OBS Setup

These steps show how to set up a Mer Open Build Service (OBS) on an openSuSE 11.4 installation. An OBS installation will usually consist of an OBS web server, a main OBS server and one or more OBS workers. This document describes how to setup a basic evaluation installation and is not meant as production ready or hardened setup.

PLEASE NOTE : Most users won't need to install their own OBS and can just use an account on a publicly accessible OBS.

Vendors may need to have full control of their builds and keep source private due to licensing restrictions, etc. This guide addresses these special cases.

The instructions on this page are being superseded by the scripts currently available here : https://github.com/lbt/obs-setup

Pre-requisites

 * One or more physical or virtual machine with a minimal installation of OpenSuse 11.4 (12.1 is not recommended yet). It should be sysvinit based, not systemd.
 * Local DNS (or setup /etc/hosts on all relevant machines)
 * amd64 is normal but 686 should work

Add Repositories
Mer has a special version of OBS that it uses to enable SB2 and other features. Thes patches

First, we have to add the Mer OBS repository to the OBS servers

Mer OBS
zypper ar http://repo.pub.meego.com//Mer:/OBS:/Testing/openSUSE_11.4/Mer:OBS:Testing.repo

To activate it:

zypper refresh

When zypper asks, accept the trust key.

Setup OBS Backend Server
For high load situations this can be split over multiple machines: alternatively this can all be done on one backend server.
 * Scheduler Server
 * Source Server
 * Repository Server
 * Signing Server

Install the Server packages
zypper install obs-server obs-signd

The repository server should have

chkconfig --add obsrepserver

The source server should have

chkconfig --add obssrcserver

The scheduler should have

chkconfig --add obsscheduler obsdispatcher obspublisher obswarden

Finally, on the signer

chkconfig --add obssigner

Configure access control to the reposerver : default is 127.0.0.1 Need to modify the ipaccess values. (see https://github.com/lbt/open-build-service/commit/477eeefb90c620333775c6be9b733329fbbdff7e for a fix that should make it upstream)

vi /usr/lib/obs/server/BSConfig.pm

On the repository server:

rcobsrepserver start

On the source server:

rcobssrcserver start

On the scheduler server

rcobsscheduler start rcobsdispatcher start rcobspublisher start rcobswarden start

On the signer:

rcobssigner start

Setup OBS API/Webserver
zypper install obs-api mysql memcached apache2

If you installed a minimal openSUSE installation then python packages may conflict with the minimal configuration package patterns-openSUSE-minimal_base. This package can be safely removed if it causes dependency problems.

Remove runlevel 2 from the runlevels for mysql: sed -i -e's/^# Default-Start: 2 3 5$/# Default-Start:  3 5/' /etc/init.d/mysql

to prevent the following error: insserv: FATAL: service network is missed in the runlevels 2 to use service mysql

Then: chkconfig --add memcached obsapidelayed apache2 mysql

MySQL Setup
Start mysql so we can configure it:

rcmysql start

Secure the installation:

/usr/bin/mysql_secure_installation

Create the databases:

mysql -u root -p

At the mysql prompt create the databases and add the obs user to them (substitute ********** with your password):

create database api_production; create database webui_production; GRANT all privileges ON api_production.* TO 'obs'@'%', 'obs'@'localhost' IDENTIFIED BY '************'; GRANT all privileges ON webui_production.* TO 'obs'@'%', 'obs'@'localhost' IDENTIFIED BY '************'; FLUSH PRIVILEGES; quit

Now, configure OBS to use MySQL. First the API server:

vi /srv/www/obs/api/config/database.yml

To have:

production: adapter: mysql database: api_production username: obs password: ************

And setup the webui to use MySQL:

vi /srv/www/obs/webui/config/database.yml

production: adapter: mysql database: webui_production username: obs password: ************

Populate the database:

cd /srv/www/obs/api/ RAILS_ENV="production" rake db:setup cd /srv/www/obs/webui/ RAILS_ENV="production" rake db:setup

If this fails, check /srv/www/obs/api/config/environments/production.rb and /srv/www/obs/webui/config/environments/production.rb for configuration of the SOURCE_HOST and FRONTEND_HOST.

Setup Web UI Configuration
New edit the webui config:

vi /srv/www/obs/webui/config/environments/production.rb

and set:

FRONTEND_PORT = 444 FRONTEND_PROTOCOL = 'https' DOWNLOAD_URL = "http://obs:82/"

Setup API Configuration
The api config:

/srv/www/obs/api/config/environments/production.rb

Only needs editing if you are using LDAP or if your backend is not on the same machine as the api (frontend) when you should change the SOURCE_HOST.

Set options.yml
You may also need to edit /srv/www/obs/{webui,api}/config/options.yml to set
 * use_xforward: true
 * if you have a large setup and enabled X-Forward
 * NOTE: As of 4 Apr 2012 X-Forward is known not to work with the Mer build of OBS.
 * https://bugs.merproject.org/show_bug.cgi?id=278


 * new_user_registration: deny
 * If you use LDAP and create users elsewhere


 * source_server_url: http://src-*:5352
 * If you have setup the bs_srcsrver on another host

Setup apache for webui
Edit the apache config:

vi /etc/sysconfig/apache2

Then add "passenger xforward headers" ( proxy? ) to the APACHE_MODULES= line

OBS and API uses SSL so you may need to create a certificate

mkdir -p /srv/obs/certs/ openssl genrsa -out /srv/obs/certs/server.key 2048 openssl req -new -x509 -key /srv/obs/certs/server.key -out /srv/obs/certs/server.crt -days 3650

And verify log directory ownership

chown -R wwwrun:www /srv/www/obs/webui/log/ chown -R wwwrun:www /srv/www/obs/api/log/

Edit the apache virtual host configuration. This can be tweaked a lot to setup sane named vhosts if you have DNS.

vi /etc/apache2/vhosts.d/obs.conf

You also need to create the directory for the repos (TODO: What should be the permissions?)

mkdir -p /srv/obs/repos chown -R obsrun.obsrun /srv/obs/repos

Also enable https by adding:

Listen 443

Now start the server:

rcmemcached start rcobsapidelayed start rcapache2 start

At this point you should be able to open a browser and go to your server and login to OBS. Normal https should be the webui, https on port 444 should be the api, and http on port 82 should be the repository directory. The default username/password is Admin/opensuse. Admin user should be able to create a new project in the List of All Projects -> Create a new project and filling in a project name, title and description.

Install the Worker Packages
zypper ar http://repo.pub.meego.com/Mer:/Tools:/Testing/openSUSE_11.4_standard/Mer:Tools:Testing.repo zypper install obs-worker qemu

Configure OBS Worker
Edit the file /etc/sysconfig/obs-worker in order to point to correct repository server which is one of the main OBS server services. In this example the server is 192.168.1.1.

vi /etc/sysconfig/obs-worker

Most values in /etc/sysconfig/obs-server are well commented. One that needs to be set for ARM builds is:

OBS_SCHEDULER_ARCHITECTURES="i586 x86_64 armv7el armv8el“

Start OBS Worker
Start the worker service:

chkconfig --add obsworker rcobsworker start

Troubleshooting
Note that logs live in:
 * 1) /srv/obs/log/  for the backend systems
 * 2) /srv/www/obs/api/log/  for the api and authentication interface
 * 3) /srv/www/obs/webui/log/  for the web interface

Here are common issues that have been seen and how to resolve them.

HTTP Error 500
Check /srv/www/obs/api/config/environments/production.rb and /srv/www/obs/webui/config/environments/production.rb for configuration of the SOURCE_HOST and FRONTEND_HOST.

404 while trying to see the package repository
Check, if the /srv/obs/repos directory is owned by obsrun.obsrun - if not, chown it. Failing to do so will prevent publisher from publishing your repositories in repository directory, and when you try accessing them you will get the 404.

OBS Web Interface Error:
When you get the following error:

OBS Web Interface Error: Error Details: Errorcode: unknown Message: <?xml version="1.0" encoding="UTF-8"?> uncaught exception: Failed to establish connect

check all the modified OBS configuration files (.pm</tt> files) for missing semicolons (;</tt>). The trace should also be visible in /srv/obs/log/*.log</tt> files.