extras-buildsys ChangeLog, 1.37, 1.38 README, 1.4, 1.5 plague.spec, 1.4, 1.5

Daniel Williams (dcbw) fedora-extras-commits at redhat.com
Tue Jun 28 16:46:13 UTC 2005 

Author: dcbw

Update of /cvs/fedora/extras-buildsys
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10837

Modified Files:
	ChangeLog README plague.spec 
Log Message:
2005-06-28  Dan Williams <dcbw at redhat.com>

    * README
        - Fix up readme for current CVS

    Also fix up some makefiles to create the /etc/plague/[server|builder]/certs directories.




Index: ChangeLog
===================================================================
RCS file: /cvs/fedora/extras-buildsys/ChangeLog,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- ChangeLog	27 Jun 2005 21:29:20 -0000	1.37
+++ ChangeLog	28 Jun 2005 16:46:11 -0000	1.38
@@ -1,3 +1,10 @@
+2005-06-28  Dan Williams <dcbw at redhat.com>
+
+    * README
+        - Fix up readme for current CVS
+
+    Also fix up some makefiles to create the /etc/plague/[server|builder]/certs directories.
+
 2005-06-26  Dan Williams <dcbw at redhat.com>
 
     * Move stuff around.  The client that package maintainers will use


Index: README
===================================================================
RCS file: /cvs/fedora/extras-buildsys/README,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- README	26 Jun 2005 15:14:10 -0000	1.4
+++ README	28 Jun 2005 16:46:11 -0000	1.5
@@ -10,40 +10,54 @@
 Getting Started
 ------------------------------------------
 
+To allow users to retrieve logs and other status, you need to run an HTTP server that allows access to the result dir (the 'server_work_dir' config option).
 
-0) Follow the instructions at the bottom of this file titled "Configuring SSL for your Build System"
-1) Put the server somewhere, lets call it SERVERDIR
-2) Copy the server Key, Cert, and CA Cert to the SERVERDIR/certs directory
-3) Things to modify in the server's CONFIG.py:
-    - Update the Key, Cert, and CA Cert file options to point to the files in step (2)
+You will also need to set up the infrastructure for the yum repository that the builders connect to and retrieve the latest packages.  This can be either HTTP, NFS, SMB, etc.  You then need to point 'yum' to this repo in step (5) of the Builder Setup.
+
+
+Builder Setup:
+1) In the CVS checkout directory on the client, execute:
+	make DESTDIR=/ install
+2) Create a user for the builder.  The builder _cannot_ run as 'root' (since mock cannot run as 'root')
+3) Copy the client Key, Cert, and CA Cert to the /etc/plague/builder/certs directory
+4) Things to modify in the client's CONFIG.py:
+    - Modify the 'distro' and 'repo' options to match the targets you've configured in /etc/mock/.  These targets are usually in the form of "distro-target-arch-repo".  'arch' and 'target' are passed by the build system dynamically, but 'distro' and 'repo' are hardcoded in the config file.  Examples are "fedora-development-i386-core" and "fedora-development-i386-extras".
+5) Configure the mock target files in /etc/mock.  You only need one target file for each major arch you support.  For example, you don't need separate 'ia32e' or 'amd64' config files, since these just use the normal 'x86_64' config file
+6) Start the client, NOT as 'root'.  ex: "sudo -u builder /usr/bin/plague-builder 127.0.0.1 i386 i686"
+
+
+On the Server:
+
+1) Follow the instructions at the bottom of this file titled "Configuring SSL for your Build System"
+2) In the CVS checkout directory, execute:
+	make DESTDIR=/ install
+3) Copy the server Key, Cert, and CA Cert to the /etc/plague/server/certs directory
+4) Copy the client authentication CA Cert to the /etc/plague/server/certs directory
+5) Things to modify in the server's CONFIG.py:
+    - Update the Key, Cert, and CA Cert, and client auth CA Cert file options to point to the files in steps 3 and 4
     - Modify the 'targets' option to add/remove the arches and targets you'll be building
     - Modify the 'builders' option to point to the build clients you'll be using.  Note the "https".
     - If you want to do simple SRPM builds, set the 'use_srpm_not_cvs' option to true
-4) On the client, put the client somehwere, lets call it CLIENTDIR
-5) Create a user for the client.  The client _cannot_ run as 'root' (since mock cannot run as 'root')
-6) Copy the client Key, Cert, and CA Cert to the CLIENTDIR/certs directory
-7) Things to modify in the client's CONFIG.py:
-    - Modify the 'distro' and 'repo' options to match the targets you've configured in /etc/mock/.  These targets are usually in the form of "distro-target-arch-repo".  'arch' and 'target' are passed by the build system dynamically, but 'distro' and 'repo' are hardcoded in the config file.  Examples are "fedora-development-i386-core" and "fedora-development-i386-extras".
-8) Configure the mock target files in /etc/mock.  You only need one target file for each major arch you support.  For example, you don't need separate 'ia32e' or 'amd64' config files, since these just use the normal 'x86_64' config file
-8) Start the client, NOT as 'root'.  ex: "build-client 127.0.0.1 i386 i686"
-9) Start the server.  ex: "build-server 127.0.0.1"
-
-If the server finds the client and prints out its address, then everything is well and you can start to submit jobs:
+6) Start the server.  ex: "/usr/bin/plague-server 127.0.0.1"
 
-[localhost]# python
->>> import xmlrpclib
->>> s = xmlrpclib.ServerProxy("http://<address of your build server>:8887")
 
-If you are using CVS builds, you then do:
->>> s.enqueue("dcbw", "NetworkManager", "NetworkManager-0_4-11_cvs20050404", "devel")
 
-If you are using simple SRPM builds, you do:
->>> s.enqueue_srpm("dcbw", "NetworkManager", "/path/to/NetworkManager-0.4-11_cvs20050404.src.rpm", "devel")
+Operation:
 
-The format of the enqueue command is:
+1) You must add a user account for any user who wishes to use the build system.  This is accomplished with the 'plague-user-manager.py' tool, installed by default in /usr/bin.  You add a user like this:
+	/usr/bin/plague-user-manager.py /etc/plague/server/userdb add dcbw at redhat.com own_jobs kill_any_job modify_users server_admin
+2) Clients then run plague-client to queue jobs.  When first run, plague-client creates the ~/.plague-client.cfg file
+	- Point the client to the server's address
+	- Point the client to the correct certificates
+	- Make sure you change the email address in ~/.plague-client to match that of the 'user-cert' certificate
+3) To build a package, you use plague-client like so:
+	/usr/bin/plague-client build ethtool /home/dcbw/ethtool-1.8-4.src.rpm devel
+4) If the client returns "Package ethtool enqueued." then the enqueue was successful
 
-enqueue[_srpm](username, package_name, CVS tag _OR_ SRPM path, target)
+You can list your own jobs with:
+	/usr/bin/plague-client list
 
+Builders can be listed & updated as well, see plague-client's usage message.
 
 
 Architectural Overview:
@@ -123,6 +137,24 @@
 the build server's certificate, and each build client's certificate.
 
 
+The Certificates on the Server:
+config_opts['server_cert'] -> server SSL certificate
+config_opts['server_key'] -> server private key
+config_opts['ca_cert'] -> CA certificate used to sign both server and builder certificates
+config_opts['ui_ca_cert'] -> CA cert that signs package maintainer's certificates, used to verify connections from plague-clients are authorized
+
+The Certificates on the Builders:
+config_opts['client_cert'] -> builder SSL certificate
+config_opts['client_key'] -> builder private key
+config_opts['ca_cert'] -> _same_ as server's 'ca_cert', the CA certificate used to sign both server and builder certificates
+
+Package Maintainer certificates (used by /usr/bin/plague-client, from ~/.plague-client.cfg)
+server-ca-cert -> _same_ as server and client's 'ca_cert'
+user-ca-cert -> CA cert that signed the package maintainer's 'user-cert'
+user-key -> package maintainer's private key, can be blank if private key and certificate are in the same file
+user-cert -> package maintainer's certificate, signed by 'user-ca-cert' and sent to build server to validate the plague-client's connection
+
+
 Setting up the Build System Certificate Authority
 
 1. Set up the CA directory


Index: plague.spec
===================================================================
RCS file: /cvs/fedora/extras-buildsys/plague.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- plague.spec	28 Jun 2005 15:21:00 -0000	1.4
+++ plague.spec	28 Jun 2005 16:46:11 -0000	1.5
@@ -83,6 +83,7 @@
 %{_datadir}/%{name}/server/*.py*
 %dir  %{_sysconfdir}/%{name}/server
 %config(noreplace) %{_sysconfdir}/%{name}/server/CONFIG.py*
+%dir  %{_sysconfdir}/%{name}/server/certs
 
 %files common
 %defattr(-, root, root)
@@ -93,6 +94,7 @@
 %{_bindir}/%{name}-builder
 %dir  %{_sysconfdir}/%{name}/builder
 %config(noreplace) %{_sysconfdir}/%{name}/builder/CONFIG.py*
+%dir  %{_sysconfdir}/%{name}/builder/certs
 
 %files client
 %defattr(-, root, root)

More information about the fedora-extras-commits mailing list