From Fedora Project Wiki
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.

Setting Up a Koji-Shadow Build System

This document will cover how to setup and use koji-shadow, a part of the koji-utils package. The koji-shadow utility allows to orchestrate one Koji instance to perform the same builds as another Koji instance, such that it "shadows" the primary Koji's actions.

Knowledge Prerequisites

  • You should have a solid understanding of what Koji is and how to set it up.
  • Need a working Koji environment and to have admin privileges on it.
  • All tags aimed at being shadowed must match between the origin koji and the destination koji.
  • The user being used to facilitate koji-shadow must have admin privileges on the destination koji. (i.e. - the koji instance doing the shadowing)

Package Prerequisites

On the machine facilitating koji-shadow

  • koji-utils

A note on filesystem space

Koji-shadow uses /tmp/koji-shadow/ as a workspace so be sure that this has plenty of storage behind it. If running on Fedora or on RHEL7+ this probably should not be a tmpfs, so facilitate this:

systemctl mask tmp.mount
# Either umount /tmp/ or reboot

Koji-Shadow Config (SSL Auth)

This example assumes SSL authentication for koji.


# koji-shadow example config file
# (still working out all the config options)

protectlist=fedora-release fedora-repos

ignorelist=uClibc udev mktemp glibc32 libbsr librtas libvpd lsvpd apmud firmware-addon-dell pcmciautils svgalib vbetool 

        gluegen2-2.2.4-1.fc22           gluegen2-2.2.4-2.fc22
        openssh-6.7p1-3.fc22            openssh-6.7p1-7.fc22

In the above example:


  • server - This is the "destination koji" which is where you will be sending builds based on what the "origin koji" is doing (i.e. - the Koji that's doing the shadowing)
  • remote - This is the "origin koji" which is where you will be getting the information for the builds to send to the "destination koji" (i.e. - the Koji that's being shadowed)
  • arches - The architectures to build to SRPMS from the origin koji on the destination koji
  • prefer_new - Tells koji-shadow to use newer Name-Version-Release if it exists rather than the exact Name-Version-Release from a specific build metadata pulled from the origin koji
  • auth_cert - Authentication certificate to access the "destination koji" instance (NOTE: The user these credentials match with must be an administrator in the destination koji instance)
  • auth_ca - Authentication CA for the destination koji instance
  • serverca - Server CA of the destination koji instance
  • remote_topurl - Root URL destination on the origin koji instance to be able to download SRPMS


  • TODO

Running koji-shadow

The following can be run on a machine (recommended to run in either screen or tmux), or as a cron job. Entirely based on preference and needs.

/usr/sbin/koji-shadow -c ~/fedora/koji-shadow.cfg --prefer-new --import-noarch --tag-build f22 2>&1 | tee ~/koji-shadow/output.log