Setting up pagure on a banana pi
By Pierre-Yves on Tuesday, January 5 2016, 18:59 - Général - Permalink
My friend Kushal recently convinced me to buy a small banana pi to play with.
I installed the Fedora 23 ARM server image on it, works like a charm and today I thought of trying to set-up pagure on it.
I figured this was worth a little blog post.
So here we go
1/ Install the image on the SD card:
For me it was something like:
sudo fedora-arm-image-installer \ --image=~/Downloads/Fedora-Server-armhfp-23-10-sda.raw.xz \ --target=Bananapi --media=/dev/mmcblk0 \ --selinux=OFF
You may have to adjust the path to the image as well as the media on which you're installing.
2/ Fix /boot/extlinux/extlinux.conf
Add console=tty0 to line starting with append
There is a bug in the image preventing the initial-setup from being started correctly. This fixes it.
3/ Boot the SD card and fill in the initial-setup as prompted
and from now on we're on the banana pi.
4/ Install and enable ntp
sudo dnf install ntp sudo systemctl enable ntpd
5/ Set-up the network to use networkd
With these changes we drop the user of NetworkManager or network all together to rely instead of networkd.
sudo systemctl disable NetworkManager network sudo systemctl enable systemd-networkd systemd-resolved sudo systemctl start systemd-networkd systemd-resolved sudo rm -f /etc/resolv.conf sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Then we want to give a static IP to this pi:
sudo vim /etc/systemd/network/eth0.network
And put in this file the following content:
[Match] Name=eth0 [Network] Address=192.168.1.20/24 Gateway=192.168.1.255 NTP=pool.ntp.org
Of course, adjust the Address and Gateway to your needs
6/ Install pagure
Pagure is present in the Fedora repo, but in order to benefit from the latest changes I made a build of the latest git. To build the latest version:
git clone https://pagure.io/pagure.git cd pagure python setup.py sdist rpmbuild -ts dist/pagure* koji build --scratch f23-candidate /path/to/your/pagure-...src.rpm
Then just get the RPMs from koji and install them:
dnf install ./pagure* postgresql-server python-psycopg2 mod_ssl
7/ Configure PostgreSQL
First instantiate the PostgreSQL server:
postgresql-setup --initdb
Edit the authentication method to md5 in:
vim /var/lib/pgsql/data/pg_hba.conf
Create the DB and the user to access it:
sudo -u postgres psql CREATE DATABASE pagure; CREATE USER pagure; ALTER USER pagure WITH ENCRYPTED PASSWORD '--'; GRANT ALL PRIVILEGES ON DATABASE pagure to pagure; GRANT ALL PRIVILEGES ON ALL tables IN SCHEMA public TO pagure; GRANT ALL PRIVILEGES ON ALL sequences IN SCHEMA public TO pagure;
8/ Adjust the pagure configuration files
Adjust pagure's configuration file:
vim /etc/pagure/pagure.cfg
See the doc for the configuration for more information about the different options.
Configure sqlalchemy.url in the alembic configuration file:
vim /etc/pagure/alembic.ini
Un-comment the WSGI file to get pagure running:
vim /usr/share/pagure/pagure.wsgi
9/ Create the database and stamp it for alembic
Once the pagure configuration file is set, we can point pagure_createdb.py to it and as such create the database where we want it:
PAGURE_CONFIG=/etc/pagure/pagure.cfg \ python /usr/share/pagure/pagure_createdb.py
Once the database is created, we can tell alembic that we are running the latest version of the database (so that upgrading the database scheme later using alembic will work fine).
cd /etc/pagure alembic stamp $(alembic heads |awk '{ print $1 }')
10/ Adjust gitolite
By default on Fedora, gitolite3 comes with its own gitolite3 user and group. To make it nicer, instead of offering the repos at gitolite3@host:repos we want to offers them at git@host:repos. To do this, we rename the gitolite3 user to git.
usermod --move-home --login git --home /srv/git/ gitolite3 groupmod --new-name git gitolite3
11/ Create the folders needed for gitolite and the git repos
This has to be consistent with the home folder of the git user we adjusted just above:
mkdir -p /srv/git/repositories/{,docs,forks,requests,tickets} mkdir -p /srv/git/remotes mkdir -p /srv/git/.gitolite/{conf,keydir,logs} chown -R git:git /srv/git/.gitolite/ chown -R git:git /srv/git/repositories chown -R git:git /srv/git/remotes
Beware that this should be consistent with what is in pagure.cfg and gitolite requires the repos to be in a repositories folder.
12/ Set up the apache server
- Create SSL certs with letsencrypt (optional)
dnf install letsencrypt letsencrypt --text --email py_pagure@pingoured.fr \ --domains pagure.pingoured.fr \ --agree-tos --renew-by-default --manual certonly
- Create the release folder
mkdir /var/www/releases chown git:git /var/www/releases
- Adjust the apache configuration
cd /etc/httpd/conf.d vim pagure.conf
You will probably need to adjust it for your need. The defaults are basic but close to what is running on pagure.io. It will be up to you to de-comment the parts you want.
13/ Open the ports 80 and 443
Since this is a Fedora 23 image, it's using firewalld, let's use it to open the http and https ports.
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload
14/ Let apache read the git repos so we can clone over http
We use file ACL to allow apache to read the git repos belonging to the git user
setfacl -Rdm user:apache:rx /srv/git setfacl -Rm user:apache:rx /srv/git
15/ Start and enables the services we use
Final step:
systemctl restart httpd postgresql systemctl enable httpd postgresql
After this all I had to do was to place the .gitolite.rc file in /srv/git using the one from pagure.io and this made gitolite work as well.
Conclusion
This setup is nice and fun to play with, but pagure on banana pi is pretty slow, so I'm not sure I want to keep it there, might require more power than the banana pi can provide.
Something which I want to do though, is adjusting this deployment to work with a local ipsilon, this would make this deployment a little closer to what a good production setting could look like, but that's something for another blog post :-)
Cheers!
The ironsmith image on the left side is from deviceone and is licensed CC-2.0 BY-NC-SA