checkpoint

Author: nikromen

.pre-commit-config.yaml

@@ -0,0 +1,31 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-ast
+      - id: check-builtin-literals
+      - id: check-docstring-first
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-yaml
+        args:
+          - --allow-multiple-documents
+      - id: destroyed-symlinks
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args:
+          - --fix=lf
+      - id: detect-private-key
+      - id: check-toml
+      - id: pretty-format-json
+        args:
+          - --autofix
+      - id: trailing-whitespace
+
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v4.0.0-alpha.8
+    hooks:
+      - id: prettier

podman-kube/README.md

@@ -0,0 +1,61 @@
+# Run Copr infra with podman kube play
+
+Run COPR infrastructure locally using `podman kube play` with Kubernetes manifests.
+
+## Quick Start
+
+```bash
+# Run with dev packages
+just up
+
+# Run with local source code (for development)
+just up-local
+```
+
+## Usage
+
+See the manual from just:
+
+```bash
+just --list
+```
+
+## Modes
+
+| Mode      | Command              | Description                             |
+| --------- | -------------------- | --------------------------------------- |
+| `dev`     | `just up`            | Uses `@copr/copr-dev` packages (main)   |
+| `release` | `just build release` | Uses Fedora packages only               |
+| `local`   | `just up-local`      | Mounts repo source code for development |
+
+### Local Development Mode
+
+`just up-local` mounts the repository at `/opt/copr` inside containers with appropriate `PYTHONPATH` settings. Edit code locally, then restart the service:
+
+```bash
+# Edit frontend code...
+vim ../frontend/coprs_frontend/coprs/views/misc.py
+
+# Restart frontend to pick up changes
+just restart frontend
+```
+
+## Access Points
+
+After starting, the following services are available:
+
+| Service         | URL                   |
+| --------------- | --------------------- |
+| Frontend        | http://localhost:5000 |
+| DistGit         | http://localhost:5001 |
+| Backend Results | http://localhost:5002 |
+| Resalloc WebUI  | http://localhost:5005 |
+| Database        | localhost:5009        |
+
+## Host Entries (optional)
+
+To make internal URLs work in your browser, add to `/etc/hosts`:
+
+```
+127.0.0.1   frontend backend-httpd distgit keygen resalloc
+```

podman-kube/containers/backend-httpd/Containerfile

@@ -0,0 +1,14 @@
+FROM registry.fedoraproject.org/fedora:43
+LABEL maintainer="copr-devel@lists.fedorahosted.org"
+LABEL description="COPR Backend HTTPD - serves build results"
+
+RUN dnf install -y nginx && dnf clean all
+
+COPY files/nginx.conf /etc/nginx/conf.d/default.conf
+
+RUN mkdir -p /var/lib/copr/public_html/results && \
+    chown -R nginx:nginx /var/lib/copr
+
+EXPOSE 5002
+
+CMD ["nginx", "-g", "daemon off;"]

podman-kube/containers/backend-httpd/files/nginx.conf

@@ -0,0 +1,22 @@
+server {
+    listen 5002;
+    listen [::]:5002;
+    server_tokens off;
+    access_log /dev/stdout;
+    error_log /dev/stdout;
+
+    server_name localhost;
+    charset utf-8;
+
+    root /var/lib/copr/public_html/;
+    default_type text/plain;
+
+    location / {
+        port_in_redirect off;
+        autoindex on;
+    }
+
+    location ~* .*\.gz$ {
+        add_header Content-Encoding gzip;
+    }
+}

podman-kube/containers/backend/Containerfile

@@ -0,0 +1,76 @@
+FROM registry.fedoraproject.org/fedora:43
+LABEL maintainer="copr-devel@lists.fedorahosted.org"
+LABEL description="COPR Backend services"
+
+ARG ADDITIONAL_COPR_REPOSITORIES="@copr/copr-dev"
+
+ENV LANG=en_US.UTF-8
+ENV PYTHONPATH="/usr/share/copr/"
+ENV TERM=linux
+
+RUN set -ex ; \
+    test -z "${ADDITIONAL_COPR_REPOSITORIES}" \
+        || dnf -y install dnf-plugins-core \
+        && for repo in $ADDITIONAL_COPR_REPOSITORIES ; do dnf -y copr enable $repo; done ; \
+    dnf -y update && \
+    dnf -y install htop \
+                   make \
+                   wget \
+                   net-tools \
+                   iputils \
+                   vim \
+                   git \
+                   sudo \
+                   openssh-server \
+                   resalloc \
+                   psmisc \
+                   nginx \
+                   findutils \
+                   tini \
+                   pulp-cli \
+                   rng-tools \
+                   expect \
+    && dnf -y install copr-backend \
+    && dnf clean all
+
+RUN setcap cap_net_raw,cap_net_admin+p /usr/bin/ping
+
+RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -q
+
+RUN echo 'root:passwd' | chpasswd && chmod 700 /root /root/.ssh
+
+RUN set -x ; \
+    echo 'copr:passwd' | chpasswd && \
+    echo 'copr ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers && \
+    mkdir -p /home/copr/.ssh && chmod 700 /home/copr /home/copr/.ssh && \
+    ssh-keygen -f /home/copr/.ssh/id_rsa -N '' -q -C copr@localhost && \
+    touch /home/copr/.ssh/authorized_keys && chmod 600 /home/copr/.ssh/authorized_keys && \
+    cat /home/copr/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && \
+    cat /home/copr/.ssh/id_rsa.pub >> /home/copr/.ssh/authorized_keys && \
+    chown copr:copr -R /home/copr
+
+RUN usermod -a -G mock copr
+
+COPY files/ /
+
+RUN chmod 700 /root && \
+    chmod 700 /home/copr && \
+    chmod 400 /home/copr/.ssh/id_rsa && \
+    chmod 600 /home/copr/.ssh/id_rsa.pub && \
+    chown -R copr:copr /home/copr
+
+RUN chmod 0755 /usr/bin/sign
+
+RUN chown copr:root /etc/sign.conf && \
+    chmod 0660 /etc/sign.conf
+
+RUN mkdir -p /var/lock/copr-backend && \
+    chown copr:copr /var/lock/copr-backend
+
+# Entropy for GPG key generation
+RUN rngd -r /dev/urandom || true
+
+USER copr
+
+ENTRYPOINT ["/usr/bin/tini", "--"]
+CMD ["/run-backend"]

podman-kube/containers/backend/files/etc/copr/copr-be.conf

@@ -0,0 +1,45 @@
+[backend]
+
+build_user=root
+
+# URL where results are visible
+results_baseurl=http://backend-httpd:5002/results/
+
+# Frontend URL
+frontend_base_url=http://frontend:5000
+
+# Backend authentication (must match frontend config)
+frontend_auth=1234
+
+# DistGit URL
+dist_git_url=http://distgit:5001/cgit
+
+# Results directory
+destdir=/var/lib/copr/public_html/results
+
+# Queue polling interval (seconds)
+sleeptime=30
+
+# Resalloc connection
+resalloc_connection=http://resalloc:49100
+
+# Package signing
+do_sign=true
+keygen_host=keygen:5003
+
+# Build pruning
+prune_days=14
+
+# Redis
+redis_host=redis
+redis_port=6379
+
+# Pulp (optional)
+# pulp_content_url=http://pulp:80/pulp/content
+
+[builder]
+timeout=3600
+builder_perl=True
+
+[ssh]
+builder_config=/home/copr/.ssh/builder_config

podman-kube/containers/backend/files/home/copr/.ssh/builder_config

@@ -0,0 +1,9 @@
+# SSH config for connecting to builders
+Host *
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null
+    IdentityFile /home/copr/.ssh/id_rsa
+    User root
+    ConnectTimeout 30
+
+

podman-kube/containers/backend/files/run-backend

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -e
+
+# Parse arguments for sign host configuration
+option_variable() {
+    opt=$1
+    opt=${1##--}
+    opt=${opt##-}
+    opt=${opt//-/_}
+    option_variable_result=opt_$opt
+}
+
+opt_sign_user=$(id -u)
+opt_sign_host=keygen-signd
+
+ARGS=$(getopt -o "" -l "sign-user:,sign-host:" -n "getopt" -- "$@") || exit 1
+eval set -- "$ARGS"
+
+while true; do
+    case $1 in
+    --sign-host|--sign-user)
+        option_variable "$1"
+        eval "$option_variable_result=\$2"
+        shift 2
+        ;;
+    --) shift; break;;
+    *) echo "programmer mistake ($1)" >&2; exit 1;;
+    esac
+done
+
+# Configure sign client
+cat >/etc/sign.conf <<EOF
+server: $opt_sign_host
+allowuser: $opt_sign_user
+allow-unprivileged-ports: true
+EOF
+
+# Execute the command
+exec "$@"

podman-kube/containers/builder/Containerfile

@@ -0,0 +1,46 @@
+FROM registry.fedoraproject.org/fedora:43
+LABEL maintainer="copr-devel@lists.fedorahosted.org"
+LABEL description="COPR Builder - RPM build worker"
+
+ARG ADDITIONAL_COPR_REPOSITORIES="@copr/copr-dev"
+
+ENV TERM=linux
+
+RUN set -ex ; \
+    test -z "${ADDITIONAL_COPR_REPOSITORIES}" \
+        || dnf -y install dnf-plugins-core \
+        && for repo in $ADDITIONAL_COPR_REPOSITORIES ; do dnf -y copr enable $repo; done ; \
+    dnf -y update && \
+    dnf -y install htop \
+                   which \
+                   wget \
+                   vim \
+                   openssh-server \
+                   fedora-packager \
+                   mock \
+                   mock-lvm \
+                   createrepo \
+                   yum-utils \
+                   rsync \
+                   openssh-clients \
+                   rpm \
+                   glib2 \
+                   ca-certificates \
+                   scl-utils-build \
+                   ethtool \
+    && dnf -y install copr-builder \
+    && dnf clean all
+
+COPY files/ /
+
+RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -q
+
+RUN echo 'root:passwd' | chpasswd && \
+    chmod 700 /root /root/.ssh && \
+    touch /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys
+
+RUN echo 'config_opts["use_nspawn"] = False' >> /etc/mock/site-defaults.cfg
+
+EXPOSE 22
+
+CMD ["/usr/sbin/sshd", "-D"]

podman-kube/containers/builder/files/etc/copr-rpmbuild/main.ini

@@ -0,0 +1,28 @@
+[main]
+frontend_url = http://frontend:5000
+enabled_source_protocols = https ftps
+
+[distgit0]
+distgit_hostname_pattern = src.fedoraproject.org
+distgit_lookaside_url = https://src.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s
+distgit_clone_url = https://src.fedoraproject.org/%(module)s
+
+[distgit1]
+distgit_hostname_pattern = copr-dist-git.fedorainfracloud.org
+distgit_lookaside_url = http://copr-dist-git.fedorainfracloud.org/repo/pkgs/%(ns2)s/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s
+distgit_clone_url = http://copr-dist-git.fedorainfracloud.org/git/%(module)s
+
+[distgit2]
+distgit_hostname_pattern = pkgs.fedoraproject.org
+distgit_lookaside_url = https://src.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s
+distgit_clone_url = git://pkgs.fedoraproject.org/%(module)s
+
+[distgit3]
+distgit_hostname_pattern = src.stg.fedoraproject.org
+distgit_lookaside_url = https://src.stg.fedoraproject.org/repo/pkgs/%(ns1)s/%(name)s/%(filename)s/%(hashtype)s/%(hash)s/%(filename)s
+distgit_clone_url = https://src.stg.fedoraproject.org/%(module)s
+
+[distgit4]
+distgit_hostname_pattern = distgit
+distgit_lookaside_url = http://distgit:5001/repo/pkgs/%(ns2)s/%(ns1)s/%(name)s/%(filename)s/%(hash)s/%(filename)s
+distgit_clone_url = http://distgit:5001/git/%(module)s