Blame tools/run-koji-container.sh

Packit Service 509fd4
#!/bin/bash
Packit Service 509fd4
set -eu
Packit Service 509fd4
Packit Service 509fd4
SHARE_DIR=/tmp/osbuild-composer-koji-test
Packit Service 509fd4
Packit Service 509fd4
koji_stop () {
Packit Service 509fd4
  echo "Shutting down containers, please wait..."
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} stop org.osbuild.koji.koji || true
Packit Service 509fd4
  ${CONTAINER_RUNTIME} rm org.osbuild.koji.koji || true
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} stop org.osbuild.koji.kdc || true
Packit Service 509fd4
  ${CONTAINER_RUNTIME} rm org.osbuild.koji.kdc || true
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} stop org.osbuild.koji.postgres || true
Packit Service 509fd4
  ${CONTAINER_RUNTIME} rm org.osbuild.koji.postgres || true
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} network rm -f org.osbuild.koji || true
Packit Service 509fd4
Packit Service 509fd4
  rm -rf "${SHARE_DIR}" || true
Packit Service 509fd4
}
Packit Service 509fd4
Packit Service 509fd4
koji_clean_up_bad_start ()  {
Packit Service 509fd4
  # remember the exit code, so we can report it later
Packit Service 509fd4
  EXIT_CODE=$?
Packit Service 509fd4
  echo "Start failed, removing containers."
Packit Service 509fd4
Packit Service 509fd4
  koji_stop
Packit Service 509fd4
Packit Service 509fd4
  exit $EXIT_CODE
Packit Service 509fd4
}
Packit Service 509fd4
Packit Service 509fd4
Packit Service 509fd4
# helper to simplify sql queries to the postgres instance
Packit Service 509fd4
psql_cmd () {
Packit Service 509fd4
  ${CONTAINER_RUNTIME} exec org.osbuild.koji.postgres psql -U koji -d koji "$@"
Packit Service 509fd4
}
Packit Service 509fd4
Packit Service 509fd4
# helper to simplify running commands in the kdc container
Packit Service 509fd4
kdc_exec() {
Packit Service 509fd4
  ${CONTAINER_RUNTIME} exec org.osbuild.koji.kdc "$@"
Packit Service 509fd4
}
Packit Service 509fd4
Packit Service 509fd4
koji_start() {
Packit Service 509fd4
  trap koji_clean_up_bad_start EXIT
Packit Service 509fd4
Packit Service 509fd4
  # create a share directory which is used to share files between the host and containers
Packit Service 509fd4
  mkdir "${SHARE_DIR}"
Packit Service 509fd4
Packit Service 509fd4
  cp /etc/osbuild-composer/kojihub-key.pem "${SHARE_DIR}/key.pem"
Packit Service 509fd4
  cp /etc/osbuild-composer/kojihub-crt.pem "${SHARE_DIR}/crt.pem"
Packit Service 509fd4
  cp /etc/osbuild-composer/ca-crt.pem "${SHARE_DIR}/ca-crt.pem"
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} network create org.osbuild.koji
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} run -d --name org.osbuild.koji.postgres --network org.osbuild.koji \
Packit Service 509fd4
    -e POSTGRES_USER=koji \
Packit Service 509fd4
    -e POSTGRES_PASSWORD=kojipass \
Packit Service 509fd4
    -e POSTGRES_DB=koji \
Packit Service 15f37d
    quay.io/osbuild/postgres:13-alpine
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} run -d --name org.osbuild.koji.kdc \
Packit Service 509fd4
    --network org.osbuild.koji \
Packit Service 509fd4
    -v "${SHARE_DIR}:/share:z" \
Packit Service 509fd4
    -p 88:88/udp \
Packit Service 15f37d
    quay.io/osbuild/kdc:latest
Packit Service 509fd4
Packit Service 509fd4
  # initialize krb pricipals and create keytabs for them
Packit Service 509fd4
  # HTTP/localhost@LOCAL for kojihub
Packit Service 509fd4
  kdc_exec kadmin.local -r LOCAL add_principal -randkey HTTP/localhost@LOCAL
Packit Service 509fd4
  kdc_exec kadmin.local -r LOCAL ktadd -k /share/koji.keytab HTTP/localhost@LOCAL
Packit Service 509fd4
  kdc_exec chmod 644 /share/koji.keytab
Packit Service 509fd4
Packit Service 509fd4
  # osbuild-krb@LOCAL for koji clients
Packit Service 509fd4
  kdc_exec kadmin.local -r LOCAL add_principal -randkey osbuild-krb@LOCAL
Packit Service 509fd4
  kdc_exec kadmin.local -r LOCAL ktadd -k /share/client.keytab osbuild-krb@LOCAL
Packit Service 509fd4
  kdc_exec chmod 644 /share/client.keytab
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} run -d --name org.osbuild.koji.koji --network org.osbuild.koji \
Packit Service 509fd4
    -v "${SHARE_DIR}:/share:z" \
Packit Service 509fd4
    -p 8080:80 \
Packit Service 509fd4
    -p 4343:443 \
Packit Service 509fd4
    -e POSTGRES_USER=koji \
Packit Service 509fd4
    -e POSTGRES_PASSWORD=kojipass \
Packit Service 509fd4
    -e POSTGRES_DB=koji \
Packit Service 509fd4
    -e POSTGRES_HOST=org.osbuild.koji.postgres \
Packit Service 15f37d
    quay.io/osbuild/koji:latest
Packit Service 509fd4
Packit Service 509fd4
  # TODO: we need to wait for the database to be initialized here. A better method should be used.
Packit Service 509fd4
  sleep 10
Packit Service 509fd4
Packit Service 509fd4
  ${CONTAINER_RUNTIME} logs org.osbuild.koji.postgres
Packit Service 509fd4
  ${CONTAINER_RUNTIME} logs org.osbuild.koji.koji
Packit Service 509fd4
Packit Service 509fd4
  # create koji users
Packit Service 509fd4
  # kojiadmin/kojipass    - admin
Packit Service 509fd4
  # osbuild/osbuildpass   - regular user
Packit Service 509fd4
  # osbuild-krb:          - regular user authenticated with Kerberos principal osbuild-krb@LOCAL
Packit Service 509fd4
  psql_cmd -c "insert into users (name, password, status, usertype) values ('kojiadmin', 'kojipass', 0, 0)" >/dev/null
Packit Service 509fd4
  psql_cmd -c "insert into user_perms (user_id, perm_id, creator_id) values (1, 1, 1)" >/dev/null
Packit Service 509fd4
  psql_cmd -c "insert into users (name, password, status, usertype) values ('osbuild', 'osbuildpass', 0, 0)" >/dev/null
Packit Service 509fd4
  psql_cmd -c "insert into users (name, status, usertype) values ('osbuild-krb', 0, 0)" >/dev/null
Packit Service 509fd4
  psql_cmd -c "insert into user_krb_principals (user_id, krb_principal) values (3, 'osbuild-krb@LOCAL')" >/dev/null
Packit Service 509fd4
Packit Service 509fd4
  # create content generator osbuild, give osbuild and osbuild-krb users access to it
Packit Service 509fd4
  psql_cmd -c "insert into content_generator (name) values ('osbuild')" >/dev/null
Packit Service 509fd4
  psql_cmd -c "insert into cg_users (cg_id, user_id, creator_id, active) values (1, 2, 1, true), (1, 3, 1, true)" >/dev/null
Packit Service 509fd4
Packit Service 509fd4
  echo "Containers are running, to stop them use:"
Packit Service 509fd4
  echo "$0 stop"
Packit Service 509fd4
Packit Service 509fd4
  trap - EXIT
Packit Service 509fd4
}
Packit Service 509fd4
Packit Service 509fd4
# check arguments
Packit Service 509fd4
if [[ $# -ne 1 || ( "$1" != "start" && "$1" != "stop" ) ]]; then
Packit Service 509fd4
  cat <
Packit Service 509fd4
usage: $0 start|stop
Packit Service 509fd4
Packit Service 509fd4
start - starts the koji containers
Packit Service 509fd4
stop  - stops and removes the koji containers
Packit Service 509fd4
DOC
Packit Service 509fd4
  exit 3
Packit Service 509fd4
fi
Packit Service 509fd4
Packit Service 509fd4
# this script must be run as root
Packit Service 509fd4
if [ $UID != 0 ]; then
Packit Service 509fd4
  echo This script must be run as root.
Packit Service 509fd4
  exit 1
Packit Service 509fd4
fi
Packit Service 509fd4
Packit Service 509fd4
# decide whether podman or docker should be used
Packit Service 509fd4
if which podman 2>/dev/null >&2; then
Packit Service 509fd4
  CONTAINER_RUNTIME=podman
Packit Service 509fd4
elif which docker 2>/dev/null >&2; then
Packit Service 509fd4
  CONTAINER_RUNTIME=docker
Packit Service 509fd4
else
Packit Service 509fd4
  echo No container runtime found, install podman or docker.
Packit Service 509fd4
  exit 2
Packit Service 509fd4
fi
Packit Service 509fd4
Packit Service 509fd4
if [ "$1" == "start" ]; then
Packit Service 509fd4
  koji_start
Packit Service 509fd4
fi
Packit Service 509fd4
Packit Service 509fd4
if [ "$1" == "stop" ]; then
Packit Service 509fd4
  koji_stop
Packit Service 509fd4
fi