OBS

From Tizen Wiki
Jump to: navigation, search

Template:Db-g7 The Open Build Service (OBS) consists of servers and workers.
All OBS servers can be installed either in one computer (all-in-one installation) or throughout several computers (distributed installation).
It is recommended for OBS workers to be installed on different computers from the computers in which OBS servers are installed.


OBS 2.4 (on openSUSE 12.3)

Let's become a super user

$ sudo su


Add zypper repositories

# zypper ar -f http://download.opensuse.org/repositories/OBS:/Server:/2.4/openSUSE_12.3/OBS:Server:2.4.repo
# zypper ar -Gf -t rpm-md -n "Tizen Services (openSUSE_12.3)" http://download.tizen.org/services/latest-release/openSUSE_12.3 tizen-services
# zypper ar -Gf -t rpm-md -n "Tizen Tools (openSUSE_12.3)" http://download.tizen.org/tools/latest-release/openSUSE_12.3 tizen-tools
# zypper refresh


Install Servers (All-in-one Installation)

  Install MySQL (MariaDB)

# zypper install mariadb
# systemctl start MySQL
# mysql_secure_installation

······
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

······
Enter current password for root (enter for none): Enter
OK, successfully used password, moving on...

······
Set root password? [Y/n] Y
New password: dbpasswd
Re-enter new password: dbpasswd
······
 ... Success!

······
Remove anonymous users? [Y/n] Y
 ... Success!

······
Disallow root login remotely? [Y/n] Y
 ... Success!

······
Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

······
Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!


  Install Apache2 and PHP5

# zypper install apache2
# zypper install php5 php5-gd php5-gettext php5-mbstring php5-mysql php5-pear php5-suhosin apache2-mod_php5 php5-bcmath php5-bz2 php5-calendar php5-curl php5-ftp php5-gmp php5-imap php5-ldap php5-mcrypt php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sysvsem php5-wddx php5-xmlrpc php5-xsl php5-exif php5-fastcgi php5-sysvmsg php5-sysvshm


  Install OBS server packages

# zypper install obs-server
# zypper install obs-api
# zypper install obs-utils
# zypper install obs-source_service


  Make repository directory

# mkdir /srv/obs/repos
# chown obsrun:obsrun /srv/obs/repos


  Modify BSConfig.pm file

# vi /usr/lib/obs/server/BSConfig.pm

······
#our $repodownload = "http://$hostname/repositories";
our $repodownload = "http://$hostname:82";
······


  Set up {api,webui} databases

# mysql -u root -p

/* Create empty databases */
mysql> create database api_production;
mysql> create database webui_production;
/* Create new account obs with password obspassword */
mysql> create user 'obs'@'%' identified by 'obspassword';
mysql> create user 'obs'@'localhost' identified by 'obspassword';
/* Configure permissions */
mysql> GRANT all privileges ON api_production.* TO 'obs'@'%', 'obs'@'localhost';
mysql> GRANT all privileges ON webui_production.* TO 'obs'@'%', 'obs'@'localhost';
mysql> FLUSH PRIVILEGES;
/* Exit MySQL */
mysql> exit


  Modify database.yml files

    API

# vi /srv/www/obs/api/config/database.yml

······
production:
  adapter: mysql2
  database: api_production
  username: rootobs
  password: opensuseobspassword
  encoding: utf8
······


    WebUI

# vi /srv/www/obs/webui/config/database.yml

······
production:
  adapter: mysql2
  database: webui_production
  username: rootobs
  password: opensuseobspassword
  encoding: utf8
······


  Populate databases

    API

# cd /srv/www/obs/api
# RAILS_ENV="production" rake db:setup


    WebUI

# cd /srv/www/obs/webui
# RAILS_ENV="production" rake db:setup


  Modify {api,webui} options.yml files

    API

# vi /srv/www/obs/api/config/options.yml

······
#use_xforward: true
use_xforward: true
······
#source_host: localhost
source_host: 'xxx.xxx.xxx.xxx' ## IP address of the SRC server
······


    WebUI

# vi /srv/www/obs/webui/config/options.yml

······
#download_url: http://myhost:82/
download_url: http://xxx.xxx.xxx.xxx:82/ ## IP address of the REPO server
······
#use_xforward: true
use_xforward: true
······
#frontend_host: api.opensuse.org
frontend_host: "xxx.xxx.xxx.xxx" ## IP address of the FRONTEND server (API/WebUI server)
······
#frontend_port: 443
frontend_port: 81
······
#frontend_protocol: https
frontend_protocol: http
······


  Set up Apache2 for WebUI

    Edit /etc/sysconfig/apache2 file

# vi /etc/sysconfig/apache2

······
APACHE_MODULES="······ passenger rewrite proxy proxy_http xforward headers status"
······
APACHE_SERVER_FLAGS="-DSSL"
······


    Generate SSL certificate if necessary

# mkdir /srv/obs/certs
# chown obsrun:obsrun /srv/obs/certs
# cd /srv/obs/certs
# openssl genrsa -out server.key 1024
# openssl req -new -key server.key -out server.csr

······
Country Name (2 letter code) [AU]: Enter
State or Province Name (full name) [Some-State]: Enter
Locality Name (eg, city) []: Enter
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Enter
Organizational Unit Name (eg, section) []: Enter
Common Name (e.g. server FQDN or YOUR name) []: Enter
Email Address []: Enter
······
A challenge password []: Enter
An optional company name []: Enter

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# cat server.key server.crt > server.pem
# cp server.pem /etc/ssl/certs/
# c_rehash /etc/ssl/certs/


    Edit httpd.conf file

# vi /etc/apache2/httpd.conf

······
#Include /etc/apache2/listen.conf
······


    Edit obs.conf file

# vi /etc/apache2/vhosts.d/obs.conf

Listen 80
Listen 81
Listen 82
Listen 443
Listen 444

······
<VirtualHost *:80>
    # just give an overview about this OBS instance via static web page
    DocumentRoot "/srv/www/obs/overview"

    <Directory /srv/www/obs/overview>
        Options Indexes
        Allow from all
    </Directory>
</VirtualHost>
······
<VirtualHost *:82>
    # The resulting repositories
    DocumentRoot "/srv/obs/repos"

    <Directory /srv/obs/repos>
        Options Indexes FollowSymLinks
        Allow from all
    </Directory>
</VirtualHost>

# OBS WEB interface
<VirtualHost *:80>
    ServerName webui

    DocumentRoot "/srv/www/obs/webui/public"
    ErrorLog /srv/www/obs/webui/log/apache_error_log
    TransferLog /srv/www/obs/webui/log/apache_access_log

    PassengerPreStart http://build

    <Directory /srv/www/obs/webui/public>
        AllowOverride all
        Options -MultiViews +FollowSymLinks
        XForward on
        Allow from all
    </Directory>

    <Location /server-status>
        SetHandler server-status
        Order Deny,Allow
        Deny from all
        Allow from xxx.xxx.xxx.xxx # IP address of the manager
    </Location>
</VirtualHost>

# OBS API
<VirtualHost *:81>
    ServerName api

    DocumentRoot "/srv/www/obs/api/public"
    ErrorLog /srv/www/obs/api/log/apache_error_log
    TransferLog /srv/www/obs/api/log/apache_access_log

    PassengerMinInstances 2
    PassengerPreStart http://api:81

        <Directory /srv/www/obs/api/public>
        AllowOverride all
        Options -MultiViews
        XForward on
        Allow from all
    </Directory>
</VirtualHost>

# Build Results
<VirtualHost *:82>
    ServerName rep

    # The resulting repositories
    DocumentRoot "/srv/obs/repos"

    <Directory /srv>
        Options FollowSymLinks
    </Directory>

    <Directory /srv/obs/repos>
    Options Indexes FollowSymLinks
    Allow from all
    </Directory>
</VirtualHost>


  Start OBS services

# systemctl start obsrepserver obssrcserver obsservice obsscheduler obsdispatcher obspublisher apache2 obsapidelayed memcached


  Test OBS server installation

Browse to http://xxx.xxx.xxx.xxx with your web browser (xxx.xxx.xxx.xxx = IP address of the OBS server)
  • The default username/password is Admin/opensuse.
  • Admin user should be able to create a new project in the List of "All Projects -> Create a new project" and filling in a project name, title and description.


  Register OBS server services

# chkconfig -a mysql obsrepserver obssrcserver obsservice obsscheduler obsdispatcher obspublisher apache2 obsapidelayed memcached


  Change owner/group of api and webui directories

# chown -R wwwrun:www /srv/www/obs/{api,webui}


  Set up firewall

YaST --> Security and Users --> Firewall --> Allowed Services

MySQL Server
HTTP Server
HTTPS Server


  Add TCP ports for OBS services

YaST --> Security and Users --> Firewall --> Allowed Services --> Advanced... --> TCP Ports

5152 5252 5352 81 82 444


  Reboot OBS server

# reboot


Install Workers

OBS 2.5 (on openSUSE 13.1)

  • Zypper repositories
  • All-in-one server
  • Distributed servers
  • Workers