We should not flood his mailbox anymore.
I set it to go to admin@fedoraproject.org, but if it's too much for
everyone we could just set it to nobody, or adjust it so it doesn't send
so many, or something else.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This is a POC on cert checks - it assigns an item to the Pagure host
(not via a template) but the actual check is executed on the Zabbix
server.
In reality, we should probably add LLD to certgetter01 for all the LE
certs, but this is a useful example for other cert types
Signed-off-by: Greg Sutcliffe <fedora@emeraldreverie.org>
pagure will generate a zip or gz archive of any particular thing on a
fork. scrapers crawl this and generate an archive for every single
tag in a fork.
Since we don't really need these in forks, lets forbid that.
Users that somehow need an archive for a fork can clone locally and
generate one. Non forks we are leaving enabled at this time as they
can/do use this for releases.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The blame endpoint gets crawled a lot by scrapers and it's very
intensive for pagure. It has to run the blame in the git repo, which
can take a while and requests pile up.
While right now load is fine with it, it's might be causing
sporadic 503's that we are seeing cloing things. If there's a bunch
of blame requests cloging up the queue.
Users can git clone and run a blame locally if they need to.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This adds a setup where we have podman pulling the anubis pod and
running it and then proxying requests through it for weighing.
The pod runs as an unpriv 'anubis' user and uses a systemd service file
to manage it.
Changes then are made in httpd config to terminate ssl and then proxy
via anubis. The flow is:
request -> httpd -> anubis/pod -> httpd (pagure wsgi app).
This is already manually setup on stg.pagure.io and this pr
should not change pagure.io any.
If/when we wish to enable this for pagure.io, we just need to adjust the
0_pagure.conf file and the playbook to include the role.
Note that we will want to use a different approach for proxies/other
applications. There we can use the native fedora anubis package, and
will need to adjust templates to handle the middle proxying.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Pagure is currently sending tens of thousands of emails per day. It's
flooding my mail server and I can't keep up.
Since I'm not reading them anymore, it's likely better to just not send
them :(
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
For now, we should be able to drop these blocks.
I checked logs and there have been no recent hits to these.
Of course they could become active again, but we can always put it back
in place. There's been requests from folks wanting to submit pr's that
their forks are blocked by these.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Update the latest project blocks that were added.
Also, extend the bot block to docs.pagure.io, which was
being hammered by scrapers.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
These have to be in "s in order to do a string comparison, since
they were not, they were never matching anything. ;(
Fix them all up, and also block a few more repos on pagure that are
getting heavily crawled.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is fixing ansible lint errors for distgit role.
It also introduces two new addition to skip list as the structure of our
ansible repository doesn't adhere to ansible standards.
The errors that will be now skipped are:
- role-name[path] - we have plenty of roles that have sub-roles inside
them and we need to access them
- var-naming[no-role-prefix] - variables for roles are not usually
prefixed correctly in our repository and forcing people to change that
will introduce more issues than what it solves
Today the pagure started to be unresponsive. After few hours of
debugging we narrowed the issue to worker limit. We tweaked the value to
something that should be more responsive and it helped.
Here is the PR to make the change permanent.
Thanks @gwmngilfen and @nphillip for help with that.
Removing the topic_prefix from fedora messaging config files was a bit
premature. So let's put them back in place.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This will unify all the handlers to use first uppercase letter for
ansible-lint to stop complaining.
I went through all `notify:` occurrences and fixed them by running
```
set TEXT "text_to_replace"; set REPLACEMENT "replacement_text"; git grep
-rlz "$TEXT" . | xargs -0 sed -i "s/$TEXT/$REPLACEMENT/g"
```
Then I went through all the changes and removed the ones that wasn't
expected to be changed.
Fixes https://pagure.io/fedora-infrastructure/issue/12391
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
The messaging bridges openshift project and github2fedmsg VM were
already removed in staging. This is to clean the ansible playbooks.
I will create a separate one for production after this one is merged.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
