commit b57686b28d9253f122b15167490f04e72d6db4eb Author: Xavier Lamien <laxathom(a)lxtnow.net&gt; Date: Fri Sep 6 23:46:24 2013 +0200 User WSGI for koji-web. manifests/nodes/buildserver.rpmfusion.org.pp | 5 +- modules/koji/files/web/kojiweb.conf | 71 ++++++++++++-------------- modules/koji/manifests/init.pp | 16 +++++- modules/koji/templates/web/web.conf.erb | 20 +++++++ 4 files changed, 68 insertions(+), 44 deletions(-) --- diff --git a/manifests/nodes/buildserver.rpmfusion.org.pp b/manifests/nodes/buildserver.rpmfusion.org.pp index bba213a..6a53ab3 100644 --- a/manifests/nodes/buildserver.rpmfusion.org.pp +++ b/manifests/nodes/buildserver.rpmfusion.org.pp @@ -13,9 +13,8 @@ node 'koji01.rpmfusion.org' { 'alias', 'rewrite', 'cgi', - 'python', - 'authz_host', - 'include' + 'wsgi', + 'authz_host' ], } diff --git a/modules/koji/files/web/kojiweb.conf b/modules/koji/files/web/kojiweb.conf index e44bca3..2059d1e 100644 --- a/modules/koji/files/web/kojiweb.conf +++ b/modules/koji/files/web/kojiweb.conf @@ -1,44 +1,20 @@ -Alias /koji "/usr/share/koji-web/scripts/" -Alias /koji-packages /srv/koji/packages/ -Alias /koji-repos /srv/koji/repos/ +RewriteEngine On +RewriteRule ^/$ /koji/ [R,L] + +Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py" <Directory "/usr/share/koji-web/scripts/"> - # Config for the publisher handler - SetHandler mod_python - # Use kojiweb's publisher (which handles errors more gracefully) - # You can also use mod_python.publisher, but you will lose the pretty tracebacks - PythonHandler kojiweb.publisher - - # General settings - PythonDebug On - PythonOption SiteName "RPM Fusion Build System" - PythonOption KojiHubURL http://koji01.rpmfusion.org/kojihub - PythonOption KojiPackagesURL http://koji01.rpmfusion.org/koji-packages - PythonOption KojiImagesURL http://koji01.rpmfusion.org/koji/images - PythonOption DNUsernameComponent CN - PythonOption ProxyDNs "/C=ES/ST=Barcelona/O=RPM Fusion/CN=kojiweb" - -# PythonOption WebPrincipal koji/web(a)EXAMPLE.COM -# PythonOption WebKeytab /etc/httpd.keytab - PythonOption WebCCache /var/tmp/kojiweb.ccache - PythonOption WebCert /etc/pki/koji/kojiweb.pem - PythonOption ClientCA /etc/pki/koji/rpmfusion_ca_cert.crt - PythonOption KojiHubCA /etc/pki/koji/rpmfusion_ca_cert.crt - PythonOption LoginTimeout 72 - # This must be changed before deployment - PythonOption Secret CHANGE_ME123 - PythonPath "sys.path + ['/usr/share/koji-web/lib']" - PythonCleanupHandler kojiweb.handlers::cleanup - PythonAutoReload Off + Options ExecCGI + SetHandler wsgi-script + Order allow,deny + Allow from all </Directory> -# uncomment this to enable authentication via SSL client certificates <Location /koji/login> + SSLVerifyClient require + SSLVerifyDepth 10 SSLOptions +StdEnvVars </Location> -# these options must be enabled globally (in ssl.conf) -# SSLVerifyClient require -# SSLVerifyDepth 10 Alias /koji-static/ "/usr/share/koji-web/static/" @@ -49,9 +25,28 @@ Alias /koji-static/ "/usr/share/koji-web/static/" Allow from all </Directory> +Alias /repos "/srv/koji/repos/" + <Directory "/srv/koji/repos/"> - Options +Indexes - AllowOverride None - Order Allow,Deny - Allow from All + Options Indexes FollowSymLinks +</Directory> + +Alias /scratch "/srv/koji/scratch/" + +<Directory "/srv/koji/scratch/"> + Options Indexes </Directory> + +Alias /work "/srv/koji/work/" + +<Directory "/srv/koji/work/"> + Options Indexes +</Directory> + +Alias /buildgroups "/srv/koji/buildgroups/" + +<Directory "/srv/koji/buildgroups/"> + Options Indexes FollowSymLinks +</Directory> + +RewriteRule ^/packages(.+) http://kojipkgs.rpmfusion.org/packages$1 [R=301,L] diff --git a/modules/koji/manifests/init.pp b/modules/koji/manifests/init.pp index 0b5b6aa..ef221e0 100644 --- a/modules/koji/manifests/init.pp +++ b/modules/koji/manifests/init.pp @@ -35,13 +35,13 @@ class koji { owner => apache, #TODO: move this to variable if we manage more than one webserver app. group => apache, mode => 600, - require => Package[koji-hub], + require => Package['koji-hub'], content => template('koji/hub-server/hub.conf.erb'), notify => Service['httpd'] #TODO: same as above. } } - class web inherits koji { + class web ( $koji_secret = $kojiSecret ) inherits koji { include apache_httpd::service::ssl @@ -61,6 +61,16 @@ class koji { require => Package['httpd'] } + file { '/etc/kojiweb/web.conf': + content => template('koji/web/web/conf.erb'), + mode => 640, + owner => 'root', + group => 'root', + ensure => file, + notify => Service['httpd'], + require => Package['koji-web'] + } + file { "/etc/pki/koji": replace => false, ensure => directory @@ -101,7 +111,7 @@ class koji { owner => root, group => root, mode => 644, - require => Package[koji-builder], + require => Package['koji-builder'], notify => Service['kojid'] } diff --git a/modules/koji/templates/web/web.conf.erb b/modules/koji/templates/web/web.conf.erb new file mode 100644 index 0000000..a81147a --- /dev/null +++ b/modules/koji/templates/web/web.conf.erb @@ -0,0 +1,20 @@ +[web] +SiteName = koji +#KojiTheme = mytheme + +# Key urls +KojiHubURL = http://koji01.rpmfusion.org/kojihub +KojiFilesURL = http://kojipkgs.rpmfusion.org/ + +# SSL authentication options +WebCert = /etc/pki/koji/kojiweb.pem +ClientCA = /etc/pki/koji/rpmfusion_ca_cert.crt +KojiHubCA = /etc/pki/koji/rpmfusion_ca_cert.crt + + +LoginTimeout = 72 + +# This must be changed and uncommented before deployment +Secret = <%= kojiSecret %> + +LibPath = /usr/share/koji-web/lib