forked from pool/pagure
Neal Gompa
36ab9a2663
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/pagure?expand=0&rev=37
150 lines
4.9 KiB
Plaintext
150 lines
4.9 KiB
Plaintext
# Setting up pagure
|
|
|
|
0. Prepare the filesystem (this step is usually performed on package install)
|
|
|
|
mkdir -p /srv/www/pagure-releases
|
|
mkdir -p /srv/gitolite/repositories/{,docs,forks,requests,tickets}
|
|
mkdir -p /srv/gitolite/pseudo
|
|
mkdir -p /srv/gitolite/remotes
|
|
mkdir -p /srv/gitolite/.gitolite/{conf,keydir,logs}
|
|
mkdir -p /srv/gitolite/.ssh
|
|
chmod 750 /srv/gitolite/.ssh
|
|
|
|
touch /srv/gitolite/.gitolite/conf/gitolite.conf
|
|
|
|
cp /usr/share/doc/packages/pagure/gitolite3.rc /srv/gitolite/.gitolite.rc
|
|
|
|
chown git:git -R /srv/gitolite
|
|
chown git:git /srv/www/pagure-releases
|
|
|
|
mkdir -p /srv/www/run
|
|
|
|
1. Install and set up a database
|
|
|
|
Option A: PostgreSQL
|
|
|
|
Note: If your PostgreSQL server is not on the same machine, just install 'python3-psycopg2'
|
|
on the pagure host machine and follow the installation and database creation steps below
|
|
on the designated database server. This also requires the database port opened on the
|
|
database server's firewall.
|
|
|
|
zypper install postgresql-server
|
|
systemctl start postgresql
|
|
|
|
A1. Edit /var/lib/pgsql/data/pg_hba.conf and change auth method from `ident` to `md5` for localhost
|
|
|
|
A2. Create the pagure database
|
|
|
|
sudo -u postgres psql
|
|
|
|
CREATE DATABASE pagure;
|
|
CREATE USER pagure;
|
|
ALTER USER pagure WITH ENCRYPTED PASSWORD '--PagureDBUserPW--';
|
|
GRANT ALL PRIVILEGES ON DATABASE pagure to pagure;
|
|
GRANT ALL PRIVILEGES ON ALL tables IN SCHEMA public TO pagure;
|
|
GRANT ALL PRIVILEGES ON ALL sequences IN SCHEMA public TO pagure;
|
|
\q
|
|
|
|
A3. Enable and restart PostgreSQL
|
|
|
|
systemctl stop postgresql
|
|
systemctl enable --now postgresql
|
|
|
|
Option B: MariaDB
|
|
|
|
Note: If your MariaDB server is not on the same machine, just install 'python3-PyMySQL'
|
|
on the pagure host machine and follow the installation and database creation steps below
|
|
on the designated database server. This also requires the database port opened on the
|
|
database server's firewall.
|
|
|
|
zypper install mariadb mariadb-client
|
|
systemctl enable --now mariadb
|
|
mysql_secure_installation
|
|
|
|
B1. Create the pagure database
|
|
|
|
mysql -u root -p
|
|
|
|
mysql> create database pagure;
|
|
mysql> grant all privileges on pagure.* to pagure identified by '--PagureDBUserPW--';
|
|
mysql> flush privileges;
|
|
mysql> exit
|
|
|
|
2. Install Redis
|
|
|
|
zypper install redis
|
|
|
|
3. Configure redis
|
|
|
|
cp /etc/redis/default.conf.example /etc/redis/default.conf
|
|
chown root:redis /etc/redis/default.conf
|
|
systemctl enable --now redis@default.service
|
|
|
|
4. Edit /etc/pagure/pagure.cfg to set up pagure settings as appropriate.
|
|
|
|
As we set up a database earlier using PostgreSQL or MariaDB, comment out the DB_URL for SQLite and
|
|
uncomment the correct one. Change the URL to match your database server location.
|
|
|
|
You'll also want to change email address and domain used for this instance to something real, especially if
|
|
you're using with HTTPS or having it public facing.
|
|
|
|
While currently Pagure defaults to the somewhat brittle legacy Gitolite backend, you should use
|
|
the more reliable and performant internal backend.
|
|
|
|
This is done by setting the following in /etc/pagure/pagure.cfg:
|
|
|
|
GIT_AUTH_BACKEND = "pagure_authorized_keys"
|
|
HTTP_REPO_ACCESS_GITOLITE = None
|
|
|
|
SSH_COMMAND_NON_REPOSPANNER = ([
|
|
"/usr/bin/%(cmd)s",
|
|
"/srv/gitolite/repositories/%(reponame)s",
|
|
], {"GL_USER": "%(username)s"})
|
|
|
|
|
|
For details on all the options in pagure.cfg, see https://docs.pagure.org/pagure/configuration.html
|
|
|
|
5. Populate the database
|
|
|
|
python3 /usr/share/pagure/pagure_createdb.py -c /etc/pagure/pagure.cfg -i /etc/pagure/alembic.ini
|
|
|
|
Note: On upgrades, just drop the "-i /etc/pagure/alembic.ini", and the script will do the correct
|
|
thing to upgrade the database.
|
|
|
|
6. Install either Apache HTTPD or Nginx web server and set up web configuration
|
|
|
|
Option A: Apache HTTPD
|
|
|
|
zypper install pagure-web-apache-httpd
|
|
|
|
A1. Edit /etc/apache2/vhosts.d/pagure.conf to set up web settings as appropriate.
|
|
|
|
Most of the settings just need to be uncommented to work. However, you may need to tweak based
|
|
on whether or not you're using HTTPS and if you are using HTTPS, where your certs are and what your domain(s) are.
|
|
|
|
Option B: Nginx
|
|
|
|
zypper install pagure-web-nginx
|
|
systemctl enable --now pagure_web.service pagure_docs_web.service
|
|
|
|
B1. Edit /etc/nginx/vhosts.d/pagure.conf to set up web settings as appropriate.
|
|
|
|
Most of the settings just need to be uncommented to work. However, you may need to tweak based
|
|
on whether or not you're using HTTPS and if you are using HTTPS, where your certs are and what your domain(s) are.
|
|
|
|
7. Open ports in the firewall as appropriate
|
|
|
|
firewall-cmd --add-service=ssh
|
|
firewall-cmd --add-service=http
|
|
firewall-cmd --add-service=https
|
|
firewall-cmd --add-service=redis
|
|
firewall-cmd --runtime-to-permanent
|
|
|
|
8. Enable and start pagure services
|
|
|
|
systemctl enable --now pagure_worker.service pagure_authorized_keys_worker.service pagure_api_key_expire_mail.timer pagure_mirror_project_in.timer
|
|
|
|
9. Enable and start your webserver, or restart if it's already running
|
|
|
|
For more details on setup, take a look at the official Pagure documentation: https://docs.pagure.org/pagure/
|