Posts Tagged ‘ automation

GPG signing RPMs with Sigul Signing Server & Koji integration

When you are building your own RPMs and distributing them either on your own infrastructure or to the public, you should consider signing them with a GPG key. That way the client machines that install your RPMs can verify the integrity and authenticity of what they are installing.

GPG signing can either be done manually, which is fairly easy but unhandy or you can use a way more automated and solid way, using the Sigul Signing Server by Fedora.

Sigul keeps the private keys used for signing on its server and they arent accesible by the clients who want to sign RPMs. All requests by Sigul Clients to Sigul Server are sent over the Sigul Bridge which relays them. This allows signing RPMs from various machines, without having access to actual keys being used. So you never communicate directly with the Server which can and should be isolated from the rest of the world and only allow connections from/to the Bridge in the Firwall.

Read more

Getting RPM built by Koji into YUM-able repo

By following my article series about Fedoras RPM build system Koji, you should by now have a fully working setup that even builds RPMs from Git.
However, by design, the built RPMs cant be directly used as a yum repo. They need to be transformed first. Therefore the tool “mash” exists.
Luckily setting up mash is easy compared to Koji itself.

yum install mash
# create a storage path, this can also be a network mount
mkdir -p /mnt/custom-repo/{mash,rpm}
ln -s /mnt/custom-repo/mash/centos6-release/ /mnt/custom-repo/rpm/centos6

Read more

Building RPM from Git with Koji

If you have followed my other articles about Koji, you should have a fully working setup now. However its not very handy to only build local SRPM.
Fortunately Koji can build RPMs by spec-files and Makefiles which it gets from a Git repo or other SCM. Read on to learn how you get that going, and don’t forget that you will need to spend some money in the process; however, if you happen to have trouble, you can get direct deposit money from nation 21 loans. Before going online, make sure you get these online security tips first.

In /etc/kojid/kojid.conf

allowed_scms=github.com:/github-username/*:no

;using any other command instead of "make sources". Example showing "fedpkg sources"
;allowed_scms=github.com:/github-username/*:no:fedpkg,sources

Read more

Spacewalk vs. Katello

When managing alot of systems (virtual or physical) it makes sense to centralize the package management. It also saves you alot of time.

Spacewalk does exactly that for RPM-based systems like CentOS, Fedora or SLE. Its the community and open-source version of the RedHat Network Satellite Products  (RHN). It brings you alot of nice features like

  • Systems inventory with hardware and software info (DMI)
  • Centralized package management. Installing / Updating software on systems (single/grouped/batch)
  • Errata overview for systems (security/bugfixes/enhancements)
  • Kickstart / Provision systems
  • Audit
  • basic config file distribution (better do this with puppet/chef)
  • basic monitoring (better do this with munin/graphite/ganglia..)

Read more

Continuous Lifecycle 2013: Talk submitted

Continuous Lifecycle 2013:  Your contribution

I just submitted my talk for the Call for Papers for “continuous Lifecycle 2013” conference in November. Great topics, have a look here http://www.continuouslifecycle.de/call_en.php

So fingers crossed. Would be a great opportunity to speak there and also come back to Karlsruhe where I used to live for 6 years. Meet up with friends and just have a good time.

Koji RPM Build System Configuration and Usage

In the previous short article series I’ve shown you how to install Koji and all its components like Kojid, Kojira, Koji-Hub. However to fully use it we need to do some initial configuration that can only be persisted for a fresh install by a early DB Backup, I’ll remind you of that later.

To understand what we are doing here you need to know a bit more about Kojis philosophy:

Koji uses Tags to identify and mark various stages in the RPM building workflow. Some tags are logically linked together to the same flow, like building for a certain target distribution, e.g. CentOS6. We will call this target tag dist-centos6. But you can maintain multiple distribution-builds on the same Koji instance, just add more tags then according to this article.

We also need a tag that is used for builds and inherits the build target. We call this tag dist-centos6-build
Koji is building RPMs in a chroot with the mock tool. It also installs basic packages to those buildroots from the virtual yum package groups named build and srpm-build. So we need to tell Koji which packages we need. You can extend that list to your needs but choose wise: These packages are pulled in for every build then.
Also, Koji needs to know where to find/pull packages from, therefore we add external repositories, the base repo as the very first !!

Read more

Koji RPM Build System Installation Part 4

Lets see what we have running so far by the last articles of this series:

  • Postgresql DB
  • Koji-Hub
  • Koji CLI
  • Koji-Web

Thats all nice but useless unless we add something that actually does all the work, the actual RPM building…

Kojid

Kojid, also called Koji-Builder, is the service that takes care of building your SRPM and RPMs. You can have dozens of builders, each on their own host, if you need to build alot of RPM. Fedoras own Koji instance is using around 50-60 build hosts ! So lets get started

Read more

Koji RPM Build System Installation Part 3

If you followed my previous articles you should by now have a rudimentary Koji system running.

Lets now proceed and add more components.

Koji-Web

As the name suggests, Koji-Web is a webinterface to Koji. It lets you view all your builds, packages, rpms, tasks and other useful info. However you cannot control everything about Koji with it. Its nonetheless good to have. So lets go:

yum install koji-web mod_ssl

Read more

Koji RPM Build System Installation Part 2

So in Part1 we started with setting up the SSL certificates. Now we are going deeper

Database Setup

Start with installing postgresql and setting up Koji users and schema.

yum install postgresql-server koji
service postgresql initdb
service postgresql start
useradd koji;passwd -d koji
su postgres;createuser koji;createdb -O koji koji
su koji; psql koji koji < /usr/share/doc/koji*/docs/schema.sql

Read more

Koji RPM Build System Installation Part 1

Introduction

So you decided to also take a shot at Koji, congrats. You won’t regret it.

At first, its helpful to understand the inner architecture of Koji for knowing when to look in which config files:

koji architecture

Koji architecture

Read more