From a0dd911a6343f007a7c2d545bc2b812902a247fa Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 12 Aug 2018 10:10:47 -0500
Subject: [PATCH] roles/koji-builder: Deploy the Koji builder

The *koji-builder* role installs and configures the Koji builder
(*kojid*). It supports configuring an HTTP proxy, if required.
---
 roles/koji-builder/defaults/main.yml          |  13 +
 roles/koji-builder/handlers/main.yml          |   8 +
 roles/koji-builder/tasks/main.yml             |  78 ++++
 .../koji-builder/templates/http_proxy.conf.j2 |  10 +
 roles/koji-builder/templates/kojid.conf.j2    |  96 +++++
 .../templates/site-defaults.mock.cfg.j2       | 362 ++++++++++++++++++
 6 files changed, 567 insertions(+)
 create mode 100644 roles/koji-builder/defaults/main.yml
 create mode 100644 roles/koji-builder/handlers/main.yml
 create mode 100644 roles/koji-builder/tasks/main.yml
 create mode 100644 roles/koji-builder/templates/http_proxy.conf.j2
 create mode 100644 roles/koji-builder/templates/kojid.conf.j2
 create mode 100644 roles/koji-builder/templates/site-defaults.mock.cfg.j2

diff --git a/roles/koji-builder/defaults/main.yml b/roles/koji-builder/defaults/main.yml
new file mode 100644
index 0000000..d628a6b
--- /dev/null
+++ b/roles/koji-builder/defaults/main.yml
@@ -0,0 +1,13 @@
+koji_home: /var/lib/koji
+koji_temp: /var/tmp/koji
+kojihub_host: "{{ ansible_fqdn }}"
+kojihub_url: https://{{ kojihub_host }}/kojihub
+kojifiles_host: "{{ kojihub_host }}"
+kojifiles_url: http://{{ kojifiles_host }}/kojifiles
+kojid_maxjobs: 10
+kojid_minspace: 4096
+kojid_allowed_scms: []
+koji_smtp_relay:
+http_proxy: ''
+https_proxy: ''
+no_proxy: ''
diff --git a/roles/koji-builder/handlers/main.yml b/roles/koji-builder/handlers/main.yml
new file mode 100644
index 0000000..2c9500b
--- /dev/null
+++ b/roles/koji-builder/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: update ca trust
+  command: update-ca-trust
+- name: reload systemd
+  command: systemctl daemon-reload
+- name: restart kojid
+  service:
+    name=kojid
+    state=restarted
diff --git a/roles/koji-builder/tasks/main.yml b/roles/koji-builder/tasks/main.yml
new file mode 100644
index 0000000..41af644
--- /dev/null
+++ b/roles/koji-builder/tasks/main.yml
@@ -0,0 +1,78 @@
+- name: ensure packages are installed
+  package:
+    name=koji-builder
+    state=present
+  tags:
+  - install
+
+- name: ensure kojid certificate is installed
+  copy:
+    src={{ item }}
+    dest=/etc/kojid/kojid.pem
+    mode=0400
+    owner=root
+    group=root
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/kojid.pem
+  notify: restart kojid
+- name: ensure kojid ca certificates are installed
+  copy:
+    src={{ item }}
+    dest=/etc/kojid/{{ item|basename }}
+    mode=0644
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/*.crt
+- name: ensure koji hub server ca certificate is trusted
+  copy:
+    src={{ item }}
+    dest=/etc/pki/ca-trust/source/anchors/koji-hub.crt
+    mode=0644
+  with_fileglob:
+  - certs/koji/{{ inventory_hostname }}/serverca.crt
+  notify: update ca trust
+- name: ensure kojid is configured
+  template:
+    src=kojid.conf.j2
+    dest=/etc/kojid/kojid.conf
+  notify: restart kojid
+
+- name: ensure kojid unit extension directory exists
+  file:
+    path=/etc/systemd/system/kojid.service.d
+    mode=0755
+    state=directory
+- name: ensure http proxy is configured for kojid
+  template:
+    src=http_proxy.conf.j2
+    dest=/etc/systemd/system/kojid.service.d/http_proxy.conf
+    mode=0644
+  notify:
+  - reload systemd
+  - restart kojid
+
+- name: ensure mock is configured
+  template:
+    src=site-defaults.mock.cfg.j2
+    dest=/etc/mock/site-defaults.cfg
+    mode=0644
+
+- name: ensure kojid starts at boot
+  service:
+    name=kojid
+    enabled=yes
+- meta: flush_handlers
+- name: ensure kojid is running
+  service:
+    name=kojid
+    state=started
+
+- name: ensure root has an ssh key
+  user:
+    name=root
+    generate_ssh_key=yes
+    ssh_key_type=rsa
+    ssh_key_bits=4096
+  register: root_user
+- name: display ssh public key for root
+  debug:
+    var=root_user.ssh_public_key
diff --git a/roles/koji-builder/templates/http_proxy.conf.j2 b/roles/koji-builder/templates/http_proxy.conf.j2
new file mode 100644
index 0000000..d67e331
--- /dev/null
+++ b/roles/koji-builder/templates/http_proxy.conf.j2
@@ -0,0 +1,10 @@
+[Service]
+{% if http_proxy|d %}
+Environment=http_proxy={{ http_proxy }}
+{% endif %}
+{% if https_proxy|d %}
+Environment=https_proxy={{ https_proxy }}
+{% endif %}
+{% if no_proxy|d %}
+Environment=no_proxy={{ no_proxy|join(',') }}
+{% endif %}
diff --git a/roles/koji-builder/templates/kojid.conf.j2 b/roles/koji-builder/templates/kojid.conf.j2
new file mode 100644
index 0000000..666babe
--- /dev/null
+++ b/roles/koji-builder/templates/kojid.conf.j2
@@ -0,0 +1,96 @@
+{#- vim: set ft=jinja : -#}
+[kojid]
+; The number of seconds to sleep between tasks
+; sleeptime=15
+
+; The maximum number of jobs that kojid will handle at a time
+maxjobs={{ kojid_maxjobs }}
+
+; The minimum amount of free space (in MBs) required for each build root
+minspace={{ kojid_minspace }}
+
+; The directory root where work data can be found from the koji hub
+topdir={{ koji_home }}
+
+; The directory root for temporary storage
+workdir={{ koji_temp }}
+
+; The directory root for mock
+; mockdir=/var/lib/mock
+
+; The user to run as when doing builds
+; mockuser=kojibuilder
+
+; The vendor to use in rpm headers
+; vendor=Koji
+
+; The packager to use in rpm headers
+; packager=Koji
+
+; The distribution to use in rpm headers
+; distribution=Koji
+
+; The _host string to use in mock
+; mockhost=koji-linux-gnu
+
+; The URL for the xmlrpc server
+server={{ kojihub_url }}
+
+; The URL for the file access
+topurl={{ kojifiles_url }}
+
+; use createrepo_c rather than createrepo
+; use_createrepo_c=False
+
+; A space-separated list of tuples from which kojid is allowed to checkout.
+; The format of those tuples is:
+;
+;     host:repository[:use_common[:source_cmd]]
+;
+; Incorrectly-formatted tuples will be ignored.
+;
+; If use_common is not present, kojid will attempt to checkout a common/
+; directory from the repository.  If use_common is set to no, off, false, or 0,
+; it will not attempt to checkout a common/ directory.
+;
+; source_cmd is a shell command (args separated with commas instead of spaces)
+; to run before building the srpm. It is generally used to retrieve source
+; files from a remote location.  If no source_cmd is specified, "make sources"
+; is run by default.
+allowed_scms={{ kojid_allowed_scms|join(' ') }}
+
+; The mail host to use for sending email notifications
+smtphost={{ koji_smtp_relay }}
+
+; The From address used when sending email notifications
+from_addr=Koji Build System <koji@{{ ansible_domain }}>
+
+;configuration for Kerberos authentication
+
+;the format of the principal used by the build hosts
+;%s will be replaced by the FQDN of the host
+;host_principal_format = compile/%s@EXAMPLE.COM
+
+;location of the keytab
+;keytab = /etc/kojid/kojid.keytab
+
+;the service name of the principal being used by the hub
+;krbservice = host
+
+;configuration for SSL authentication
+
+;client certificate
+cert = /etc/kojid/kojid.pem
+
+;certificate of the CA that issued the client certificate
+ca = /etc/kojid/clientca.crt
+
+;certificate of the CA that issued the HTTP server certificate
+serverca = /etc/kojid/serverca.crt
+
+;if set to True, failing subtask will not automatically cancel other siblings
+;build_arch_can_fail = False
+{% if yum_proxy|d %}
+
+yum_proxy = {{ yum_proxy }}
+{% endif %}
diff --git a/roles/koji-builder/templates/site-defaults.mock.cfg.j2 b/roles/koji-builder/templates/site-defaults.mock.cfg.j2
new file mode 100644
index 0000000..8977910
--- /dev/null
+++ b/roles/koji-builder/templates/site-defaults.mock.cfg.j2
@@ -0,0 +1,362 @@
+# mock defaults
+# vim:tw=0:ts=4:sw=4:et:
+#
+# If you want to alter just some setting for one user, you can put the
+# configuration in:
+#    ~/.config/mock.cfg
+#
+# This config file is for site-specific default values that apply across all
+# configurations. Options specified in this config file can be overridden in
+# the individual mock config files.
+#
+# The site-defaults.cfg delivered by default has NO options set. Only set
+# options here if you want to override the defaults.
+#
+# It's possible to use include statement in order to make one config included to another:
+# include('/path/to/included/config.cfg')
+#
+# Entries in this file follow the same format as other mock config files.
+# config_opts['foo'] = bar
+
+#############################################################################
+#
+# Things that we recommend you set in site-defaults.cfg:
+#
+# config_opts['basedir'] = '/var/lib/mock/'
+# config_opts['cache_topdir'] = '/var/cache/mock'
+#  Note: the path pointed to by basedir and cache_topdir must be owned
+#        by group 'mock' and must have mode: g+rws
+# config_opts['rpmbuild_timeout'] = 0
+# config_opts['use_host_resolv'] = True
+
+# You can configure log format to pull from logging.ini formats of these names:
+# config_opts['build_log_fmt_name'] = "unadorned"
+# config_opts['root_log_fmt_name']  = "detailed"
+# config_opts['state_log_fmt_name'] = "state"
+#
+# mock will normally set up a minimal chroot /dev.
+# If you want to use a pre-configured /dev, disable this and use the bind-mount
+# plugin to mount your special /dev
+# config_opts['internal_dev_setup'] = True
+#
+# the cleanup_on_* options allow you to automatically clean and remove the
+# mock build directory, but only take effect if --resultdir is used.
+# config_opts provides fine-grained control. cmdline only has big hammer
+#
+# config_opts['cleanup_on_success'] = 1
+# config_opts['cleanup_on_failure'] = 1
+
+# The build user's homedir is partially cleaned up even when --no-clean is
+# specified in order to prevent garbage from previous builds from altering
+# successive builds. Mock can be configured to exclude certain files/directories
+# from this. Default is SOURCES directory to support nosrc rpms. Paths are
+# relative to build user's homedir
+# config_opts['exclude_from_homedir_cleanup'] = ['build/SOURCES']
+
+# Mock uses systemd-nspawn(1) by default. When use_nspawn is set to False,
+# simple os.chroot() is used instead.
+# config_opts['use_nspawn'] = True
+# If you're using nspawn, then by default networking will be turned off
+# for rpmbuild.  This helps ensure more reproducible builds.
+config_opts['rpmbuild_networking'] = True
+# Additional args for nspawn
+# config_opts['nspawn_args'] = []
+## When RPM is build in container then build hostname is set to name of
+## container. This sets the build hostname to name of container's host.
+## Works only in F25+ chroots
+# config_opts['use_container_host_hostname'] = True
+
+# This works unconditionally by calling sethostname(), however
+# variable use_container_host_hostname or %_buildhost macro can override this
+# config_opts['hostname'] = 'my.own.hostname'
+
+# The default package manager is Yum
+# config_opts['package_manager'] = 'yum'
+# If you want to use DNF, set it to 'dnf'. To use DNf you need to have dnf and
+# dnf-plugins-core installed
+
+# You can configure Yum, DNF, rpm and rpmbuild executable paths if you need to
+# use different versions that the system-wide ones
+# config_opts['yum_command'] = '/usr/bin/yum'
+# config_opts['yum_builddep_command'] = '/usr/bin/yum-builddep'
+# config_opts['dnf_command'] = '/usr/bin/dnf'
+# config_opts['rpm_command'] = '/bin/rpm'
+# config_opts['rpmbuild_command'] = '/usr/bin/rpmbuild'
+# config_opts['target_dir'] = '/var/cache/%(package_manager)s/'
+#
+# By default a Yum/DNF update is performed before each rebuild
+# config_opts['update_before_build'] = True
+
+# If you want mock to bootstrap a chroot with
+# the target yum/dnf version in, before using
+# that chroot to make the actual build chroot, set this to True.
+# This is useful when the target may require newer RPM features
+# than are available on the host.
+# config_opts['use_bootstrap_container'] = False
+
+# when 'use_bootstrap_container' is True, these commands are used to build
+# the minimal chroot for the respective package manager
+# config_opts['yum_install_command'] = 'install yum yum-utils shadow-utils distribution-gpg-keys'
+# config_opts['dnf_install_command'] = 'install dnf dnf-plugins-core distribution-gpg-keys'
+# config_opts['system_yum_command'] = '/usr/bin/yum'
+# config_opts['system_dnf_command'] = '/usr/bin/dnf'
+
+# anything you specify with 'bootstrap_*' will be copied to bootstrap config
+# e.g. config_opts['bootstrap_system_yum_command'] = '/usr/bin/yum-deprecated' will become
+# config_opts['system_yum_command'] = '/usr/bin/yum-deprecated' for bootstrap config
+config_opts['bootstrap_chroot_additional_packages'] = []
+config_opts['bootstrap_module_enable'] = []
+config_opts['bootstrap_module_install'] = []
+
+# if you want mock to automatically run createrepo on the rpms in your
+# resultdir.
+# config_opts['createrepo_on_rpms'] = False
+# config_opts['createrepo_command'] = '/usr/bin/createrepo_c -d -q -x *.src.rpm'
+
+# if you want mock to backup the contents of a result dir before clean
+# config_opts['backup_on_clean'] = False
+# config_opts['backup_base_dir'] = config_opts['basedir'] + "backup"
+
+# if you want to speed up the package installation and the build process, mock
+# can use nosync library to skip fsync and related calls from programs called
+# from within mock. It needs nosync library to be installed and for multilib
+# target, it requires both architectures of nosync to be present. If these
+# conditions aren't met, it won't be enabled
+# config_opts['nosync'] = False
+# if you cannot or don't want to install both architectures of nosync and still
+# want mock to use it, you can force it, but then expect a lot of (generally
+# harmless) error messages from ld.so when a 32bit program is executed
+# config_opts['nosync_force'] = False
+
+# By default Mock unshare namespace so it is different from your other application
+# in unpriviliged container, this is skipped. We will warn you that running mock
+# and some other applications in the same container is not good idea and
+# can be security risk. If you are fully aware of this risk or mock is your
+# only one application in that container you can disable the warning here.
+# config_opts['docker_unshare_warning'] = True
+
+#############################################################################
+#
+# plugin related. Below are the defaults. Change to suit your site
+# policy. site-defaults.cfg is a good place to do this.
+#
+# NOTE: Some of the caching options can theoretically affect build
+#  reproducability. Change with care.
+#
+# config_opts['plugin_conf']['package_state_enable'] = True
+# config_opts['plugin_conf']['package_state_opts'] = {}
+# config_opts['plugin_conf']['package_state_opts']['available_pkgs'] = False
+# config_opts['plugin_conf']['package_state_opts']['installed_pkgs'] = True
+# config_opts['plugin_conf']['ccache_enable'] = False
+# config_opts['plugin_conf']['ccache_opts'] = {}
+# config_opts['plugin_conf']['ccache_opts']['max_cache_size'] = '4G'
+# config_opts['plugin_conf']['ccache_opts']['compress'] = None
+# config_opts['plugin_conf']['ccache_opts']['dir'] = "%(cache_topdir)s/%(root)s/ccache/u%(chrootuid)s/"
+# config_opts['plugin_conf']['yum_cache_enable'] = True
+# config_opts['plugin_conf']['yum_cache_opts'] = {}
+# config_opts['plugin_conf']['yum_cache_opts']['max_age_days'] = 30
+# config_opts['plugin_conf']['yum_cache_opts']['max_metadata_age_days'] = 30
+# config_opts['plugin_conf']['yum_cache_opts']['dir'] = "%(cache_topdir)s/%(root)s/%(package_manager)s_cache/"
+# config_opts['plugin_conf']['yum_cache_opts']['target_dir'] = "/var/cache/%(package_manager)s/"
+# config_opts['plugin_conf']['yum_cache_opts']['online'] = True
+# config_opts['plugin_conf']['root_cache_enable'] = True
+# config_opts['plugin_conf']['root_cache_opts'] = {}
+# config_opts['plugin_conf']['root_cache_opts']['age_check'] = True
+# config_opts['plugin_conf']['root_cache_opts']['max_age_days'] = 15
+# config_opts['plugin_conf']['root_cache_opts']['dir'] = "%(cache_topdir)s/%(root)s/root_cache/"
+# config_opts['plugin_conf']['root_cache_opts']['compress_program'] = "pigz"
+# config_opts['plugin_conf']['root_cache_opts']['extension'] = ".gz"
+# config_opts['plugin_conf']['root_cache_opts']['exclude_dirs'] = ["./proc", "./sys", "./dev",
+#                                                                  "./var/tmp/ccache", "./var/cache/yum" ]
+# config_opts['plugin_conf']['hw_info_enable'] = True
+# config_opts['plugin_conf']['hw_info_opts'] = {}
+#
+# bind mount plugin is enabled by default but has no configured directories to
+# mount
+# config_opts['plugin_conf']['bind_mount_enable'] = True
+# config_opts['plugin_conf']['bind_mount_opts']['dirs'].append(('/host/path', '/bind/mount/path/in/chroot/' ))
+#
+# config_opts['plugin_conf']['tmpfs_enable'] = False
+# config_opts['plugin_conf']['tmpfs_opts'] = {}
+# config_opts['plugin_conf']['tmpfs_opts']['required_ram_mb'] = 1024
+# config_opts['plugin_conf']['tmpfs_opts']['max_fs_size'] = '768m'
+# config_opts['plugin_conf']['tmpfs_opts']['mode'] = '0755'
+# config_opts['plugin_conf']['tmpfs_opts']['keep_mounted'] = False
+#
+# config_opts['plugin_conf']['chroot_scan_enable'] = False
+# config_opts['plugin_conf']['chroot_scan_opts'] = {
+## Regexp of files which should be copied from buildroot to resultdir.
+#    'regexes': [ "^[^k]?core(\.\d+)?", "\.log$",],
+## If set to True files are copied only if build failed.
+#    'only_failed': True,
+#}
+#
+# lvm_root plugin is not enabled by default and is distributed in separate
+# subpackage mock-lvm. If you want to use it, it's recommended to disable the
+# root_cache plugin, otherwise you'd be caching twice.
+# config_opts['plugin_conf']['lvm_root_enable'] = False
+# config_opts['plugin_conf']['lvm_root_opts'] = {}
+# You need to give it a volume group with sufficient space. It won't touch any
+# of the existing logical volumes, so you can use the same volume group you use
+# for other purposes. It requires a name of the VG (not device path).
+# config_opts['plugin_conf']['lvm_root_opts']['volume_group'] = 'my_vg'
+# You need to specify the size that will mock's thinpool occupy. For regular
+# packages with small set of dependencies, 2G should suffice. For large packages
+# such as libreoffice, you should set it to at least 5 GB otherwise you may run
+# out of space and the build process will be blocked
+# config_opts['plugin_conf']['lvm_root_opts']['size'] = '2G'
+# You can specify alternative pool metadata size, format is the same as size.
+# Default value is determined by lvcreate based on size
+# config_opts['plugin_conf']['lvm_root_opts']['poolmetadatasize'] = None
+# When thin pool utilization is over 90% mock will refuse to continue.
+# Because once it reach 100% utilization weird things will happens.
+# config_opts['plugin_conf']['lvm_root_opts']['check_size'] = True
+# Specifying whether the buildroot volume should stay mounted after mock exits.
+# config_opts['plugin_conf']['lvm_root_opts']['umount_root'] = False
+# Filesystem name that will be used for the volume. It will use mkfs.$filesystem binary to create it.
+# config_opts['plugin_conf']['lvm_root_opts']['filesystem'] = "ext4"
+# The whole command for creating the filesystem that will get the volume path as an argument. When set, overrides above
+# option.
+# config_opts['plugin_conf']['lvm_root_opts']['mkfs_command'] = None
+# Additional arguments passed to mkfs command.
+# config_opts['plugin_conf']['lvm_root_opts']['mkfs_args'] = []
+# Will be passed to -o option of mount when mounting the volume. String or None.
+# config_opts['plugin_conf']['lvm_root_opts']['mount_opts'] = None
+# How long to sleep when waiting for concurrent LVM initialization.
+# config_opts['plugin_conf']['lvm_root_opts']['sleep_time'] = 1
+
+### pm_request plugin can install packages requested from within the buildroot
+# It is disabled by default, as it affects build reproducibility. It can be enabled
+# by setting the following to True, but it's not advised to have it enabled globally.
+# It's better to enable it per build by using --enable-plugin pm_request
+# config_opts['plugin_conf']['pm_request_enable'] = False
+# config_opts['plugin_conf']['pm_request_opts'] = {}
+
+### If you want to compress mock log, enable this plugin
+# config_opts['plugin_conf']['compress_logs_enable'] = False
+# config_opts['plugin_conf']['compress_logs_opts'] = {}
+### Command used to compress logs - e.g. "/usr/bin/xz -9 --force"
+# config_opts['plugin_conf']['compress_logs_opts']['command'] = ""
+#
+# Configuration options for the sign plugin:
+# config_opts['plugin_conf']['sign_enable'] = False
+# config_opts['plugin_conf']['sign_opts'] = {}
+# config_opts['plugin_conf']['sign_opts']['cmd'] = 'rpmsign'
+# The options to pass to the signing command. %(rpms)s will be expanded to
+# the rpms in the results folder.
+# config_opts['plugin_conf']['sign_opts']['opts'] = '--addsign %(rpms)s -D "%%_gpg_name your_name" -D "%%_gpg_path /home/your_name/.gnupg'
+
+#############################################################################
+#
+# environment for chroot
+#
+# config_opts['environment']['TERM'] = 'vt100'
+# config_opts['environment']['SHELL'] = '/bin/bash'
+# config_opts['environment']['HOME'] = '/builddir'
+# config_opts['environment']['HOSTNAME'] = 'mock'
+# config_opts['environment']['PATH'] = '/usr/bin:/bin:/usr/sbin:/sbin'
+# config_opts['environment']['PROMPT_COMMAND'] = r'printf "\033]0;<mock-chroot>\007"'
+# config_opts['environment']['PS1'] = r'<mock-chroot> \s-\v\$ '
+# config_opts['environment']['LANG'] = os.environ.setdefault('LANG', 'en_US.UTF-8')
+# config_opts['environment']['TZ'] = os.environ.setdefault('TZ', 'EST5EDT')
+#
+## other example for PS1
+# config_opts['environment']['PS1'] = r'[\u@\h<mock-chroot>/\w]\[\033[01;31m\]${?/#0/}\[\033[00m\]\$'
+# feel free to craft your own at: http://bashrcgenerator.com/
+
+#############################################################################
+#
+# Things that you can change, but we dont recommend it:
+# config_opts['chroothome'] = '/builddir'
+# config_opts['clean'] = True
+## you could not really use substitution here so it will not work if overridden:
+# config['rootdir'] = '/var/lib/mock/<CONFIG>/root/'
+## This works in F25+ chroots. This overrides 'use_container_host_hostname' option
+# config_opts['macros']['%_buildhost'] = 'my.own.hostname'
+
+#############################################################################
+#
+# Things that must be adjusted if SCM integration is used:
+#
+# config_opts['scm'] = True
+# config_opts['scm_opts']['method'] = 'git'
+# config_opts['scm_opts']['cvs_get'] = 'cvs -d /srv/cvs co SCM_BRN SCM_PKG'
+# config_opts['scm_opts']['git_get'] = 'git clone SCM_BRN git://localhost/SCM_PKG.git SCM_PKG'
+# config_opts['scm_opts']['svn_get'] = 'svn co file:///srv/svn/SCM_PKG/SCM_BRN SCM_PKG'
+# config_opts['scm_opts']['distgit_get'] = 'rpkg clone -a --branch SCM_BRN SCM_PKG SCM_PKG'
+# config_opts['scm_opts']['distgit_src_get'] = 'rpkg sources'
+# config_opts['scm_opts']['spec'] = 'SCM_PKG.spec'
+# config_opts['scm_opts']['ext_src_dir'] = '/dev/null'
+# config_opts['scm_opts']['write_tar'] = True
+# config_opts['scm_opts']['git_timestamps'] = True
+# config_opts['scm_opts']['exclude_vcs'] = True
+
+# These options are also recognized but usually defined in cmd line
+# with --scm-option package=<pkg> --scm-option branch=<branch>
+# config_opts['scm_opts']['package'] = 'mypkg'
+# config_opts['scm_opts']['branch'] = 'master'
+
+#############################################################################
+#
+# Things that are best suited for individual chroot config files:
+#
+# MUST SET (in individual chroot cfg file):
+# config_opts['root'] = 'name-of-yum-build-dir'
+# Mock will set architecture to 'target_arch' using personality(2) syscall.
+# config_opts['target_arch'] = 'i386'
+# When host system architecture is not in 'legal_host_arches' list, mock will refuse to switch to
+# 'target_arch' and will raise error.
+# config_opts['legal_host_arches'] = ('i386', 'i586', 'i686', 'x86_64')
+# Contains content of $CHROOT/etc/yum/yum.conf or $CHROOT/etc/dnf/dnf.conf. If DNF is used and
+# 'dnf.conf' is not set, then content of 'yum.conf' is used to populate $CHROOT/etc/dnf/dnf.conf
+# config_opts['yum.conf'] = ''
+# or
+# config_opts['dnf.conf'] = ''
+# Important! You must use 'assumeyes=1' in yum/dnf.conf otherwise Mock will fail.
+#
+# Flip this if you want to get rid of warning message on systems which does not support DNF
+# Warning! Setting this to False will automatically use Yum on RHEL{6,7} platforms.
+# config_opts['dnf_warning'] = True
+#
+# CAN SET, defaults usually work ok:
+# config_opts['chroot_setup_cmd'] = 'install buildsys-build'
+# config_opts['chroot_additional_packages'] = ''
+# config_opts['log_config_file'] = 'logging.ini'
+# config_opts['more_buildreqs']['srpm_name-version-release'] = 'dependency'
+# config_opts['more_buildreqs']['srpm_name-version-release'] = ['dependency1', 'dependency2']
+# config_opts['macros']['%Add_your_macro_name_here'] = "add macro value here"
+# config_opts['files']['path/name/no/leading/slash'] = "put file contents here."
+# config_opts['chrootuid'] = os.getuid()
+# config_opts['releasever'] = '20'
+# config_opts['yum_common_opts'] = []
+# config_opts['dnf_common_opts'] = ['--disableplugin=local', '--setopt=deltarpm=False']
+# config_opts['yum_builddep_opts'] = []
+# config_opts['dnf_builddep_opts'] = []
+# config_opts['priorities.conf'] = 'put file contents here.'
+# config_opts['rhnplugin.conf'] = 'put file contents here.'
+## Important! You should register your host machine first!
+# config_opts['subscription-manager.conf'] = 'put file contents here.'
+## This will only work with DNF and when repo is configured with modules=1 for repo in dnf.conf.
+## This is executed just before 'chroot_setup_cmd'.
+# config_opts['module_enable'] = ['list', 'of', 'modules']
+# config_opts['module_install'] = ['module1/profile', 'module2/profile']
+
+# If you change chrootgid, you must also change "mock" to the correct group
+# name in this line of the mock PAM config:
+#   auth  sufficient pam_succeed_if.so user ingroup mock use_uid quiet
+# config_opts['chrootgid'] = grp.getgrnam("mock")[2]
+# name of the group inside of chroot
+# config_opts['chrootgroup'] = 'mock'
+
+# config_opts['useradd'] = '/usr/sbin/useradd -m -u %(uid)s -g %(gid)s -d %(home)s -n %(user)s' # Fedora/RedHat
+#
+# Security related
+# config_opts['no_root_shells'] = False
+#
+# Proxy settings (https_proxy, ftp_proxy, and no_proxy can also be set)
+# config_opts['http_proxy'] = 'http://localhost:3128'
+#
+# Extra dirs to be created when the chroot is initialized
+# This is just a list of strings representing chroot paths such as:
+#  [ '/run/lock', ]
+# config_opts['extra_chroot_dirs'] = []