PkgForge Admin - Incoming Queue Processor

Configuring the incoming queue processor is relatively straightforward. Before the incoming daemon can be configured the following steps must be taken:

  1. Configure the PkgForge filesystem
  2. Configure client access for the PkgForge Registry database

Installing the Software

The PkgForge, PkgForge-Registry and PkgForge-Server packages must be installed. These are provided as RPMs but it is also possible to build and install them from the .tar.gz format in the same way as any other Perl module.

Perl version 5.8.8 or newer is required. The PkgForge-Server package requires the following modules although not all are necessary for the incoming queue processor.

If you wish to process SRPMs (currently this is the only supported source package format) you will also need the Perl RPM2 module installed.

If you are using LCFG this can all be installed by including the lcfg/options/pkgforge-master.h header.

Configuration

As with the software installation, if you are using LCFG this can all be configured correctly by using the lcfg/options/pkgforge-master.h header.

The basic layout of the filesystem (as described in the separate filesystem information) should be configured using the /etc/pkgforge/pkgforge.yml YAML file. It should look something like this:

--- 
"accepted": '/afs/example.org/pkgs/pkgforge/accepted/'
"incoming": '/afs/example.org/pkgs/pkgforge/incoming/'
"results": '/afs/example.org/pkgs/pkgforge/results/'

If you are using the LCFG pkgforge component then this is done using the pkgforge.incoming, pkgforge.accepted and pkgforge.results resources.

If AFS is being used to provide the filesystem for the pkgforge service then you will need a Kerberos principal and an associated AFS user. As with Kerberised access to the Registry database the Kerberos keytab can be managed using the LCFG kerberos component. If you already have this setup for DB access you do not need a second keytab for AFS access. The following configuration will create a keytab:

!pkgforge.keytab_incoming   mSET(<%pkgforge.configdir%>/pkgforge_incoming.keytab)

!kerberos.keys                       mADD(pkgforge_incoming)
kerberos.keytab_pkgforge_incoming    <%pkgforge.keytab_incoming%>
kerberos.keytabuid_pkgforge_incoming <%pkgforge.user%>
kerberos.keytabgid_pkgforge_incoming <%pkgforge.group%>

Alternatively the principal and keytab can be created manually using the kadmin tool. You will need to ensure that the UID and GID and the permissions are correct for the keytab or k5start will not work.

The incoming queue processor is configured using the /etc/pkgforge/incoming.yml YAML file. The registry database access configuration section has already been discussed in the client configuration page. The configuration should look something like:

--- 
"init": '/etc/init.d/pkgforge-incoming'
"keytab": '/etc/pkgforge/pkgforge_incoming.keytab'
"registry": 
  "host": 'pkgforge'
  "name": 'pkgforge'
  "user": 'pkgforge_incoming'
"start": 'yes'

The init, keytab and start options are not used by the daemon, they are purely instructions for the LCFG pkgforge component.

The important file is /etc/sysconfig/pkgforge-incoming which controls how the /etc/init.d/pkgforge-incoming init-script starts the daemon. If the LCFG pkgforge component is being used then the sysconfig file will be configured automatically. The sysconfig file should look something like:

RUNAS="pkgforge"
KRB5_KEYTAB="/etc/pkgforge/pkgforge_incoming.keytab"

The following options can be modified via the sysconfig file but mostly they have sensible defaults.

Note that, by default, some files are stored in the /var/lib/pkgforge/ and /var/run/pkgforge/ directories. Those directories must be writable by whichever unix user is used to run the daemon.

Temporary Files

At various points the daemon generates temporary files. For security the daemon uses a specific temporary directory (which is /var/tmp/pkgforge by default). This directory must be writable by whichever unix user is used to run the daemon. The location can be changed by setting the tmpdir attribute in the /etc/pkgforge/incoming.yml YAML file, that is not currently modifiable using the LCFG pkgforge component.

Logging

By default the incoming queue processor log is kept in the /var/log/pkgforge/incoming.log file. You need to ensure that the log directory is writable by whichever unix user is used to run the daemon.

The logs from the incoming queue processor are configured via the /etc/pkgforge/log-incoming.cfg configuration file. For details on how to modify the style see the documentation for the Log::Dispatch and MooseX::LogDispatch Perl modules.

Starting/Stopping the Daemon

Once the configuration files are in place the incoming queue processor can be started using the init-script provided in the package. This is normally /etc/init.d/pkgforge-incoming.

Currently the init-script assumes that Kerberos authentication is required and it will attempt to start the k5start daemon first. Patches welcome to remove this limitation.

If the LCFG pkgforge component is being used then the daemon should be managed using om and the init-script should not be called directly, for example:

% om pkgforge start
% om pkgforge stop

For the component to actually start the daemon the pkgforge.start_incoming resource must be set to yes.

If any configuration or code changes are made then the daemon will need to be completely restarted. This is done with the restart method.

Without the LCFG pkgforge component the init-script should be used directly. The usual start, stop and restart methods are available.