 2001 From: Christian Kellner Date: Mon, 7 Sep 2020 20:38:12 +0200 Subject: [PATCH] container: support for koji web Install and configure koji web. --- container/hub/Dockerfile | 11 ++++++++++ container/hub/kojiweb.conf | 45 ++++++++++++++++++++++++++++++++++++++ container/hub/web.conf | 16 ++++++++++++++ run-koji-container.sh | 5 +++++ 4 files changed, 77 insertions(+) create mode 100644 container/hub/kojiweb.conf create mode 100644 container/hub/web.conf diff --git a/container/hub/Dockerfile b/container/hub/Dockerfile index ffac99e..ef3b86b 100644 --- a/container/hub/Dockerfile +++ b/container/hub/Dockerfile @@ -1,8 +1,19 @@ FROM quay.io/osbuild/koji:v1 +RUN dnf -y upgrade \ + && dnf -y \ + --setopt=fastestmirror=True \ + --setopt=install_weak_deps=False \ + install \ + koji-web \ + && dnf clean all + COPY container/hub/hub.conf /etc/koji-hub/hub.conf COPY container/hub/ssl.conf /etc/httpd/conf.d/ssl.conf COPY plugins/hub/osbuild.py /usr/lib/koji-hub-plugins/ COPY container/hub/run-hub.sh /app/run-hub.sh +COPY container/hub/web.conf /etc/kojiweb/web.conf +COPY container/hub/kojiweb.conf /etc/httpd/conf.d/kojiweb.conf + ENTRYPOINT /app/run-hub.sh diff --git a/container/hub/kojiweb.conf b/container/hub/kojiweb.conf new file mode 100644 index 0000000..c0be93c --- /dev/null +++ b/container/hub/kojiweb.conf @@ -0,0 +1,45 @@ +#We use wsgi by default +Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py" +#(configuration goes in /etc/kojiweb/web.conf) + +# Python 3 Cheetah expectes unicode everywhere, apache's default lang is C +# which is not sufficient to open our templates +WSGIDaemonProcess koji lang=C.UTF-8 +WSGIProcessGroup koji + + + Options ExecCGI + SetHandler wsgi-script + WSGIApplicationGroup %{GLOBAL} + # ^ works around an OpenSSL issue + # see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine + + Order allow,deny + Allow from all + + = 2.4> + Require all granted + + + + + AuthType GSSAPI + AuthName "Koji Web UI" + GssapiCredStore keytab:/share/kojiweb.keytab + Require valid-user + ErrorDocument 401 /koji-static/errors/unauthorized.html + + +Alias /koji-static/ "/usr/share/koji-web/static/" + + + Options None + AllowOverride None + + Order allow,deny + Allow from all + + = 2.4> + Require all granted + + diff --git a/container/hub/web.conf b/container/hub/web.conf new file mode 100644 index 0000000..bfbc724 --- /dev/null +++ b/container/hub/web.conf @@ -0,0 +1,16 @@ + +[web] +SiteName = koji +KojiHubURL = http://org.osbuild.koji.koji/kojihub +KojiFilesURL = http://org.osbuild.koji.koji/kojifiles + +KrbRDNS = False +WebPrincipal = HTTP/org.osbuild.koji.web@LOCAL +WebKeytab = /share/kojiweb.keytab +WebCCache = /var/tmp/kojiweb.ccache + +KojiHubCA = /share/ca-crt.pem +LoginTimeout = 72 +# Secret = CHANGE_ME +LibPath = /usr/share/koji-web/lib +LiteralFooter = True diff --git a/run-koji-container.sh b/run-koji-container.sh index 746540a..97d77ca 100755 --- a/run-koji-container.sh +++ b/run-koji-container.sh @@ -85,6 +85,11 @@ koji_start() { kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/localhost@LOCAL kdc_exec kadmin.local -r LOCAL ktadd -k /share/koji.keytab HTTP/localhost@LOCAL + # for koji web + kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/org.osbuild.koji.web@LOCAL + kdc_exec kadmin.local -r LOCAL ktadd -k /share/kojiweb.keytab HTTP/org.osbuild.koji.web@LOCAL + kdc_exec chmod 644 /share/kojiweb.keytab + # compile/org.osbuild.koji.kojid@LOCAL for koji builder kdc_exec kadmin.local -r LOCAL add_principal -randkey compile/org.osbuild.koji.kojid@LOCAL kdc_exec kadmin.local -r LOCAL ktadd -k /share/kojid.keytab compile/org.osbuild.koji.kojid@LOCAL