This commit is fixing ansible lint errors for distgit role.
It also introduces two new addition to skip list as the structure of our
ansible repository doesn't adhere to ansible standards.
The errors that will be now skipped are:
- role-name[path] - we have plenty of roles that have sub-roles inside
them and we need to access them
- var-naming[no-role-prefix] - variables for roles are not usually
prefixed correctly in our repository and forcing people to change that
will introduce more issues than what it solves
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
The messaging bridges openshift project and github2fedmsg VM were
already removed in staging. This is to clean the ansible playbooks.
I will create a separate one for production after this one is merged.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
This was fixed previously for pagure.io in the context of
paguremirroring. Turns out, it affects all kinds of git operations, so
document and move accordingly.
Fixes: releng#12181
Fixes: fedora-infrastructure#12010
Signed-off-by: Nils Philippsen <nils@redhat.com>
To create a new log file the as paguremirroring user we need to add write
permissions to /var/log/pagure/ folder as well. This is correctly set for
distgit/pagure role, but not for pagure itself.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
- patch the httplib2 library to avoid hardcoding TLSv1
- set the missing configuration variables in `pagure.cfg` (they have no
defaults)
- set the password for the future production version of
`client_secrets.json`
Also note that in the private ansible repo, the Pagure client
configuration in Ipsilon was fixed: the `token_endpoint_auth_method`
variable was set to `"client_secret_post"`.
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit removes the old tasks to try and create a cert/intermediate
bundle file for stunnel in favor of just doing it when we renew/get the
cert. It also fixes stunnel to use the correct bundled cert.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The current playbook assumes the old digicert ssl cert thats in private.
However, we got that in 2020 and it's expired. We switched pagure.io
over to letsencrypt a while back. Somehow we didn't change the playbook
however, or the change was lost somewhere. :(
So, this adds 2 calls to the letsencrypt role to get certs for the prod
and staging pagure instances. I think this should do the right thing
with placement of files, but more eyes welcome.
Without this playbooks runs have the chance of messing up pagure.io
certs, so I think we should fix this asap.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
For some reason pagure_mirror wasn't enabled by default on boot.
We do use this service and want it on. Upstream can likely enable it,
but in the mean time we will enable it on our instances.
See https://pagure.io/fedora-infrastructure/issue/10262
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
There's no reason to not just use one letsencrypt cert for stg.pagure.
Also clean up logic in the web config and make sure all the servernames
are handled correctly.
Once this works, will roll this to production.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
