Configuring the incoming queue processor is relatively straightforward. Before the incoming daemon can be configured the following steps must be taken:
The PkgForge, PkgForge-Registry and PkgForge-Server packages must
be installed. These are provided as RPMs but it is also possible to
build and install them from the .tar.gz
format in the
same way as any other Perl module.
Perl version 5.8.8 or newer is required. The PkgForge-Server package requires the following modules although not all are necessary for the incoming queue processor.
If you wish to process SRPMs (currently this is the only supported source package format) you will also need the Perl RPM2 module installed.
If you are using LCFG this can all be installed by including
the lcfg/options/pkgforge-master.h
header.
As with the software installation, if you are using LCFG this can all
be configured correctly by using
the lcfg/options/pkgforge-master.h
header.
The basic layout of the filesystem (as described in the
separate filesystem
information) should be configured using
the /etc/pkgforge/pkgforge.yml
YAML file. It should look
something like this:
--- "accepted": '/afs/example.org/pkgs/pkgforge/accepted/' "incoming": '/afs/example.org/pkgs/pkgforge/incoming/' "results": '/afs/example.org/pkgs/pkgforge/results/'
If you are using the LCFG pkgforge component then this is done
using the pkgforge.incoming
, pkgforge.accepted
and pkgforge.results
resources.
If AFS is being used to provide the filesystem for the pkgforge service then you will need a Kerberos principal and an associated AFS user. As with Kerberised access to the Registry database the Kerberos keytab can be managed using the LCFG kerberos component. If you already have this setup for DB access you do not need a second keytab for AFS access. The following configuration will create a keytab:
!pkgforge.keytab_incoming mSET(<%pkgforge.configdir%>/pkgforge_incoming.keytab) !kerberos.keys mADD(pkgforge_incoming) kerberos.keytab_pkgforge_incoming <%pkgforge.keytab_incoming%> kerberos.keytabuid_pkgforge_incoming <%pkgforge.user%> kerberos.keytabgid_pkgforge_incoming <%pkgforge.group%>
Alternatively the principal and keytab can be created manually using the kadmin tool. You will need to ensure that the UID and GID and the permissions are correct for the keytab or k5start will not work.
The incoming queue processor is configured using
the /etc/pkgforge/incoming.yml
YAML file. The registry
database access configuration section has already been discussed in
the
client configuration page. The
configuration should look something like:
--- "init": '/etc/init.d/pkgforge-incoming' "keytab": '/etc/pkgforge/pkgforge_incoming.keytab' "registry": "host": 'pkgforge' "name": 'pkgforge' "user": 'pkgforge_incoming' "start": 'yes'
The init
, keytab
and start
options are not used by the daemon, they are purely instructions for
the LCFG pkgforge component.
The important file is /etc/sysconfig/pkgforge-incoming
which controls how the /etc/init.d/pkgforge-incoming
init-script starts the daemon. If the LCFG pkgforge component is being
used then the sysconfig file will be configured automatically. The
sysconfig file should look something like:
RUNAS="pkgforge" KRB5_KEYTAB="/etc/pkgforge/pkgforge_incoming.keytab"
The following options can be modified via the sysconfig file but mostly they have sensible defaults.
KRB5_KEYTAB
- /etc/pkgforge/pkgforge_incoming.keytab
KRB5_CCACHE
- /var/lib/pkgforge/krb5cache-incoming
PIDFILE
- /var/run/pkgforge/k5start-incoming.pid
SCRIPT
- /usr/sbin/pkgforge-incoming
RUNAS
- pkgforge
Note that, by default, some files are stored in
the /var/lib/pkgforge/
and /var/run/pkgforge/
directories. Those directories
must be writable by whichever unix user is used to run the daemon.
At various points the daemon generates temporary files. For security
the daemon uses a specific temporary directory (which
is /var/tmp/pkgforge
by default). This directory must be
writable by whichever unix user is used to run the daemon. The
location can be changed by setting the tmpdir
attribute
in the /etc/pkgforge/incoming.yml
YAML file, that is not
currently modifiable using the LCFG pkgforge component.
By default the incoming queue processor log is kept in
the /var/log/pkgforge/incoming.log
file. You need to
ensure that the log directory is writable by whichever unix user is
used to run the daemon.
The logs from the incoming queue processor are configured via
the /etc/pkgforge/log-incoming.cfg
configuration
file. For details on how to modify the style see the documentation for
the Log::Dispatch and MooseX::LogDispatch Perl modules.
Once the configuration files are in place the incoming queue processor
can be started using the init-script provided in the package. This is
normally /etc/init.d/pkgforge-incoming
.
Currently the init-script assumes that Kerberos authentication is required and it will attempt to start the k5start daemon first. Patches welcome to remove this limitation.
If the LCFG pkgforge component is being used then the daemon should be
managed using om
and the init-script should not be called
directly, for example:
% om pkgforge start % om pkgforge stop
For the component to actually start the daemon
the pkgforge.start_incoming
resource must be set
to yes
.
If any configuration or code changes are made then the daemon will need to be completely restarted. This is done with the restart method.
Without the LCFG pkgforge component the init-script should be used
directly. The usual start
, stop
and restart
methods are available.