HowToInstallPlague < LinuxSupport

LinuxSupport Web>LinuxSupportInternals>IncomingUpdateWorkflow>HowToInstallPlague (2006-11-27, LeszekGrzanka)

Installation @ SLC4

Installation process goes in few steps. First is installation on 3 machines : server, builder and client. Next we have to configure all machines (writing configuration files and exchange of certificates and keys).

prerequisites -- check if following packages are present in system
```
   createrepo >= 0.4.3
   mock >= 0.3
```

check out latest stable version from Fedora CVS:

   mkdir 
   cd 
   export CVSROOT=:pserver:anonymous@cvs.fedora.redhat.com:/cvs/fedora
   cvs login (press enter)
   cvs checkout -r STABLE_0_4 extras-buildsys

read documentation in README

build and install rpm packages

   cd extras-buildsys
   make rpm
   cd dist/noarch
   yum install *rpm

Certificates

Creation of certificates:

    mkdir 
    cd 
    mkdir ca
    /usr/bin/plague-certhelper.py ca --outdir=ca --name=my_ca

Remember to fill Common Name (cn) and Email Address (ea).

Signing certificate for server
```
   mkdir server
   /usr/bin/plague-certhelper.py normal --outdir=server --name=server --cadir=ca --caname=my_ca
```
All fields should be the same as during generation of CA certificate (espessialy Common Name and Email Address).

Signing certificate for builder I got this error:

   failed to update database
   TXT_DB error number 2
   ERROR: Command '/usr/bin/openssl ca -config /tmp/openssl_cnf_y98kA_ -out builder1/builder1_cert.pem -infiles builder1/builder1_req.pem' was not successful.

The solution is to have empty files ca/index.txt and ca/serial (or to replace them by backup ones)

   mkdir builder1
   cp ca/index.txt.old ca/index.txt
   cp ca/serial.old ca/serial
   /usr/bin/plague-certhelper.py normal --outdir=builder1 --name=builder1 --cadir=ca --caname=my_ca

All fields should be the same as during generation of CA certificate (espessialy Common Name and Email Address).

On builder1 machine (replace HOSTNAME by hostname of builder machine):

    cp -r ca/ /etc/plague/ca/
   cp builder1/builder1_key_and_cert.pem /etc/plague/builder/certs/
   cp builder1/builder1_key_and_cert.pem /etc/plague/builder/certs/HOSTNAME.pem

On server machine:

   cp -r ca/ /etc/plague/ca/
   cp server/server_key_and_cert.pem /etc/plague/server/certs/

Builder configuration

Config

   mkdir /etc/plague/builder/targets
   mkdir /tmp/builder_work
   chmod 775 /var/lib/mock

Copy following lines to /etc/plague/builder/targets/fedora-4-i386-core-target.cfg:

   [General]
   distro = fedora
   target = 4
   basearch = i386
   repo = core
   mock_config = fedora-4-i386-core

Copy following lines to /etc/plague/builder/plague-builder.cfg

   [SSL]
   builder_key_and_cert_dir = /etc/plague/builder/certs
   use_ssl = yes
   ca_cert = /etc/plague/ca/my_ca_ca_cert.pem

   [Directories]
   target_configs_dir = /etc/plague/builder/targets
   builder_work_dir = /tmp/builder_work

   [Network]
   fileserver_port = 30008
   xmlrpc_port = 30000
   hostname = HOSTNAME

   [General]
   debug = yes
   builder_cmd = /usr/bin/mock
   builder_user = plague-builder

By default I got error message:

Job failed due to build errors!  Please see build logs.

I checked that

ls -al /var/lib/ | grep mock

gives :

drwxr-xr-x   2 root mock    4096 Dec 26  2005 mock

User mock dont have access to write files in /var/lib/mock. So easy way to correct it it to put:

chmod 775 /var/lib/mock

After correcting it, I got next error. In result/root.log in /tmp/builder_work, I found:
```
http://extras64.linux.duke.edu/plague-results/4/repodata/repomd.xml: [Errno 4] IOError: HTTP Error 404: Not Found
   Trying other mirror.
```
so I correct mirror url to proper one in file /etc/mock/fedora-4-i386-core.cfg : baseurl=http://extras64.linux.duke.edu/plague-results/fedora-4-extras/

The last error is consequence of bug in mock. In result/root.log in /tmp/builder_work, I found:
```
neon i386 0.24.7-6 error: can't create transaction lock on /var/lib/mock/fedora-4-i386-core-5be9641c408bb80c2545cba47487357d298e6f84/root/var/lock/rpm/transaction
```
To correct it, we have to edit file /usr/bin/mock, and add after line 500: os.path.join(self.rootdir, 'var/lock/rpm'), (by default mock forgot to create directory /var/lock/rpm). This bug is solved in mock => 0.6

Server configuration

   mkdir /usr/local/repodir
   mkdir /usr/local/rpmbuild
   mkdir /etc/plague/server

Copy following lines to /etc/plague/server/plague-server.cfg

   [mysql Engine]
host = localhost
password = 
user = plague
database = plague

[Database]
engine = mysql

[Directories]
repo_dir = /usr/local/repodir
server_work_dir = /usr/local/rpmbuild
target_configs_dir = /etc/plague/targets
tmpdir = /tmp

[CVS]
use_cvs = no

[General]
hostname = HOSTNAME

[SSL]
server_key_and_cert = /etc/plague/server/certs/server_key_and_cert.pem
ca_cert = /etc/plague/ca/my_ca_ca_cert.pem

[UI]
use_ssl = yes
log_url = http://127.0.0.1/logs/
guest_allowed = yes
port = 8887
client_ca_cert = /etc/plague/server/certs/ui_ca_cert.pem

[pgdb Engine]
host = localhost
password =
user = plague
database = plague

[sqlite Engine]
timeout = 3
database = /etc/plague/server/jobdb

[Builders]
use_ssl = yes
builders = BUILDER-HOSTNAME:30000

[Email]
success_emails =
email_from = buildsys@foo.com
admin_emails =

Copy to /etc/plague/targets/fedora-4-i386-core.cfg :
[General]
distro = fedora
target = 4
basearch = i386
repo = core
testing = yes
repo_script =

[Arches]
# when a package is submitted for this target, build it for the following architectures
base_arches = i386
optional_arches = noarch

[Aliases]
cvs_alias =
# user_aliases are used for referring to this target
# ex: plague-client build package package-0.1-1.src.rpm fc4  <--- 'fc4' is the target
user_aliases = fc4

[Additional Packages Arches]
kernel = i386

[CVS]
cvs_root =
cvs_rsh =

Note that fileserver port is hardcoded in two places: line 155 in /usr/bin/plague-server
```
SRPM_SERVER_PORT = 8886
```
and in line 444 in /usr/share/plague/server/PackageJob.py
```
srpm_url = method + hostname + ":8886/" + srpm_http_base
```
On the other side it is configured in /etc/plague/builder/plague-builder.cfg So you should change it to value specified in builder config file.

Client configuration

   mkdir 
   mkdir ca
   /usr/bin/plague-certhelper.py ca --outdir=ca --name=client_ca

Signing certificate for client
```
   mkdir client
   /usr/bin/plague-certhelper.py normal --outdir=client --name=client --cadir=ca --caname=client_ca
```
All fields should be the same as during generation of CA certificate (espessialy Common Name and Email Address).

On client machine:

   cp ca/client_ca_ca_cert.pem ~/.upload-ca-cert.pem
   cp client/client_key_and_cert.pem ~/.client-cert.pem

On server machine:

   cp ca/client_ca_ca_cert.pem /etc/plague/server/certs/ui_ca_cert.pem

Copy SERVER:/etc/plague/ca/my_ca_ca_cert.pem to CLIENT:~/.server-ca-cert.pem

Write to ~/.plague.cfg and replace SERVER by server hostname:

[Certs]
user-ca-cert = ~/.upload-ca-cert.pem
server-ca-cert = ~/.server-ca-cert.pem
user-cert = ~/.client-cert.pem

[User]
email = ea

[Server]
use_ssl = yes
upload_user = root
allow_uploads = yes
address = https://SERVER:30007

Sample use

```
 /usr/bin/plague-client list
```

-- LeszekGrzanka - 27 Nov 2006

Topic revision: r3 - 2006-11-27 - LeszekGrzanka

LinuxSupport

LinuxSupport Web
LinuxSupport Web Home
Changes
Index
Search

- Cern Search
- TWiki Search
- Google Search
LinuxSupport All webs

Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback