roles/koji-hub: Deploy the Koji Hub

The *koji-hub* role installs and configures the Koji Hub. It requires Apache and mod_wsgi. Management of client certificates must be done externally.
2018-08-12 09:33:08 -05:00
parent 943cdddc23
commit 760d3f4aec
7 changed files with 285 additions and 0 deletions
--- a/roles/koji-hub/templates/kojihub.httpd.conf.j2
+++ b/roles/koji-hub/templates/kojihub.httpd.conf.j2
@@ -0,0 +1,55 @@
+#
+# koji-hub is an xmlrpc interface to the Koji database
+#
+
+WSGIDaemonProcess koji user=koji group=koji display-name=%{GROUP} processes=4 threads=1
+WSGIScriptAlias /kojihub /usr/share/koji-hub/kojixmlrpc.py process-group=koji
+
+<Directory "/usr/share/koji-hub">
+    Options ExecCGI
+    <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all granted
+    </IfVersion>
+</Directory>
+
+# Also serve /mnt/koji
+Alias /kojifiles "{{ koji_home }}"
+
+<Directory "{{ koji_home }}">
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    <IfVersion < 2.4>
+        Order allow,deny
+        Allow from all
+    </IfVersion>
+    <IfVersion >= 2.4>
+        Require all granted
+    </IfVersion>
+    <FilesMatch "^\..*">
+        <IfVersion < 2.4>
+            Deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
+    </FilesMatch>
+</Directory>
+
+# uncomment this to enable authentication via SSL client certificates
+<Location /kojihub/ssllogin>
+        SSLVerifyClient require
+        SSLVerifyDepth  10
+        SSLOptions +StdEnvVars
+</Location>
+
+# If you need to support koji < 1.4.0 clients using SSL authentication, then use the following instead:
+# <Location /kojihub>
+#         SSLOptions +StdEnvVars
+# </Location>
+# In this case, you will need to enable these options globally (in ssl.conf):
+# SSLVerifyClient require
+# SSLVerifyDepth  10