Setting Up a Koji-Shadow Build System
This document will cover how to setup and use koji-shadow, a part of the koji-utils package. The koji-shadow utility allows to orchestrate one Koji instance to perform the same builds as another Koji instance, such that it "shadows" the primary Koji's actions.
- You should have a solid understanding of what Koji is and how to set it up.
- Need a working Koji environment and to have admin privileges on it.
- All tags aimed at being shadowed must match between the origin koji and the destination koji.
- The user being used to facilitate koji-shadow must have admin privileges on the destination koji. (i.e. - the koji instance doing the shadowing)
On the machine facilitating koji-shadow
A note on filesystem space
Koji-shadow uses /tmp/koji-shadow/ as a workspace so be sure that this has plenty of storage behind it. If running on Fedora or on RHEL7+ this probably should not be a tmpfs, so facilitate this:
systemctl mask tmp.mount # Either umount /tmp/ or reboot
Koji-Shadow Config (SSL Auth)
This example assumes SSL authentication for koji.
# koji-shadow example config file # (still working out all the config options) [main] server=http://arm.koji.fedoraproject.org/kojihub/ remote=http://koji.fedoraproject.org/kojihub arches=aarch64 prefer_new=True import_noarch=True auth_cert=/home/myuser/.fedora.cert auth_ca=/home/myuser/.fedora-server-ca.cert serverca=/home/myuser/.fedora-server-ca.cert remote_topurl=http://kojipkgs.fedoraproject.org/ [rules] protectlist=fedora-release fedora-repos ignorelist=uClibc udev mktemp glibc32 libbsr librtas libvpd lsvpd apmud firmware-addon-dell pcmciautils svgalib vbetool substitutions= gluegen2-2.2.4-1.fc22 gluegen2-2.2.4-2.fc22 openssh-6.7p1-3.fc22 openssh-6.7p1-7.fc22
In the above example:
- server - This is the "destination koji" which is where you will be sending builds based on what the "origin koji" is doing (i.e. - the Koji that's doing the shadowing)
- remote - This is the "origin koji" which is where you will be getting the information for the builds to send to the "destination koji" (i.e. - the Koji that's being shadowed)
- arches - The architectures to build to SRPMS from the origin koji on the destination koji
- prefer_new - Tells koji-shadow to use newer Name-Version-Release if it exists rather than the exact Name-Version-Release from a specific build metadata pulled from the origin koji
- auth_cert - Authentication certificate to access the "destination koji" instance (NOTE: The user these credentials match with must be an administrator in the destination koji instance)
- auth_ca - Authentication CA for the destination koji instance
- serverca - Server CA of the destination koji instance
- remote_topurl - Root URL destination on the origin koji instance to be able to download SRPMS
The following can be run on a machine (recommended to run in either screen or tmux), or as a cron job. Entirely based on preference and needs.
/usr/sbin/koji-shadow -c ~/fedora/koji-shadow.cfg --prefer-new --import-noarch --tag-build f22 2>&1 | tee ~/koji-shadow/output.log