|
|
c19fc57 |
# Basic quick setup of pagure on Fedora (using PostgreSQL or MariaDB database)
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Note that for CentOS/RHEL deployments, you'll need to substitute 'dnf' for 'yum'.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
1. Install and set up a database
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Option A: PostgreSQL
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Note: If your PostgreSQL server is not on the same machine, just install 'python3-psycopg2'
|
|
|
c19fc57 |
on the pagure host machine and follow the installation and database creation steps below
|
|
|
c19fc57 |
on the designated database server. This also requires the database port opened on the
|
|
|
c19fc57 |
database server's firewall. On CentOS 7 deployments, the 'python-psycopg2' package
|
|
|
c19fc57 |
must be manually installed in either case.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo dnf install postgresql-server
|
|
|
c19fc57 |
$ sudo systemctl start postgresql
|
|
|
c19fc57 |
|
|
|
c19fc57 |
A1. Edit /var/lib/pgsql/data/pg_hba.conf and change auth method from `ident` to `md5` for localhost
|
|
|
c19fc57 |
|
|
|
c19fc57 |
A2. Create the pagure database
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo -u postgres psql
|
|
|
c19fc57 |
|
|
|
c19fc57 |
CREATE DATABASE pagure;
|
|
|
c19fc57 |
CREATE USER pagure;
|
|
|
c19fc57 |
ALTER USER pagure WITH ENCRYPTED PASSWORD '--PagureDBUserPW--';
|
|
|
c19fc57 |
GRANT ALL PRIVILEGES ON DATABASE pagure to pagure;
|
|
|
c19fc57 |
GRANT ALL PRIVILEGES ON ALL tables IN SCHEMA public TO pagure;
|
|
|
c19fc57 |
GRANT ALL PRIVILEGES ON ALL sequences IN SCHEMA public TO pagure;
|
|
|
c19fc57 |
\q
|
|
|
c19fc57 |
|
|
|
c19fc57 |
A3. Enable and restart PostgreSQL
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo systemctl stop postgresql
|
|
|
c19fc57 |
$ sudo systemctl enable --now postgresql
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Option B: MariaDB
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Note: If your MariaDB server is not on the same machine, just install 'python3-mysql'
|
|
|
c19fc57 |
on the pagure host machine and follow the installation and database creation steps below
|
|
|
c19fc57 |
on the designated database server. This also requires the database port opened on the
|
|
|
c19fc57 |
database server's firewall. On CentOS 7 deployments, the 'python-mysql' package
|
|
|
c19fc57 |
must be manually installed in either case.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo dnf install mariadb mariadb-client
|
|
|
c19fc57 |
$ sudo systemctl enable --now mysqld
|
|
|
c19fc57 |
$ sudo mysql_secure_installation
|
|
|
c19fc57 |
|
|
|
c19fc57 |
B1. Create the pagure database
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo mysql -u root -p
|
|
|
c19fc57 |
|
|
|
c19fc57 |
mysql> create database pagure;
|
|
|
c19fc57 |
mysql> grant all privileges on pagure.* to pagure identified by '--PagureDBUserPW--';
|
|
|
c19fc57 |
mysql> flush privileges;
|
|
|
c19fc57 |
mysql> exit
|
|
|
c19fc57 |
|
|
|
c19fc57 |
2. Install Redis
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo dnf install redis
|
|
|
c19fc57 |
$ sudo systemctl enable --now redis
|
|
|
c19fc57 |
|
|
|
c19fc57 |
3. Edit /etc/pagure/pagure.cfg and /etc/pagure/alembic.ini to set up pagure settings as appropriate.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
As we set up a database earlier using PostgreSQL or MariaDB, comment out the DB_URL for SQLite and
|
|
|
c19fc57 |
uncomment the correct one. Change the URL to match your database server location.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
You'll also want to change email address and domain used for this instance to something real, especially if
|
|
|
c19fc57 |
you're using with HTTPS or having it public facing.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Note that here, you need to set the file paths you intend to use for your data storage, which would
|
|
|
20ac00f |
be owned by the "git" user.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
For example, if you want to have it all in "/srv/git", then you'd do the following:
|
|
|
c19fc57 |
* Set GIT_FOLDER to "/srv/git/repositories"
|
|
|
c19fc57 |
* Set REMOTE_GIT_FOLDER to "/srv/git/remotes"
|
|
|
c19fc57 |
* Set GITOLITE_CONFIG to "/srv/git/.gitolite/conf/gitolite.conf"
|
|
|
c19fc57 |
* Set GITOLITE_HOME to "/srv/git"
|
|
|
c19fc57 |
* Set GITOLITE_KEYDIR to "/srv/git/.gitolite/keydir"
|
|
|
c19fc57 |
|
|
|
20ac00f |
While currently Pagure defaults to the somewhat brittle legacy Gitolite backend, you should use
|
|
|
20ac00f |
the more reliable and performant internal backend.
|
|
|
20ac00f |
|
|
|
20ac00f |
This is done by setting the following in /etc/pagure/pagure.cfg:
|
|
|
20ac00f |
|
|
|
20ac00f |
SSH_FOLDER = "/srv/git/.ssh"
|
|
|
20ac00f |
GIT_AUTH_BACKEND = "pagure_authorized_keys"
|
|
|
20ac00f |
HTTP_REPO_ACCESS_GITOLITE = None
|
|
|
20ac00f |
|
|
|
20ac00f |
SSH_COMMAND_NON_REPOSPANNER = ([
|
|
|
20ac00f |
"/usr/bin/%(cmd)s",
|
|
|
20ac00f |
"/srv/git/repositories/%(reponame)s",
|
|
|
20ac00f |
], {"GL_USER": "%(username)s"})
|
|
|
20ac00f |
|
|
|
20ac00f |
|
|
|
c19fc57 |
If you _do not_ intend to set up HTTPS, then change references to https to http for Pagure URLs.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
For details on all the options in pagure.cfg, see https://docs.pagure.org/pagure/configuration.html
|
|
|
c19fc57 |
|
|
|
c19fc57 |
4. Create the git user and directory structure per pagure.cfg settings
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo useradd -r -d "/srv/git" -m -c "git repository hosting" git
|
|
|
c19fc57 |
$ sudo mkdir -p /var/www/releases
|
|
|
c19fc57 |
$ sudo chown git:git /var/www/releases
|
|
|
c19fc57 |
$ sudo mkdir -p /srv/git/repositories/{,docs,forks,requests,tickets}
|
|
|
c19fc57 |
$ sudo mkdir -p /srv/git/remotes
|
|
|
c19fc57 |
$ sudo mkdir -p /srv/git/.gitolite/{conf,keydir,logs}
|
|
|
20ac00f |
$ sudo mkdir -p /srv/git/.ssh
|
|
|
1cf7cdb |
$ sudo chmod 700 /srv/git/.ssh
|
|
|
c19fc57 |
$ sudo touch /srv/git/.gitolite/conf/gitolite.conf
|
|
|
c19fc57 |
$ sudo cp /usr/share/doc/pagure/gitolite3.rc /srv/git/.gitolite.rc
|
|
|
c19fc57 |
$ sudo chown -R git:git /srv/git
|
|
|
c19fc57 |
|
|
|
c19fc57 |
5. Populate the database
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ python3 /usr/share/pagure/pagure_createdb.py -c /etc/pagure/pagure.cfg -i /etc/pagure/alembic.ini
|
|
|
c19fc57 |
|
|
|
c19fc57 |
IMPORTANT: For CentOS 7 deployments, use 'python2' instead of 'python3'.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Note: On upgrades, just drop the "-i /etc/pagure/alembic.ini", and the script will do the correct
|
|
|
c19fc57 |
thing to upgrade the database.
|
|
|
c19fc57 |
|
|
|
20ac00f |
6. Install either Apache HTTPD or Nginx web server and set up web configuration
|
|
|
c19fc57 |
|
|
|
20ac00f |
Option A: Apache HTTPD
|
|
|
20ac00f |
|
|
|
20ac00f |
$ sudo dnf install pagure-web-apache-httpd
|
|
|
c19fc57 |
|
|
|
20ac00f |
A1. Edit /etc/httpd/conf.d/pagure.conf to set up web settings as appropriate.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Most of the settings just need to be uncommented to work. However, you may need to tweak based
|
|
|
c19fc57 |
on whether or not you're using HTTPS and if you are using HTTPS, where your certs are and what your domain(s) are.
|
|
|
c19fc57 |
|
|
|
c19fc57 |
Note that "/path/to/git/repositories" needs to be replaced with the path to your git repositories,
|
|
|
c19fc57 |
which in this guide, is "/srv/git/repositories".
|
|
|
c19fc57 |
|
|
|
20ac00f |
Option B: Nginx
|
|
|
20ac00f |
|
|
|
20ac00f |
$ sudo dnf install pagure-web-nginx
|
|
|
5f252d6 |
$ sudo systemctl enable --now pagure_web.service pagure_docs_web.service
|
|
|
20ac00f |
|
|
|
20ac00f |
B1. Edit /etc/nginx/conf.d/pagure.conf to set up web settings as appropriate.
|
|
|
20ac00f |
|
|
|
20ac00f |
Most of the settings just need to be uncommented to work. However, you may need to tweak based
|
|
|
20ac00f |
on whether or not you're using HTTPS and if you are using HTTPS, where your certs are and what your domain(s) are.
|
|
|
20ac00f |
|
|
|
20ac00f |
7. Optional: Set up Let's Encrypt for HTTPS (skip if you aren't using HTTPS or have your own certs).
|
|
|
20ac00f |
|
|
|
20ac00f |
$ sudo dnf install certbot
|
|
|
20ac00f |
$ certbot --text --email email@example.org \
|
|
|
20ac00f |
--domains pagure.example.org \
|
|
|
20ac00f |
--agree-tos --renew-by-default --manual certonly
|
|
|
20ac00f |
|
|
|
20ac00f |
Edit the web server configuration file for your webserver as noted in step 6 to point to your new certificates.
|
|
|
20ac00f |
|
|
|
c19fc57 |
8. Open ports in the firewall as appropriate
|
|
|
c19fc57 |
|
|
|
c19fc57 |
$ sudo firewall-cmd --add-service=ssh
|
|
|
c19fc57 |
$ sudo firewall-cmd --add-service=http
|
|
|
c19fc57 |
$ sudo firewall-cmd --add-service=https
|
|
|
c19fc57 |
$ sudo firewall-cmd --add-service=redis
|
|
|
c19fc57 |
$ sudo firewall-cmd --runtime-to-permanent
|
|
|
c19fc57 |
|
|
|
c19fc57 |
9. Enable and start pagure services and timers
|
|
|
c19fc57 |
|
|
|
20ac00f |
$ sudo systemctl enable --now pagure_worker.service pagure_authorized_keys_worker.service pagure_api_key_expire_mail.timer pagure_mirror_project_in.timer
|
|
|
c19fc57 |
|
|
|
20ac00f |
10. Enable and start your webserver, or restart if it's already running
|
|
|
c19fc57 |
|
|
|
c19fc57 |
For more details on setup (including setting up the extra components), take a look at the official Pagure documentation: https://docs.pagure.org/pagure/
|
|
|
c19fc57 |
|