WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-24 10:31:56 +08:00
Code Issues Packages Projects Releases Wiki Activity
30,345 Commits 9 Branches 0 Tags
871cff021a42e374cb7bf04d7bfb2591e4c9dee9
Commit Graph

627 Commits

Author SHA1 Message Date
Pierre-Yves Chibon
a232c72149 distgit/pagure: Allow the html to connect to apps.fp.o and mdapi.fp.o 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:22 +02:00
Mohan Boddu
028cdc638d relenggroup is used for massrebuild 
https://src.fedoraproject.org/group/relenggroup

Revert "dist-git/pagure: There is no relenggroup in Fedora, it's called cvsadmin"

This reverts commit 85a12a41dd708061c54eb842432dd619bed2d446.
 2020-04-24 21:34:21 +02:00
Stephen Smoogen
d05626d43c [pagure] put back changes into configs I whacked earlier 2020-04-24 21:34:20 +02:00
Stephen Smoogen
c9f3d2d8be [pkgs] A ternary needs 2 arguments. I removed one in the previous commit and should have changed the code completely instead. 2020-04-24 21:34:20 +02:00
Stephen Smoogen
ccaa519dd3 [pkgs]: remove mentions of repospanner so that playbooks will set up things without it 2020-04-24 21:34:20 +02:00
Pierre-Yves Chibon
a23e73df37 distgit/pagure: Turn off the pagure-sync-bugzilla cron job 
This script has been ported to its own upstream at:
https://pagure.io/Fedora-Infra/distgit-bugzilla-sync
and is now running as a cron job in openshift (twice a day).

So we can remove it from this role/host.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:20 +02:00
Pierre-Yves Chibon
43be9500bd distgit/pagure: drop a hotfix that is no longer needed 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:20 +02:00
Pierre-Yves Chibon
11c623613e distgit/pagure: move the hooks back to fedmsg 
Due to a permission issue with the fedora-messaging cert, we cannot
move src.fp.o fully to fedora-messaging at this time, so moving
back to fedmsg for the hook for now.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:20 +02:00
Pierre-Yves Chibon
cae73d9dd9 distgit/pagure: move some configuration key to the shared config 
- Use fedora-messaging everywhere instead of fedmsg
- Make setting: ALWAYS_FEDMSG_ON_COMMITS always true

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:20 +02:00
Pierre-Yves Chibon
8981c7dd49 dist-git/pagure: There is no relenggroup in Fedora, it's called cvsadmin 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:18 +02:00
Pierre-Yves Chibon
30a7d4a19d disgit/pagure: moving mdapi from connect-src to script-src 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
38843d8631 distgit/pagure: allow to do ajax request to mdapi 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
de81dd973d distgit/pagure: change how the group name is defined 
The previous approach didn't seem to be liked by ansible

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Julen Landa Alustiza
29942b36b2 distgit content-security-policy: allow connect to pdc.fp.o 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
55e68ff124 distgit/pagure: fix comment 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
c9260c2884 dist-git/pagure: src.fp.o doesn't know about the repoSpanner group so use pagure instead 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
71764d9360 dist-git/pagure: enable the pagure-dist-git 3rd party extension in prod 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
fb664e3745 dist-git/pagure: enable fedora-messaging in prod as well 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
49f68f14d5 distgit/pagure: Allow the pull_request_flag ACL on cross-projects API tokens 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:17 +02:00
Pierre-Yves Chibon
43f084686d dist-git/pagure: Drop couple of variables not used and already defined 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:11 +02:00
Pierre-Yves Chibon
93074d7249 dist-git/pagure: Enable the issue tracker on the tests namespace 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:11 +02:00
Kevin Fenzi
9f933fddee distgit / fas override: add override for pkfed 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2020-04-24 21:34:10 +02:00
Pierre-Yves Chibon
ebddc53593 distgit/pagure: allow cross-project API tokens to merge PRs 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:09 +02:00
Julen Landa Alustiza
2de580306b dist-git: Custom csp policy that allows connecting to apps.fp.o 2020-04-24 21:34:09 +02:00
Pierre-Yves Chibon
a924fac977 dist-git/pagure: Enable the pagure-dist-git 3rd party plugin in staging 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-04-24 21:34:08 +02:00
Pierre-Yves Chibon
84eebb9615 dist-git/pagure: Allow the update_watch_status ACL 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-06-05 11:29:36 +02:00
Pierre-Yves Chibon
527bf3a995 pagure/dist-git: allow user to change their watch status via the API 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-06-05 11:28:09 +02:00
Owen W. Taylor
4e5928d055 Allow a separate flatpaks/ namespace in production 
Adjust the production distgit and MBS configuration to allow
having a separate flatpaks/ namespace and building from there.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2019-05-14 18:47:48 +00:00
Kevin Fenzi
9790382e6b distgit/koji_hub: drop updatecrl. No longer used. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-05-13 21:36:09 +00:00
Pierre-Yves Chibon
6c8749cf59 distgit/pagure: Fix the amqp_url for fedora-messaging on pagure 
The cert is now for rabbitmq.stg.fedoraproject.org and not:
rabbitmq01.stg.phx2.fedoraproject.org so having the wrong url in the config
leads to a CertificateError leading to pagure failing to send notifications
on fedora-messaging.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-29 11:14:38 +02:00
Patrick Uiterwijk
55c9fb266b Remove cgit from dist-git 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-13 15:57:00 +02:00
Stephen Smoogen
2549998aa9 [repospanner/pagure] when using variables.. check what you type twice before committing 2019-04-12 14:45:03 +00:00
Stephen Smoogen
4d9f322a13 [repospanner] When defining ports please use the variables in global.yml to make sure that all the files get edited during a playrun versus just one or two. Thank you. 2019-04-12 14:22:24 +00:00
Owen W. Taylor
76197fc4d0 Prepare staging for a separate flatpaks/ namespace 
Change the distgit staging configuration to allow a flatpaks/ namespace,
and configure Koji and MBS to allow building from there.

Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
 2019-04-10 16:15:54 +00:00
Pierre-Yves Chibon
1319bc99f5 distgit/pagure: indicate to pagure that the git hook have a read-only access to the DB 
This way it'll try to interact with the DB using async processes
(the workers) rather than trying to do it where it does not have
the permissions and crash.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-10 13:16:39 +02:00
Stephen Smoogen
7c3fa7c396 Make it so our http configs for repoSpanner do not wander off from each other due to too many cooks and too few pots. Change all repospanner related 8443 to use jinja variable repoSpanner_{{region}}_http 2019-04-09 13:50:01 +00:00
Patrick Uiterwijk
0c7449ea1d Add sslciphers tags 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-04-08 21:41:17 +02:00
Kevin Fenzi
9f4bf69eae pagure / src.fp.o: Drop fedora-altarch, as it's not used. Add cvsadmin as we want them to have access to everything. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-04-08 19:26:32 +00:00
Pierre-Yves Chibon
30f7f775b4 Have pagure log commits on all branches 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-08 12:24:27 +02:00
Pierre-Yves Chibon
2b37c83ae3 distgit/pagure: Increase the cross-project ACLs 
This just makes pagure accept to generate project-less API tokens
with these two ACLs.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-04-03 11:50:08 +02:00
Patrick Uiterwijk
85c09a8f50 Update repospanner hook id in stg 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
 2019-03-29 12:17:35 +01:00
Pierre-Yves Chibon
307eb2fdfc pagure: Turn off debug mode on pagure.io an src.fp.o 
This leads to some exception being raised instead of by-pass safely.
It was useful at some point because pagure would not log error to
its logs otherwise but Patrick has since fixed it and I believe it
may be triggering some errors now.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-03-08 16:52:13 +01:00
Pierre-Yves Chibon
6ae1ad74d4 distgit/pagure: actually apply the hotfix 
So in out dist-git setup the git hook have a dedicated configuration
file which only contains a read-only access to the database.
This is because of the way our dist-git is setup where every packager
actually has a shell account on the machine and the hook are run by
that account.
So if the packager manages to get a shell access, they will be able to
read this configuration file and we do not want to give them read/write
access to the database.
Pagure however in the default hook tries to update the database, among
other it tries to clear the cached merge status of the open PR when a
commit is pushed.
For a nice UX, it does this within the hook process, this way there is
no race-condition and users accessing a PR right after a push will get
an up to date merge status (as it will be re-generated).
But we cannot do this in dist-git since we cannot update the database
directly, so instead, with this hotfix, we move the process of cleaning
up the merge status to an async job that will have read/write access
and there may be some race-condition in displaying the merge status
but so be it.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-03-07 16:31:25 +01:00
Stephen Smoogen
f11158639e [repospanner/hook] Update repospanner hookid 
Due to a missed commit, the repospanner hookid was not updated in
ansible which broke pushes later.
 2019-03-07 11:56:58 +00:00
Pierre-Yves Chibon
a790f2b884 Allow the cross-project ACLs pull_request_create pull_request_comment in staging 
Fixes https://pagure.io/fedora-infrastructure/issue/7623

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-03-06 16:19:49 +01:00
Kevin Fenzi
29ed16ab01 pkgs: Do not try and allow repoSpanner access to pagure config in prod as it isn't deployed there yet. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2019-03-06 02:03:20 +00:00
Pierre-Yves Chibon
9aa0c13345 Use quotes... annoying ansible 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-03-04 17:28:34 +01:00
Pierre-Yves Chibon
238c62b290 Make the certs available to repoSpanner on dist-git/stg 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-03-04 17:22:49 +01:00
Pierre-Yves Chibon
48fdb8060e Fix ownership of the certs for pagure and koji 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-03-04 16:46:07 +01:00
Pierre-Yves Chibon
723b21b2f0 Let's try specifying the mode as a string 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2019-03-04 15:20:56 +01:00