Definition
- Build Cern RPMS in a centralized system and distribute package in our repositories.
Requirement
- Approval process ; keep it manual but easy way to move package from -testing to stable.
- -testing for each repository
- possibility to exclude packages
- add -debug repository
- sign package
- compatibility with el5/6.
- SSO (kerberos ?)
Proof of concept 1 : Koji
Configuration
You can configure koji client in 2 ways :
- /etc/koji.conf
- ~/.koji/config
You need to have the following lines in either file :
[koji]
server = http://lxsoft06.cern.ch/kojihub
weburl = http://lxsoft06.cern.ch/koji
pkgurl = http://lxsoft06.cern.ch/packages
Check if you can list all tags
koji list-tags
You should get :
el6
el6-build
el6_0
el6_0-build
el6_1
el6_1-build
el6_2
el6_2-build
slc6
slc6-build
Koji builder (kojid)
yum install kojid
/etc/init.d/kojid stop
copy /etc/kojid/kojid.conf from lxbslc6-i386
cd /etc/kojid/
ln -s ../krb5.keytab kojid.keytab
Change fstab :
lxsoft06:/mnt/koji/hub /mnt/koji nfs defaults 0 0
/etc/init.d/kojid start
check /var/log/kojid.log
chkconfig kojid on
Building packages
Single Package
koji add-pkg --owner <owner> <dist-tag> <package>
e.g : koji add-pkg --owner slc-team el6 xorg-x11-server-utils
koji build <dist-tag> <srpm>
e.g : koji build el6 xorg-x11-server-utils-7.5-5.2.el6.src.rpm
Koji in the workflow
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/cleanall -n -i
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/src2build
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/bin2build
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/prep4build
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/buildall.koji
Live Logs for a task can be checked on the web interface or with the id number :
koji watch-logs
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/downloadall.koji
You can run downloadall.koji when all packages are built. It will use the same symlink logic as before.
If packages failed you can re-run prep4build.
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/showbuild
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/signall
/afs/cern.ch/project/linux/dev/build/rpmbuild/slc6X/bin/biarch2build
Web interface
Connect with firefox : https://lxsoft06.cern.ch/koji/index
Authentication is done with Kerberos so you need to add in "about:config" two options:
network.negotiate-auth.delegation-uris = cern.ch
network.negotiate-auth.trusted-uris = cern.ch
Add user account
koji add-user --principal=<username>@CERN.CH <username>
koji grant-permission build <username>
Send user to the documentation: https://twiki.cern.ch/twiki/bin/viewauth/AgileInfrastructure/BuildingPackages
Add admin account
koji add-user --principal=<username>@CERN.CH <username>
koji grant-permission admin <username>
Repository management ; kojira | mash | bodhi