OBS 2.4 All-in-One Server

From Tizen Wiki
Jump to: navigation, search


Add zypper repositories

Refer to the "OBS 2.4 Zypper Repositories" page.



Install All-in-One Server

Make HOME directory for OBS (if necessary)

If the disk drive for the OBS base directory (e.g. /srv/obs) does not have sufficient space for OBS,
it is recommended for you to prepare a new disk drive to be mounted to /srv.
# vi /etc/fstab
   ......
   # Example definition of a new mount point to /srv
   /dev/sdb    /srv    ext4    acl,user_xattr    1 1
   ......
# cd /
# mv srv srv.old
# mkdir srv
# mount srv
# mv srv.old/* srv
# rmdir srv.old


Install MySQL (MariaDB)

    Install MySQL packages

# zypper install mariadb


    Change default MySQL data directory

# mkdir -p /srv/mysql
# vi /etc/my.cnf

······
datadir = /var/lib/mysql/srv/mysql
······


    Start MySQL service

# systemctl start mysql


    Initialize MySQL

# mysql_secure_installation

······
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

······
Enter current password for root (enter for none): Enter
OK, successfully used password, moving on...

······
Set root password? [Y/n] Y
New password: opensuse
Re-enter new password: opensuse
······
 ... Success!

······
Remove anonymous users? [Y/n] Y
 ... Success!

······
Disallow root login remotely? [Y/n] Y
 ... Success!

······
Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

······
Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!


Install Apache2

    Install apache2 package

# zypper install apache2


    Set up server name for apache2 service

# vi /etc/sysconfig/apache2

······
APACHE_SERVERNAME="xxx.xxx.xxx.xxx"    ## FQDN, IP address, or short hostname of the OBS server
······


Install PHP5

# zypper install php5 php5-gd php5-gettext php5-mbstring php5-mysql php5-pear php5-suhosin apache2-mod_php5 php5-bcmath php5-bz2 php5-calendar php5-curl php5-ftp php5-gmp php5-imap php5-ldap php5-mcrypt php5-odbc php5-openssl php5-pcntl php5-pgsql php5-posix php5-shmop php5-snmp php5-soap php5-sockets php5-sysvsem php5-wddx php5-xmlrpc php5-xsl php5-exif php5-fastcgi php5-sysvmsg php5-sysvshm


Install BUILD packages

# zypper install build build-mkbaselibs build-mkdrpms
# zypper install build-initvm-i586-20131112-7.1 build-initvm-x86_64-20131112-7.1


Install OBS packages

    Install OBS service packages

# zypper install obs-server
# zypper install obs-api apache2-mod_xforward rubygem-passenger-apache2 memcached
# zypper install obs-utils
# zypper install obs-source_service obs-service-download_files obs-service-tar_scm


    Install GBS service packages (only for Tizen)

# zypper install obs-service-gbs obs-service-git-buildpackage
# zypper install librpm-tizen


Modify OBS account

# vi /etc/passwd

······
obsrun:x:489:487:User for build service backend:/usr/lib/obs:/bin/false/bin/bash
······

† This is for OBS shell scripts to be executed by the OBS account.


Configure OBS services

# vi /etc/obs/services/download_files

······
#CACHEDIRECTORY="/var/cache/obs/download_files/"
CACHEDIRECTORY="/var/cache/obs/download_files/"
······

# mkdir -p /var/cache/obs/tar_scm
# mkdir -p /var/cache/obs/tar_scm/repo{,url}
# mkdir -p /var/cache/obs/tar_scm/incoming
# vi /etc/obs/services/tar_scm

······
#CACHEDIRECTORY="/var/cache/obs/tar_scm"
CACHEDIRECTORY="/var/cache/obs/tar_scm"
······

# mkdir -p /var/cache/obs/gbp-repos
# vi /etc/obs/services/gbs

······
#repo-cache-dir = /var/cache/obs/git-buildpackage-repos/
repo-cache-dir = /var/cache/obs/gbp-repos/
······

# chown -R obsrun:obsrun /var/cache/obs/*


Set owner of OBS HOME directory (if necessary)

This step is necessary only if the OBS base directory (e.g. /srv/obs) is linked to a separated OBS home directory (e.g. /home/obs).
# chown obsrun:obsrun /home/obs
# chown -h obsrun:obsrun /srv/obs


Modify BSConfig.pm file

# vi /usr/lib/obs/server/BSConfig.pm

······
#our $repodownload = "http://$hostname/repositories";
our $repodownload = "http://$hostname:82";
······


Create OBS databases

# mysql -u root -p

/* Create empty databases */
mysql> create database api_production;
mysql> create database webui_production;
/* Create new account obs with password obspassword */
mysql> create user 'obs'@'%' identified by 'obspassword';
mysql> create user 'obs'@'localhost' identified by 'obspassword';
/* Configure permissions */
mysql> GRANT all privileges ON api_production.* TO 'obs'@'%', 'obs'@'localhost';
mysql> GRANT all privileges ON webui_production.* TO 'obs'@'%', 'obs'@'localhost';
mysql> FLUSH PRIVILEGES;
/* Exit MySQL */
mysql> exit


Modify {api,webui} database.yml files

    API

# vi /srv/www/obs/api/config/database.yml

······
production:
  adapter: mysql2
  database: api_production
  username: rootobs    ## The user name in the step of "Create OBS databases"
  password: opensuseobspassword    ## The password in the step of "Create OBS databases"
  encoding: utf8
······


    WebUI

# vi /srv/www/obs/webui/config/database.yml

······
production:
  adapter: mysql2
  database: webui_production
  username: rootobs    ## The user name in the step of "Create OBS databases"
  password: opensuseobspassword    ## The password in the step of "Create OBS databases"
  encoding: utf8
······


Populate {api,webui}_production databases

    API

# cd /srv/www/obs/api
# RAILS_ENV="production" rake db:setup
# mkdir log tmp
# chown -R wwwrun:www log tmp


    WebUI

# cd /srv/www/obs/webui
# RAILS_ENV="production" rake db:setup
# mkdir log tmp
# chown -R wwwrun:www log tmp


Modify {api,webui} options.yml files

    API

# vi /srv/www/obs/api/config/options.yml

······
#use_xforward: true
use_xforward: true
······


    WebUI

# vi /srv/www/obs/webui/config/options.yml

······
## Use FQDN of the OBS server, only if the FQDN can be resolved by DNS,
## or use the IP address of the OBS server
#download_url: http://myhost:82/
download_url: http://xxx.xxx.xxx.xxx:82
······
#use_xforward: true
use_xforward: true
······
#use_gravatar: :off
use_gravatar: :off
······
## Use FQDN of the OBS server, only if the FQDN can be resolved by DNS,
## or use the IP address of the OBS server
#frontend_host: api.opensuse.org
frontend_host: "xxx.xxx.xxx.xxx"
······
## If the HTTP protocol must be used for OBS API service instead of HTTPS, the port number for API should be 81.
#frontend_port: 443
#frontend_protocol: https
frontend_port: 81
frontend_protocol: http
······


Configure Apache2

    Edit /etc/sysconfig/apache2 file

# vi /etc/sysconfig/apache2

······
APACHE_MODULES="······ passenger rewrite proxy proxy_http xforward headers"
······
APACHE_SERVER_FLAGS="SSL"    ## Enable SSL if it is necessary.
······


    Generate SSL certificate (only if HTTPS is used)

# mkdir -p /srv/www/certs
# cd /srv/www/certs
# openssl genrsa -out obs.key 1024
# openssl req -new -key obs.key -out obs.csr

······
Country Name (2 letter code) [AU]: KR
State or Province Name (full name) [Some-State]: Gyeonggi-do
Locality Name (eg, city) []: Suwon
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Samsung Electronics
Organizational Unit Name (eg, section) []: SWC
Common Name (e.g. server FQDN or YOUR name) []: build.pilot.tizen.org
Email Address []: Enter
······
A challenge password []: Enter
An optional company name []: Enter

"Common Name" must be specified with FQDN or IP address.
# openssl x509 -req -days 3650 -in obs.csr -signkey obs.key -out obs.crt
# cat obs.key obs.crt > obs.pem
# cp obs.pem /etc/ssl/certs
# c_rehash /etc/ssl/certs


    Edit httpd.conf file

# vi /etc/apache2/httpd.conf

······
#Include /etc/apache2/listen.conf
······


Prepare LOG directories

# mkdir -p /var/log/obs/{www,api}


Make repository directory

# mkdir /srv/obs/repos
# chown obsrun:obsrun /srv/obs/repos


Configure virtual hosts for OBS

# cp /etc/apache2/vhosts.d/obs.conf /etc/apache2/vhosts.d/obs.conf.orig
# vi /etc/apache2/vhosts.d/obs.conf

Listen 80
Listen 81
Listen 82
Listen 443
Listen 444

······
<VirtualHost *:80>
    # just give an overview about this OBS instance via static web page
    DocumentRoot "/srv/www/obs/overview"

    <Directory /srv/www/obs/overview>
        Options Indexes
        Allow from all
    </Directory>
</VirtualHost>
······
<VirtualHost *:82>
    # The resulting repositories
    DocumentRoot "/srv/obs/repos"

    <Directory /srv/obs/repos>
        Options Indexes FollowSymLinks
        Allow from all
    </Directory>
</VirtualHost>

# OBS WEB interface
<VirtualHost *:80>
    ServerName webui

    ErrorLog /var/log/obs/www/error.log
    TransferLog /var/log/obs/www/access.log

    PassengerPreStart http://build

    DocumentRoot /srv/www/obs/webui/public
    <Directory /srv/www/obs/webui/public>
        AllowOverride all
        Options -MultiViews +FollowSymLinks
        XForward on
        Allow from all
    </Directory>
</VirtualHost>

# OBS API
<VirtualHost *:81>
    ServerName api

    ErrorLog /var/log/obs/api/error.log
    TransferLog /var/log/obs/api/access.log

    PassengerMinInstances 2
    PassengerPreStart http://api:81

    DocumentRoot /srv/www/obs/api/public
    <Directory /srv/www/obs/api/public>
        AllowOverride all
        Options -MultiViews
        XForward on
        Allow from all
    </Directory>
</VirtualHost>

# Build Results
<VirtualHost *:82>
    ServerName rep

    # The resulting repositories
    DocumentRoot /srv/obs/repos

    <Directory /srv>
        Options FollowSymLinks
    </Directory>

    <Directory /srv/obs/repos>
        Options Indexes FollowSymLinks
        Allow from all
    </Directory>
</VirtualHost>


Set up firewall

    Add TCP ports for OBS server

YaST --> Security and Users --> Firewall --> Allowed Services --> Advanced... --> TCP Ports

5152 5252 5352 80 82 81 443 444

"81 443 444" ports should be enabled only if it is used.


Start OBS services

# systemctl start obsrepserver obssrcserver obsservice obsscheduler obsdispatcher obspublisher obswarden apache2 obsapidelayed memcached


Test OBS server installation

Browse to http://xxx.xxx.xxx.xxx with your web browser (xxx.xxx.xxx.xxx = IP address of the OBS server)
  • The default username/password is Admin/opensuse.
  • Admin user should be able to create a new project in the List of "All Projects -> Create a new project" and filling in a project name, title and description.


Register OBS server services

# chkconfig -a mysql obsrepserver obssrcserver obsservice obsscheduler obsdispatcher obspublisher apache2 obsapidelayed memcached


Stop OBS server services

# systemctl stop memcached obsapidelayed apache2 obswarden obspublisher obsdispatcher obsscheduler obsservice obssrcserver obsrepserver



Install Workers


Install OBS worker packages

# zypper install obs-worker kvm qemu


Configure OBS worker

# vi /etc/sysconfig/obs-server

......
OBS_RUN_DIR="/srv/obs/run"
OBS_LOG_DIR="/srv/obs/log"
OBS_BASE_DIR="/srv/obs"
......
# The hostname or the IP address of the SRC server
OBS_SRC_SERVER="xxx.xxx.xxx.xxx:5352"
# The hostname or the IP address of the REPO server
OBS_REPO_SERVERS="xxx.xxx.xxx.xxx:5252"
......
## The total number of required cores = $OBS_WORKER_INSTANCES * $OBS_WORKER_JOBS
# The total number of required cores can be larger than the number of CPU cores in each worker node
# (i.e. over-provisioning or overcommitting), but this must be used very carefully.
OBS_WORKER_INSTANCES="016"
......
OBS_WORKER_DIRECTORY="/srv/obs/build"
......
# The value mapped to "make -jx" during build
OBS_WORKER_JOBS="18"
......
OBS_CACHE_DIR="/srv/obs/build/cache"
OBS_CACHE_SIZE="65536"
......
OBS_VM_TYPE="autokvm"
OBS_VM_KERNEL="none/srv/obs/boot/vmlinuz"
OBS_VM_INITRD="none/srv/obs/boot/initrd"
......
OBS_VM_DISK_AUTOSETUP_ROOT_FILESIZE="409665536"
OBS_VM_DISK_AUTOSETUP_SWAP_FILESIZE="102416384"
OBS_VM_DISK_AUTOSETUP_FILESYSTEM="ext3ext4"
......
OBS_INSTANCE_MEMORY="8192"
......
OBS_STORAGE_AUTOSETUP="yes"
OBS_WORKER_CACHE_SIZE="65536"
OBS_WORKER_ROOT_SIZE="65536"
OBS_WORKER_SWAP_SIZE="16384"
......

† The product of OBS_WORKER_INSTANCES and OBS_WORKER_JOBS should be smaller than the number of CPU cores in each OBS worker node.


Create directories which are not created automatically by OBS worker

# mkdir -p /srv/obs
# mkdir -p /srv/obs/boot
# mkdir -p /srv/obs/log
# chown obsrun:obsrun /srv/obs/log


Prepare kernel image file (vmlinuz) and initial ramdisk file (initrd) for VM

Copy kernel image file to the OBS_VM_KERNEL file from host kernel image file.
Create initial ramdisk file to the OBS_VM_INITRD file based on OBS_VM_KERNEL file.
OBS_VM_KERNEL and OBS_VM_INITRD are defined in the /etc/sysconfig/obs-server file.


# cp /boot/vmlinuz /srv/obs/boot/
# mkinitrd -m "ext4 binfmt_misc virtio_pci virtio_blk" -k /srv/obs/boot/vmlinuz -i /srv/obs/boot/initrd

† You can use host kernel image file(/boot/vmlinuz) directly without copy by modifying /etc/sysconfig/obs-server file.
‡ You have to recreate the $OBS_VM_KERNEL file and the $OBS_VM_INITRD file whenever the /boot/vmlinuz file is updated.


Start OBS worker service

# systemctl start obsworker


Register OBS worker service

# chkconfig --add obsworker