|
|
||
|---|---|---|
| .devcontainer | ||
| .github | ||
| docs | ||
| plugins | ||
| schutzbot | ||
| test | ||
| .editorconfig | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .packit.yaml | ||
| HACKING.md | ||
| koji-osbuild.spec | ||
| LICENSE | ||
| meson.build | ||
| meson_options.txt | ||
| NEWS.md | ||
| README.md | ||
| run-tests.sh | ||
| setup.cfg | ||
Koji osbuild
This project provides osbuild integration with Koji. It makes it possible to build images and other OS artifacts via osbuild-composer through koji, This is done via three plugins:
-
Koji hub plugin: Provides a new XMLRPC API endpoint that clients can use to create new
osbuildImageKoji tasks. -
Koji builder plugin: Handles
osbuildImageKoji tasks and will talk to osbuild-composer to create new composes via composer's Koji API. -
Koji cli plugin: Adds a new
osbuild-imageto the existingkojicommand line client. This will then use the new XMLRPC API to request a new compose.
The following image visualizes the overall architecture and integration
points of koji-osbuild with koji/brew and Composer:
Installation
The plugins need to be installed on the machines running the corresponding services. Installation via RPMs is recommended. The RPMs for the latest git commit of the source can be easily created via meson:
meson . build
ninja -C build rpms
The RPMs should then be in build/rpmbuild. The hub and builder plugin
also need to be explicitly enabled in the respective configuration files.
The hub plugin configuration file at /etc/koji-hub/hub.conf. The
plugin is enabled by adding osbuild to the Plugins directive. The
builder: configuration file at /etc/kojid/kojid.conf. Here osbuild
needs to be added to the plugin directive.
For an example, see the test container configuration files
hub.conf for the hub and
kojid.conf for the builder.
Additionally, an osbuild-composer instance, at least version 21, with the koji API enabled needs to be running and reachable via TCP from the host running the koji builder.
Configuration
The builder plugin needs to be configured via a builder.conf file that
can be located in either /usr/share/koji-osbuild or /etc/koji-osbuild.
[composer]
# The host, port and transport (https vs http) of osbuild composer
# NB: The 'https' transport is required for SSL/TLS authorization
server = https://composer.osbuild.org
# Authorization via client side certificates: can be either a pair of
# certificate and key files separated by comma or a file combining both.
ssl_cert = /share/worker-crt.pem, /share/worker-key.pem
# Verification of the server side: either a boolean (True / False) to
# enable or disable verification, or a path to a CA_BUNDLE file or a
# directory containing certificates of trusted CAs.
ssl_verify = /share/worker-ca.pem
# URI of proxy that's used for all composer requests including requests to
# an OAuth server if OAuth is enabled. Note that this proxy isn't used
# to route any requests for Koji hub.
proxy = http://squid.example.com:3128
[composer:oauth]
# Authorization via OAuth2/SSO, as alternative to client side certs.
# The "Client Credentials Grant" (RFC 6749 section 4.4) flow is used,
# which requires the client id and secret to be specified as well as
# the endpoint of where to obtain tokens.
# String that uniquely identifies the client (RFC 6749, 2.2).
client_id = koji
# Secret corresponding to the client id.
client_secret = koji
# URL to the endpoint that will provide the token.
token_url = https://localhost:8081/token
[koji]
# The URL to the koji hub XML-RPC endpoint
server = https://koji.fedoraproject.org/kojihub
Development
See HACKING.md for how to develop and test this project.