Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ktdreyer/koji-playbooks
Ansible playbook(s) for automating the Koji server install process
https://github.com/ktdreyer/koji-playbooks
Last synced: 7 days ago
JSON representation
Ansible playbook(s) for automating the Koji server install process
- Host: GitHub
- URL: https://github.com/ktdreyer/koji-playbooks
- Owner: ktdreyer
- Created: 2019-02-12T03:23:04.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-04-01T04:54:22.000Z (8 months ago)
- Last Synced: 2024-04-16T07:09:28.692Z (7 months ago)
- Language: Python
- Homepage:
- Size: 136 KB
- Stars: 16
- Watchers: 4
- Forks: 12
- Open Issues: 11
-
Metadata Files:
- Readme: README.rst
Awesome Lists containing this project
README
.. image:: https://github.com/ktdreyer/koji-playbooks/workflows/tests/badge.svg
:target: https://github.com/ktdreyer/koji-playbooks/actions
Ansible playbook(s) for automating the `Koji server install process
`_.
This sets up the Kerberos (GSSAPI) method of authentication. I use this to
quickly set up Koji in VMs in OpenStack.
Playbooks
---------
* ``setup-koji.yml`` - Installs and configures a Kerberos KDC, koji-hub, and
koji-builder.
Run this playbook on a RHEL or CentOS 7 or 8 host with EPEL enabled. /mnt/koji
should be a disk with plenty of space.
SSL configuration
-----------------
* This playbook generates an SSL CA and keypair using the `koji-ssl-admin tool
`_ .
The Certificate Authority keypair:
* ``/etc/pki/koji/koji-ca.crt``
* ``/etc/pki/koji/koji-ca.key``
The Apache web server HTTPS keypair (signed by koji-ca above):
* ``/etc/pki/koji/kojidev.example.com.chain.crt``
* ``/etc/pki/koji/kojidev.example.com.key``
For GSSAPI (Kerberos) authentication, these are the only SSL certs you will
need.
The koji-hub role publishes the Koji CA at the following URL:
https://kojidev.example.com/kojifiles/koji-ca.crt . External Koji clients
can download this file to verify the HTTPS connections.
Hard-coded things
-----------------
This is a santized code drop from a set of internal playbooks, so several
things are currently hard-coded:
* The hostname is hardcoded in several places as "kojidev.example.com".
* The main username is hardcoded in several places as "kdreyer".
Roles
-----
* ``roles/kdc`` - installs and configures a Kerberos KDC, and bootstraps all
the keytabs we need.
This will create a "kdreyer" Kerberos account. The ``koji-hub`` role will
bootstrap this account into Koji's database. If you need more Kerberos
users, add them here.
* ``roles/koji-ssl-admin`` - Creates the SSL CA and HTTPS keypair for the Koji
server.
* ``roles/koji-client`` - Configures a ``kojidev`` script and `profile
`_.
* ``roles/postgresql`` - installs and configures PostgreSQL for Koji Hub
* ``roles/koji-hub`` - installs and configures Koji Hub
This role requires the `koji_host
`_
module from the `koji-ansible project
`_.
This role will bootstrap "kdreyer" as the first Koji administrator in the
database.
If you need more users, add them with the `koji_user
`_
module.
* ``roles/koji-web`` - installs and configures the web interface for Koji.
* ``roles/koji-builder`` - installs and configures a Koji builder.
* ``roles/koji-ra`` - installs and configures the Koji "ra" (repository admin)
service.
* ``roles/koji-gc`` - installs and configures the Koji garbage collector
service.
* ``roles/activemq`` - installs and configures an ActiveMQ 5 broker for testing
the Koji Hub protonmsg plugin.
* ``roles/rabbitmq`` - installs and configures a RabbitMQ broker for testing
the Koji Hub protonmsg plugin.
See Also
--------
For managing resources within your Koji hub, please see the
https://github.com/ktdreyer/koji-ansible project.