(→Restart apache2) |
(→Setup and configure apache2 for the api and webui) |
||
| Line 92: | Line 92: | ||
Generate an ssl certificate via following commands: | Generate an ssl certificate via following commands: | ||
| - | Note a default certificate already exists but re-creating one with the right IP address is | + | Note |
| + | # a default certificate already exists but re-creating one with the right IP address is good practice. | ||
| + | # The Common Name [CN] '''must''' be the same than your server name ''(in our case obslightserver)'' or osc ''(V 0.134.1)'' will reject the connection to the API. | ||
mkdir /srv/obs/certs | mkdir /srv/obs/certs | ||
| Line 102: | Line 104: | ||
cat /srv/obs/certs/server.key /srv/obs/certs/server.crt \ | cat /srv/obs/certs/server.key /srv/obs/certs/server.crt \ | ||
> /srv/obs/certs/server.pem | > /srv/obs/certs/server.pem | ||
| - | |||
===/srv/www/obs/webui/config/options.yml=== | ===/srv/www/obs/webui/config/options.yml=== | ||
Simply update your OpenSUSE distro which is the base of the OBS server appliance.
zypper update
This file briefly describes how to setup an OBS Light Server
(OBS) after an update to the version 2.3.xxx
(note the v 2.2.992 behaves like a 2.3)
You will not the problem as after that upgrade nothing work :-(
You will need :
- upgrade your databased schema - move from lighthttpd to apache2 (the best thing in that move) - move to https - change your default OBS config in OBS light to point to https and the new api port. - potentially recover some icons (sse joined tar file in this wiki page)
find /etc/init.d/ -name obs\* -exec echo {} stop \;
zypper in rubygem-rdoc
cd /srv/www/obs/api/ sudo RAILS_ENV="production" rake db:setup sudo chown -R wwwrun.www log tmp
cd /srv/www/obs/webui/ sudo RAILS_ENV="production" rake db:setup sudo chown -R wwwrun.www log tmp
Now we need to configure the webserver. By default, you can reach the familiar web user interface on port 443 (e.g: https://localhost), the api on port 444 (e.g. https://localhost:444), and the repos on port 82 (once some packages are built).
Note these is a change from the previous ports allocation. You can either change the new default port back to the previous 80 and 82 or keep the new one and change your OBS configuration (I assume the later as I prefer to be in line with new documentation)
An overview page about your OBS instance can be found behind http://obslightserver
The obs-api package comes with a apache vhost file, which does not need to get modified when you stay with these defaults: /etc/apache2/vhosts.d/obs.conf
Install the required packages via
zypper in obs-api apache2 apache2-mod_xforward rubygem-passenger-apache2
Add the follwing apache modules in /etc/sysconfig/apache2:
APACHE_MODULES="... passenger rewrite proxy proxy_http xforward headers"
Enable SSL in /etc/sysconfig/apache2 via
APACHE_SERVER_FLAGS="-DSSL"
Enable a local config to force server name to be obslightserver
APACHE_CONF_INCLUDE_DIRS="local.d/*.config"
Create the apapche local config files
mkdir /etc/apache2/local.d/ echo "ServerName obslightserver" > /etc/apache2/local.d/serverName.conf
Correct the name of the server in the default static page (depending of your dns configuration, it might be incorrect)
vi /srv/www/obs/overview/index.html
<a href="https://obslightserver">The OBS webui</a> can be used to setup OBS, browse the content and to build packages.
<a href="https://obslightserver:444">The OBS api URL(https://obslightserver:444)</a> can be used in clients like osc and to manage user accounts via a browser.
<a href="http://obslightserver:82">The OBS repositories</a> contain the build results, the repositories can be added to package managers like zypper or apt.
Generate an ssl certificate via following commands: Note
mkdir /srv/obs/certs
openssl genrsa -out /srv/obs/certs/server.key 1024
openssl req -new -key /srv/obs/certs/server.key \
-out /srv/obs/certs/server.csr
openssl x509 -req -days 365 -in /srv/obs/certs/server.csr \
-signkey /srv/obs/certs/server.key -out /srv/obs/certs/server.crt
cat /srv/obs/certs/server.key /srv/obs/certs/server.crt \
> /srv/obs/certs/server.pem
If you change the hostnames/IPs of the api, you need to adjust "source_server_url" accordingly in
/srv/www/obs/webui/config/options.yml
You should set "exception_recipients" to a valid mail address which should receive notification mail if the WebUI hits any program exception.
It is recommended to enable
use_xforward:true
as well here.
If you change the hostnames/ips of the api, you need to adjust "source_server_url" accordingly in
/srv/www/obs/api/config/options.yml
You should set "exception_recipients" to a valid mail address which should receive notification mail if the API hits any program exception.
It is recommended to enable
use_xforward:true
as well here.
Afterwards you can start the OBS web api via
rcapache2 start # use "insserv apache2" for permanent start rcobsapidelayed start # use "insserv obsapidelayed" for permanent start
insserv -r lighttpd
To change (if needed) the default URLs of the api, configure the apache2 vhosts accordingly. Edit /etc/apache2/vhosts.d/obs.conf and add the new virtual hostnames.
Then change the FRONTEND_HOST variable in /srv/www/obs/webui/config/environments/production.rb to also point to the new api URL.
The config.yml from chap. 3 and 4 lust be in line with that config as well as the file /srv/www/obs/overview/index.html
The current update process seems to create circular links you can find them by running the command find /srv/www/obs/ -name package_add.png -exec file {} \;
If that is the case, I have uploaded on this wiki the correct images and icons. You will find them in File:Bento-images.tgz
cd /srv/www/obs/webui/public/themes/bento tar xzvf bento-image.tgz
In order to use the command line tool for the build service, run osc with
osc -A https://obslightserver:444 ls
for example. osc asks the first time for a user and password pair.
* logs are located in various directories.
apache2: /var/log/apache2
obs: /srv/obs/log
api: /srv/www/obs/api/log
webui: /srv/www/obs/webui/log