WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 03:23:08 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,955 Commits 9 Branches 0 Tags
2465791d08ec00d8f68ebc8c3c632fa63c87ea2e
Commit Graph

723 Commits

Author SHA1 Message Date
Pierre-Yves Chibon
6906744f61 distgit/pagure: Specify the url to oraculum in the config 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-05-04 11:53:21 +02:00
Pierre-Yves Chibon
292c0baf78 distgit: adjust the way we override the branches when querying PDC 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-04-06 14:04:16 +02:00
Pierre-Yves Chibon
2b46c6a7fb basessh/distgit: adjust the way ssh is configured for distgit 
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-04-03 21:16:51 +02:00
Pierre-Yves Chibon
00804542f3 Revert "basessh/distgit: adjust the way ssh is configured for distgit" 
This is still being reviewed and wasn't meant to be pushed out yet

This reverts commit 67844b4504.
 2021-04-03 19:10:54 +02:00
Pierre-Yves Chibon
67844b4504 basessh/distgit: adjust the way ssh is configured for distgit 
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-04-03 19:01:38 +02:00
Pierre-Yves Chibon
9d4f6c7620 distgit/pagure: disable the hook to block un-signed commits 
Relates to https://pagure.io/fedora-infrastructure/issue/9793

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-29 14:50:51 +02:00
Pierre-Yves Chibon
74b32a1768 distgit/pagure: fix thee if/else/endif block 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-02 11:18:29 +01:00
Pierre-Yves Chibon
5d83949656 distgit/pagure: Turn off username lookup in dist-git 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-02 11:16:06 +01:00
Pierre-Yves Chibon
8b39d13364 pagure/dist-git: Adjust the IP list allowed on the internal endpoint - again 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 17:26:47 +01:00
Pierre-Yves Chibon
caa8b7054a pagure/dist-git: Adjust the IP list allowed on the internal endpoint 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 17:02:50 +01:00
Pierre-Yves Chibon
40bfa1604b distgit/pagure: Let pagure to manage ssh keys in stg 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 16:36:20 +01:00
Pierre-Yves Chibon
0d1d2aace5 distgit/pagure: create the git user and add it to the packager group 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 16:25:10 +01:00
Pierre-Yves Chibon
ac2c21ca4a distgit/pagure: in stg we'll use the git user now 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 16:17:57 +01:00
Pierre-Yves Chibon
218d692b85 dist-git/pagure: configure pagure to allow access via a single git user for everyone 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-03-01 13:21:25 +01:00
Pierre-Yves Chibon
d0a8837c07 distgit/pagure: remove the commit ACL for API keys in prod 
This ACL turns out to be too confusing to users as it currently
does not work with our OIDC set-up with fedpkg.
Once we'll have figured out how to make both work together or
keep one and remove the other, we can revisit.

Keeping this in staging so we have a place where we can experiment
with this.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-18 09:26:48 +01:00
Pierre-Yves Chibon
b2b6bc8bcb distgit/pagure: make the short commit be 7 chars 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-15 14:59:27 +01:00
Pierre-Yves Chibon
7868dcfa81 distgit/pagure: add a hotfix tag where we fix the /var/log/pagure folder 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
dfc2844214 distgit/pagure: redirect users viewing files in the old default branch to the new default one 
Fixes https://pagure.io/fedora-infrastructure/issue/9620

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-10 17:58:53 +01:00
Mohan Boddu
f6d75dfca0 Mass branching, move from master to rawhide 
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
 2021-02-09 11:20:12 -05:00
Neal Gompa
ff0a3beaff roles/distgit/pagure: Enable 'commit' ACL for API tokens 
This permits users to create API tokens that have the ability to
commit to repositories through HTTPS. This is especially useful for
non-packagers that are trying to contribute through pull requests,
because they lack the normal packager SSH permissions.

Signed-off-by: Neal Gompa <ngompa13@gmail.com>
 2021-02-04 08:35:19 +00:00
Pierre-Yves Chibon
f7f8f965c8 distgit/pagure: tell pagure-dist-git that main == rawhide 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 20:40:27 +01:00
Pierre-Yves Chibon
c625bdc1a7 distgit/pagure:Prevent creating main or rawhide without having it in PDC 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 14:31:33 +01:00
Pierre-Yves Chibon
caa56c98bb distgit/pagure: block pushing to master 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-03 14:12:47 +01:00
Pierre-Yves Chibon
05caa9f461 distgit/pagure: simplify RCM_BRANCHES and adjust the list of branches blocked 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-02 17:08:41 +01:00
Pierre-Yves Chibon
8850720c2e distgit/pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:04 +01:00
Kevin Fenzi
0741be6d2a pagure / pkgs: drop provenpackager excludes on firefox, thunderbird, xulrunner 
See https://pagure.io/fedora-infrastructure/issue/9557
Basically we don't need to block commits here anymore,
maintainers are confident they can prevent anything going out that
causes problems for the firefox name. Additionally, xulrunner was
retired a long time ago.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 13:40:45 -08:00
Kevin Fenzi
5927f7b321 distgit / hooks: only tweak perms on batcave hooks perms 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-15 11:39:26 -08:00
Pierre-Yves Chibon
b0fc7a8200 distgit/pagure: show 7 characters when showing the short hash of commits 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-14 13:34:09 +01:00
Pierre-Yves Chibon
3960dd182f distgit/pagure: make 'rawhide' be the default branch created when a repo is created 
This will only take effect once pagure 5.12+ is deployed

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-11 17:35:55 +01:00
Pierre-Yves Chibon
998c84baaa dist-git: add missing type 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 17:26:26 +01:00
Pierre-Yves Chibon
872090ee54 dist-git: some more selinux policy changes 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 17:24:55 +01:00
Pierre-Yves Chibon
d503f374db distgit: some more selinux policy update 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 16:51:51 +01:00
Pierre-Yves Chibon
3351fbd3b4 drop run_once when install selinux policies 
Otherwise the policy doesn't get installed everywhere...

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 16:48:42 +01:00
Pierre-Yves Chibon
74890814a1 distgit: adjust the selinux policy a little more 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 16:48:30 +01:00
Pierre-Yves Chibon
be1c8bcb45 distgit: keep working on the http_policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:56:37 +01:00
Pierre-Yves Chibon
f3a1c52522 distgit: ad missing instruction in the http_policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:53:18 +01:00
Pierre-Yves Chibon
f580d72f24 distgit: add the missing headers in the http_policy policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:49:30 +01:00
Pierre-Yves Chibon
1df7a7c0d3 distgit: add a selinux tag 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:38:09 +01:00
Pierre-Yves Chibon
1ef758c408 distgit: install another custom selinux policy 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-10 15:35:33 +01:00
Pierre-Yves Chibon
3f03400dac distgit: drop pagure related selinux config since it's now handled in the pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:27:27 +01:00
Pierre-Yves Chibon
a7e2a97fad distgit: drop selinux config from the distgit role as it is now in pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 17:24:18 +01:00
Pierre-Yves Chibon
0b3a2cc4a8 distgit/pagure: use symlink instead of complicated paths 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:58:58 +01:00
Pierre-Yves Chibon
618cbde6cc distgit/pagure: make the selinux files available to the distgit/pagure role 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:55:14 +01:00
Pierre-Yves Chibon
8890fb10a9 distgit/pagure: add missing '/' 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:50:20 +01:00
Pierre-Yves Chibon
77096060f6 distgit/pagure: Configure selinux in distgit just like on pagure.io 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-05 15:48:41 +01:00
Kevin Fenzi
d9e8f5951a distgit: correct path to pagure_sar.py script 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-10-02 09:27:38 -07:00
Pavel Raiskup
b7bdcacc3e distgit: fix chown in make-new-lookaside-links 
Followup for 9d9680cc73
 2020-08-19 13:24:58 +02:00
张皓
9d9680cc73 Fix syntax error in make-new-lookaside-links 
Fix syntax error in make-new-lookaside-links
 2020-08-19 10:08:56 +00:00
Pierre-Yves Chibon
69cd8056e1 distgit/pagure: update deprecated environment variable to the new one 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-08-07 09:59:21 +02:00
Pierre-Yves Chibon
4ceb0b2c1c distgit/pagure: Drop old code dealing with phx2 and py2 and rhel7 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-07-27 09:46:58 +02:00