checkpoint

Author: nikromen

.pre-commit-config.yaml

@@ -0,0 +1,31 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-ast
+      - id: check-builtin-literals
+      - id: check-docstring-first
+      - id: check-executables-have-shebangs
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: check-yaml
+        args:
+          - --allow-multiple-documents
+      - id: destroyed-symlinks
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args:
+          - --fix=lf
+      - id: detect-private-key
+      - id: check-toml
+      - id: pretty-format-json
+        args:
+          - --autofix
+      - id: trailing-whitespace
+
+  - repo: https://github.com/pre-commit/mirrors-prettier
+    rev: v4.0.0-alpha.8
+    hooks:
+      - id: prettier

podman-kube/Makefile

@@ -0,0 +1,55 @@
+.PHONY: help up down build status logs clean release dev local
+
+SCRIPT = ./copr-podman-kube
+
+help:
+	@echo "COPR Podman Kube Play"
+	@echo ""
+	@echo "Usage: make <target>"
+	@echo ""
+	@echo "Targets:"
+	@echo "  up       - Start all services (dev mode)"
+	@echo "  down     - Stop all services"
+	@echo "  build    - Build all container images"
+	@echo "  status   - Show status of running pods"
+	@echo "  logs     - Show frontend logs (use SERVICE=<name> for others)"
+	@echo "  clean    - Stop services and remove images"
+	@echo ""
+	@echo "  release  - Start with released packages"
+	@echo "  dev      - Start with dev packages (default)"
+	@echo "  local    - Start in local development mode"
+	@echo ""
+	@echo "Examples:"
+	@echo "  make up"
+	@echo "  make logs SERVICE=backend"
+	@echo "  make release"
+
+up:
+	$(SCRIPT) up
+
+down:
+	$(SCRIPT) down
+
+build:
+	$(SCRIPT) build
+
+status:
+	$(SCRIPT) status
+
+logs:
+	$(SCRIPT) logs $(or $(SERVICE),frontend)
+
+clean: down
+	@echo "Removing COPR images..."
+	-podman rmi $$(podman images --filter "reference=copr-*" -q) 2>/dev/null || true
+	@echo "Clean complete"
+
+# Mode shortcuts
+release:
+	$(SCRIPT) -m release up
+
+dev:
+	$(SCRIPT) -m dev up
+
+local:
+	$(SCRIPT) -m local up

podman-kube/README.md

@@ -0,0 +1,99 @@
+# Run Copr infra with podman kube play
+
+Run the complete COPR infrastructure locally using `podman kube play` with Kubernetes-style manifests.
+
+## Overview
+
+This directory contains everything needed to run COPR in containers using Podman's Kubernetes compatibility layer. It supports three deployment modes:
+
+| Mode      | Description                          | Use Case                            |
+| --------- | ------------------------------------ | ----------------------------------- |
+| `release` | Uses packages from Fedora repos only | Testing with released versions      |
+| `dev`     | Uses packages from `@copr/copr-dev`  | Testing main branch / pre-release   |
+| `local`   | Same as dev, for local development   | Development with local code changes |
+
+## Quick Start
+
+```bash
+# Start COPR with development packages (default)
+./copr-podman-kube up
+
+# Start COPR with released packages
+./copr-podman-kube -m release up
+
+# Stop COPR
+./copr-podman-kube down
+```
+
+## Usage
+
+### See the man page of the script:
+
+```bash
+./copr-podman-kube --help
+```
+
+## Access Points
+
+After starting, the following services are available:
+
+| Service         | URL                   |
+| --------------- | --------------------- |
+| Frontend        | http://localhost:5000 |
+| DistGit         | http://localhost:5001 |
+| Backend Results | http://localhost:5002 |
+| Resalloc WebUI  | http://localhost:5005 |
+| Database        | localhost:5009        |
+
+### Setup Host Entries (Recommended)
+
+To make all URLs in the web interface work directly in your browser, add this entries to `/etc/hosts` so your browser can resolve internal hostnames like `backend-httpd` to `127.0.0.1`:
+
+```bash
+sudo tee -a /etc/hosts << 'EOF'
+# COPR local development
+127.0.0.1   frontend
+127.0.0.1   backend-httpd
+127.0.0.1   distgit
+127.0.0.1   keygen
+127.0.0.1   resalloc
+EOF
+```
+
+After this, URLs like `http://backend-httpd:5002/results/...` will work directly in your browser!
+
+## Deployment Modes
+
+### Release Mode (`-m release`)
+
+Uses only packages from Fedora repositories. This is useful for testing with the latest released COPR version.
+
+```bash
+./copr-podman-kube -m release up
+```
+
+### Dev Mode (`-m dev`) - Default
+
+Uses packages from the `@copr/copr-dev` COPR repository, which contains packages built from the main branch.
+
+```bash
+./copr-podman-kube up
+# or explicitly:
+./copr-podman-kube -m dev up
+```
+
+### Local Mode (`-m local`)
+
+Same as dev mode but intended for local development. Mounts the local source code into containers for live development.
+
+```bash
+./copr-podman-kube -m local up
+```
+
+## Future Improvements
+
+- [ ] Live source code mounting in local mode
+- [ ] Kustomize support for environment overlays
+- [ ] Health checks and readiness probes
+- [ ] Resource limits tuning
+- [ ] Ready with openshift

podman-kube/containers/backend-httpd/Containerfile

@@ -0,0 +1,14 @@
+FROM registry.fedoraproject.org/fedora:43
+LABEL maintainer="[email protected]"
+LABEL description="COPR Backend HTTPD - serves build results"
+
+RUN dnf install -y nginx && dnf clean all
+
+COPY files/nginx.conf /etc/nginx/conf.d/default.conf
+
+RUN mkdir -p /var/lib/copr/public_html/results && \
+    chown -R nginx:nginx /var/lib/copr
+
+EXPOSE 5002
+
+CMD ["nginx", "-g", "daemon off;"]

podman-kube/containers/backend-httpd/files/nginx.conf

@@ -0,0 +1,22 @@
+server {
+    listen 5002;
+    listen [::]:5002;
+    server_tokens off;
+    access_log /dev/stdout;
+    error_log /dev/stdout;
+
+    server_name localhost;
+    charset utf-8;
+
+    root /var/lib/copr/public_html/;
+    default_type text/plain;
+
+    location / {
+        port_in_redirect off;
+        autoindex on;
+    }
+
+    location ~* .*\.gz$ {
+        add_header Content-Encoding gzip;
+    }
+}

podman-kube/containers/backend/Containerfile

@@ -0,0 +1,76 @@
+FROM registry.fedoraproject.org/fedora:43
+LABEL maintainer="[email protected]"
+LABEL description="COPR Backend services"
+
+ARG ADDITIONAL_COPR_REPOSITORIES="@copr/copr-dev"
+
+ENV LANG=en_US.UTF-8
+ENV PYTHONPATH="/usr/share/copr/"
+ENV TERM=linux
+
+RUN set -ex ; \
+    test -z "${ADDITIONAL_COPR_REPOSITORIES}" \
+        || dnf -y install dnf-plugins-core \
+        && for repo in $ADDITIONAL_COPR_REPOSITORIES ; do dnf -y copr enable $repo; done ; \
+    dnf -y update && \
+    dnf -y install htop \
+                   make \
+                   wget \
+                   net-tools \
+                   iputils \
+                   vim \
+                   git \
+                   sudo \
+                   openssh-server \
+                   resalloc \
+                   psmisc \
+                   nginx \
+                   findutils \
+                   tini \
+                   pulp-cli \
+                   rng-tools \
+                   expect \
+    && dnf -y install copr-backend \
+    && dnf clean all
+
+RUN setcap cap_net_raw,cap_net_admin+p /usr/bin/ping
+
+RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -q
+
+RUN echo 'root:passwd' | chpasswd && chmod 700 /root /root/.ssh
+
+RUN set -x ; \
+    echo 'copr:passwd' | chpasswd && \
+    echo 'copr ALL=(ALL:ALL) NOPASSWD:ALL' >> /etc/sudoers && \
+    mkdir -p /home/copr/.ssh && chmod 700 /home/copr /home/copr/.ssh && \
+    ssh-keygen -f /home/copr/.ssh/id_rsa -N '' -q -C copr@localhost && \
+    touch /home/copr/.ssh/authorized_keys && chmod 600 /home/copr/.ssh/authorized_keys && \
+    cat /home/copr/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys && \
+    cat /home/copr/.ssh/id_rsa.pub >> /home/copr/.ssh/authorized_keys && \
+    chown copr:copr -R /home/copr
+
+RUN usermod -a -G mock copr
+
+COPY files/ /
+
+RUN chmod 700 /root && \
+    chmod 700 /home/copr && \
+    chmod 400 /home/copr/.ssh/id_rsa && \
+    chmod 600 /home/copr/.ssh/id_rsa.pub && \
+    chown -R copr:copr /home/copr
+
+RUN chmod 0755 /usr/bin/sign
+
+RUN chown copr:root /etc/sign.conf && \
+    chmod 0660 /etc/sign.conf
+
+RUN mkdir -p /var/lock/copr-backend && \
+    chown copr:copr /var/lock/copr-backend
+
+# Entropy for GPG key generation
+RUN rngd -r /dev/urandom || true
+
+USER copr
+
+ENTRYPOINT ["/usr/bin/tini", "--"]
+CMD ["/run-backend"]

podman-kube/containers/backend/files/etc/copr/copr-be.conf

@@ -0,0 +1,45 @@
+[backend]
+
+build_user=root
+
+# URL where results are visible
+results_baseurl=http://backend-httpd:5002/results/
+
+# Frontend URL
+frontend_base_url=http://frontend:5000
+
+# Backend authentication (must match frontend config)
+frontend_auth=1234
+
+# DistGit URL
+dist_git_url=http://distgit:5001/cgit
+
+# Results directory
+destdir=/var/lib/copr/public_html/results
+
+# Queue polling interval (seconds)
+sleeptime=30
+
+# Resalloc connection
+resalloc_connection=http://resalloc:49100
+
+# Package signing
+do_sign=true
+keygen_host=keygen:5003
+
+# Build pruning
+prune_days=14
+
+# Redis
+redis_host=redis
+redis_port=6379
+
+# Pulp (optional)
+# pulp_content_url=http://pulp:80/pulp/content
+
+[builder]
+timeout=3600
+builder_perl=True
+
+[ssh]
+builder_config=/home/copr/.ssh/builder_config

podman-kube/containers/backend/files/home/copr/.ssh/builder_config

@@ -0,0 +1,9 @@
+# SSH config for connecting to builders
+Host *
+    StrictHostKeyChecking no
+    UserKnownHostsFile /dev/null
+    IdentityFile /home/copr/.ssh/id_rsa
+    User root
+    ConnectTimeout 30
+
+

podman-kube/containers/backend/files/run-backend

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -e
+
+# Parse arguments for sign host configuration
+option_variable() {
+    opt=$1
+    opt=${1##--}
+    opt=${opt##-}
+    opt=${opt//-/_}
+    option_variable_result=opt_$opt
+}
+
+opt_sign_user=$(id -u)
+opt_sign_host=keygen-signd
+
+ARGS=$(getopt -o "" -l "sign-user:,sign-host:" -n "getopt" -- "$@") || exit 1
+eval set -- "$ARGS"
+
+while true; do
+    case $1 in
+    --sign-host|--sign-user)
+        option_variable "$1"
+        eval "$option_variable_result=\$2"
+        shift 2
+        ;;
+    --) shift; break;;
+    *) echo "programmer mistake ($1)" >&2; exit 1;;
+    esac
+done
+
+# Configure sign client
+cat >/etc/sign.conf <<EOF
+server: $opt_sign_host
+allowuser: $opt_sign_user
+allow-unprivileged-ports: true
+EOF
+
+# Execute the command
+exec "$@"