371
edits
Changes
Jump to navigation
Jump to search
Line 21:
Line 21: − + Line 46:
Line 46: + Line 179:
Line 180: − </syntaxhighlight>Now we create the koji administration user (kojiadmin) and set up the certs. − − We need to be the kojiadmin user to get the right permissions when we copy over the required certs, so...<syntaxhighlight lang="bash"> − useradd kojiadmin − su - kojiadmin − mkdir ~/.koji − cp /etc/pki/koji/kojiadmin.pem ~/.koji/client.crt # NOTE: It is IMPORTANT you use the PEM and NOT the CRT − cp /etc/pki/koji/koji_ca_cert.crt ~/.koji/clientca.crt − cp /etc/pki/koji/koji_ca_cert.crt ~/.koji/serverca.crt − exit − Line 332:
Line 322: − + + + + + + + + + +
→Hub/Web Server
In our build, we will have only 2 servers.
In our build, we will have only 2 servers.
* hub - which will run the hub, web, build daemon and def|Yum repository daemon
* hub - which will run the hub, web and dnf|Yum repository daemon
* build server - there can be multiple of these, but we'll just do 1 to start with
* build server - there can be multiple of these, but we'll just do 1 to start with
</syntaxhighlight>I installed and configured some basic tools and settings to help manage and debug the server (Cockpit can be accessed at http://<ip address or name>:9090)<syntaxhighlight lang="bash">
</syntaxhighlight>I installed and configured some basic tools and settings to help manage and debug the server (Cockpit can be accessed at http://<ip address or name>:9090)<syntaxhighlight lang="bash">
systemctl enable --now cockpit.socket
systemctl enable --now cockpit.socket
systemctl start cockpit.socket
dnf config-manager --set-enabled powertools
dnf config-manager --set-enabled powertools
dnf install epel-release
dnf install epel-release
koji_make_cert.sh kojid
koji_make_cert.sh kojid
koji_make_cert.sh kojiadmin
koji_make_cert.sh kojiadmin
</syntaxhighlight>
</syntaxhighlight>
====== Koji Hub ======
====== Koji Hub ======
Install koji hub and pre-requisites<syntaxhighlight lang="bash">
Install koji hub and pre-requisites<syntaxhighlight lang="bash">
;certificate of the CA that issued the HTTP server certificate
;certificate of the CA that issued the HTTP server certificate
serverca = ~/.koji/serverca.crt
serverca = ~/.koji/serverca.crt
</syntaxhighlight>Log in as kojiadmin and test the connection<syntaxhighlight lang="bash">
</syntaxhighlight>Now we create the koji administration user (kojiadmin) and set up the certs.
We need to be the kojiadmin user to get the right permissions when we copy over the required certs, so...<syntaxhighlight lang="bash">
useradd kojiadmin
su - kojiadmin
su - kojiadmin
mkdir ~/.koji
cp /etc/pki/koji/kojiadmin.pem ~/.koji/client.crt # NOTE: It is IMPORTANT you use the PEM and NOT the CRT
cp /etc/pki/koji/koji_ca_cert.crt ~/.koji/clientca.crt
cp /etc/pki/koji/koji_ca_cert.crt ~/.koji/serverca.crt
chmod 0600 ~/.koji/*.crt
</syntaxhighlight>Test the connection<syntaxhighlight lang="bash">
koji moshimoshi
koji moshimoshi
</syntaxhighlight>you should see<syntaxhighlight lang="bash">
</syntaxhighlight>you should see<syntaxhighlight lang="bash">