d0216a7ef0
If called from within the source directory, i.e. the local plugin exists, copy those to the share directory so they can be picked up by the entry point scripts, in case the rpms are not found.
201 lines
6.5 KiB
Bash
Executable file
201 lines
6.5 KiB
Bash
Executable file
#!/bin/bash
|
|
set -eu
|
|
|
|
SHARE_DIR=${SHARE_DIR:-/tmp/osbuild-composer-koji-test}
|
|
DATA_DIR=${DATA_DIR:-/var/tmp/osbuild-koji-data}
|
|
|
|
KOJI_HUB_IMAGE=koji.hub
|
|
|
|
koji_stop () {
|
|
echo "Shutting down containers, please wait..."
|
|
|
|
${CONTAINER_RUNTIME} stop org.osbuild.koji.koji || true
|
|
${CONTAINER_RUNTIME} rm org.osbuild.koji.koji || true
|
|
|
|
${CONTAINER_RUNTIME} stop org.osbuild.koji.kdc || true
|
|
${CONTAINER_RUNTIME} rm org.osbuild.koji.kdc || true
|
|
|
|
${CONTAINER_RUNTIME} stop org.osbuild.koji.postgres || true
|
|
${CONTAINER_RUNTIME} rm org.osbuild.koji.postgres || true
|
|
|
|
${CONTAINER_RUNTIME} network rm -f org.osbuild.koji || true
|
|
|
|
rm -rf "${SHARE_DIR}" || true
|
|
}
|
|
|
|
koji_clean_up_bad_start () {
|
|
# remember the exit code, so we can report it later
|
|
EXIT_CODE=$?
|
|
echo "Start failed, removing containers."
|
|
|
|
koji_stop
|
|
|
|
exit $EXIT_CODE
|
|
}
|
|
|
|
|
|
# helper to simplify sql queries to the postgres instance
|
|
psql_cmd () {
|
|
${CONTAINER_RUNTIME} exec org.osbuild.koji.postgres psql -U koji -d koji "$@"
|
|
}
|
|
|
|
# helper to simplify running commands in the kdc container
|
|
kdc_exec() {
|
|
${CONTAINER_RUNTIME} exec org.osbuild.koji.kdc "$@"
|
|
}
|
|
|
|
koji_start() {
|
|
trap koji_clean_up_bad_start EXIT
|
|
|
|
# create a share directory which is used to share files between the host and containers
|
|
mkdir -p "${SHARE_DIR}"
|
|
|
|
# copy the koji certificates to the shared dir
|
|
if [[ -f "/etc/osbuild-composer/koji-key.pem" ]]; then
|
|
echo "Copying koji certificates"
|
|
|
|
cp /etc/osbuild-composer/koji-key.pem ${SHARE_DIR}
|
|
cp /etc/osbuild-composer/koji-crt.pem ${SHARE_DIR}
|
|
cp /etc/osbuild-composer/ca-crt.pem ${SHARE_DIR}/koji-ca.pem
|
|
fi
|
|
|
|
if [[ -f "/etc/osbuild-composer/client-key.pem" ]]; then
|
|
echo "Copying client certificates"
|
|
|
|
cp /etc/osbuild-composer/client-key.pem ${SHARE_DIR}
|
|
cp /etc/osbuild-composer/client-crt.pem ${SHARE_DIR}
|
|
cp /etc/osbuild-composer/ca-crt.pem ${SHARE_DIR}/client-ca.pem
|
|
fi
|
|
|
|
${CONTAINER_RUNTIME} network create org.osbuild.koji
|
|
|
|
${CONTAINER_RUNTIME} run -d --name org.osbuild.koji.postgres --network org.osbuild.koji \
|
|
--hostname org.osbuild.koji.koji \
|
|
-e POSTGRES_USER=koji \
|
|
-e POSTGRES_PASSWORD=kojipass \
|
|
-e POSTGRES_DB=koji \
|
|
quay.io/osbuild/postgres:v1
|
|
|
|
${CONTAINER_RUNTIME} run -d --name org.osbuild.koji.kdc \
|
|
--hostname org.osbuild.koji.kdc \
|
|
--network org.osbuild.koji \
|
|
-v "${SHARE_DIR}:/share:z" \
|
|
-p 88:88/udp \
|
|
quay.io/osbuild/kdc:v1
|
|
|
|
# initialize krb pricipals and create keytabs for them
|
|
# HTTP/localhost@LOCAL for kojihub
|
|
kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/org.osbuild.koji.koji@LOCAL
|
|
kdc_exec kadmin.local -r LOCAL ktadd -k /share/koji.keytab HTTP/org.osbuild.koji.koji@LOCAL
|
|
kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/localhost@LOCAL
|
|
kdc_exec kadmin.local -r LOCAL ktadd -k /share/koji.keytab HTTP/localhost@LOCAL
|
|
|
|
# for koji web
|
|
kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/org.osbuild.koji.web@LOCAL
|
|
kdc_exec kadmin.local -r LOCAL ktadd -k /share/kojiweb.keytab HTTP/org.osbuild.koji.web@LOCAL
|
|
kdc_exec chmod 644 /share/kojiweb.keytab
|
|
|
|
# compile/org.osbuild.koji.kojid@LOCAL for koji builder
|
|
kdc_exec kadmin.local -r LOCAL add_principal -randkey compile/org.osbuild.koji.kojid@LOCAL
|
|
kdc_exec kadmin.local -r LOCAL ktadd -k /share/kojid.keytab compile/org.osbuild.koji.kojid@LOCAL
|
|
kdc_exec chmod 644 /share/koji.keytab
|
|
|
|
# osbuild-krb@LOCAL for koji clients
|
|
kdc_exec kadmin.local -r LOCAL add_principal -randkey osbuild-krb@LOCAL
|
|
kdc_exec kadmin.local -r LOCAL ktadd -k /share/client.keytab osbuild-krb@LOCAL
|
|
kdc_exec chmod 644 /share/client.keytab
|
|
|
|
# koji data
|
|
mkdir -p ${DATA_DIR}/koji/{packages,repos,work,scratch,repos-dist}
|
|
|
|
# maybe copy the 'hub' plugin to the share dir
|
|
PLUGIN_NAME="hub"
|
|
PLUGIN_PATH="plugins/${PLUGIN_NAME}"
|
|
if [[ -f "${PLUGIN_PATH}/osbuild.py" ]]; then
|
|
PLUGIN_DEST="${SHARE_DIR}/${PLUGIN_PATH}"
|
|
|
|
echo "[COPY] '${PLUGIN_NAME}' plugin to ${PLUGIN_DEST}"
|
|
mkdir -p "${PLUGIN_DEST}"
|
|
cp "${PLUGIN_PATH}/osbuild.py" "${PLUGIN_DEST}"
|
|
fi
|
|
|
|
${CONTAINER_RUNTIME} run -d --name org.osbuild.koji.koji --network org.osbuild.koji \
|
|
-v "${SHARE_DIR}:/share:z" \
|
|
-v "${DATA_DIR}:/mnt:z" \
|
|
-p 8080:80 \
|
|
-p 4343:443 \
|
|
-e POSTGRES_USER=koji \
|
|
-e POSTGRES_PASSWORD=kojipass \
|
|
-e POSTGRES_DB=koji \
|
|
-e POSTGRES_HOST=org.osbuild.koji.postgres \
|
|
${KOJI_HUB_IMAGE}
|
|
|
|
# We need to wait for the database to be initialized here. The container creates a file to let us know
|
|
echo "Waiting for DB to be initialized"
|
|
while true; do
|
|
if [ -f ${SHARE_DIR}/hub.init ]; then
|
|
break
|
|
fi
|
|
sleep 2
|
|
|
|
# in case something is stuck, print the logs
|
|
podman logs org.osbuild.koji.koji
|
|
done
|
|
|
|
# create koji users
|
|
# kojiadmin/kojipass - admin
|
|
# osbuild/osbuildpass - regular user
|
|
# osbuild-krb: - regular user authenticated with Kerberos principal osbuild-krb@LOCAL
|
|
psql_cmd -c "insert into users (name, password, status, usertype) values ('kojiadmin', 'kojipass', 0, 0)" >/dev/null
|
|
psql_cmd -c "insert into user_perms (user_id, perm_id, creator_id) values (1, 1, 1)" >/dev/null
|
|
psql_cmd -c "insert into users (name, password, status, usertype) values ('osbuild', 'osbuildpass', 0, 0)" >/dev/null
|
|
psql_cmd -c "insert into users (name, status, usertype) values ('osbuild-krb', 0, 0)" >/dev/null
|
|
psql_cmd -c "insert into user_krb_principals (user_id, krb_principal) values (3, 'osbuild-krb@LOCAL')" >/dev/null
|
|
|
|
# create content generator osbuild, give osbuild and osbuild-krb users access to it
|
|
psql_cmd -c "insert into content_generator (name) values ('osbuild')" >/dev/null
|
|
psql_cmd -c "insert into cg_users (cg_id, user_id, creator_id, active) values (1, 2, 1, true), (1, 3, 1, true)" >/dev/null
|
|
|
|
# print all the running containers
|
|
podman ps
|
|
|
|
echo "Containers are running, to stop them use:"
|
|
echo "$0 stop"
|
|
|
|
trap - EXIT
|
|
}
|
|
|
|
# check arguments
|
|
if [[ $# -ne 1 || ( "$1" != "start" && "$1" != "stop" ) ]]; then
|
|
cat <<DOC
|
|
usage: $0 start|stop
|
|
|
|
start - starts the koji containers
|
|
stop - stops and removes the koji containers
|
|
DOC
|
|
exit 3
|
|
fi
|
|
|
|
# this script must be run as root
|
|
if [ $UID != 0 ]; then
|
|
echo This script must be run as root.
|
|
exit 1
|
|
fi
|
|
|
|
# decide whether podman or docker should be used
|
|
if which podman 2>/dev/null >&2; then
|
|
CONTAINER_RUNTIME=podman
|
|
elif which docker 2>/dev/null >&2; then
|
|
CONTAINER_RUNTIME=docker
|
|
else
|
|
echo No container runtime found, install podman or docker.
|
|
exit 2
|
|
fi
|
|
|
|
if [ $1 == "start" ]; then
|
|
koji_start
|
|
fi
|
|
|
|
if [ $1 == "stop" ]; then
|
|
koji_stop
|
|
fi
|