diff options
31 files changed, 3959 insertions, 0 deletions
diff --git a/clientobsserver/COPYING b/clientobsserver/COPYING new file mode 100755 index 0000000..d159169 --- /dev/null +++ b/clientobsserver/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/clientobsserver/README2.4.md b/clientobsserver/README2.4.md new file mode 100755 index 0000000..eb04204 --- /dev/null +++ b/clientobsserver/README2.4.md @@ -0,0 +1,302 @@ +# Tizen Infra : OBS-Server with Docker
+
+## Introduction
+The Open Build Service (OBS) is a generic system to build and distribute packages from sources in an automatic, consistent and reproducible way. It makes it possible to release software for a wide range of operating systems and hardware architectures. (https://en.opensuse.org)
+
+## Version
+> ver 2.4.0.7 ( OBS : 2.4 Docker Image : 0.7)
+
+##Tested on Host OS.
+
+> ##### Host OS : ubuntu 14.04
+>
+> docker version : 1.4.1
+> docker version : 1.6.2
+> docker version : 1.7.0
+
+> ##### Host OS : opensuse 13.1
+>
+> docker version : 1.3.2
+> docker version : 1.6.2
+
+## OBS Server Information
+
+> ##### In the default configuration
+> === Server Info ===
+> CPU clock : 2.70GHz
+> CPU core : 24
+> RAM MEM : 64GB
+> Disk Cache : 2GB
+> HDD : 1TB
+>
+
+## Pre-installed Packages
+
+> ##### Image OS : flavio/opensuse-12-3
+> vim tar wget telnet supervisor sudo
+> obs-server obs-signd obs-utils obs-api git-buildpackage obs-service-gbs
+> obs-source_service qemu-linux-user build-initvm-x86_64 build-initvm-i586 obs-event-plugin
+> apache2 apache2-mod_xforward rubygem-passenger-apache2 memcached
+> php5 php5-gd php5-gettext php5-mbstring php5-mysql
+> php5-pear php5-suhosin apache2-mod_php5 php5-bcmath
+> php5-bz2 php5-calendar php5-curl php5-ftp php5-gmp
+> php5-imap php5-ldap php5-mcrypt php5-odbc php5-openssl
+> php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp
+> php5-soap php5-sockets php5-sysvsem php5-wddx php5-xmlrpc
+> php5-xsl php5-exif php5-fastcgi php5-sysvmsg php5-sysvshm
+> npt iputils
+> perl-GD
+> obs-service-git-buildpackage
+> libcurl4-7.42.1
+> librpm-tizen
+
+## Download
+
+> ##### URL
+> http://cdn.download.tizen.org/services/docker/
+
+## Execution
+
+> ##### Download an images and execute.
+>
+> $ wget < url >
+>
+> $ ls
+>
+> obsserver_2.4-2.4.0.7-docker-script.tar.gz
+> $ tar -xvf obsserver_2.4-2.4.0.7-docker-script.tar.gz
+>
+> $ cd clientobsserver
+>
+> $ ls
+>
+> config.conf dobsserver.sh env obsserver_2.4-2.4.0.7-docker-image.tar.gz root
+>
+> #### Description ####
+> * config.conf : Metaconfig file of container
+> * env : Environment variables of container
+> * -docker-image.tar.gz : Docker image
+> (“$ ./dobsserver.sh load” will load docker image from *-docker-image.tar.gz )
+> * root : Specific configuration files to be applied on container
+>
+> $ sudo ./dobsserver.sh load
+>
+> $ docker images
+>
+> $ docker images
+> tizendocker:5000/obsserver 2.4.0.7
+>
+> $ vi env/env.list
+>
+> #If you want to change the password for the MySQL database, you can change it
+>
+> #If you are use the proxy in your enviroment, pleaese add below line.
+> ftp_proxy=ftp://123.456.789.012
+> http_proxy=http://123.456.789.012
+> https_proxy=https://123.456.789.012
+> socks_proxy=socks://123.456.789.012
+>
+> #If you are use the proxy in your enviroment, pleaese add below line.
+> ftp_proxy=
+> http_proxy=
+> https_proxy=
+> socks_proxy=
+>
+> $ vi config.conf
+>
+> # Configuration of the dobsserver.sh
+> # You can be change a hostname. others do not change.
+> export HOSTNAME= #hostname in container
+>
+> #If you remove the Container, because the changed values are deleted,
+> # the backup data must be managed volumes.
+> export VOLUMES="<host dir or filename>:<container dir or filename>
+>
+> $ sudo ./dobsserver.sh start
+>
+> $ docker ps
+> 1dd1fac2912e tizendocker:5000/obsserver:2.4.0.7 "/bin/bash /srv/scri 4 hours ago Up 4 hours
+> 0.0.0.0:80->80/tcp, 0.0.0.0:82->82/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:444->444/tcp, 0.0.0.0:5152->5152/tcp,
+> 0.0.0.0:5252->5252/tcp, 0.0.0.0:5352->5352/tcp obsserver_2.4
+>
+> Finish
+
+
+## Connect OBS
+>
+> web url : http://localhost:80/ or http:// < ip > /
+> api url : http://localhost:81/ or http:// < ip >:81 /
+> repos url : http://localhost:82/ or http:// < ip >:82 /
+>
+> # Admin password
+> Log in = id : Admin , pw : opensuse
+
+## Setup OBS Service
+
+> If you conncect the download server,jenkins server.
+>
+> # Attach to a running container
+> $ sudo ./dobsserver.sh attach
+>
+> > vi root/usr/lib/obs/server/BSConfig.pm
+> # 1) Add lines below
+> our $notification_plugin = "notify_jenkins";
+> our $jenkinsserver = "Jenkins_Server_IP:8080"; (ex. our $jenkinsserver = > "http://123.456.789.012:8080";)
+> our $jenkinsjob = 'job/obs-event-dispatcher/buildWithParameters';
+> our $jenkinsnamespace = "OBS";
+> our @excl_patterns = ("project:Tizen:.* type:REPO_PUBLISH_STATE",
+> "type:BUILD_.*",
+> "type:SRCSRV_COMMIT",
+> "type:SRCSRV_VERSION_CHANGE");
+>
+> our @incl_patterns = ("project:Tizen:.*",
+> "project:home:prerelease:.*");
+> # You must modify Jenkins_Server_IP as what you use.
+> # Optional : You can modify (add/ remove lists) "our @excl_patterns" & "our > @incl_patterns"
+> # : our @excl_patterns -> obs projects which is excluded from snapshot
+> # :our @incl_patterns -> obs projects which is triggers jenkins to make snapshot
+>
+> # 2) Add proxy IP
+> our $proxy = "Proxy_IP";
+> ex) our $proxy = "http://123.456.789.012/";
+>
+> # 3) Add information about stage server.
+> our $stageserver = 'rsync://Download_Server_IP/_live_RW_';
+> ex) our $stageserver = 'rsync://123.456.789.012/_live_RW_';
+>
+> # 4) If you are use the proxy in your enviroment
+> > vi /etc/sysconfig/proxy
+> HTTP_PROXY=
+> HTTPS_PROXY=
+> FTP_PROXY=
+>
+> # exit a container
+> > exit
+>
+> # restart a container
+> $ sudo ./dobsserver.sh stop
+>
+> $ sudo ./dobsserver.sh start>
+>
+
+## Setting up for Gerrit accessing
+
+>
+> 1. After getting a gerrit account, you need to create an ssh key,
+> and add your ssh key to Gerrit to enable the connection to gerrit.
+>
+> 2. Register your contact info on Gerrit
+> Log into Gerrit.
+> On Gerrit UI, follow the links below to register your email address
+> and update your full name on Gerrit:
+> a.Settings --> Contact Information --> Register New Email...
+> b.Settings --> Contact Information --> Full Name.
+>
+> 3. After you register the email, you will receive an email which contains a link.
+> Please copy the link to your browser to activate the account.
+> Create SSH keys
+>
+> $ sudo ./dobsserver.sh attach
+> $ cd /root
+> $ ssh-keygen -f id_rsa -t rsa -N ''
+> Generating public/private rsa key pair.
+> Generating public/private rsa key pair.
+> Your identification has been saved in id_rsa.
+> Your public key has been saved in id_rsa.pub.
+> The key fingerprint is:
+> 3a:34:9c:35:7c:58:b1:81:9e:b9:64:3d:27:f7:3e:60 root@OBSServer
+> The key's randomart image is:
+> +--[ RSA 2048]----+
+> | .+. |
+> | ..o o |
+> | .=+o |
+> | . o*o+ o |
+> | =oS. = . |
+> | . o. E . |
+> | o . o |
+> | . o |
+> | . |
+> +-----------------+
+> # cat .ssh/id_rsa.pub
+>
+> 4. after pressing the Enter key at several prompts, an SSH key-pair will be created in /root/.ssh/id_rsa.pub .
+> Upload SSH pubkey to Gerrit Click the links below to set up the Gerrit WebUI.
+> Settings --> SSH Public Keys --> Add Key...
+> Paste your SSH public key there, and then click 'Add'.
+> 5. Verify your SSH connection You can verify your Gerrit connection by executing this command:
+> Make sure to add the server RSA key fingerprint to the known hosts of jenkins account
+> if connect to gerrit server in the first time.
+> If your settings are correct, you'll see the message below. If not, check SSH proxy
+> and SSH public key on Gerrit.
+> $ ssh -p 29418 gerrit_username@gerrit_hostname
+> **** Welcome to Gerrit Code Review ****
+> 6. $ vi .ssh/config
+> Host gerrit_hostname
+> Port 29418
+> User gerrit_username
+> IdentityFile ~/.ssh/id_rsa
+> 7. Config Git for Gerrit Access After the above installation, which will include git, is complete, you can configure git.
+> $ git config --global user.name "First_Name Last_Name"
+> $ git config --global user.email "account@host"
+>
+
+
+## Initialize
+
+> ### remove all data
+>
+> $ sudo ./dobsserver.sh stop
+>
+> $ sudo rm -rf /home/obsserver_2.4
+>
+> $ sudo ./dobsserver.sh rm
+>
+> $ sudo ./dobsserver.sh start
+
+
+##CLI
+
+>
+> USAGE: ./dobsserver.sh COMMAND
+> -e
+> Commands:
+> start Start a stopped container
+> attach Attach to a running container
+> stop Stop a running container
+> status Status a running container
+> rm Remove this containers
+> restart stop , start a container
+> kill Kill a running container
+> logs Fetch the logs of a container
+> cp Copy files/folders from a container's filesystem to the host path
+> pull Pull an image or a repository from a Docker registry server
+> inspect Return low-level information on a containe
+> top Lookup the running processes of a container
+> save Save an image to a tar archive
+> load Load an image from a tar archive
+> help help
+
+##Troubleshooting
+
+> --------------------------------------------------------------------------
+> --------------------------------------------------------------------------
+> --------------------------------------------------------------------------
+>
+
+## Dockerfile
+
+> If you want to build an image from a Dockerfile, you can find a Dockerfile from review.tizen.org.
+
+##License
+
+> OBS
+>
+> GNU Licenses (http://openbuildservice.org/help/manuals/obs-reference-guide/apb.html)
+
+
+
+##References
+
+> https://en.opensuse.org/openSUSE:Build_Service_private_installation
+
+## Back to [[Setup of Tizen Infrastructure with Docker]]
\ No newline at end of file diff --git a/clientobsserver/config.conf b/clientobsserver/config.conf new file mode 100755 index 0000000..fd30346 --- /dev/null +++ b/clientobsserver/config.conf @@ -0,0 +1,62 @@ +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== +### Image name +export IMAGES="tizendocker:443/obsserver" + +### Repository name (and optionally a tag) to be applied to the resulting image in case of success +export TAG="2.4.0.7" + +### Assign a name to the container +export CONTAINER="obsserver_2.4" + +### Publish a container's port to the host +### format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort +export PORTS="80 81 82 443 444 5152 5252 5352" + +### Read in a line delimited file of environment variables +export ENVLIST="$(pwd)/env/env.list" + +### Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) +export VOLUMES=" + $(pwd)/root/srv/www/obs/api/config/options.yml:/srv/www/obs/api/config/options.yml + $(pwd)/root/srv/www/obs/webui/config/options.yml:/srv/www/obs/webui/config/options.yml + $(pwd)/root/usr/lib/obs/server/BSConfig.pm:/usr/lib/obs/server/BSConfig.pm + /home/obsserver_2.4/var/lib/mysql:/var/lib/mysql + /home/obsserver_2.4/root/root/:/root/ + /home/obsserver_2.4/srv/obs/:/srv/obs/ + " + +### Container host name +export HOSTNAME="OBSServer" + +### Give extended privileges to this container +export PRIVILEGED=no + +### Restart policy to apply when a container exits (no, on-failure[:max-retry], always) +export AUTOSTART=always + +### Add link to another container in the form of name:alias +export LINK_IMAGES="" + +### Mount volumes from the specified container(s) +export VOLUMES_IMAGES="" + +### Add a custom host-to-IP mapping (host:ip) +export ADD_HOSTS="" + +### Add Linux capabilities +export CAP_ADD="SYS_ADMIN SYS_PTRACE" + +### Add Security Options( ex)apparmor:unconfined ) +export SECURITY_ADD="" diff --git a/clientobsserver/dobsserver.sh b/clientobsserver/dobsserver.sh new file mode 100755 index 0000000..0149974 --- /dev/null +++ b/clientobsserver/dobsserver.sh @@ -0,0 +1,366 @@ +#! /bin/sh +#=============================================================================== +# Tizen OBS Server shell script +# 12/15/2014 0.1 +# +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== + +home="$( cd "$( dirname "$0" )" && pwd )" +. $home/config.conf + +set -e +#------------------------------------------------------------------------------- +images=$IMAGES:$TAG +container=$CONTAINER + +echo "IMAGES:"$images +echo "CONTAINER:"$container + +if [ ! -z "$PORTS" ] +then + for I in $PORTS; do + service_port=$I + if [ ! -z $(echo "$service_port" | grep ':') ] + then + if [ -z "$ports_cmd" ] + then + ports_cmd=$(echo "-p ${service_port} ") + else + ports_cmd=$(echo $ports_cmd"-p ${service_port} ") + fi + else + if [ -z "$ports_cmd" ] + then + ports_cmd=$(echo "-p ${service_port}:${service_port} ") + else + ports_cmd=$(echo $ports_cmd"-p ${service_port}:${service_port} ") + fi + fi + done +fi +echo "PORT:"$ports_cmd + +if [ ! -z "$ENVLIST" ] +then + envlist_cmd=$(echo "--env-file $ENVLIST") +fi +echo "ENV LIST:"$envlist_cmd + +if [ ! -z "$VOLUMES" ] +then + for vol in $VOLUMES; do + if [ -z "$volumes_cmd" ] + then + volumes_cmd=$(echo "-v /etc/localtime:/etc/localtime:ro -v $vol ") + else + volumes_cmd=$(echo $volumes_cmd "-v $vol ") + fi + done +fi +echo "VOLUMES:"$volumes_cmd +if [ ! -z "$HOSTNAME" ] +then + hostname_cmd=$(echo "-h $HOSTNAME") +fi +echo "HOST NAME:"$hostname_cmd + +if [ "$PRIVILEGED" = 'yes' ] +then + privileged_cmd=$(echo "--privileged") +fi +echo "PRIVILEGED:"$privileged_cmd + +if [ "$AUTOSTART" = 'always' ] +then + autostart_cmd=$(echo "--restart=always") +elif [ "$AUTOSTART" = 'on-failure^' ] +then + autostart_cmd=$(echo "--restart=on-failure:10") +fi +echo "AUTOSTART:"$autostart_cmd + +if [ ! -z "$LINK_IMAGES" ] +then + for link in $LINK_IMAGES; do + if [ -z "$links_cmd" ] + then + links_cmd=$(echo "--link $link ") + else + links_cmd=$(echo $links_cmd "--link $link ") + fi + done +fi +echo "LINKS:"$links_cmd + +if [ ! -z "$VOLUMES_IMAGES" ] +then + for volumes_images in $VOLUMES_IMAGES; do + if [ -z "$volumes_images_cmd" ] + then + volumes_images_cmd=$(echo "--volumes-from $volumes_images ") + else + volumes_images_cmd=$(echo $volumes_images_cmd "--volumes-from $volumes_images ") + fi + done +fi +echo "VOLUMES-FROM:"$volumes_images_cmd + +if [ ! -z "$ADD_HOSTS" ] +then + for hostserver in $ADD_HOSTS; do + if [ -z "$add_hosts_cmd" ] + then + add_hosts_cmd=$(echo "--add-host=$hostserver ") + else + add_hosts_cmd=$(echo $add_hosts_cmd "--add-host=$hostserver ") + fi + done +fi +echo "ADD_HOST:"$add_hosts_cmd + +if [ ! -z "$CAP_ADD" ] +then + for capadd in $CAP_ADD; do + if [ -z "$capadds_cmd" ] + then + capadds_cmd=$(echo "--cap-add=$capadd ") + else + capadds_cmd=$(echo $capadds_cmd "--cap-add=$capadd ") + fi + done +fi +echo "CAP_ADD:"$capadds_cmd + +if [ ! -z "$SECURITY_ADD" ]; +then + for securityadd in $SECURITY_ADD; do + if [ -z "$securitys_cmd" ]; + then + securitys_cmd=$(echo "--security-opt=$securityadd ") + else + securitys_cmd=$(echo $securitys_cmd "--security-opt=$securityadd ") + fi + done +fi +echo "SECURITY_ADD:"$securitys_cmd + +#------------------------------------------------------------------------------- +attach(){ + echo "Attaching docker containers:" + docker exec -it $container script /dev/null -c /bin/bash || true +} +#------------------------------------------------------------------------------- +status(){ + echo "Status docker containers:" + docker ps | grep "$container" || true +} +#------------------------------------------------------------------------------- +stop(){ + echo "Stopping docker containers:" + docker stop $container || true + docker ps | grep "$container" || true +} +#------------------------------------------------------------------------------- +start(){ + echo "Starting ${container}:" + echo " docker run -d --name $container \ + $hostname_cmd \ + $privileged_cmd \ + $links_cmd \ + $ports_cmd \ + $envlist_cmd \ + $volumes_cmd \ + $volumes_images_cmd \ + $add_hosts_cmd \ + $capadds_cmd \ + $securitys_cmd \ + $images + " + if [ ! -z "$links_cmd" ] + then + for link in $LINK_IMAGES; do + link_sh=$(echo "$link" | cut -d ':' -f1) + if [ -z "$(docker ps | grep "$link_sh" | awk '{print $NF}')" ] + then + echo "Please you must be run the" "$link_sh"" before the" "$container" + exit + fi + done + fi + for run_container in $(docker ps -a | grep "$container" | awk '{print $NF}'); do + if [ "$run_container" = "$container" ]; + then + docker start $container + docker ps | grep "$container" || true + exit + fi + done + docker run -d --name $container \ + $hostname_cmd \ + $privileged_cmd \ + $links_cmd \ + $ports_cmd \ + $envlist_cmd \ + $volumes_cmd \ + $volumes_images_cmd \ + $add_hosts_cmd \ + $capadds_cmd \ + $securitys_cmd \ + $images + + docker ps | grep "$container" || true +} + +#------------------------------------------------------------------------------- +kill(){ + echo "Killing docker containers:" + docker kill $container || true +} +#------------------------------------------------------------------------------- +rm(){ + echo "Removing stopped containers:" + docker rm $container || true +} +#------------------------------------------------------------------------------- +logs(){ + echo "Show logs of a container" + docker logs $container || true +} +#------------------------------------------------------------------------------- +cp(){ + echo "Copy files/folders from a container's filesystem" + echo "docker cp $container:$1 $2 || true" + docker cp $container:$1 $2 || true +} +#------------------------------------------------------------------------------- +pull(){ + echo "Pull an image or a repository from a Docker registry server" + docker pull $images || true +} +#------------------------------------------------------------------------------- +inspect(){ + echo "Return low-level information on a containe" + docker inspect $container || true +} +#------------------------------------------------------------------------------- +top(){ + echo "Lookup the running processes of a container" + docker top $container || true +} +#------------------------------------------------------------------------------- +save(){ + echo "Save an image to a tar archive" + docker save -o $container"-"$TAG"-docker-image.tar.gz" $images || true + echo $(pwd | awk -F '/' '{print $NF}') + tar cvfzp ../$container"-"$TAG"-docker-script.tar.gz" ../$(pwd | awk -F '/' '{print $NF}') + echo "Save $container-$TAG" +} +#------------------------------------------------------------------------------- +load(){ + echo "Load an image from a tar archive" + docker load -i $container"-"$TAG"-docker-image.tar.gz" || true + echo "Load $container-$TAG" +} +#------------------------------------------------------------------------------- +help(){ + echo "help" + usage +} +#------------------------------------------------------------------------------- +usage (){ + echo "USAGE: $0" COMMAND + + echo -e "\nCommands:" + echo " start Start a stopped container" + echo " attach Attach to a running container" + echo " stop Stop a running container" + echo " status Status a running container" + echo " rm Remove this containers" + echo " restart stop , start a container" + echo " kill Kill a running container" + echo " logs Fetch the logs of a container" + echo " cp Copy files/folders from a container's filesystem to the host path" + echo " pull Pull an image or a repository from a Docker registry server" + echo " inspect Return low-level information on a containe" + echo " top Lookup the running processes of a container" + echo " save Save an image to a tar archive" + echo " load Load an image from a tar archive" + echo " help help" + exit 1 +} +#------------------------------------------------------------------------------- +if [ $# -eq 0 ] +then + usage +fi + +#------------------------------------------------------------------------------- +case "$1" in + start) + start + ;; + attach) + attach + ;; + status) + status + ;; + stop) + stop + ;; + restart) + stop + start + ;; + + kill) + kill + rm + ;; + rm) + rm + ;; + logs) + logs + ;; + cp) + cp $2 $3 + ;; + pull) + pull + ;; + push) + push + ;; + inspect) + inspect + ;; + top) + top + ;; + save) + save + ;; + load) + load + ;; + help) + help + ;; + *) + usage + ;; +esac +#=============================================================================== + diff --git a/clientobsserver/env/env.list b/clientobsserver/env/env.list new file mode 100755 index 0000000..964c19a --- /dev/null +++ b/clientobsserver/env/env.list @@ -0,0 +1,19 @@ +#### env list #### +#### mysql database #### +MYSQL_ROOT_PASSWORD=opensuse +MYSQL_API_DATABASE=api_production +MYSQL_WEBUI_DATABASE=webui_production +MYSQL_USER=obs +MYSQL_PASSWORD=obspassword +MYSQL_DATA_DIR_DEFAULT=/var/lib/mysql + +#ex)SSL_SUBJECT="/C=KR/ST=SEOUL/L=SUWON/O=SAMSUNG/OU=DEV/CN="$HOSTNAME +# default value is "/CN="$HOSTNAME +SSL_SUBJECT= + +Xmx=2048m + +ftp_proxy= +http_proxy= +https_proxy= +socks_proxy=
\ No newline at end of file diff --git a/clientobsserver/root/srv/www/obs/api/config/options.yml b/clientobsserver/root/srv/www/obs/api/config/options.yml new file mode 100755 index 0000000..1ead9ef --- /dev/null +++ b/clientobsserver/root/srv/www/obs/api/config/options.yml @@ -0,0 +1,171 @@ +# +# This file contains the default configuration of the Open Build Service API. +# + +# Add also webui_host setting if you want allow anonymous read access via webui +#allow_anonymous: true +#read_only_hosts: [ "build.opensuse.org", "software.opensuse.org" ] + +# Make use of mod_xforward module in apache +use_xforward: true + +# Make use of http://blog.lighttpd.net/articles/2006/07/22/x-sendfiles-new-friend-x-rewrite. +# Note that you need to enable the proxy-core option to allow this. +#x_rewrite_host: localhost + +# How to register new users, valid options are: +# allow: Everybody who can connect to api or webui can create an +# account and use the service. +# confirmation: Everybody who can connect to api or webui can create an +# account, but admin needs to approve the usage. +# deny: Only admin user can create new users. +new_user_registration: allow + +# Allow user to create home projects, which is the default. Disable it here +# via setting it to "false" +#allow_user_to_create_home_project: true + +# Minimum count of rating votes a project/package needs to # be taken in account +# for global statistics: +min_votes_for_rating: 3 + +# Set to true to verify XML reponses comply to the schema +response_schema_validation: false + +source_host: localhost +source_port: 5352 +#source_protocol: https + +extended_backend_log: false + +# Do not allow creating group via API to avoid the conflicts when ldap_group_support is :on +# If you do want to import the group data from LDAP to OBS DB manuallly, please set if to :off +disallow_group_creation_with_api: :on + +download_url: http://localhost:82/ + +#ichain_mode + +#multiaction_notify_support +#new_user_registration + +# proxy_auth_mode can be :off, :on or :simulate +proxy_auth_mode: :off + +# ATTENTION: If proxy_auth_mode'is :on, the frontend takes the user +# name that is coming as headervalue X-username as a +# valid user does no further authentication. So take care... +proxy_auth_test_user: coolguy + +yml_url: http://software.opensuse.org/ymp + +#schema_location + +#version +#webui_host + +# LDAP options + +ldap_mode: :off + +# Sam Account Name is the login name for LDAP +ldap_search_attr: sAMAccountName + +# OVERRIDE with your company's ldap search base for the users who will use OBS +ldap_search_base: OU=Organizational Unit,DC=Domain Component + +# LDAP Servers separated by ':'. +# OVERRIDE with your company's ldap servers. Servers are picked randomly for +# each connection to distribute load. +ldap_servers: ldap1.mycompany.com:ldap2.mycompany.com + +# Max number of times to attempt to contact the LDAP servers +ldap_max_attempts: 15 + +# The attribute the user memberof is stored in +ldap_user_memberof_attr: memberof + +# Perform the group_user search with the member attribute of group entry or memberof attribute of user entry +# It depends on your ldap define +# The attribute the group member is stored in +ldap_group_member_attr: member + +# If you're using ldap_authenticate=:ldap then you should ensure that +# ldaps is used to transfer the credentials over SSL or use the StartTLS extension +ldap_ssl: :on + +# Use StartTLS extension of LDAP +ldap_start_tls: :off + +# LDAP port defaults to 636 for ldaps and 389 for ldap and ldap with StartTLS +#ldap_port: +# Authentication with Windows 2003 AD requires +ldap_referrals: :off + +# OVERRIDE with your company's ldap search base for the users who will use OBS +ldap_search_base: OU=Organizational Unit,DC=Domain Component +# Sam Account Name is the login name for LDAP +ldap_search_attr: sAMAccountName +# The attribute the users name is stored in +ldap_name_attr: cn +# The attribute the users email is stored in +ldap_mail_attr: mail +# Credentials to use to search ldap for the username +ldap_search_user: "" +ldap_search_auth: "" + +# By default any LDAP user can be used to authenticate to the OBS +# In some deployments this may be too broad and certain criteria should +# be met; eg group membership +# +# To allow only users in a specific group uncomment this line: +#ldap_user_filter: memberof=CN=group,OU=Groups,DC=Domain Component) +# +# Note this is joined to the normal selection like so: +# (&(#{dap_search_attr}=#{login})#{ldap_user_filter}) +# giving an ldap search of: +# (&(sAMAccountName=#{login})(memberof=CN=group,OU=Groups,DC=Domain Component)) +# +# Also note that openLDAP must be configured to use the memberOf overlay + +# How to verify: +# :ldap = attempt to bind to ldap as user using supplied credentials +# :local = compare the credentials supplied with those in +# LDAP using #{ldap_auth_attr} & #{ldap_auth_mech} +# ldap_auth_mech can be +# : md5 +# : cleartext +ldap_authenticate: ldap +ldap_auth_attr: userPassword +ldap_auth_mech: md5 + +# Whether to update the user info to LDAP server, it does not take effect +# when ldap_mode is not set. +# Since adding new entry operation are more depend on your slapd db define, it might not +# compatiable with all LDAP server settings, you can use other LDAP client tools for your specific usage +ldap_update_support: :off +# ObjectClass, used for adding new entry +ldap_object_class: inetOrgPerson +# Base dn for the new added entry +ldap_entry_base: ou=OBSUSERS,dc=EXAMPLE,dc=COM +# Does sn attribute required, it is a necessary attribute for most of people objectclass, +# used for adding new entry +ldap_sn_attr_required: :on + +# Whether to search group info from ldap, it does not take effect +# when LDAP_GROUP_SUPPOR is not set. +# Please also set below LDAP_GROUP_* configs correctly to ensure the operation works properly +ldap_group_support: :off +# OVERRIDE with your company's ldap search base for groups +ldap_group_search_base: ou=OBSGROUPS,dc=EXAMPLE,dc=COM +# The attribute the group name is stored in +ldap_group_title_attr: cn +# The value of the group objectclass attribute, leave it as "" if objectclass attr doesn't exist +ldap_group_objectclass_attr: groupOfNames + +# if set to false, the API will only fake writes to backend (useful in testing) +# global_write_through: true + +# see http://colszowka.heroku.com/2011/02/22/setting-up-your-custom-hoptoad-notifier-endpoint-for-free-using-errbit-on-heroku +#errbit_api_key: api_key_of_your_app +#errbit_host: installation.of.errbit.com diff --git a/clientobsserver/root/srv/www/obs/webui/config/options.yml b/clientobsserver/root/srv/www/obs/webui/config/options.yml new file mode 100755 index 0000000..3ec0c15 --- /dev/null +++ b/clientobsserver/root/srv/www/obs/webui/config/options.yml @@ -0,0 +1,101 @@ +# Config options for the buildservice webclient +version: 1.0 + +# change this option to use a customized theme. See README.theme +theme: neutral +# this is build.opensuse.org's theme +#theme: bento + +# Set this when the webclient runs from a subdirectory +#relative_url_root: /stage + +# Set this when the api runs from a subdirectory +#api_relative_url_root: /stage + +# Use static.opensuse.org for static style content +#use_static: build.o.o + +# Download base URL of published binaries +download_url: http://localhost:82 + +# Bugzilla link url for creating bugreports for projects or packages +#bugzilla_host: http://bugzilla.myproject.org + +# Hide private options in webui, like source or binary protection +# hide_private_options: true + +# Make use of mod_xforward module in apache +use_xforward: true + +# make use of http://blog.lighttpd.net/articles/2006/07/22/x-sendfiles-new-friend-x-rewrite +# note that you need to enable the proxy-core option to allow this +#use_lighttpd_x_rewrite: true + +# Show option to change password (not possible if passwords are controlled by proxy) +change_passwd: :on + +# if your users access the hosts through a proxy (or just a different name, use this to +# overwrite the settings for users) +#external_frontend_host: api.opensuse.org +#external_frontend_port: 443 +#external_frontend_protocol: https + +# used for redirects after login +#external_webui_host: build.opensuse.org +#external_webui_protocol: https + +# if the api runs against ldap (:on && :off) +#frontend_ldap_mode: :on + +# enable gravatar icons in webui. This contacts www.gravatar.com and may tell the email adresses +# of your users if they are registered there. +#use_gravatar: :off + +# Use this http_proxy (currently only used to download garavatar images) +#http_proxy: + +# hostname of API +frontend_host: "localhost" +# port of API +frontend_port: 81 +frontend_protocol: "http" + +# Do not show options to make projects private +#hide_private_options: true + +# old name for proxy_auth_mode +#ichain_mode: :off +# old name for proxy_auth_test_user +#ichain_test_user + +proxy_auth_mode: :off +#proxy_auth_host: https://build.opensuse.org +#proxy_auth_login_page: https://build.opensuse.org/ICSLogin +#proxy_auth_logout_page: /cmd/ICSLogout +#proxy_auth_register_page: https://en.opensuse.org/ICSLogin +#proxy_auth_account_page: https://en.opensuse.org/ICSAccount + +# use those to fake ichain against the API +#proxy_auth_test_email: coolguy@example.com +#proxy_auth_test_user: coolguy + +# see http://colszowka.heroku.com/2011/02/22/setting-up-your-custom-hoptoad-notifier-endpoint-for-free-using-errbit-on-heroku +#errbit_api_key: api_key_of_your_app +#errbit_host: installation.of.errbit.com + +# Your sponsors +sponsors: + - name: "SUSE" + description: "Enterprise Linux you can rely on." + icon: "sponsor_suse" + url: "http://www.suse.com" + - name: "Open Build Service" + description: "A generic system to build and distribute software" + icon: "sponsor_obs" + url: "http://openbuildservice.org" + +# If you have any extra feeds you want to link to in the news section +# add them there. +#feeds: +# - name: 'Commits in openSUSE:Factory' +# url: 'https://hermes.opensuse.org/feeds/25549.rdf' diff --git a/clientobsserver/root/usr/lib/obs/server/BSConfig.pm b/clientobsserver/root/usr/lib/obs/server/BSConfig.pm new file mode 100755 index 0000000..c09aae3 --- /dev/null +++ b/clientobsserver/root/usr/lib/obs/server/BSConfig.pm @@ -0,0 +1,198 @@ +# +# Copyright (c) 2006, 2007 Michael Schroeder, Novell Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING); if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +################################################################ +# +# Open Build Service Configuration +# + +package BSConfig; + +use Net::Domain; +use Socket; + +my $hostname = Net::Domain::hostfqdn() || 'localhost'; +# IP corresponding to hostname (only used for $ipaccess); fallback to localhost since inet_aton may fail to resolve at shutdown. +my $ip = quotemeta inet_ntoa(inet_aton($hostname) || inet_aton("localhost")); + +my $frontend = undef; # FQDN of the WebUI/API server if it's not $hostname + +# If defined, restrict access to the backend servers (bs_repserver, bs_srcserver, bs_service) +our $ipaccess = { + '172\..*' => 'rw', # only local docker ip + '127\..*' => 'rw', # only the localhost can write to the backend + "^$ip" => 'rw', # Permit IP of FQDN + '.*' => 'worker', # build results can be delivered from any client in the network +}; + +# IP of the WebUI/API Server (only used for $ipaccess) +if ($frontend) { + my $frontendip = quotemeta inet_ntoa(inet_aton($frontend) || inet_aton("localhost")); + $ipaccess->{$frontendip} = 'rw' ; # in dotted.quad format +} + +our $obsname = $hostname; # unique identifier for this Build Service instance +# Change also the SLP reg files in /etc/slp.reg.d/ when you touch hostname or port +our $srcserver = "http://$hostname:5352"; +our $reposerver = "http://$hostname:5252"; +our $serviceserver = "http://$hostname:5152"; +our $servicedir = "/usr/lib/obs/service/"; +#our $servicetempdir = "/var/temp/"; +#our $serviceroot = "/opt/obs/MyServiceSystem"; + +#our $gpg_standard_key = "/etc/obs-default-gpg.asc"; +# public download service: +our $repodownload = "http://$hostname:82"; +# optional notification service: +#our $hermesserver = "http://$hostname/hermes"; +#our $hermesnamespace = "OBS"; +# +# Notification Plugin, multiple plugins supported, separated by space +#our $notification_plugin = "notify_hermes notify_rabbitmq"; +# +#FIXME2.4 belongs in API +# Does the notify plugin supports multiple actions? +# Hermes doesn't, BOSS does. +#our $multiaction_notify_support = 0 + +# For the workers only, it is possible to define multiple repository servers here. +# But only one source server is possible yet. +our @reposervers = ("http://$hostname:5252"); + +# proxy support: +#our $proxy = "http(s)://<user:pass>\@<host>:<port>"; + +# Curl-like interpretation for noproxy, i.e. each name in $noproxy is either +# a domain containing the hostname or the hostname itself. +# Example: host.com matches host.com, www.host.com etc but not www.myhost.com +#our $noproxy = "localhost, 127.0.0.1"; + +# Package defaults +our $bsdir = '/srv/obs'; +our $bsuser = 'obsrun'; +our $bsgroup = 'obsrun'; +#our $bsquotafile = '/srv/obs/quota.xml'; + +# Use asynchronus scheduler. This avoids hanging schedulers on remote projects, +# when the network is slow or broken. This will become the default in future +our $sched_asyncmode = 1; + +# Define how the scheduler does a cold start. The default (0) is to request the +# data for all packages, (1) means that only the non-remote packages are fetched, +# (2) means that all of the package data fetches get delayed. +# our $sched_startupmode = 0; + +# To enable package downloading from backend on demand +our $enable_download_on_demand = 1; + +# Disable fdatasync calls, increases the speed, but may lead to data +# corruption on system crash when the filesystem does not guarantees +# data write before rename. +# It is esp. required on XFS filesystem. +# It is safe to be disabled on ext4 and btrfs filesystems. +#our $disable_data_sync = 1; + +# Package rc script / backend communication + log files +our $rundir = "$bsdir/run"; +our $logdir = "$bsdir/log"; + +# optional for non-acl systems, should be set for access control +# 0: trees are shared between projects (built-in default) +# 1: trees are not shared (only usable for new installations) +# 2: new trees are not shared, in case of a missing tree the shared +# location is also tried (package default) +our $nosharedtrees = 2; + +# optional: limit visibility of projects for some architectures +#our $limit_projects = { +# "ppc" => [ "openSUSE:Factory", "FATE" ], +# "ppc64" => [ "openSUSE:Factory", "FATE" ], +#}; + +# optional: allow seperation of releasnumber syncing per architecture +# one counter pool for all ppc architectures, one for i586/x86_64, +# arm archs are seperated and one for the rest in this example +our $relsync_pool = { + "local" => "local", + "i586" => "i586", + "x86_64" => "i586", + "ppc" => "ppc", + "ppc64" => "ppc", + "mips" => "mips", + "mips64" => "mips", + "mipsel" => "mipsel", + "mips64el" => "mipsel", + "aarch64" => "arm", + "armv4l" => "arm", + "armv5l" => "arm", + "armv6l" => "arm", + "armv7l" => "arm", + "armv7hl" => "arm", + "armv5el" => "armv5el", # they do not exist + "armv6el" => "armv6el", + "armv7el" => "armv7el", + "armv8el" => "armv8el", + "sparcv9" => "sparcv9", + "sparc64" => "sparcv9", +}; + +# List of power hosts that can handle power jobs for the sake of +# building critical packages fast. +#our $powerhosts = ["build20"]; + +# List of power packages that can be built on power hosts +#our $powerpkgs = [ "glibc", "qt" ] + +#No extra stage server sync +#our $stageserver = 'rsync://127.0.0.1/put-repos-main'; +#our $stageserver_sync = 'rsync://127.0.0.1/trigger-repos-sync'; + +#No public download server +#our $repodownload = 'http://software.opensuse.org/download/repositories'; + +#No package signing server +#our $sign = '/usr/bin/sign'; +#Extend sign call with project name as argument "--project $NAME" +#our $sign_project = 1; +#Global sign key +#our $keyfile = '/srv/obs/openSUSE-Build-Service.asc'; +#Create a key by default for new projects, if top level have not one +#our $forceprojectkeys = 1; + +# Use a special local arch for product building +# our $localarch = "x86_64"; + +# config options for the bs_worker +# +# run a script to check if the worker is good enough for the job +#our workerhostcheck = 'my_check_script'; +# +# Allow to build as root, exceptions per package +# the keys are actually anchored regexes +# our $norootexceptions = { "my_project/my_package" => 1, "openSUSE:Factory.*/installation-images" => 1 }; + +# Use old style source service handling +# our $old_style_services = 1; + +# host specific configs +my $hostconfig = "bsconfig." . Net::Domain::hostname(); +if(-r $hostconfig) { + print "reading $hostconfig...\n"; + require $hostconfig; +} + +1; diff --git a/devobsserver/COPYING b/devobsserver/COPYING new file mode 100755 index 0000000..d159169 --- /dev/null +++ b/devobsserver/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + <one line to give the program's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + <signature of Ty Coon>, 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/devobsserver/Dockerfile b/devobsserver/Dockerfile new file mode 100755 index 0000000..ff515f2 --- /dev/null +++ b/devobsserver/Dockerfile @@ -0,0 +1,175 @@ +#=============================================================================== +# This file is designed for Tizen infrastructure. +# Author onstudy@samsung.com +#=============================================================================== +FROM flavio/opensuse-12-3 + +MAINTAINER onstudy@samsung.com + +#### If you are use the proxy in your enviroment, add below line on building.#### +#ENV ftp_proxy ftp://<ip> +#ENV http_proxy http://<ip> +#ENV https_proxy https://<ip> +#ENV socks_proxy socks://<ip> + +#### addrepo opensuse 12.3 update os #### +RUN zypper --non-interactive addrepo "http://download.opensuse.org/update/12.3/openSUSE:12.3:Update.repo" + +#### addrepo opensuse 12.3 obs v2.4 #### +RUN zypper --non-interactive addrepo "http://download.opensuse.org/repositories/OBS:/Server:/2.4/openSUSE_12.3/OBS:Server:2.4.repo" +### deleted repo in opensuse download site 07/24 ### +#RUN zypper --non-interactive addrepo "http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.3/devel:languages:python.repo" + +#### addrepo tizen services,tools #### +RUN zypper ar -Gf -t rpm-md -n "Tizen Services (openSUSE_12.3)" http://download.tizen.org/services/archive/0.15.13/openSUSE_12.3 tizen-services +RUN zypper mr -p 1 "Tizen Services (openSUSE_12.3)" +RUN zypper ar -Gf -t rpm-md -n "Tizen Tools (openSUSE_12.3)" http://download.tizen.org/tools/latest-release/openSUSE_12.3 tizen-tools +RUN zypper mr -p 1 "Tizen Tools (openSUSE_12.3)" + +RUN zypper --gpg-auto-import-keys --non-interactive refresh + +#### Install some useful or needed tools +RUN zypper --non-interactive --no-gpg-checks ref +RUN zypper --non-interactive in --recommends vim tar wget telnet sudo + +#### INSTALL supervisor #### +# download from http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_12.3/ +# devel:languages:python.repo +ADD ./supervisor/supervisor-3.1.3-1.1.noarch.rpm / +ADD ./supervisor/python-meld3-1.0.0-1.1.noarch.rpm / +RUN zypper --non-interactive in --recommends python-meld3-1.0.0-1.1.noarch.rpm +RUN zypper --non-interactive in --recommends supervisor-3.1.3-1.1.noarch.rpm +RUN rm supervisor-3.1.3-1.1.noarch.rpm +RUN rm python-meld3-1.0.0-1.1.noarch.rpm + +#### INSTALL OBS SERVER #### +RUN zypper --non-interactive in --recommends obs-server + +RUN zypper --non-interactive in --recommends obs-utils +RUN zypper --non-interactive in --recommends obs-api + +RUN zypper --non-interactive in --recommends obs-service-gbs +RUN zypper --non-interactive in --recommends obs-source_service +RUN zypper --non-interactive in --recommends qemu-linux-user +RUN zypper --non-interactive in --recommends build-initvm-x86_64 build-initvm-i586 +#### Jenkins trigger##### +RUN zypper --non-interactive in --recommends obs-event-plugin + +#### INSTALL APACHE2 #### +RUN zypper --non-interactive in --recommends apache2 apache2-mod_xforward rubygem-passenger-apache2 memcached +RUN zypper --non-interactive in --recommends \ + php5 php5-gd php5-gettext php5-mbstring php5-mysql \ + php5-pear php5-suhosin apache2-mod_php5 php5-bcmath \ + php5-bz2 php5-calendar php5-curl php5-ftp php5-gmp \ + php5-imap php5-ldap php5-mcrypt php5-odbc php5-openssl \ + php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp \ + php5-soap php5-sockets php5-sysvsem php5-wddx php5-xmlrpc \ + php5-xsl php5-exif php5-fastcgi php5-sysvmsg php5-sysvshm +RUN sed -i 's/variables_order = "GPCS"/variables_order = "EGPCS"/g' /etc/php5/apache2/php.ini + +RUN a2enmod passenger && a2enmod rewrite && a2enmod proxy && a2enmod proxy_http && a2enmod xforward && a2enmod headers && a2enmod status +RUN a2enflag SSL + +#### INSTALL NTP #### +# ntp is essential protocol to synchronize time across multiple servers # +RUN zypper --non-interactive in --recommends ntp + +#### INSTALL IPUTILS #### +# use ping from the ldap +RUN zypper --non-interactive in --recommends iputils + +#### INSTALL PERL-GD #### +# use rebuild_time grapth +RUN zypper --non-interactive in --recommends perl-GD + +#### INSTALL TO USE GIT-BUILDPACKAGE #### +RUN zypper --non-interactive in --recommends obs-service-git-buildpackage + +#### INSTALL librpm-tizen #### +#require pacakge of librpm-tizen +RUN zypper --non-interactive in --recommends mozilla-nss +RUN zypper --non-interactive in --recommends librpm-tizen + +RUN zypper clean + +#### OBS Configuration #### +ADD ./obsserver/srv/www/obs/webui/lib/frontend_compat.rb /srv/www/obs/webui/lib/frontend_compat.rb +ADD ./obsserver/srv/www/obs/webui/app/assets/images/obs-logo_small.png /srv/www/obs/webui/app/assets/images/obs-logo_small.png +ADD ./obsserver/srv/www/obs/webui/app/assets/images/obs-logo_small.png /srv/www/obs/webui/public/assets/obs-logo_small.png +ADD ./obsserver/srv/www/obs/webui/app/assets/images/obs-logo_small.png /srv/www/obs/webui/public/assets/obs-logo_small-4c29268da14c390cb1aa768aa440acde.png + +ADD ./obsserver/etc/apache2/vhosts.d/obs.conf /etc/apache2/vhosts.d/obs.conf +RUN sed -i 's/^\(Include \/etc\/apache2\/listen.conf.*\)$/# \1/' /etc/apache2/httpd.conf \ + && echo "Include /etc/apache2/conf.d/mod_passenger.conf" >> /etc/apache2/httpd.conf \ + && echo "repo-cache-dir = /srv/obs/git-buildpackage-repos/" >> /etc/obs/services/gbs \ + && mkdir -p /srv/obs/git-buildpackage-repos/ && chown -R obsrun:obsrun /srv/obs/git-buildpackage-repos/ + +#### "Adjust configuration for this hostname" #### +#### use local host to avoid SSL verification between webui and api #### +RUN sed -i 's,^ username: .*, username: <%= ENV['"'"'MYSQL_USER'"'"'] %>,' /srv/www/obs/api/config/database.yml \ + && sed -i 's,^ password: .*, password: <%= ENV['"'"'MYSQL_PASSWORD'"'"'] %>,' /srv/www/obs/api/config/database.yml \ + && sed -i 's,^ username: .*, username: <%= ENV['"'"'MYSQL_USER'"'"'] %>,' /srv/www/obs/webui/config/database.yml \ + && sed -i 's,^ password: .*, password: <%= ENV['"'"'MYSQL_PASSWORD'"'"'] %>,' /srv/www/obs/webui/config/database.yml + + +RUN sed -i 's/#use_xforward/use_xforward/g' /srv/www/obs/webui/config/options.yml \ + && sed -i 's/#use_xforward/use_xforward/g' /srv/www/obs/api/config/options.yml \ + + && sed -i 's,^frontend_host: .*,frontend_host: "localhost",' /srv/www/obs/webui/config/options.yml \ + && sed -i 's,^frontend_port: .*,frontend_port: 81,' /srv/www/obs/webui/config/options.yml \ + && sed -i 's,^frontend_protocol: .*,frontend_protocol: "'"http"'",' /srv/www/obs/webui/config/options.yml + +#### Fix ldap connection error(login user page) +RUN sed -i 's/ realname.toutf8/#fix FATAL error 2015.03.18 realname.toutf8/g' /srv/www/obs/api/app/models/user.rb + +#### Fix Arm build error from qemu reg #### +#### qemu-arm-static --> qemu-arm-binfmt #### +RUN sed -i 's/static:/binfmt:P/g' /usr/lib/build/qemu-reg + +#### Fix Http 500 Error #### +RUN sed -i '/our $ipaccess = {/a\ '"'"172'\\..*'"'"' => '"'"'rw'"'"'\, # only local docker ip' /usr/lib/obs/server/BSConfig.pm \ + && sed -i 's,^our.*\$repodownload.*=.*,our $repodownload = "http://$hostname:82";,' /usr/lib/obs/server/BSConfig.pm + +RUN mkdir -p /srv/obs/certs && chown obsrun:obsrun /srv/obs/certs +RUN mkdir -p /srv/obs/repos && chown -R obsrun:obsrun /srv/obs/repos/ +RUN chown -R wwwrun:www /srv/www/obs/api && chown -R wwwrun:www /srv/www/obs/webui + +#### ADD RSYNC CONFIG #### +RUN sed -i 's/yes/no/g' /etc/xinetd.d/rsync +RUN rm /etc/rsyncd.conf + +#### FIX MYSQL #### +RUN sed -i '/^\[mysqld\]/a\tmpdir=\/tmp\/' /etc/my.cnf + +#### START SCRIPT #### +RUN mkdir -p /srv/script +ADD script/initdb.sh /srv/script/initdb.sh +ADD ./script/rsync.sh /srv/script/rsync.sh +ADD ./script/obsservice.sh /srv/script/obsservice.sh +ADD ./script/startup.sh /srv/script/startup.sh +ADD ./script/ca.sh /srv/script/ca.sh +ADD ./script/db.sh /srv/script/db.sh +ADD ./script/repos.sh /srv/script/repos.sh +RUN chmod +x /srv/script/* + +ADD ./supervisor/supervisord.conf /etc/supervisord.conf + +# Set environment variables. +ENV HOME /root +ENV TERM xterm +ENV TMOUT 1800 +#### mysql database #### +ENV MYSQL_ROOT_PASSWORD opensuse +ENV MYSQL_API_DATABASE api_production +ENV MYSQL_WEBUI_DATABASE webui_production +ENV MYSQL_USER obs +ENV MYSQL_PASSWORD obspassword +ENV MYSQL_DATA_DIR_DEFAULT /var/lib/mysql + +EXPOSE 80 81 82 443 444 5152 5252 5352 +EXPOSE 3306 +WORKDIR /srv/script +VOLUME ["/etc/mysql", "/var/lib/mysql","/var/run/mysql"] + +CMD ["/bin/bash","/srv/script/startup.sh"] + diff --git a/devobsserver/README2.4.md b/devobsserver/README2.4.md new file mode 100755 index 0000000..9d080cf --- /dev/null +++ b/devobsserver/README2.4.md @@ -0,0 +1,303 @@ +# Tizen Infra : OBS-Server with Docker
+
+## Introduction
+The Open Build Service (OBS) is a generic system to build and distribute packages from sources in an automatic, consistent and reproducible way. It makes it possible to release software for a wide range of operating systems and hardware architectures. (https://en.opensuse.org)
+
+
+## Version
+> ver 2.4.0.7 ( OBS : 2.4 Docker Image : 0.7)
+
+##Tested on Host OS.
+
+> ##### Host OS : ubuntu 14.04
+>
+> docker version : 1.4.1
+> docker version : 1.6.2
+> docker version : 1.7.0
+
+> ##### Host OS : opensuse 13.1
+>
+> docker version : 1.3.2
+> docker version : 1.6.2
+
+## OBS Server Information
+
+> ##### In the default configuration
+> === Server Info ===
+> CPU clock : 2.70GHz
+> CPU core : 24
+> RAM MEM : 64GB
+> Disk Cache : 2GB
+> HDD : 1TB
+>
+
+## Pre-installed Packages
+
+> ##### Image OS : flavio/opensuse-12-3
+> vim tar wget telnet supervisor sudo
+> obs-server obs-signd obs-utils obs-api git-buildpackage obs-service-gbs
+> obs-source_service qemu-linux-user build-initvm-x86_64 build-initvm-i586 obs-event-plugin
+> apache2 apache2-mod_xforward rubygem-passenger-apache2 memcached
+> php5 php5-gd php5-gettext php5-mbstring php5-mysql
+> php5-pear php5-suhosin apache2-mod_php5 php5-bcmath
+> php5-bz2 php5-calendar php5-curl php5-ftp php5-gmp
+> php5-imap php5-ldap php5-mcrypt php5-odbc php5-openssl
+> php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp
+> php5-soap php5-sockets php5-sysvsem php5-wddx php5-xmlrpc
+> php5-xsl php5-exif php5-fastcgi php5-sysvmsg php5-sysvshm
+> npt iputils
+> perl-GD
+> obs-service-git-buildpackage
+> libcurl4-7.42.1
+> librpm-tizen
+
+## Download
+
+> ##### URL
+> http://cdn.download.tizen.org/services/docker/
+
+## Execution
+
+> ##### Download an images and execute.
+>
+> $ wget < url >
+>
+> $ ls
+>
+> obsserver_2.4-2.4.0.7-docker-script.tar.gz
+> $ tar -xvf obsserver_2.4-2.4.0.7-docker-script.tar.gz
+>
+> $ cd clientobsserver
+>
+> $ ls
+>
+> config.conf dobsserver.sh env obsserver_2.4-2.4.0.7-docker-image.tar.gz root
+>
+> #### Description ####
+> * config.conf : Metaconfig file of container
+> * env : Environment variables of container
+> * -docker-image.tar.gz : Docker image
+> (“$ ./dobsserver.sh load” will load docker image from *-docker-image.tar.gz )
+> * root : Specific configuration files to be applied on container
+>
+> $ sudo ./dobsserver.sh load
+>
+> $ docker images
+>
+> $ docker images
+> tizendocker:5000/obsserver 2.4.0.7
+>
+> $ vi env/env.list
+>
+> #If you want to change the password for the MySQL database, you can change it
+>
+> #If you are use the proxy in your enviroment, pleaese add below line.
+> ftp_proxy=ftp://123.456.789.012
+> http_proxy=http://123.456.789.012
+> https_proxy=https://123.456.789.012
+> socks_proxy=socks://123.456.789.012
+>
+> #If you are use the proxy in your enviroment, pleaese add below line.
+> ftp_proxy=
+> http_proxy=
+> https_proxy=
+> socks_proxy=
+>
+> $ vi config.conf
+>
+> # Configuration of the dobsserver.sh
+> # You can be change a hostname. others do not change.
+> export HOSTNAME= #hostname in container
+>
+> #If you remove the Container, because the changed values are deleted,
+> # the backup data must be managed volumes.
+> export VOLUMES="<host dir or filename>:<container dir or filename>
+>
+> $ sudo ./dobsserver.sh start
+>
+> $ docker ps
+> 1dd1fac2912e tizendocker:5000/obsserver:2.4.0.7 "/bin/bash /srv/scri 4 hours ago Up 4 hours
+> 0.0.0.0:80->80/tcp, 0.0.0.0:82->82/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:444->444/tcp, 0.0.0.0:5152->5152/tcp,
+> 0.0.0.0:5252->5252/tcp, 0.0.0.0:5352->5352/tcp obsserver_2.4
+>
+> Finish
+
+
+## Connect OBS
+>
+> web url : http://localhost:80/ or http:// < ip > /
+> api url : http://localhost:81/ or http:// < ip >:81 /
+> repos url : http://localhost:82/ or http:// < ip >:82 /
+>
+> # Admin password
+> Log in = id : Admin , pw : opensuse
+
+## Setup OBS Service
+
+> If you conncect the download server,jenkins server.
+>
+> # Attach to a running container
+> $ sudo ./dobsserver.sh attach
+>
+> > vi root/usr/lib/obs/server/BSConfig.pm
+> # 1) Add lines below
+> our $notification_plugin = "notify_jenkins";
+> our $jenkinsserver = "Jenkins_Server_IP:8080"; (ex. our $jenkinsserver = > "http://123.456.789.012:8080";)
+> our $jenkinsjob = 'job/obs-event-dispatcher/buildWithParameters';
+> our $jenkinsnamespace = "OBS";
+> our @excl_patterns = ("project:Tizen:.* type:REPO_PUBLISH_STATE",
+> "type:BUILD_.*",
+> "type:SRCSRV_COMMIT",
+> "type:SRCSRV_VERSION_CHANGE");
+>
+> our @incl_patterns = ("project:Tizen:.*",
+> "project:home:prerelease:.*");
+> # You must modify Jenkins_Server_IP as what you use.
+> # Optional : You can modify (add/ remove lists) "our @excl_patterns" & "our > @incl_patterns"
+> # : our @excl_patterns -> obs projects which is excluded from snapshot
+> # :our @incl_patterns -> obs projects which is triggers jenkins to make snapshot
+>
+> # 2) Add proxy IP
+> our $proxy = "Proxy_IP";
+> ex) our $proxy = "http://123.456.789.012/";
+>
+> # 3) Add information about stage server.
+> our $stageserver = 'rsync://Download_Server_IP/_live_RW_';
+> ex) our $stageserver = 'rsync://123.456.789.012/_live_RW_';
+>
+> # 4) If you are use the proxy in your enviroment
+> > vi /etc/sysconfig/proxy
+> HTTP_PROXY=
+> HTTPS_PROXY=
+> FTP_PROXY=
+>
+> # exit a container
+> > exit
+>
+> # restart a container
+> $ sudo ./dobsserver.sh stop
+>
+> $ sudo ./dobsserver.sh start>
+>
+
+## Setting up for Gerrit accessing
+
+>
+> 1. After getting a gerrit account, you need to create an ssh key,
+> and add your ssh key to Gerrit to enable the connection to gerrit.
+>
+> 2. Register your contact info on Gerrit
+> Log into Gerrit.
+> On Gerrit UI, follow the links below to register your email address
+> and update your full name on Gerrit:
+> a.Settings --> Contact Information --> Register New Email...
+> b.Settings --> Contact Information --> Full Name.
+>
+> 3. After you register the email, you will receive an email which contains a link.
+> Please copy the link to your browser to activate the account.
+> Create SSH keys
+>
+> $ sudo ./dobsserver.sh attach
+> $ cd /root
+> $ ssh-keygen -f id_rsa -t rsa -N ''
+> Generating public/private rsa key pair.
+> Generating public/private rsa key pair.
+> Your identification has been saved in id_rsa.
+> Your public key has been saved in id_rsa.pub.
+> The key fingerprint is:
+> 3a:34:9c:35:7c:58:b1:81:9e:b9:64:3d:27:f7:3e:60 root@OBSServer
+> The key's randomart image is:
+> +--[ RSA 2048]----+
+> | .+. |
+> | ..o o |
+> | .=+o |
+> | . o*o+ o |
+> | =oS. = . |
+> | . o. E . |
+> | o . o |
+> | . o |
+> | . |
+> +-----------------+
+> # cat .ssh/id_rsa.pub
+>
+> 4. after pressing the Enter key at several prompts, an SSH key-pair will be created in /root/.ssh/id_rsa.pub .
+> Upload SSH pubkey to Gerrit Click the links below to set up the Gerrit WebUI.
+> Settings --> SSH Public Keys --> Add Key...
+> Paste your SSH public key there, and then click 'Add'.
+> 5. Verify your SSH connection You can verify your Gerrit connection by executing this command:
+> Make sure to add the server RSA key fingerprint to the known hosts of jenkins account
+> if connect to gerrit server in the first time.
+> If your settings are correct, you'll see the message below. If not, check SSH proxy
+> and SSH public key on Gerrit.
+> $ ssh -p 29418 gerrit_username@gerrit_hostname
+> **** Welcome to Gerrit Code Review ****
+> 6. $ vi .ssh/config
+> Host gerrit_hostname
+> Port 29418
+> User gerrit_username
+> IdentityFile ~/.ssh/id_rsa
+> 7. Config Git for Gerrit Access After the above installation, which will include git, is complete, you can configure git.
+> $ git config --global user.name "First_Name Last_Name"
+> $ git config --global user.email "account@host"
+>
+
+
+## Initialize
+
+> ### remove all data
+>
+> $ sudo ./dobsserver.sh stop
+>
+> $ sudo rm -rf /home/obsserver_2.4
+>
+> $ sudo ./dobsserver.sh rm
+>
+> $ sudo ./dobsserver.sh start
+
+
+##CLI
+
+>
+> USAGE: ./dobsserver.sh COMMAND
+> -e
+> Commands:
+> start Start a stopped container
+> attach Attach to a running container
+> stop Stop a running container
+> status Status a running container
+> rm Remove this containers
+> restart stop , start a container
+> kill Kill a running container
+> logs Fetch the logs of a container
+> cp Copy files/folders from a container's filesystem to the host path
+> pull Pull an image or a repository from a Docker registry server
+> inspect Return low-level information on a containe
+> top Lookup the running processes of a container
+> save Save an image to a tar archive
+> load Load an image from a tar archive
+> help help
+
+##Troubleshooting
+
+> --------------------------------------------------------------------------
+> --------------------------------------------------------------------------
+> --------------------------------------------------------------------------
+>
+
+## Dockerfile
+
+> If you want to build an image from a Dockerfile, you can find a Dockerfile from review.tizen.org.
+
+##License
+
+> OBS
+>
+> GNU Licenses (http://openbuildservice.org/help/manuals/obs-reference-guide/apb.html)
+
+
+
+##References
+
+> https://en.opensuse.org/openSUSE:Build_Service_private_installation
+
+## Back to [[Setup of Tizen Infrastructure with Docker]]
\ No newline at end of file diff --git a/devobsserver/config.conf b/devobsserver/config.conf new file mode 100755 index 0000000..fd30346 --- /dev/null +++ b/devobsserver/config.conf @@ -0,0 +1,62 @@ +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== +### Image name +export IMAGES="tizendocker:443/obsserver" + +### Repository name (and optionally a tag) to be applied to the resulting image in case of success +export TAG="2.4.0.7" + +### Assign a name to the container +export CONTAINER="obsserver_2.4" + +### Publish a container's port to the host +### format: ip:hostPort:containerPort | ip::containerPort | hostPort:containerPort | containerPort +export PORTS="80 81 82 443 444 5152 5252 5352" + +### Read in a line delimited file of environment variables +export ENVLIST="$(pwd)/env/env.list" + +### Bind mount a volume (e.g., from the host: -v /host:/container, from Docker: -v /container) +export VOLUMES=" + $(pwd)/root/srv/www/obs/api/config/options.yml:/srv/www/obs/api/config/options.yml + $(pwd)/root/srv/www/obs/webui/config/options.yml:/srv/www/obs/webui/config/options.yml + $(pwd)/root/usr/lib/obs/server/BSConfig.pm:/usr/lib/obs/server/BSConfig.pm + /home/obsserver_2.4/var/lib/mysql:/var/lib/mysql + /home/obsserver_2.4/root/root/:/root/ + /home/obsserver_2.4/srv/obs/:/srv/obs/ + " + +### Container host name +export HOSTNAME="OBSServer" + +### Give extended privileges to this container +export PRIVILEGED=no + +### Restart policy to apply when a container exits (no, on-failure[:max-retry], always) +export AUTOSTART=always + +### Add link to another container in the form of name:alias +export LINK_IMAGES="" + +### Mount volumes from the specified container(s) +export VOLUMES_IMAGES="" + +### Add a custom host-to-IP mapping (host:ip) +export ADD_HOSTS="" + +### Add Linux capabilities +export CAP_ADD="SYS_ADMIN SYS_PTRACE" + +### Add Security Options( ex)apparmor:unconfined ) +export SECURITY_ADD="" diff --git a/devobsserver/dobsserver.sh b/devobsserver/dobsserver.sh new file mode 100755 index 0000000..9eba146 --- /dev/null +++ b/devobsserver/dobsserver.sh @@ -0,0 +1,410 @@ +#! /bin/sh +#=============================================================================== +# Tizen OBS Server shell script +# 12/15/2014 0.1 +# +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== + +home="$( cd "$( dirname "$0" )" && pwd )" +. $home/config.conf + +set -e +#------------------------------------------------------------------------------- +images=$IMAGES:$TAG +container=$CONTAINER + +echo "IMAGES:"$images +echo "CONTAINER:"$container + +if [ ! -z "$PORTS" ] +then + for I in $PORTS; do + service_port=$I + if [ ! -z $(echo "$service_port" | grep ':') ] + then + if [ -z "$ports_cmd" ] + then + ports_cmd=$(echo "-p ${service_port} ") + else + ports_cmd=$(echo $ports_cmd"-p ${service_port} ") + fi + else + if [ -z "$ports_cmd" ] + then + ports_cmd=$(echo "-p ${service_port}:${service_port} ") + else + ports_cmd=$(echo $ports_cmd"-p ${service_port}:${service_port} ") + fi + fi + done +fi +echo "PORT:"$ports_cmd + +if [ ! -z "$ENVLIST" ] +then + envlist_cmd=$(echo "--env-file $ENVLIST") +fi +echo "ENV LIST:"$envlist_cmd + +if [ ! -z "$VOLUMES" ] +then + for vol in $VOLUMES; do + if [ -z "$volumes_cmd" ] + then + volumes_cmd=$(echo "-v /etc/localtime:/etc/localtime:ro -v $vol ") + else + volumes_cmd=$(echo $volumes_cmd "-v $vol ") + fi + done +fi +echo "VOLUMES:"$volumes_cmd +if [ ! -z "$HOSTNAME" ] +then + hostname_cmd=$(echo "-h $HOSTNAME") +fi +echo "HOST NAME:"$hostname_cmd + +if [ "$PRIVILEGED" = 'yes' ] +then + privileged_cmd=$(echo "--privileged") +fi +echo "PRIVILEGED:"$privileged_cmd + +if [ "$AUTOSTART" = 'always' ] +then + autostart_cmd=$(echo "--restart=always") +elif [ "$AUTOSTART" = 'on-failure^' ] +then + autostart_cmd=$(echo "--restart=on-failure:10") +fi +echo "AUTOSTART:"$autostart_cmd + +if [ ! -z "$LINK_IMAGES" ] +then + for link in $LINK_IMAGES; do + if [ -z "$links_cmd" ] + then + links_cmd=$(echo "--link $link ") + else + links_cmd=$(echo $links_cmd "--link $link ") + fi + done +fi +echo "LINKS:"$links_cmd + +if [ ! -z "$VOLUMES_IMAGES" ] +then + for volumes_images in $VOLUMES_IMAGES; do + if [ -z "$volumes_images_cmd" ] + then + volumes_images_cmd=$(echo "--volumes-from $volumes_images ") + else + volumes_images_cmd=$(echo $volumes_images_cmd "--volumes-from $volumes_images ") + fi + done +fi +echo "VOLUMES-FROM:"$volumes_images_cmd + +if [ ! -z "$ADD_HOSTS" ] +then + for hostserver in $ADD_HOSTS; do + if [ -z "$add_hosts_cmd" ] + then + add_hosts_cmd=$(echo "--add-host=$hostserver ") + else + add_hosts_cmd=$(echo $add_hosts_cmd "--add-host=$hostserver ") + fi + done +fi +echo "ADD_HOST:"$add_hosts_cmd + +if [ ! -z "$CAP_ADD" ] +then + for capadd in $CAP_ADD; do + if [ -z "$capadds_cmd" ] + then + capadds_cmd=$(echo "--cap-add=$capadd ") + else + capadds_cmd=$(echo $capadds_cmd "--cap-add=$capadd ") + fi + done +fi +echo "CAP_ADD:"$capadds_cmd + +if [ ! -z "$SECURITY_ADD" ]; +then + for securityadd in $SECURITY_ADD; do + if [ -z "$securitys_cmd" ]; + then + securitys_cmd=$(echo "--security-opt=$securityadd ") + else + securitys_cmd=$(echo $securitys_cmd "--security-opt=$securityadd ") + fi + done +fi +echo "SECURITY_ADD:"$securitys_cmd + +#------------------------------------------------------------------------------- +attach(){ + echo "Attaching docker containers:" + docker exec -it $container script /dev/null -c /bin/bash || true +} +#------------------------------------------------------------------------------- +status(){ + echo "Status docker containers:" + docker ps | grep "$container" || true +} +#------------------------------------------------------------------------------- +build(){ + echo "Build docker images:"$imags + #### Add proxy on Dockerfile #### + if [ ! $(env | grep -c "proxy") -eq 0 ]; + then + PROXYS=$(env | grep "proxy" ) + echo "Enabled Proxy\n"$PROXYS + for proxy in $PROXYS; do + name=$(echo $proxy | sed 's/\=/ /g' | awk '{print $1}') + ip=$(echo $proxy | sed 's/\=/ /g' | awk '{print $2}' | sed 's/,/\\,/g') + sed -i 's,^#ENV '"$name"'.*,ENV '"$name $ip"',' Dockerfile + done + fi + + docker build --rm -t $images . +} +#------------------------------------------------------------------------------- +rebuild(){ + echo "Rebuild docker images:" + docker build --no-cache --rm -t $images . +} +#------------------------------------------------------------------------------- +stop(){ + echo "Stopping docker containers:" + docker stop $container || true + docker ps | grep "$container" || true +} +#------------------------------------------------------------------------------- +start(){ + echo "Starting ${container}:" + echo " docker run -d --name $container \ + $hostname_cmd \ + $privileged_cmd \ + $links_cmd \ + $ports_cmd \ + $envlist_cmd \ + $volumes_cmd \ + $volumes_images_cmd \ + $add_hosts_cmd \ + $capadds_cmd \ + $securitys_cmd \ + $images + " + if [ ! -z "$links_cmd" ] + then + for link in $LINK_IMAGES; do + link_sh=$(echo "$link" | cut -d ':' -f1) + if [ -z "$(docker ps | grep "$link_sh" | awk '{print $NF}')" ] + then + echo "Please you must be run the" "$link_sh"" before the" "$container" + exit + fi + done + fi + for run_container in $(docker ps -a | grep "$container" | awk '{print $NF}'); do + if [ "$run_container" = "$container" ]; + then + docker start $container + docker ps | grep "$container" || true + exit + fi + done + docker run -d --name $container \ + $hostname_cmd \ + $privileged_cmd \ + $links_cmd \ + $ports_cmd \ + $envlist_cmd \ + $volumes_cmd \ + $volumes_images_cmd \ + $add_hosts_cmd \ + $capadds_cmd \ + $securitys_cmd \ + $images + + docker ps | grep "$container" || true +} + +#------------------------------------------------------------------------------- +kill(){ + echo "Killing docker containers:" + docker kill $container || true +} +#------------------------------------------------------------------------------- +rm(){ + echo "Removing stopped containers:" + docker rm $container || true +} +#------------------------------------------------------------------------------- +rmi(){ + echo "Removing all untagged images:" + docker images | grep "^<none>" | awk '{print "docker rmi "$3}' | sh +} +#------------------------------------------------------------------------------- +logs(){ + echo "Show logs of a container" + docker logs $container || true +} +#------------------------------------------------------------------------------- +cp(){ + echo "Copy files/folders from a container's filesystem" + echo "docker cp $container:$1 $2 || true" + docker cp $container:$1 $2 || true +} +#------------------------------------------------------------------------------- +pull(){ + echo "Pull an image or a repository from a Docker registry server" + docker pull $images || true +} +#------------------------------------------------------------------------------- +push(){ + echo "Push an image or a repository to a Docker registry server" + docker push $images || true +} +#------------------------------------------------------------------------------- +inspect(){ + echo "Return low-level information on a containe" + docker inspect $container || true +} +#------------------------------------------------------------------------------- +top(){ + echo "Lookup the running processes of a container" + docker top $container || true +} +#------------------------------------------------------------------------------- +save(){ + echo "Save an image to a tar archive" + docker save -o $container"-"$TAG"-docker-image.tar.gz" $images || true + echo $(pwd | awk -F '/' '{print $NF}') + tar cvfzp ../$container"-"$TAG"-docker-script.tar.gz" ../$(pwd | awk -F '/' '{print $NF}') + echo "Save $container-$TAG" +} +#------------------------------------------------------------------------------- +load(){ + echo "Load an image from a tar archive" + docker load -i $container"-"$TAG"-docker-image.tar.gz" || true + echo "Load $container-$TAG" +} +#------------------------------------------------------------------------------- +help(){ + echo "help" + usage +} +#------------------------------------------------------------------------------- +usage (){ + echo "USAGE: $0" COMMAND + + echo -e "\nCommands:" + echo " start Start a stopped container" + echo " attach Attach to a running container" + echo " build Build an image from a Dockerfile" + echo " stop Stop a running container" + echo " status Status a running container" + echo " rm Remove this containers" + echo " rmi Remove all <none> images" + echo " restart stop , start a container" + echo " rebuild Rebuild with no-cache options" + echo " kill Kill a running container" + echo " logs Fetch the logs of a container" + echo " cp Copy files/folders from a container's filesystem to the host path" + echo " pull Pull an image or a repository from a Docker registry server" + echo " push Push an image or a repository to a Docker registry server" + echo " inspect Return low-level information on a containe" + echo " top Lookup the running processes of a container" + echo " save Save an image to a tar archive" + echo " load Load an image from a tar archive" + echo " help help" + exit 1 +} +#------------------------------------------------------------------------------- +if [ $# -eq 0 ] +then + usage +fi + +#------------------------------------------------------------------------------- +case "$1" in + start) + start + ;; + attach) + attach + ;; + status) + status + ;; + stop) + stop + ;; + restart) + stop + start + ;; + build) + build + ;; + rebuild) + rebuild + ;; + kill) + kill + rm + ;; + rm) + rm + ;; + rmi) + rmi + ;; + logs) + logs + ;; + cp) + cp $2 $3 + ;; + pull) + pull + ;; + push) + push + ;; + inspect) + inspect + ;; + top) + top + ;; + save) + save + ;; + load) + load + ;; + help) + help + ;; + *) + usage + ;; +esac +#=============================================================================== + diff --git a/devobsserver/env/env.list b/devobsserver/env/env.list new file mode 100755 index 0000000..964c19a --- /dev/null +++ b/devobsserver/env/env.list @@ -0,0 +1,19 @@ +#### env list #### +#### mysql database #### +MYSQL_ROOT_PASSWORD=opensuse +MYSQL_API_DATABASE=api_production +MYSQL_WEBUI_DATABASE=webui_production +MYSQL_USER=obs +MYSQL_PASSWORD=obspassword +MYSQL_DATA_DIR_DEFAULT=/var/lib/mysql + +#ex)SSL_SUBJECT="/C=KR/ST=SEOUL/L=SUWON/O=SAMSUNG/OU=DEV/CN="$HOSTNAME +# default value is "/CN="$HOSTNAME +SSL_SUBJECT= + +Xmx=2048m + +ftp_proxy= +http_proxy= +https_proxy= +socks_proxy=
\ No newline at end of file diff --git a/devobsserver/obsserver/etc/apache2/vhosts.d/obs.conf b/devobsserver/obsserver/etc/apache2/vhosts.d/obs.conf new file mode 100755 index 0000000..247a50b --- /dev/null +++ b/devobsserver/obsserver/etc/apache2/vhosts.d/obs.conf @@ -0,0 +1,79 @@ +Listen 80 +Listen 81 +Listen 82 +Listen 443 +Listen 444 +# May needed on old distributions or after an update from them. +#Listen 443 +# Passenger defaults +PassengerSpawnMethod "smart" +PassengerMaxPoolSize 20 +#RailsEnv "development" +# allow long request urls and being part of headers +LimitRequestLine 20000 +LimitRequestFieldsize 20000 +# Just the overview page +#<VirtualHost *:80> +# # just give an overview about this OBS instance via static web page +# DocumentRoot "/srv/www/obs/overview" +# +# <Directory /srv/www/obs/overview> +# Options Indexes +# Allow from all +# </Directory> +#</VirtualHost> +# OBS WEB interface +<VirtualHost *:80> +#ServerName webui +ServerName tizendocker2 +# General setup for the virtual host +DocumentRoot "/srv/www/obs/webui/public" +#DocumentRoot "/srv/www" +ErrorLog /srv/www/obs/webui/log/apache_error_log +TransferLog /srv/www/obs/webui/log/apache_access_log +PassengerPreStart http://build +<Directory /srv/www/obs/webui/public> +AllowOverride all +Options -MultiViews +FollowSymLinks +# This requires mod_xforward loaded in apache +# Enable the usage via options.yml +# This will decrease the load due to long running requests a lot (unloading from rails stack) +XForward on +Allow from all +</Directory> +#<Directory /srv/www/misc> +# AllowOverride All +# Options None +# Allow from all +#</Directory> +</VirtualHost> +# OBS API +<VirtualHost *:81> +#ServerName api +ServerName tizenwrk1 +# General setup for the virtual host +DocumentRoot "/srv/www/obs/api/public" +ErrorLog /srv/www/obs/api/log/apache_error_log +TransferLog /srv/www/obs/api/log/apache_access_log +PassengerMinInstances 2 +PassengerPreStart http://api:81 +#PassengerPreStart http://tizenrel:81 +<Directory /srv/www/obs/api/public> +AllowOverride all +Options -MultiViews +# This requires mod_xforward loaded in apache +# Enable the usage via options.yml +# This will decrease the load due to long running requests a lot (unloading from rails stack) +XForward on +Allow from all +</Directory> +</VirtualHost> +# Build Results +<VirtualHost *:82> +# The resulting repositories +DocumentRoot "/srv/obs/repos" +<Directory /srv/obs/repos> +Options Indexes FollowSymLinks +Allow from allobswebuide +</Directory> +</VirtualHost> diff --git a/devobsserver/obsserver/srv/www/obs/webui/app/assets/images/obs-logo_small.png b/devobsserver/obsserver/srv/www/obs/webui/app/assets/images/obs-logo_small.png Binary files differnew file mode 100755 index 0000000..8022eea --- /dev/null +++ b/devobsserver/obsserver/srv/www/obs/webui/app/assets/images/obs-logo_small.png diff --git a/devobsserver/obsserver/srv/www/obs/webui/lib/frontend_compat.rb b/devobsserver/obsserver/srv/www/obs/webui/lib/frontend_compat.rb new file mode 100755 index 0000000..fe883fc --- /dev/null +++ b/devobsserver/obsserver/srv/www/obs/webui/lib/frontend_compat.rb @@ -0,0 +1,153 @@ +class FrontendCompat + + # parameters escape + def esc(str) + CGI.escape str.to_s + end + + # path escape + def pesc(str) + URI.escape str.to_s + end + + def initialize + @url_prefix = CONFIG['api_relative_url_root'] || "" + end + + def logger + Rails.logger + end + + def source_cmd( cmd, opt={} ) + extraparams = '' + extraparams << "&repository=#{esc opt[:repository]}" if opt[:repository] + extraparams << "&arch=#{esc opt[:arch]}" if opt[:arch] + extraparams << "&flag=#{esc opt[:flag]}" if opt[:flag] + extraparams << "&status=#{esc opt[:status]}" if opt[:status] + + raise RuntimeError, 'no project given' unless opt[:project] + logger.debug "SOURCE CMD #{cmd} ; extraparams = #{extraparams}" + path = "#{@url_prefix}/source/#{pesc opt[:project]}" + path += "/#{esc opt[:package].to_s}" if opt[:package] + path += "?cmd=#{cmd}#{extraparams}" + + transport.direct_http URI(path), :method => "POST", :data => "" + end + + # opt takes keys: project(needed), repository, arch + # missing project raises RuntimeError + def cmd( command, opt={} ) + raise RuntimeError, "project name missing" unless opt.has_key? :project + logger.debug "--> #{command}: #{opt.inspect}" + path = "#{@url_prefix}/build/#{opt[:project]}?cmd=#{command}" + opt.delete :project + + valid_opts = %(project package repository arch code) + opt.each do |key, val| + raise RuntimeError, "unknown method parameter #{key}" unless valid_opts.include? key.to_s + path += "&#{key.to_s}=#{esc val}" + end + transport.direct_http URI("#{path}"), :method => "POST", :data => "" + end + + def get_source( opt={} ) + logger.debug "--> get_source: #{opt.inspect}" + path = "#{@url_prefix}/source" + path += "/#{pesc opt[:project]}" if opt[:project] + path += "/#{pesc opt[:package]}" if opt[:project] && opt[:package] + path += "/#{pesc opt[:filename]}" if opt[:filename] + extra = [] + extra << "rev=#{esc opt[:rev]}" if opt[:rev] + extra << "expand=#{opt[:expand]}" if opt[:expand] + path += "?#{extra.join('&')}" if extra.length + logger.debug "--> get_source path: #{path}" + + transport.http_do :get, URI("#{path}") + end + + def put_file( data, opt={} ) + path = "#{@url_prefix}/source" + path += "/#{pesc opt[:project]}" if opt[:project] + path += "/#{pesc opt[:package]}" if opt[:project] && opt[:package] + path += "/#{pesc opt[:filename]}" if opt[:filename] + path += "?comment=#{esc opt[:comment]}" unless opt[:comment].blank? + transport.http_do :put, URI("#{path}"), data: data, timeout: 500 + end + + def do_post( data, opt={} ) + path = "#{@url_prefix}/source" + path += "/#{pesc opt[:project]}" if opt[:project] + path += "/#{pesc opt[:package]}" if opt[:project] && opt[:package] + path += "/#{pesc opt[:filename]}" if opt[:filename] + path += "?" + path += "cmd=#{esc opt[:cmd]}" unless opt[:cmd].blank? + path += "&comment=#{esc opt[:comment]}" unless opt[:comment].blank? + transport.http_do :post, URI("#{path}"), data: data, timeout: 500 + end + + def delete_package( opt={} ) + logger.debug "deleting: #{opt.inspect}" + transport.direct_http URI("#{@url_prefix}/source/#{pesc opt[:project]}/#{pesc opt[:package]}"), + :method => "DELETE", :timeout => 500 + end + + def delete_file( opt={} ) + logger.debug "starting to delete file, opt: #{opt.inspect}" + transport.direct_http URI("#{@url_prefix}/source/#{pesc opt[:project]}/#{pesc opt[:package]}/#{pesc opt[:filename]}"), + :method => "DELETE", :timeout => 500 + end + + def get_log_chunk( project, package, repo, arch, start, theend ) + logger.debug "get log chunk #{start}-#{theend}" + path = "#{@url_prefix}/build/#{pesc project}/#{pesc repo}/#{pesc arch}/#{pesc package}/_log?nostream=1&start=#{start}&end=#{theend}" + log = transport.direct_http URI("#{path}"), :timeout => 500 + begin + log.encode!(invalid: :replace, xml: :text, undef: :replace, cr_newline: true) + rescue Encoding::UndefinedConversionError + # encode is documented not to throw it if undef: is :replace, but at least we tried - and ruby 1.9.3 is buggy + end + log.encode!('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: '') + + return log.gsub(/([^a-zA-Z0-9&;<>\/\n\r \t()])/n) do |c| + if c.ord < 32 + '' + else + c + end + end + end + + def get_size_of_log( project, package, repo, arch) + logger.debug "get log entry" + path = "#{@url_prefix}/build/#{pesc project}/#{pesc repo}/#{pesc arch}/#{pesc package}/_log?view=entry" + data = transport.direct_http URI("#{path}"), :timeout => 500 + return 0 unless data + doc = Nokogiri::XML(data) + return doc.root.first_element_child().attributes['size'].value.to_i + end + + def gethistory(key, range, cache=1) + cachekey = key + "-#{range}" + Rails.cache.delete(cachekey, :shared => true) if !cache + return Rails.cache.fetch(cachekey, :expires_in => (range.to_i * 3600) / 150, :shared => true) do + hash = Hash.new + data = transport.direct_http(URI('/public/status/history?key=%s&hours=%d&samples=400' % [key, range])) + doc = Nokogiri::XML(data) + doc.root.elements.each do |value| + hash[value.attributes['time'].value.to_i] = value.attributes['value'].value.to_f + end + hash.sort {|a,b| a[0] <=> b[0]} + end + end + + def get_rpmlint_log(project, package, repository, architecture) + logger.debug "get rpmlint log" + path = "#{@url_prefix}/build/#{pesc project}/#{pesc repository}/#{pesc architecture}/#{pesc package}/rpmlint.log" + data = transport.direct_http(URI(path), :timeout => 500) + return data + end + + def transport + ActiveXML::transport + end +end diff --git a/devobsserver/root/srv/www/obs/api/config/options.yml b/devobsserver/root/srv/www/obs/api/config/options.yml new file mode 100755 index 0000000..1ead9ef --- /dev/null +++ b/devobsserver/root/srv/www/obs/api/config/options.yml @@ -0,0 +1,171 @@ +# +# This file contains the default configuration of the Open Build Service API. +# + +# Add also webui_host setting if you want allow anonymous read access via webui +#allow_anonymous: true +#read_only_hosts: [ "build.opensuse.org", "software.opensuse.org" ] + +# Make use of mod_xforward module in apache +use_xforward: true + +# Make use of http://blog.lighttpd.net/articles/2006/07/22/x-sendfiles-new-friend-x-rewrite. +# Note that you need to enable the proxy-core option to allow this. +#x_rewrite_host: localhost + +# How to register new users, valid options are: +# allow: Everybody who can connect to api or webui can create an +# account and use the service. +# confirmation: Everybody who can connect to api or webui can create an +# account, but admin needs to approve the usage. +# deny: Only admin user can create new users. +new_user_registration: allow + +# Allow user to create home projects, which is the default. Disable it here +# via setting it to "false" +#allow_user_to_create_home_project: true + +# Minimum count of rating votes a project/package needs to # be taken in account +# for global statistics: +min_votes_for_rating: 3 + +# Set to true to verify XML reponses comply to the schema +response_schema_validation: false + +source_host: localhost +source_port: 5352 +#source_protocol: https + +extended_backend_log: false + +# Do not allow creating group via API to avoid the conflicts when ldap_group_support is :on +# If you do want to import the group data from LDAP to OBS DB manuallly, please set if to :off +disallow_group_creation_with_api: :on + +download_url: http://localhost:82/ + +#ichain_mode + +#multiaction_notify_support +#new_user_registration + +# proxy_auth_mode can be :off, :on or :simulate +proxy_auth_mode: :off + +# ATTENTION: If proxy_auth_mode'is :on, the frontend takes the user +# name that is coming as headervalue X-username as a +# valid user does no further authentication. So take care... +proxy_auth_test_user: coolguy + +yml_url: http://software.opensuse.org/ymp + +#schema_location + +#version +#webui_host + +# LDAP options + +ldap_mode: :off + +# Sam Account Name is the login name for LDAP +ldap_search_attr: sAMAccountName + +# OVERRIDE with your company's ldap search base for the users who will use OBS +ldap_search_base: OU=Organizational Unit,DC=Domain Component + +# LDAP Servers separated by ':'. +# OVERRIDE with your company's ldap servers. Servers are picked randomly for +# each connection to distribute load. +ldap_servers: ldap1.mycompany.com:ldap2.mycompany.com + +# Max number of times to attempt to contact the LDAP servers +ldap_max_attempts: 15 + +# The attribute the user memberof is stored in +ldap_user_memberof_attr: memberof + +# Perform the group_user search with the member attribute of group entry or memberof attribute of user entry +# It depends on your ldap define +# The attribute the group member is stored in +ldap_group_member_attr: member + +# If you're using ldap_authenticate=:ldap then you should ensure that +# ldaps is used to transfer the credentials over SSL or use the StartTLS extension +ldap_ssl: :on + +# Use StartTLS extension of LDAP +ldap_start_tls: :off + +# LDAP port defaults to 636 for ldaps and 389 for ldap and ldap with StartTLS +#ldap_port: +# Authentication with Windows 2003 AD requires +ldap_referrals: :off + +# OVERRIDE with your company's ldap search base for the users who will use OBS +ldap_search_base: OU=Organizational Unit,DC=Domain Component +# Sam Account Name is the login name for LDAP +ldap_search_attr: sAMAccountName +# The attribute the users name is stored in +ldap_name_attr: cn +# The attribute the users email is stored in +ldap_mail_attr: mail +# Credentials to use to search ldap for the username +ldap_search_user: "" +ldap_search_auth: "" + +# By default any LDAP user can be used to authenticate to the OBS +# In some deployments this may be too broad and certain criteria should +# be met; eg group membership +# +# To allow only users in a specific group uncomment this line: +#ldap_user_filter: memberof=CN=group,OU=Groups,DC=Domain Component) +# +# Note this is joined to the normal selection like so: +# (&(#{dap_search_attr}=#{login})#{ldap_user_filter}) +# giving an ldap search of: +# (&(sAMAccountName=#{login})(memberof=CN=group,OU=Groups,DC=Domain Component)) +# +# Also note that openLDAP must be configured to use the memberOf overlay + +# How to verify: +# :ldap = attempt to bind to ldap as user using supplied credentials +# :local = compare the credentials supplied with those in +# LDAP using #{ldap_auth_attr} & #{ldap_auth_mech} +# ldap_auth_mech can be +# : md5 +# : cleartext +ldap_authenticate: ldap +ldap_auth_attr: userPassword +ldap_auth_mech: md5 + +# Whether to update the user info to LDAP server, it does not take effect +# when ldap_mode is not set. +# Since adding new entry operation are more depend on your slapd db define, it might not +# compatiable with all LDAP server settings, you can use other LDAP client tools for your specific usage +ldap_update_support: :off +# ObjectClass, used for adding new entry +ldap_object_class: inetOrgPerson +# Base dn for the new added entry +ldap_entry_base: ou=OBSUSERS,dc=EXAMPLE,dc=COM +# Does sn attribute required, it is a necessary attribute for most of people objectclass, +# used for adding new entry +ldap_sn_attr_required: :on + +# Whether to search group info from ldap, it does not take effect +# when LDAP_GROUP_SUPPOR is not set. +# Please also set below LDAP_GROUP_* configs correctly to ensure the operation works properly +ldap_group_support: :off +# OVERRIDE with your company's ldap search base for groups +ldap_group_search_base: ou=OBSGROUPS,dc=EXAMPLE,dc=COM +# The attribute the group name is stored in +ldap_group_title_attr: cn +# The value of the group objectclass attribute, leave it as "" if objectclass attr doesn't exist +ldap_group_objectclass_attr: groupOfNames + +# if set to false, the API will only fake writes to backend (useful in testing) +# global_write_through: true + +# see http://colszowka.heroku.com/2011/02/22/setting-up-your-custom-hoptoad-notifier-endpoint-for-free-using-errbit-on-heroku +#errbit_api_key: api_key_of_your_app +#errbit_host: installation.of.errbit.com diff --git a/devobsserver/root/srv/www/obs/webui/config/options.yml b/devobsserver/root/srv/www/obs/webui/config/options.yml new file mode 100755 index 0000000..3ec0c15 --- /dev/null +++ b/devobsserver/root/srv/www/obs/webui/config/options.yml @@ -0,0 +1,101 @@ +# Config options for the buildservice webclient +version: 1.0 + +# change this option to use a customized theme. See README.theme +theme: neutral +# this is build.opensuse.org's theme +#theme: bento + +# Set this when the webclient runs from a subdirectory +#relative_url_root: /stage + +# Set this when the api runs from a subdirectory +#api_relative_url_root: /stage + +# Use static.opensuse.org for static style content +#use_static: build.o.o + +# Download base URL of published binaries +download_url: http://localhost:82 + +# Bugzilla link url for creating bugreports for projects or packages +#bugzilla_host: http://bugzilla.myproject.org + +# Hide private options in webui, like source or binary protection +# hide_private_options: true + +# Make use of mod_xforward module in apache +use_xforward: true + +# make use of http://blog.lighttpd.net/articles/2006/07/22/x-sendfiles-new-friend-x-rewrite +# note that you need to enable the proxy-core option to allow this +#use_lighttpd_x_rewrite: true + +# Show option to change password (not possible if passwords are controlled by proxy) +change_passwd: :on + +# if your users access the hosts through a proxy (or just a different name, use this to +# overwrite the settings for users) +#external_frontend_host: api.opensuse.org +#external_frontend_port: 443 +#external_frontend_protocol: https + +# used for redirects after login +#external_webui_host: build.opensuse.org +#external_webui_protocol: https + +# if the api runs against ldap (:on && :off) +#frontend_ldap_mode: :on + +# enable gravatar icons in webui. This contacts www.gravatar.com and may tell the email adresses +# of your users if they are registered there. +#use_gravatar: :off + +# Use this http_proxy (currently only used to download garavatar images) +#http_proxy: + +# hostname of API +frontend_host: "localhost" +# port of API +frontend_port: 81 +frontend_protocol: "http" + +# Do not show options to make projects private +#hide_private_options: true + +# old name for proxy_auth_mode +#ichain_mode: :off +# old name for proxy_auth_test_user +#ichain_test_user + +proxy_auth_mode: :off +#proxy_auth_host: https://build.opensuse.org +#proxy_auth_login_page: https://build.opensuse.org/ICSLogin +#proxy_auth_logout_page: /cmd/ICSLogout +#proxy_auth_register_page: https://en.opensuse.org/ICSLogin +#proxy_auth_account_page: https://en.opensuse.org/ICSAccount + +# use those to fake ichain against the API +#proxy_auth_test_email: coolguy@example.com +#proxy_auth_test_user: coolguy + +# see http://colszowka.heroku.com/2011/02/22/setting-up-your-custom-hoptoad-notifier-endpoint-for-free-using-errbit-on-heroku +#errbit_api_key: api_key_of_your_app +#errbit_host: installation.of.errbit.com + +# Your sponsors +sponsors: + - name: "SUSE" + description: "Enterprise Linux you can rely on." + icon: "sponsor_suse" + url: "http://www.suse.com" + - name: "Open Build Service" + description: "A generic system to build and distribute software" + icon: "sponsor_obs" + url: "http://openbuildservice.org" + +# If you have any extra feeds you want to link to in the news section +# add them there. +#feeds: +# - name: 'Commits in openSUSE:Factory' +# url: 'https://hermes.opensuse.org/feeds/25549.rdf' diff --git a/devobsserver/root/usr/lib/obs/server/BSConfig.pm b/devobsserver/root/usr/lib/obs/server/BSConfig.pm new file mode 100755 index 0000000..c09aae3 --- /dev/null +++ b/devobsserver/root/usr/lib/obs/server/BSConfig.pm @@ -0,0 +1,198 @@ +# +# Copyright (c) 2006, 2007 Michael Schroeder, Novell Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program (see the file COPYING); if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA +# +################################################################ +# +# Open Build Service Configuration +# + +package BSConfig; + +use Net::Domain; +use Socket; + +my $hostname = Net::Domain::hostfqdn() || 'localhost'; +# IP corresponding to hostname (only used for $ipaccess); fallback to localhost since inet_aton may fail to resolve at shutdown. +my $ip = quotemeta inet_ntoa(inet_aton($hostname) || inet_aton("localhost")); + +my $frontend = undef; # FQDN of the WebUI/API server if it's not $hostname + +# If defined, restrict access to the backend servers (bs_repserver, bs_srcserver, bs_service) +our $ipaccess = { + '172\..*' => 'rw', # only local docker ip + '127\..*' => 'rw', # only the localhost can write to the backend + "^$ip" => 'rw', # Permit IP of FQDN + '.*' => 'worker', # build results can be delivered from any client in the network +}; + +# IP of the WebUI/API Server (only used for $ipaccess) +if ($frontend) { + my $frontendip = quotemeta inet_ntoa(inet_aton($frontend) || inet_aton("localhost")); + $ipaccess->{$frontendip} = 'rw' ; # in dotted.quad format +} + +our $obsname = $hostname; # unique identifier for this Build Service instance +# Change also the SLP reg files in /etc/slp.reg.d/ when you touch hostname or port +our $srcserver = "http://$hostname:5352"; +our $reposerver = "http://$hostname:5252"; +our $serviceserver = "http://$hostname:5152"; +our $servicedir = "/usr/lib/obs/service/"; +#our $servicetempdir = "/var/temp/"; +#our $serviceroot = "/opt/obs/MyServiceSystem"; + +#our $gpg_standard_key = "/etc/obs-default-gpg.asc"; +# public download service: +our $repodownload = "http://$hostname:82"; +# optional notification service: +#our $hermesserver = "http://$hostname/hermes"; +#our $hermesnamespace = "OBS"; +# +# Notification Plugin, multiple plugins supported, separated by space +#our $notification_plugin = "notify_hermes notify_rabbitmq"; +# +#FIXME2.4 belongs in API +# Does the notify plugin supports multiple actions? +# Hermes doesn't, BOSS does. +#our $multiaction_notify_support = 0 + +# For the workers only, it is possible to define multiple repository servers here. +# But only one source server is possible yet. +our @reposervers = ("http://$hostname:5252"); + +# proxy support: +#our $proxy = "http(s)://<user:pass>\@<host>:<port>"; + +# Curl-like interpretation for noproxy, i.e. each name in $noproxy is either +# a domain containing the hostname or the hostname itself. +# Example: host.com matches host.com, www.host.com etc but not www.myhost.com +#our $noproxy = "localhost, 127.0.0.1"; + +# Package defaults +our $bsdir = '/srv/obs'; +our $bsuser = 'obsrun'; +our $bsgroup = 'obsrun'; +#our $bsquotafile = '/srv/obs/quota.xml'; + +# Use asynchronus scheduler. This avoids hanging schedulers on remote projects, +# when the network is slow or broken. This will become the default in future +our $sched_asyncmode = 1; + +# Define how the scheduler does a cold start. The default (0) is to request the +# data for all packages, (1) means that only the non-remote packages are fetched, +# (2) means that all of the package data fetches get delayed. +# our $sched_startupmode = 0; + +# To enable package downloading from backend on demand +our $enable_download_on_demand = 1; + +# Disable fdatasync calls, increases the speed, but may lead to data +# corruption on system crash when the filesystem does not guarantees +# data write before rename. +# It is esp. required on XFS filesystem. +# It is safe to be disabled on ext4 and btrfs filesystems. +#our $disable_data_sync = 1; + +# Package rc script / backend communication + log files +our $rundir = "$bsdir/run"; +our $logdir = "$bsdir/log"; + +# optional for non-acl systems, should be set for access control +# 0: trees are shared between projects (built-in default) +# 1: trees are not shared (only usable for new installations) +# 2: new trees are not shared, in case of a missing tree the shared +# location is also tried (package default) +our $nosharedtrees = 2; + +# optional: limit visibility of projects for some architectures +#our $limit_projects = { +# "ppc" => [ "openSUSE:Factory", "FATE" ], +# "ppc64" => [ "openSUSE:Factory", "FATE" ], +#}; + +# optional: allow seperation of releasnumber syncing per architecture +# one counter pool for all ppc architectures, one for i586/x86_64, +# arm archs are seperated and one for the rest in this example +our $relsync_pool = { + "local" => "local", + "i586" => "i586", + "x86_64" => "i586", + "ppc" => "ppc", + "ppc64" => "ppc", + "mips" => "mips", + "mips64" => "mips", + "mipsel" => "mipsel", + "mips64el" => "mipsel", + "aarch64" => "arm", + "armv4l" => "arm", + "armv5l" => "arm", + "armv6l" => "arm", + "armv7l" => "arm", + "armv7hl" => "arm", + "armv5el" => "armv5el", # they do not exist + "armv6el" => "armv6el", + "armv7el" => "armv7el", + "armv8el" => "armv8el", + "sparcv9" => "sparcv9", + "sparc64" => "sparcv9", +}; + +# List of power hosts that can handle power jobs for the sake of +# building critical packages fast. +#our $powerhosts = ["build20"]; + +# List of power packages that can be built on power hosts +#our $powerpkgs = [ "glibc", "qt" ] + +#No extra stage server sync +#our $stageserver = 'rsync://127.0.0.1/put-repos-main'; +#our $stageserver_sync = 'rsync://127.0.0.1/trigger-repos-sync'; + +#No public download server +#our $repodownload = 'http://software.opensuse.org/download/repositories'; + +#No package signing server +#our $sign = '/usr/bin/sign'; +#Extend sign call with project name as argument "--project $NAME" +#our $sign_project = 1; +#Global sign key +#our $keyfile = '/srv/obs/openSUSE-Build-Service.asc'; +#Create a key by default for new projects, if top level have not one +#our $forceprojectkeys = 1; + +# Use a special local arch for product building +# our $localarch = "x86_64"; + +# config options for the bs_worker +# +# run a script to check if the worker is good enough for the job +#our workerhostcheck = 'my_check_script'; +# +# Allow to build as root, exceptions per package +# the keys are actually anchored regexes +# our $norootexceptions = { "my_project/my_package" => 1, "openSUSE:Factory.*/installation-images" => 1 }; + +# Use old style source service handling +# our $old_style_services = 1; + +# host specific configs +my $hostconfig = "bsconfig." . Net::Domain::hostname(); +if(-r $hostconfig) { + print "reading $hostconfig...\n"; + require $hostconfig; +} + +1; diff --git a/devobsserver/script/ca.sh b/devobsserver/script/ca.sh new file mode 100755 index 0000000..a9c9fe9 --- /dev/null +++ b/devobsserver/script/ca.sh @@ -0,0 +1,64 @@ +#!/bin/sh +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== + +echo "HOSTNAME:"$HOSTNAME + +if [ ! -z "$1" ] +then + outputfolder=$1 +else + outputfolder="/srv/obs/certs" +fi + +if [ ! -e "$outputfolder" ] +then + mkdir -p $outputfolder +fi + +if [ ! -z "$SSL_SUBJECT" ] +then + subject=$SSL_SUBJECT +else + subject="/CN="$HOSTNAME +fi + +cd $outputfolder + +if [ -e server.pem ] +then + exit +fi + +echo "Certs start!!!" +echo $subject +touch .rnd +export RANDFILE=.rnd + +openssl genrsa -out server.key 1024 + +echo "openssl req -subj "$subject" -new -key server.key -out server.csr" +openssl req -subj "$subject" -new -key server.key -out server.csr + +echo "openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt" +openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt + +echo "copy server.pem to /etc/ssl/certs" +cat server.key server.crt > server.pem + +cp server.pem /etc/ssl/certs/ + +c_rehash /etc/ssl/certs/ + +echo "Certs end!!!" diff --git a/devobsserver/script/db.sh b/devobsserver/script/db.sh new file mode 100755 index 0000000..bdf6806 --- /dev/null +++ b/devobsserver/script/db.sh @@ -0,0 +1,24 @@ +#!/bin/bash +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== +set -e + +if [ ! -e "/var/lib/mysql/$MYSQL_API_DATABASE/users.frm" ] +then + echo "webui , api DB Rake~~~~start" + RAILS_ENV="production" rake -f /srv/www/obs/webui/Rakefile db:setup + RAILS_ENV="production" rake -f /srv/www/obs/api/Rakefile db:setup + echo "webui , api DB Rake~~~~end" +fi +# diff --git a/devobsserver/script/initdb.sh b/devobsserver/script/initdb.sh new file mode 100755 index 0000000..1ec2e5d --- /dev/null +++ b/devobsserver/script/initdb.sh @@ -0,0 +1,54 @@ +#!/bin/bash +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== +set -e + +echo "initdb.sh start" + +if [[ ! -d $MYSQL_DATA_DIR_DEFAULT/$MYSQL_API_DATABASE ]]; then + if [ -z "$MYSQL_ROOT_PASSWORD" ]; then + echo >&2 'error: database is uninitialized and MYSQL_ROOT_PASSWORD not set' + echo >&2 ' Did you forget to add -e MYSQL_ROOT_PASSWORD=... ?' + exit 1 + fi + + /usr/sbin/rcmysql start + # Allow some time for the service to start + sleep 5 + + echo "create database start" + + echo "change root password" + mysql -u root <<-EOFMYSQL + DELETE FROM mysql.user ; + CREATE USER 'root'@'%' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ; + GRANT ALL ON *.* TO 'root'@'%' WITH GRANT OPTION ; + DROP DATABASE IF EXISTS test ; + CREATE DATABASE IF NOT EXISTS $MYSQL_API_DATABASE ; + CREATE DATABASE IF NOT EXISTS $MYSQL_WEBUI_DATABASE ; + CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ; + CREATE USER '$MYSQL_USER'@'localhost' IDENTIFIED BY '$MYSQL_PASSWORD' ; + GRANT ALL ON $MYSQL_API_DATABASE.* TO '$MYSQL_USER'@'%','$MYSQL_USER'@'localhost' ; + GRANT ALL ON $MYSQL_WEBUI_DATABASE.* TO '$MYSQL_USER'@'%','$MYSQL_USER'@'localhost' ; + FLUSH PRIVILEGES ; + EOFMYSQL + echo "create database end" + /usr/sbin/rcmysql stop + # Allow some time for the service to start + sleep 5 +fi + +chown -R mysql:mysql /var/lib/mysql + +echo "initdb.sh end" diff --git a/devobsserver/script/obsservice.sh b/devobsserver/script/obsservice.sh new file mode 100755 index 0000000..1a3cd99 --- /dev/null +++ b/devobsserver/script/obsservice.sh @@ -0,0 +1,49 @@ +#!/bin/bash +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== +status () { + echo "---> ${@}" >&2 +} + +##[program:rcobsrepserver] +/usr/sbin/rcobsrepserver start +status "rcobsrepserver start" +#sleep 1 +##[program:rcobssrcserver] +/usr/sbin/rcobssrcserver start +status "rcobssrcserver start" +#sleep 1 +##[program:rcobsscheduler] +/usr/sbin/rcobsscheduler start +status "rcobsscheduler start" +#sleep 1 +##[program:rcobsdispatcher] +/usr/sbin/rcobsdispatcher start +status "rcobsdispatcher start" +#sleep 1 +##[program:rcobspublisher] +/usr/sbin/rcobspublisher start +status "rcobspublisher start" +#sleep 1 +##[program:rcobsapidelayed] +/usr/sbin/rcobsapidelayed start +status "rcobsapidelayed start" +#sleep 1 +##[program:rcobsservice] +/usr/sbin/rcobsservice start +status "rcobsservice start" +#sleep 1 + +chown -R wwwrun:www /srv/www/obs/api/log/ +chown -R wwwrun:www /srv/www/obs/webui/log/ diff --git a/devobsserver/script/repos.sh b/devobsserver/script/repos.sh new file mode 100755 index 0000000..2d3ae3d --- /dev/null +++ b/devobsserver/script/repos.sh @@ -0,0 +1,39 @@ +#!/bin/sh +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== + +status () { + echo "---> ${@}" >&2 +} + +if [ ! -e /srv/obs/docker_bootstrapped ]; then + if [ ! -z "$1" ];then + reposfolder=$1 + else + reposfolder="/srv/obs/repos" + fi + + if [ ! -e "$reposfolder" ];then + mkdir -p $reposfolder + fi + + status "chown for first run" + chown -R obsrun:obsrun /srv/obs/ + chown -R wwwrun:www /srv/www/obs/api/ + chown -R wwwrun:www /srv/www/obs/webui/ + + touch /srv/obs/docker_bootstrapped +else + status "found docker_bootstrapped" +fi diff --git a/devobsserver/script/restart_obs.sh b/devobsserver/script/restart_obs.sh new file mode 100755 index 0000000..8439454 --- /dev/null +++ b/devobsserver/script/restart_obs.sh @@ -0,0 +1,61 @@ +#!/bin/bash +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== +status () { + echo "---> ${@}" >&2 +} + +rcapache2 stop +status "rcapache2 stop" +rcobsapidelayed stop +status "rcobsapidelayed stop" +rcobspublisher stop +status "rcobspublisher stop" +rcobsdispatcher stop +status "rcobsdispatcher stop" +rcobsscheduler stop +status "rcobsscheduler stop" +rcobssrcserver stop +status "rcobssrcserver stop" +rcobsrepserver stop +status "rcobsrepserver stop" +rcobsservice stop +status "rcobsservice stop" +rcobswarden stop +status "rcobswarden stop" +rcmysql stop +status "rcmysql stop" + +sleep 5 + +rcmysql start +status "rcmysql start" +rcobswarden start +status "rcobswarden start" +rcobsservice start +status "rcobsservice start" +rcobsrepserver start +status "rcobsrepserver start" +rcobssrcserver start +status "rcobssrcserver start" +rcobsscheduler start +status "rcobsscheduler start" +rcobsdispatcher start +status "rcobsdispatcher start" +rcobspublisher start +status "rcobspublisher start" +rcapache2 start +status "rcapache2 start" +rcobsapidelayed start +status "rcobsapidelayed start" diff --git a/devobsserver/script/rsync.sh b/devobsserver/script/rsync.sh new file mode 100755 index 0000000..5b8a402 --- /dev/null +++ b/devobsserver/script/rsync.sh @@ -0,0 +1,43 @@ +#!/bin/bash -x +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== +### ADD PERMISSION TO KVM #### +RSYNC_HOST_ALLOWS=${RSYNC_HOST_ALLOWS:-*} + +[ -f /etc/rsyncd.conf ] || cat <<EOF > /etc/rsyncd.conf +gid = nobody +read only = true +use chroot = true +transfer logging = false +log format = %h %o %f %l %b +log file = /var/log/rsyncd.log +#pid file = /var/run/rsyncd.pid +slp refresh = 300 +use slp = false + +[_build_R_] + path = /srv/obs/build + comment = "get build log to directory" + uid = obsrun + gid = obsrun + read only = true + use chroot = true + hosts allow = ${RSYNC_HOST_ALLOWS} + list = false + incoming chmod = a=r,D+x +EOF + + + + diff --git a/devobsserver/script/startup.sh b/devobsserver/script/startup.sh new file mode 100755 index 0000000..dcb4fce --- /dev/null +++ b/devobsserver/script/startup.sh @@ -0,0 +1,32 @@ +#!/bin/bash -x +#=============================================================================== +# Copyright (c) 2014-2015 Samsung Electronics Co., Ltd. +# Author onstudy@samsung.com +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; version 2 of the License +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the GNU General Public License for more details. +#=============================================================================== + +# init database +/srv/script/initdb.sh + +#generate SSL CA +/srv/script/ca.sh + +#generate repos folder +/srv/script/repos.sh + +#rake db +/srv/script/db.sh + +#rsync +/srv/script/rsync.sh + +# start daemon +/usr/bin/supervisord -n diff --git a/devobsserver/supervisor/python-meld3-1.0.0-1.1.noarch.rpm b/devobsserver/supervisor/python-meld3-1.0.0-1.1.noarch.rpm Binary files differnew file mode 100755 index 0000000..ac9c357 --- /dev/null +++ b/devobsserver/supervisor/python-meld3-1.0.0-1.1.noarch.rpm diff --git a/devobsserver/supervisor/supervisor-3.1.3-1.1.noarch.rpm b/devobsserver/supervisor/supervisor-3.1.3-1.1.noarch.rpm Binary files differnew file mode 100755 index 0000000..b72b3c2 --- /dev/null +++ b/devobsserver/supervisor/supervisor-3.1.3-1.1.noarch.rpm diff --git a/devobsserver/supervisor/supervisord.conf b/devobsserver/supervisor/supervisord.conf new file mode 100755 index 0000000..a942c8d --- /dev/null +++ b/devobsserver/supervisor/supervisord.conf @@ -0,0 +1,25 @@ +[supervisord] +nodaemon=true +;pidfile=/var/run/supervisord.pid +;logfile=/var/log/supervisor/supervisord.log + +[program:memcached] +command=/usr/sbin/memcached -v -l 127.0.0.1 -u nobody + +[program:obsservice] +command=/srv/script/obsservice.sh + +[program:rsyncd] +command=service rsyncd restart + +[program:apache2rc] +command=/usr/sbin/rcapache2 start + +#[program:apache2d] +#command=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k start + +[program:rccron] +command=/usr/sbin/rccron start + +[program:rcmysql] +command=/usr/sbin/rcmysql start |
