Commit 6cf89bad authored by Andrew Lee (李健秋)'s avatar Andrew Lee (李健秋)
Browse files

Move log, tmp and config files out of /usr and creates links instead.

parent 1c359eb6
/usr/share/obs
/usr/share/obs/api
/usr/share/obs/api/config
/usr/share/obs/api/config/environments
/usr/share/obs/api/config/initializers
/usr/share/obs/api/files
/usr/share/obs/overview
/usr/share/obs/api/public/css
/etc/obs/api/config
/var/log/obs
/var/cache/obs/tmp/cache
/var/cache/obs/tmp/pids
/var/cache/obs/tmp/sessions
/var/cache/obs/tmp/sockets
# Install all web and api parts. (Remove parts in rules file)
# install apidocs
# the html dir was not found in source.
src/api /usr/share/obs/
docs/api/api/*.rng /usr/share/obs/docs/api/
docs/api/api/*.xsd /usr/share/obs/docs/api/
etc/logrotate.d/obs-api
......
usr/share/obs/api/config /etc/obs/api/config
etc/obs/api/config/options.yml /usr/share/obs/api/config/options.yml
etc/obs/api/config/database.yml /usr/share/obs/api/config/database.yml
etc/obs/api/config/production.sphinx.conf /usr/share/obs/api/config/production.sphinx.conf
etc/obs/api/config/thinking_sphinx.yml /usr/share/obs/api/config/thinking_sphinx.yml
etc/obs/api/config/secret.key /usr/share/obs/api/config/secret.key
usr/share/obs/docs/api /usr/share/obs/api/public/schema
usr/share/javascript/bootstrap/css/bootstrap.min.css /usr/share/obs/api/public/css/bootstrap.min.css
var/log/obs /usr/share/obs/api/log
var/cache/obs/tmp /usr/share/obs/api/tmp
#!/bin/sh -e
. /usr/share/debconf/confmodule
. /usr/share/dbconfig-common/dpkg/postinst.mysql
dbc_generate_include=template:/etc/obs/api/config/database.yml
dbc_generate_include_args="-o template_infile=/etc/obs/api/config/database.yml.example"
dbc_generate_include_owner=www-data
dbc_go obs-api $@
chown www-data:root /etc/obs/api/config/environment.rb
if [ ! -f /var/log/obs ] ; then
ln -fs /usr/share/obs/api/log /var/log/obs
# Config secret.key
if [ ! -e "/usr/share/obs/api/config/secret.key" ]; then
rm -f /usr/share/obs/api/config/secret.key
fi
if [ ! -f /var/cache/obs/tmp ] ; then
mkdir -p /var/cache/obs
ln -fs /usr/share/obs/api/tmp /var/cache/obs/tmp
SECRET_KEY="/etc/obs/api/config/secret.key"
if [ ! -e "$SECRET_KEY" ]; then
( umask 0077; dd if=/dev/urandom bs=256 count=1 2>/dev/null |sha256sum| cut -d\ -f 1 >$SECRET_KEY )
ln -s $SECRET_KEY /usr/share/obs/api/config/secret.key
fi
chmod 0640 $SECRET_KEY
chown nobody:www-data $SECRET_KEY
# Generate log files
touch /var/log/obs/access.log
touch /var/log/obs/backend_access.log
......@@ -27,21 +23,27 @@ fi
touch /var/log/obs/production.searchd.query.log
touch /var/log/obs/production.sphinx.pid
touch /var/log/obs/clockworkd.clock.output
chown -R www-data:www-data /var/log/obs/ /var/cache/obs/tmp/
# Config Database with dbconfig-common
. /usr/share/debconf/confmodule
. /usr/share/dbconfig-common/dpkg/postinst.mysql
dbc_generate_include=template:/etc/obs/api/config/database.yml
dbc_generate_include_args="-o template_infile=/usr/share/obs/api/config/database.yml.example"
dbc_generate_include_owner=www-data
dbc_go obs-api $@
# Refine permissions for rails app.
chown www-data:root /usr/share/obs/api/config/environment.rb
chown -R www-data:www-data /var/log/obs/
chown -R www-data:www-data /var/cache/obs/tmp/
chown -R www-data:www-data /usr/share/obs/api/db
chown -R www-data:www-data /usr/share/obs/api/public
chown www-data:www-data /usr/share/obs/api/config/production.sphinx.conf
chown www-data:www-data /etc/obs/api/config/production.sphinx.conf
chmod 664 /var/log/obs/*.log
chown nobody:www-data /etc/obs/api/config/database.yml
chmod 660 /etc/obs/api/config/database.yml
chown nobody:www-data /var/log/obs/backend_access.log
SECRET_KEY="/usr/share/obs/api/config/secret.key"
if [ ! -e "$SECRET_KEY" ]; then
( umask 0077; dd if=/dev/urandom bs=256 count=1 2>/dev/null |sha256sum| cut -d\ -f 1 >$SECRET_KEY )
fi
chmod 0640 $SECRET_KEY
chown nobody:www-data $SECRET_KEY
chown nobody:www-data /var/log/obs/production.log
# Generate Gemfile.lock file.
cd /usr/share/obs/api
......
......@@ -7,7 +7,7 @@ dist/sysconfig.obs-server /etc/default/
# Config files
etc/logrotate.d/obs-server
etc/slp.reg.d/
usr/lib/obs/server/BSConfig.pm
usr/lib/obs/server/BSConfig.pm /etc/obs/
usr/lib/obs/tests/appliance/
usr/sbin/obs_admin
......
#
# This file contains the default configuration of the Open Build Service API.
#
#read_only_hosts: [ "build.opensuse.org", "software.opensuse.org" ]
# Make use of mod_xforward module in apache
#use_xforward: true
# Make use of http://blog.lighttpd.net/articles/2006/07/22/x-sendfiles-new-friend-x-rewrite.
# Note that you need to enable the proxy-core option to allow this.
#x_rewrite_host: localhost
# Make use of X-Accel-Redirect for Nginx.
# http://kovyrin.net/2010/07/24/nginx-fu-x-accel-redirect-remote
#use_nginx_redirect: /internal_redirect
# Minimum count of rating votes a project/package needs to # be taken in account
# for global statistics:
min_votes_for_rating: 3
# Set to true to verify XML reponses comply to the schema
response_schema_validation: false
# backend source server
source_host: localhost
source_port: 5352
#source_protocol: https
# api access to this instance
frontend_host: localhost
frontend_port: 443
frontend_protocol: https
# if your users access the hosts through a proxy (or just a different name, use this to
# overwrite the settings for users)
#external_frontend_host: api.opensuse.org
#external_frontend_port: 443
#external_frontend_protocol: https
extended_backend_log: false
# proxy_auth_mode can be :off, :on or :simulate
proxy_auth_mode: :off
# ATTENTION: If proxy_auth_mode'is :on, the frontend takes the user
# name that is coming as headervalue X-username as a
# valid user does no further authentication. So take care...
proxy_auth_test_user: coolguy
proxy_auth_test_email: coolguy@example.com
# set this to enable auto cleanup requests after the given days
auto_cleanup_after_days: 30
#schema_location
#version
# if set to false, the API will only fake writes to backend (useful in testing)
# global_write_through: true
# see http://colszowka.heroku.com/2011/02/22/setting-up-your-custom-hoptoad-notifier-endpoint-for-free-using-errbit-on-heroku
#errbit_api_key: api_key_of_your_app
#errbit_host: installation.of.errbit.com
##################
# LDAP options
##################
ldap_mode: :off
# LDAP Servers separated by ':'.
# OVERRIDE with your company's ldap servers. Servers are picked randomly for
# each connection to distribute load.
ldap_servers: ldap1.mycompany.com:ldap2.mycompany.com
# Max number of times to attempt to contact the LDAP servers
ldap_max_attempts: 15
# The attribute the user memberof is stored in
ldap_user_memberof_attr: memberof
# Perform the group_user search with the member attribute of group entry or memberof attribute of user entry
# It depends on your ldap define
# The attribute the group member is stored in
ldap_group_member_attr: member
# If you're using ldap_authenticate=:ldap then you should ensure that
# ldaps is used to transfer the credentials over SSL or use the StartTLS extension
ldap_ssl: :on
# Use StartTLS extension of LDAP
ldap_start_tls: :off
# LDAP port defaults to 636 for ldaps and 389 for ldap and ldap with StartTLS
#ldap_port:
# Authentication with Windows 2003 AD requires
ldap_referrals: :off
# OVERRIDE with your company's ldap search base for the users who will use OBS
ldap_search_base: OU=Organizational Unit,DC=Domain Component
# Sam Account Name is the login name for LDAP
ldap_search_attr: sAMAccountName
# The attribute the users name is stored in
ldap_name_attr: cn
# The attribute the users email is stored in
ldap_mail_attr: mail
# Credentials to use to search ldap for the username
ldap_search_user: ""
ldap_search_auth: ""
# By default any LDAP user can be used to authenticate to the OBS
# In some deployments this may be too broad and certain criteria should
# be met; eg group membership
#
# To allow only users in a specific group uncomment this line:
#ldap_user_filter: memberof=CN=group,OU=Groups,DC=Domain Component)
#
# Note this is joined to the normal selection like so:
# (&(#{dap_search_attr}=#{login})#{ldap_user_filter})
# giving an ldap search of:
# (&(sAMAccountName=#{login})(memberof=CN=group,OU=Groups,DC=Domain Component))
#
# Also note that openLDAP must be configured to use the memberOf overlay
# ldap_authenticate says how the credentials are verified:
# :ldap = attempt to bind to ldap as user using supplied credentials
# :local = compare the credentials supplied with those in
# LDAP using #{ldap_auth_attr} & #{ldap_auth_mech}
# if :local is used then ldap_auth_mech can be
# :md5
# :cleartext
ldap_authenticate: :ldap
ldap_auth_mech: :md5
# This is a string
ldap_auth_attr: userPassword
# Whether to update the user info to LDAP server, it does not take effect
# when ldap_mode is not set.
# Since adding new entry operation are more depend on your slapd db define, it might not
# compatiable with all LDAP server settings, you can use other LDAP client tools for your specific usage
ldap_update_support: :off
# ObjectClass, used for adding new entry
ldap_object_class: inetOrgPerson
# Base dn for the new added entry
ldap_entry_base: ou=OBSUSERS,dc=EXAMPLE,dc=COM
# Does sn attribute required, it is a necessary attribute for most of people objectclass,
# used for adding new entry
ldap_sn_attr_required: :on
# Whether to search group info from ldap, it does not take effect
# when LDAP_GROUP_SUPPOR is not set.
# Please also set below LDAP_GROUP_* configs correctly to ensure the operation works properly
ldap_group_support: :off
# OVERRIDE with your company's ldap search base for groups
ldap_group_search_base: ou=OBSGROUPS,dc=EXAMPLE,dc=COM
# The attribute the group name is stored in
ldap_group_title_attr: cn
# The value of the group objectclass attribute, leave it as "" if objectclass attr doesn't exist
ldap_group_objectclass_attr: groupOfNames
......@@ -27,6 +27,18 @@ override_dh_install:
dh_installdebconf
# Move config files under /etc/obs/api/config/. And links with dh_link.
mv debian/obs-api/usr/share/obs/api/config/options.yml \
debian/obs-api/etc/obs/api/config/
mv debian/obs-api/usr/share/obs/api/config/production.sphinx.conf \
debian/obs-api/etc/obs/api/config/
mv debian/obs-api/usr/share/obs/api/config/thinking_sphinx.yml \
debian/obs-api/etc/obs/api/config/
# Remove log and tmp and create links under /var with dh_link.
rm -rf debian/obs-api/usr/share/obs/api/log
rm -rf debian/obs-api/usr/share/obs/api/tmp
# Rename dh_install installed web service config files.
# (new default since OBS 2.3)
mkdir -p debian/obs-api/etc/apache2/sites-available/
......@@ -42,10 +54,6 @@ override_dh_install:
mv debian/obs-server/etc/default/sysconfig.obs-server \
debian/obs-server/etc/default/obs-server
# these config files must not be hard linked
install debian/options.yml.example \
debian/obs-api/usr/share/obs/api/config/options.yml
# turn duplicates into hard links
fdupes debian/obs-api/usr/share/obs/
......@@ -53,7 +61,6 @@ override_dh_install:
find debian/obs-api -name '.gitignore' -type f | xargs rm -f
# fix permissions
chmod a-x debian/obs-api/usr/share/obs/api/config/options.yml
chmod a-x debian/obs-api/usr/share/obs/api/script/update_bento.sh
chmod a-x debian/obs-api/usr/share/obs/api/Rakefile
# Clean up "extra" license
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment