The Mer Wiki now uses your Mer user account and password (create account on https://bugs.merproject.org/)
OBS Setup
(→Both) |
(→Add Repositories) |
||
Line 18: | Line 18: | ||
features. Thes patches | features. Thes patches | ||
− | First, we have to add the | + | First, we have to add the Mer OBS repository to the OBS servers |
=== Mer OBS === | === Mer OBS === | ||
zypper ar http://repo.pub.meego.com//Mer:/OBS:/Testing/openSUSE_11.4/Mer:OBS:Testing.repo | zypper ar http://repo.pub.meego.com//Mer:/OBS:/Testing/openSUSE_11.4/Mer:OBS:Testing.repo | ||
− | |||
− | |||
To activate it: | To activate it: |
Revision as of 09:52, 21 March 2012
Please check https://github.com/openSUSE/open-build-service for the latest setup instructions!
These steps show how to set up an Open Build Service (OBS) on an openSuSE 11.4 installation. An OBS installation will usually consist of an OBS web server, a main OBS server and one or more OBS workers. This document describes how to setup a basic evaluation installation and is not meant as production ready or hardened setup.
PLEASE NOTE : Most users won't need to install their own OBS and can just use an account on a publicly accessible OBS.
Vendors may need to have full control of their builds and keep source private due to licensing restrictions, etc. This guide addresses these special cases.
Contents |
Pre-requisites
- One or more physical or virtual machine with a minimal installation of OpenSuse 11.4 (12.1 is not recommended yet). It should be sysvinit based, not systemd.
- Local DNS (or setup /etc/hosts on all relevant machines)
- amd64 is normal but 686 should work
Add Repositories
Mer has a special version of OBS that it uses to enable SB2 and other features. Thes patches
First, we have to add the Mer OBS repository to the OBS servers
Mer OBS
zypper ar http://repo.pub.meego.com//Mer:/OBS:/Testing/openSUSE_11.4/Mer:OBS:Testing.repo
To activate it:
zypper refresh
When zypper asks, accept the trust key.
Setup OBS Backend Server
For high load situations this can be split over multiple machines:
- Scheduler Server
- Source Server
- Repository Server
- Signing Server
alternatively this can all be done on one backend server.
Install the Server packages
zypper install obs-server obs-signd
The repository server should have
chkconfig --add obsrepserver
The source server should have
chkconfig --add obssrcserver
The scheduler should have
chkconfig --add obsscheduler obsdispatcher obspublisher obswarden
Finally, on the signer
chkconfig --add obssigner
Configure access control to the reposerver : default is 127.0.0.1 Need to modify the ipaccess values. (see https://github.com/lbt/open-build-service/commit/477eeefb90c620333775c6be9b733329fbbdff7e for a fix that should make it upstream)
vi /usr/lib/obs/server/BSConfig.pm
On the repository server:
rcobsrepserver start
On the source server:
rcobssrcserver start
On the scheduler server
rcobsscheduler start rcobsdispatcher start rcobspublisher start rcobswarden start
On the signer:
rcobssigner start
Setup OBS API/Webserver
zypper install obs-api mysql memcached apache2
chkconfig --add memcached obsapidelayed apache2 mysql
If you installed a minimal openSUSE installation then python packages may conflict with the minimal configuration package patterns-openSUSE-minimal_base. This package can be safely removed if it causes dependency problems.
NOTE: If you get following error:
insserv: FATAL: service network is missed in the runlevels 2 to use service mysql
You need to edit /etc/init.d/mysql file and remove 2 from Default-Start: line.
MySQL Setup
Start mysql so we can configure it:
rcmysql start
Secure the installation:
/usr/bin/mysql_secure_installation
Create the databases:
mysql -u root -p
At the mysql prompt create the databases and add the obs user to them (substitute ********** with your password):
create database api_production; create database webui_production; GRANT all privileges ON api_production.* TO 'obs'@'%', 'obs'@'localhost' IDENTIFIED BY '************'; GRANT all privileges ON webui_production.* TO 'obs'@'%', 'obs'@'localhost' IDENTIFIED BY '************'; FLUSH PRIVILEGES; quit
Now, configure OBS to use MySQL. First the API server:
vi /srv/www/obs/api/config/database.yml
To have:
production: adapter: mysql database: api_production username: obs password: ************
And setup the webui to use MySQL:
vi /srv/www/obs/webui/config/database.yml
production: adapter: mysql database: webui_production username: obs password: ************
Populate the database:
cd /srv/www/obs/api/ RAILS_ENV="production" rake db:setup cd /srv/www/obs/webui/ RAILS_ENV="production" rake db:setup
If this fails, check /srv/www/obs/api/config/environments/production.rb and /srv/www/obs/webui/config/environments/production.rb for configuration of the SOURCE_HOST and FRONTEND_HOST.
Setup Web UI Configuration
New edit the webui config:
vi /srv/www/obs/webui/config/environments/production.rb
and set:
FRONTEND_PORT = 444 FRONTEND_PROTOCOL = 'https' DOWNLOAD_URL = "http://obs:82/"
Setup API Configuration
The api config:
/srv/www/obs/api/config/environments/production.rb
Only needs editing if you are using LDAP or if your backend is not on the same machine as the api (frontend) when you should change the SOURCE_HOST.
Set options.yml
You may also need to edit /srv/www/obs/{webui,api}/config/options.yml to set
- use_xforward
- true
- if you have a large setup and enabled X-Forward
- new_user_registration
- deny
- If you use LDAP and create users elsewhere
- source_server_url
- http://src-*:5352
- If you have setup the bs_srcsrver on another host
Setup apache for webui
Edit the apache config:
vi /etc/sysconfig/apache2
Then add "passenger xforward headers" ( proxy? ) to the APACHE_MODULES= line
OBS and API uses SSL so you may need to create a certificate
mkdir -p /srv/obs/certs/ openssl genrsa -out /srv/obs/certs/server.key 2048 openssl req -new -x509 -key /srv/obs/certs/server.key -out /srv/obs/certs/server.crt -days 3650
And verify log directory ownership
chown -R wwwrun:www /srv/www/obs/webui/log/ chown -R wwwrun:www /srv/www/obs/api/log/
Edit the apache virtual host configuration. This can be tweaked a lot to setup sane named vhosts if you have DNS.
vi /etc/apache2/vhosts.d/obs.conf
The packages install to /srv/obs, not /obs as the appliance uses so change <VirtualHost *:82> to have
DocumentRoot "/srv/obs/repos/"
and
<Directory /srv/obs/repos>
Also enable https by adding:
Listen 443
Now start the server:
rcmemcached start rcobsapidelayed start rcapache2 start
You also need to create the directory for the repos (TODO: What should be the permissions?)
mkdir -p /srv/obs/repos
At this point you should be able to open a browser and go to your server and login to OBS. Normal https should be the webui, https on port 444 should be the api, and http on port 82 should be the repository directory. The default username/password is Admin/opensuse. Admin user should be able to create a new project in the List of All Projects -> Create a new project and filling in a project name, title and description.
Setup OBS Worker
Install the Worker Packages
zypper ar http://repo.pub.meego.com/Mer:/Tools/openSUSE_11.4/Mer:Tools.repo
zypper install obs-worker qemu
Configure OBS Worker
Edit the file /etc/sysconfig/obs-worker in order to point to correct repository server which is one of the main OBS server services. In this example the server is 192.168.1.1.
vi /etc/sysconfig/obs-worker
Most values in /etc/sysconfig/obs-server are well commented. One that needs to be set for ARM builds is:
OBS_SCHEDULER_ARCHITECTURES="i586 x86_64 armv7el armv8el“
Start OBS Worker
Start the worker service:
chkconfig --add obsworker rcobsworker start
Troubleshooting
Note that logs live in:
- /srv/obs/log/ for the backend systems
- /srv/www/obs/api/log/ for the api and authentication interface
- /srv/www/obs/webui/log/ for the web interface
Here are common issues that have been seen and how to resolve them.
HTTP Error 500
Check /srv/www/obs/api/config/environments/production.rb and /srv/www/obs/webui/config/environments/production.rb for configuration of the SOURCE_HOST and FRONTEND_HOST.
404 while trying to see the package repository
Check, if the /srv/obs/repos directory is owned by obsrun.obsrun - if not, chown it. Failing to do so will prevent publisher from publishing your repositories in repository directory, and when you try accessing them you will get the 404.
OBS Web Interface Error:
When you get the following error:
OBS Web Interface Error: Error Details: Errorcode: unknown Message: <?xml version="1.0" encoding="UTF-8"?> <status code="unknown"> <summary>uncaught exception: Failed to establish connect
check all the modified OBS configuration files (.pm files) for missing semicolons (;). The trace should also be visible in /srv/obs/log/*.log files.