Attached is a revised patch. Thanks!
On Tue, May 16, 2017 at 11:10 PM, InvalidPath <[email protected]> wrote: > Hey Randy, Ok takinig a look at this I wanted to toss you some questions > on your comments below. > Thanks. > > On Tue, May 16, 2017 at 8:45 AM, Randy Barlow < > [email protected]> wrote: > >> I've inserted comments inline: >> >> On Tue, 2017-05-02 at 09:33 -0600, InvalidPath wrote: >> > From 557ed944045f3d3241f485f4cf7713d2362a4129 Mon Sep 17 00:00:00 >> > 2001 >> > From: Ben Hart <[email protected]> >> > Date: Tue, 2 May 2017 09:27:20 -0600 >> > Subject: [PATCH] Combined staging and production template files >> > >> > --- >> > roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 | 592 >> Done. >> >> I recommend naming the new file production.ini, since that's the name >> it gets installed as on staging and production. It will also help me >> review this patch much more easily, because I'll see the differences >> between current production.ini and the new production.ini more clearly. >> >> I'll make a few more comments below, but I'll do a more thorough review >> once the diff is based off production.ini since that will be much >> easier for my soft, human brain. >> >> > +++++++++++++++++++++++ >> > 1 file changed, 592 insertions(+) >> > create mode 100644 roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 >> > >> > diff --git a/roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 >> > b/roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 >> > new file mode 100644 >> > index 0000000..27f59a4 >> > --- /dev/null >> > +++ b/roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 >> > @@ -0,0 +1,592 @@ >> > +[filter:proxy-prefix] >> > +use = egg:PasteDeploy#prefix >> > +prefix = / >> > +scheme = https >> > + >> > +[app:main] >> > +use = egg:bodhi-server >> > +filter-with = proxy-prefix >> > + >> > + >> Done >> We don't need this comment since this is a more typical style. >> >> > + >> > +#Misc Info at beginning of files >> > +{% if env == 'production' %} >> Done, typos >> I'm not sure this is valid Jinja syntax. I think you want == instead of >> --. >> >> Also, we probably do want this section to be the same between staging >> and production. >> Done I wasnt sure about this section since production had it but >> staging didnt. But likely a good idea for both envs to meet the same >> requirements yes? >> >> > + #PRD Info: >> > + # Release status >> > + # pre-beta enforces the 'Pre Beta' policy defined here: >> > + # https://fedoraproject.org/wiki/Updates_Policy >> > + f26.status = pre_beta >> > + >> > + f26.post_beta.mandatory_days_in_testing = 7 >> > + f26.post_beta.critpath.num_admin_approvals = 0 >> > + f26.post_beta.critpath.min_karma = 2 >> > + f26.post_beta.critpath.stable_after_days_without_neg >> > ative_karma = 14 >> > + >> > + f26.pre_beta.mandatory_days_in_testing = 3 >> > + f26.pre_beta.critpath.num_admin_approvals = 0 >> > + f26.pre_beta.critpath.min_karma = 1 >> > + ## Atomic OSTree support >> > + ## This will compose Atomic OSTrees during the push p >> > rocess using the fedmsg-atomic-composer >> > + ## https://github.com/fedora-infra/ class="Apple-tab-span" >> > style="white-space:pre"> fedmsg-atomic-composer >> > + ## >> > + compose_atomic_trees = true >> > +{% endif %} >> > + >> > +## >> > +## Messages >> > +## >> > + >> > +# A notice to flash on the front page >> > +frontpage_notice = >> > + >> > +# A notice to flash on the New Update page >> > +newupdate_notice = >> > + >> > +testing_approval_msg = This update has reached %d days in testing >> > and can be pushed to stable now if the maintainer wishes >> > +not_yet_tested_msg = This update has not yet met the minimum testing >> > requirements defined in the <a href="https://fedoraproject.org/wiki/P >> > ackage_update_acceptance_criteria">Package Update Acceptance >> > Criteria</a> >> > +not_yet_tested_epel_msg = This update has not yet met the minimum >> > testing requirements defined in the <a href="https://fedoraproject.or >> > g/wiki/EPEL_Updates_Policy">EPEL Updates Policy</a> >> > +stablekarma_comment = This update has reached the stable karma >> > threshold and will be pushed to the stable updates repository >> > + >> > + testing_approval_msg_based_on_karma = This update has >> > reached the stable karma threshold and can be pushed to stable now if >> > the maintainer wishes. >> > + not_yet_tested_msg_based_on_karma = This update has not reached >> the stable karma threshold. >> >> We probably do want this section to be the same on staging and >> production. >> Done >> >> > + >> > +# Libravatar - If this is true libravatar will work as normal. >> > Otherwise, all >> > +# libravatar links will be replaced with the string "libravatar.org" >> > so that >> > +# the tests can still pass. >> > +libravatar_enabled = True >> > +# Set this to true if you want to do federated dns libravatar lookup >> > +libravatar_dns = False >> > + >> > +# Set this to True in order to send fedmsg messages. >> > +fedmsg_enabled = True >> > + >> > +# Captcha - if 'captcha.secret' is not None, then it will be used >> > for comments >> > +# captcha.secret must be 32 url-safe base64-encoded bytes >> > +# you can generate afresh with >>> >> > cryptography.fernet.Fernet.generate_key() >> > + >> > +{% if env == "staging" %} >> > +captcha.secret = {{ bodhi2CaptchaSecretSTG }} >> > +{% else %} >> > +captcha.secret = {{ bodhi2CaptchaSecret }} >> > +{% endif %} >> > +# Dimensions >> > +captcha.image_width = 300 >> > +captcha.image_height = 80 >> > +# Any truetype font will do. >> > +captcha.font_path = /usr/share/fonts/liberation/LiberationMono- >> > Regular.ttf >> > +captcha.font_size = 36 >> > +# Colors >> > +captcha.font_color = #000000 >> > +captcha.background_color = #ffffff >> > +# In pixels >> > +captcha.padding = 5 >> > +# If a captcha sits around for this many seconds, it will stop >> > working. >> > +captcha.ttl = 300 >> > + >> > +#datagrepper_url = http://localhost:5000 >> > +{% if env == "staging" %} >> > +datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper >> >> I think this will define datagrepper_url twice on staging. We probably >> want an if statement above this line too. >> Both original files contained the same preamble in this section up until >> the captcha secret, but are you saying the same captcha for stg and prd? > > > >> >> > +badge_ids = binary-star|both-bull-and-self >> -transcended-tester-viii|catching-the-bull-tester-iv|corpora >> te-drone|corporate-overlord|corporate-shill|discovery-of- >> the-footprints-tester-ii|in-search-of-the-bull-tester-i| >> is-this-thing-on-updates-testing-i|is-this-thing-on- >> updates-testing-ii|is-this-thing-on-updates-testing-iii| >> is-this-thing-on-updates-testing-iv|it-still-works!| >> like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii| >> like-a-rock-updates-stable-iii|like-a-rock-updates- >> stable-iv|mic-check!-updates-testing-v|missed-the-train| >> override,-you-say|perceiving-the-bull-tester-iii|reaching- >> the-source-tester-ix|return-to-society-tester-x|riding- >> the-bull-home-tester-vi|stop-that-update!|take-this-and- >> call-me-in-the-morning|taming-the-bull-tester-v|tectonic!- >> updates-stable-v|the-bull-transcended-tester-vii|what- >> goes-around-comes-around-karma-i|what-goes-around- >> comes-around-karma-ii|what-goes-around-comes-around- >> karma-iii|what-goes-around-comes-around-karma-iv|white- >> hat|you-can-pry-it-from-my-cold,-dead-hands >> > +{% else %} >> > +datagrepper_url = https://apps.fedoraproject.org/datagrepper >> > +badge_ids = binary-star|both-bull-and-self-transcended-tester- >> > viii|catching-the-bull-tester-iv|corporate-drone|corporate- >> > overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in- >> > search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is- >> > this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing- >> > iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock- >> > updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates- >> > stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing- >> > v|missed-the-train|override,-you-say|perceiving-the-bull-tester- >> > iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding- >> > the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in- >> > the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the- >> > bull-transcended-tester-vii|what-goes-around-comes-around-karma- >> > i|what-goes-around-comes-around-karma-ii|what-goes-around-comes- >> > around-karma-iii|what-goes-around-comes-around-karma-iv|white- >> > hat|you-can-pry-it-from-my-cold,-dead-hands >> > +{% endif %} >> > + >> > +## >> > +## Wiki Test Cases >> > +## >> > + >> > +## Query the wiki for test cases >> > +query_wiki_test_cases = False >> > +wiki_url = https://fedoraproject.org/w/api.php >> > +test_case_base_url = https://fedoraproject.org/wiki/ >> > + >> > +# Email domain to prepend usernames to >> > +default_email_domain = fedoraproject.org >> > + >> > +# domain for generated message IDs >> > +{% if env == "staging" %} >> > +message_id_email_domain = admin.stg.fedoraproject.org >> > +{% else %} >> > +message_id_email_domain = admin.fedoraproject.org >> > +{% endif %} >> > + >> > +## >> > +## Mash settings >> > +## >> > + >> > +# If defined, the bodhi masher will ensure that messages are signed >> > with the given cert >> > +{% if env == "staging" %} >> > +releng_fedmsg_certname = shell-bodhi- >> > backend01.stg.phx2.fedoraproject.org >> > +{% else %} >> > +{% if ansible_hostname == 'bodhi-backend01' %} >> > +releng_fedmsg_certname = shell-bodhi- >> > backend01.phx2.fedoraproject.org >> > +{% else %} >> > +releng_fedmsg_certname = shell-bodhi- >> > backend03.phx2.fedoraproject.org >> > +{% endif %} >> > +{% endif %} >> > + >> > +# The masher is a bodhi instance that is responsible for composing >> > the update >> > +# repositories, regenerating metrics, sending update notices, >> > closing bugs, >> > +# and other costly operations. To set an external masher, set the >> > masher to >> > +# the baseurl of the bodhi instance. If set to None, this bodhi >> > instance >> > +# will act as a masher as well. >> > +#masher = None >> > + >> > +# Where to initially mash repositories >> > +{% if env == "staging" %} >> > +mash_dir = /var/cache/bodhi/mashing >> > +{% else %} >> > +mash_stage_dir = /mnt/koji/mash/updates >> > +{% endif %} >> > + >> > +mash_conf = /etc/bodhi/mash.conf >> > + >> > +createrepo_cache_dir = /var/cache/createrepo >> > + >> > +## Our periodic jobs >> > +#jobs = clean_repo nagmail fix_bug_titles cache_release_data >> > approve_testing_updates >> > +jobs = cache_release_data refresh_metrics approve_testing_updates >> > + >> > +## Comps configuration >> > +comps_dir = /var/cache/bodhi/comps >> > +comps_url = https://pagure.io/fedora-comps.git >> > + >> > +## >> > +## Mirror settings >> > +## >> > + >> > +file_url = https://download.fedoraproject.org/pub/fedora/linux/updat >> > es >> > +master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/ >> > linux/updates/%s/%s/repodata/repomd.xml >> > +fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/ >> > fedora/linux/updates/%s/%s/repodata/repomd.xml >> > +fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org >> > /pub/epel/%s/%s/repodata/repomd.xml >> > + >> > +fedora_stable_master_repomd = http://download01.phx2.fedoraproject.o >> > rg/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml >> > +fedora_testing_master_repomd = http://download01.phx2.fedoraproject. >> > org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml >> > +fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproj >> > ect.org/pub/epel/%s/%s/repodata/repomd.xml >> > +fedora_epel_testing_master_repomd = http://download01.phx2.fedorapro >> > ject.org/pub/epel/testing/%s/%s/repodata/repomd.xml >> > + >> > +## The base url of this application >> > +{% if env == "staging" %} >> > +base_address = https://bodhi.stg.fedoraproject.org/ >> > +{% else %} >> > +base_address = https://bodhi.fedoraproject.org/ >> > +{% endif %} >> > + >> > +## Supported update types >> > +update_types = bugfix enhancement security newpackage >> > + >> > +## Supported architechures >> > +## >> > +## To handle arch name changes between releases, you >> > +## can also configure bodhi to support one arch *or* >> > +## another. For example, EPEL5 mashes produce 'ppc' >> > +## repos, where EPEL6 produces 'ppc64'. To handle this >> > +## scenario, you can specify something like: >> > +## >> > +## arches = ppc/ppc64 >> > +## >> > +arches = i386 x86_64 armhfp >> >> >> The order of the list isn't significant here, so I think we can >> eliminate the if statement and make them the same. >> Done >> >> > + >> > +## >> > +## Email setting >> > +## >> > + >> > +{ if env == "production" } >> > +smtp_server = bastion >> > + >> > +# The updates system itself. This email address is used in fetching >> > Bugzilla >> > +# information, as well as email notifications >> > +bodhi_email = [email protected] >> > +bodhi_password = {{ bodhiBugzillaPassword }} >> > +{% else %} >> > +bodhi_email = [email protected] >> > +{% endif %} >> > + >> > +# The address that gets the requests >> > +release_team_address = [email protected] >> > + >> > +# The address to notify when security updates are initially added to >> > bodhi >> > +security_team = [email protected] >> > + >> > +# Public announcement lists >> > +fedora_announce_list = [email protected] >> > +fedora_test_announce_list = [email protected] >> > +fedora_epel_announce_list = [email protected] >> > t.org >> > +fedora_epel_test_announce_list = [email protected] >> > + >> > +# Superuser groups >> > +admin_groups = proventesters security_respons bodhiadmin sysadmin- >> > main >> > + >> > +# Users that we don't want to show up in the "leaderboard(s)" >> > +stats_blacklist = bodhi anonymous autoqa taskotron >> > + >> > +# A list of non-person users >> > +system_users = bodhi autoqa taskotron >> > + >> > +# The max length for an update title before we truncate it in the >> > web ui >> > +max_update_length_for_ui = 70 >> > + >> > +# The number of days used for calculating the 'top testers' metric >> > +top_testers_timeframe = 900 >> > + >> > +# The email address of the proventesters >> > +proventesters_email = [email protected] >> > + >> > +# Disabled for the initial release. >> > +stacks_enabled = False >> > + >> > +# These are the default requirements that we apply to stacks, >> > packages, and >> > +# updates. Users have free-reign to override them for each kind of >> > entity. At >> > +# the end of the day, we only consider the requirements defined by >> > single >> > +# updates themselves when gating in the backend masher process. >> > +site_requirements = depcheck upgradepath >> > +## Some day we'll have rpmgrill, and that will be cool. Ask tflink. >> > +#site_requirements = depcheck upgradepath rpmgrill >> > + >> > +# Where do we send update announcements to ? >> > +# These variables should be named per: >> > Release.prefix_id.lower()_announce_list >> > +#fedora_announce_list = >> > +#fedora_test_announce_list = >> > +#fedora_epel_announce_list = >> > +#fedora_epel_test_announce_list = >> > + >> > +# Cache settings >> > +dogpile.cache.backend = dogpile.cache.dbm >> > +dogpile.cache.expiration_time = 100 >> > +dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile- >> > cache.dbm >> > + >> > +# Exclude sending emails to these users >> > +exclude_mail = autoqa taskotron >> > + >> > +## >> > +## Buildsystem settings >> > +## >> > + >> > +# What buildsystem do we want to use? For development, we'll use a >> > fake >> > +# buildsystem that always does what we tell it to do. For >> > production, we'll >> > +# want to use 'koji'. >> > +buildsystem = koji >> > + >> > +# Koji's XML-RPC hub >> > +{ if env == "staging" %} >> > +koji_hub = https://koji.stg.fedoraproject.org/kojihub >> > + >> > +# Root url of the Koji instance to point to. No trailing slash >> > +koji_url = http://koji.stg.fedoraproject.org >> > + >> > +# URL of where users should go to set up their notifications >> > +fmn_url = https://apps.stg.fedoraproject.org/notifications/ >> > + >> > +# URL of the resultsdb for integrating checks and stuff >> > +resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/ >> > +resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsd >> > b_api/ >> > + >> > +fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu >> > +fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js >> > +{% else %} >> > +# Koji's XML-RPC hub >> > +koji_hub = https://koji.fedoraproject.org/kojihub >> > + >> > +# Root url of the Koji instance to point to. No trailing slash >> > +koji_url = https://koji.fedoraproject.org >> > + >> > +# URL of where users should go to set up their notifications >> > +fmn_url = https://apps.fedoraproject.org/notifications/ >> > + >> > +# URL of the resultsdb for integrating checks and stuff >> > +resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ >> > +resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_ap >> > i/ >> > + >> > +fedmenu.url = https://apps.fedoraproject.org/fedmenu >> > +fedmenu.data_url = https://apps.fedoraproject.org/js/data.js >> > +{% endif %} >> > + >> > +# Koji Krb stuff >> > +krb_ccache = /tmp/krb5cc_%{uid} >> > +krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ >> > ipa_realm }} >> > +krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix >> > }}.fedoraproject.org.keytab >> > + >> > +## >> > +## ACL system >> > +## Choices are 'pkgdb', which will send a JSON query to the >> > pkgdb_url below, >> > +## or 'dummy', which will always return guest credentials (used for >> > local >> > +## development). >> > +## >> > + >> > +{ if env == "staging" %} >> > +acl_system = dummy >> > + >> > +## >> > +## Package DB >> > +## >> > +pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb >> > + >> > +initial_bug_msg = %s has been submitted as an update to %s. %s >> > +stable_bug_msg = %s has been pushed to the %s repository. If >> > problems still persist, please make note of it in this bug report. >> > +testing_bug_msg = >> > + If you want to test the update, you can install it with >> > + $ su -c 'dnf --enablerepo=updates-testing update %s' >> > + You can provide feedback for this update here: %s >> > +testing_bug_epel_msg = >> > + If you want to test the update, you can install it with >> > + $ su -c 'yum --enablerepo=epel-testing update %s' >> > + You can provide feedback for this update here: %s >> > +{% else %} >> > +acl_system = pkgdb >> > + >> > +## >> > +## Package DB >> > +## >> > +pkgdb_url = https://admin.fedoraproject.org/pkgdb >> > + >> > +bugtracker = bugzilla >> > +initial_bug_msg = %s has been submitted as an update to %s. %s >> > +stable_bug_msg = %s has been pushed to the %s repository. If >> > problems still persist, please make note of it in this bug report. >> > +testing_bug_msg = >> > + See https://fedoraproject.org/wiki/QA:Updates_Testing for >> > + instructions on how to install test updates. >> > + You can provide feedback for this update here: %s >> > + >> > +testing_bug_epel_msg = >> > + See https://fedoraproject.org/wiki/QA:Updates_Testing for >> > + instructions on how to install test updates. >> > + You can provide feedback for this update here: %s >> > +{% endif %} >> > + >> > +# The username/password for our bugzilla account comes >> > +# from the bodhi_{email,password} fields. >> > + >> > +{ if env == "staging" %} >> > +bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi >> > +{% else %} >> > +bz_server = https://bugzilla.redhat.com/xmlrpc.cgi >> > + >> > +#bz_cookie = >> > + >> > +# Bodhi will avoid touching bugs that are not against the following >> > products >> > +bz_products = Fedora,Fedora EPEL >> > >> >> bz_server seems to be defined in two blocks here - let's just define it >> once. >> Done >> >> > + >> > +## >> > +## Packages that should suggest a reboot >> > +## >> > +reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE >> > kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus >> > + >> > +## >> > +## Critical Path Packages >> > +## https://fedoraproject.org/wiki/Critical_path_package >> > +## >> > + >> > +# Enable this to query the Fedora Package Database for the list of >> > Critical >> > +# Path Packages. If disabled, it'll just use the hardcoded list >> > below. >> > + >> > +{ if env == "production" %} >> > +critpath.type = pkgdb >> > +{% endif %} >> > + >> > +# You can hardcode a list of critical path packages instead of using >> > the PackageDB >> > +{ if env == "staging" %} >> > +critpath.pkgs = kernel >> > +{% endif %} >> > + >> > +# The number of admin approvals it takes to be able to push a >> > critical path >> > +# update to stable for a pending release. >> > +critpath.num_admin_approvals = 0 >> > + >> > +# The net karma required to submit a critial path update to a >> > pending release) >> > +critpath.min_karma = 2 >> > + >> > +# Allow critpath to submit for stable after 2 weeks with no negative >> > karma >> > +critpath.stable_after_days_without_negative_karma = 14 >> > + >> > +# The minimum amount of time an update must spend in testing before >> > +# it can reach the stable repository >> > +fedora.mandatory_days_in_testing = 7 >> > +fedora_epel.mandatory_days_in_testing = 14 >> > + >> > +## >> > +## Release status >> > +## >> > + >> > +# Pre-beta enforces the Pre Beta policy defined here: >> > +# https://fedoraproject.org/wiki/Updates_Policy >> > +#f15.status = 'pre_beta' >> > +#f15.pre_beta.mandatory_days_in_testing = 3 >> > +#f15.pre_beta.critpath.num_admin_approvals = 0 >> > +#f15.pre_beta.critpath.min_karma = 1 >> > + >> > +# For test cases. >> > +f7.status = post_beta >> > +f7.post_beta.mandatory_days_in_testing = 7 >> > +f7.post_beta.critpath.num_admin_approvals = 0 >> > +f7.post_beta.critpath.min_karma = 2 >> > + >> > +# The number of days worth of updates/comments to display >> > +feeds.num_days_to_show = 7 >> > +feeds.max_entries = 20 >> > + >> > +## >> > +## Buildroot Override >> > +## >> > + >> > +# Number of days before expiring overrides >> > +buildroot_overrides.expire_after = 1 >> > + >> > +## >> > +## Groups >> > +## >> > + >> > +# FAS Groups that we want to pay attention to >> > +# When a user logs in, bodhi will look for any of these groups and >> > associate # >> > +# them with the user. They will then appear as the users effective >> > principals in >> > +# the format "group:groupname" and can be used in Pyramid ACE's. >> > +important_groups = proventesters provenpackager releng-team >> > security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse- >> > sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs- >> > sig lxqt-sig astro-sig >> > + >> > +# Groups that can push updates for any package >> > +admin_packager_groups = provenpackager releng-team security_respons >> > + >> > +# User must be a member of this group to submit updates >> > +mandatory_packager_groups = packager >> > + >> > +## >> > +## updateinfo.xml configuraiton >> > +## >> > +updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. >> > + >> > +## >> > +## Authentication & Authorization >> > +## >> > + >> > +# pyramid.openid >> > +{ if env == "staging" %} >> > +openid.success_callback = bodhi.server.security:remember_me >> > +openid.provider = https://id.stg.fedoraproject.org/openid/ >> > +openid.url = https://id.stg.fedoraproject.org/ >> > +openid_template = {username}.id.fedoraproject.org >> > +openid.sreg_required = email >> > +{% else %} >> > +openid.success_callback = bodhi.server.security:remember_me >> > +openid.provider = https://id.fedoraproject.org/openid/ >> > +openid.url = https://id.fedoraproject.org/ >> > +openid_template = {username}.id.fedoraproject.org >> > +openid.sreg_required = email >> > +{% endif %} >> > + >> > +## >> > +## Pyramid settings >> > +## >> > +pyramid.reload_templates = false >> > +pyramid.debug_authorization = false >> > +pyramid.debug_notfound = false >> > +pyramid.debug_routematch = false >> > +pyramid.default_locale_name = en >> > + >> > +pyramid.includes = >> > + pyramid_tm >> > + >> > +debugtoolbar.hosts = 127.0.0.1 ::1 >> > + >> > +## >> > +## Database >> > +## >> > +{ if env == "staging" %} >> > +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db- >> > bodhi/bodhi2 >> > +{% else %} >> > +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db- >> > bodhi/bodhi2 >> > +{% endif %} >> >> I recently changed the url in staging.ini, so you should be sure to >> pick up that change. >> > > Hmm, I just repulled the ansible repo.. I see the same url in staging as > above. staging.ini.j2 line 400 path: > /home/bhart/SpiderOak Hive/Projects/ansible/roles/bodhi2/base/templates > > + >> > +## >> > +## Templates >> > +## >> > +mako.directories = bodhi:server/templates >> > + >> > +## >> > +## Authentication & Sessions >> > +## >> > + >> > +authtkt.secret = {{ bodhi2AuthTkt }} >> > +session.secret = {{ bodhi2SessionSecret }} >> > +authtkt.secure = true >> > + >> > +# pyramid_beaker >> > +session.type = file >> > +session.data_dir = /var/cache/bodhi/sessions/data >> > +session.lock_dir = /var/cache/bodhi/sessions/lock >> > + >> > +{ if env == "staging" %} >> > +session.key = {{ bodhi2SessionKeySTG }} >> > +{% else %} >> > +session.key = {{ bodhi2SessionKey }} >> > +{% endif %} >> > + >> > +session.cookie_on_exception = true >> > +# Tell the browser to only send the cookie over TLS >> > +session.secure = true >> > +# Create a cookie that is only valid for one day >> > +session.timeout = 86400 >> > +cache.regions = default_term, second, short_term, long_term >> > +cache.type = memory >> > +cache.second.expire = 1 >> > +cache.short_term.expire = 60 >> > +cache.default_term.expire = 300 >> > +cache.long_term.expire = 3600 >> > + >> > +[server:main] >> > +use = egg:waitress#main >> > +host = 0.0.0.0 >> > +port = 6543 >> > + >> > +[pshell] >> > +m = bodhi.server.models >> > +t = transaction >> > +# Begin logging configuration >> > + >> > +[loggers] >> > +keys = root, bodhi, sqlalchemy >> > + >> > +[handlers] >> > +keys = console >> > + >> > +[formatters] >> > +keys = generic >> > + >> > +[logger_root] >> > +level = INFO >> > +handlers = console >> > + >> > +[logger_bodhi] >> > +level = DEBUG >> > +handlers = >> > +qualname = bodhi >> > + >> > +[logger_sqlalchemy] >> > +level = WARN >> > +handlers = >> > +qualname = sqlalchemy.engine >> > +# "level = INFO" logs SQL queries. >> > +# "level = DEBUG" logs SQL queries and results. >> > +# "level = WARN" logs neither. (Recommended for production >> > systems.) >> > + >> > +[handler_console] >> > +class = StreamHandler >> > +args = (sys.stderr,) >> > +level = NOTSET >> > +formatter = generic >> > +[formatter_generic] >> > +format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] >> > %(message)s >> > + >> > +# End logging configuration >> > \ No newline at end of file >> > -- >> > 2.9.3 >> _______________________________________________ >> infrastructure mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> oraproject.org >> >> >
From 0f541f8b1f7dece64bc87957a683990f1e0a9e78 Mon Sep 17 00:00:00 2001 From: bicarbonate <[email protected]> Date: Tue, 2 May 2017 09:27:20 -0600 Subject: [PATCH] Egg changes --- roles/bodhi2/base/templates/production.ini | 577 +++++++++++++++++++++++++++++ 1 file changed, 577 insertions(+) create mode 100644 roles/bodhi2/base/templates/production.ini diff --git a/roles/bodhi2/base/templates/production.ini b/roles/bodhi2/base/templates/production.ini new file mode 100644 index 0000000..4bf885f --- /dev/null +++ b/roles/bodhi2/base/templates/production.ini @@ -0,0 +1,577 @@ +[filter:proxy-prefix] +use = egg:PasteDeploy#prefix +prefix = / +scheme = https + +[app:main] +use = egg:bodhi-server +filter-with = proxy-prefix + + +#Misc Info at beginning of files + #PRD Info: + # Release status + # pre-beta enforces the 'Pre Beta' policy defined here: + # https://fedoraproject.org/wiki/Updates_Policy + f26.status = pre_beta + + f26.post_beta.mandatory_days_in_testing = 7 + f26.post_beta.critpath.num_admin_approvals = 0 + f26.post_beta.critpath.min_karma = 2 + f26.post_beta.critpath.stable_after_days_without_neg ative_karma = 14 + + f26.pre_beta.mandatory_days_in_testing = 3 + f26.pre_beta.critpath.num_admin_approvals = 0 + f26.pre_beta.critpath.min_karma = 1 + ## Atomic OSTree support + ## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer + ## https://github.com/fedora-infra/ fedmsg-atomic-composer + ## + compose_atomic_trees = true + +## +## Messages +## + +# A notice to flash on the front page +frontpage_notice = + +# A notice to flash on the New Update page +newupdate_notice = + +testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes +not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> +not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> +stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository + + + testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. + not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. + + +# Libravatar - If this is true libravatar will work as normal. Otherwise, all +# libravatar links will be replaced with the string "libravatar.org" so that +# the tests can still pass. +libravatar_enabled = True +# Set this to true if you want to do federated dns libravatar lookup +libravatar_dns = False + +# Set this to True in order to send fedmsg messages. +fedmsg_enabled = True + +# Captcha - if 'captcha.secret' is not None, then it will be used for comments +# captcha.secret must be 32 url-safe base64-encoded bytes +# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() + +{% if env == "staging" %} +captcha.secret = {{ bodhi2CaptchaSecretSTG }} +{% else %} +captcha.secret = {{ bodhi2CaptchaSecret }} +{% endif %} +# Dimensions +captcha.image_width = 300 +captcha.image_height = 80 +# Any truetype font will do. +captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf +captcha.font_size = 36 +# Colors +captcha.font_color = #000000 +captcha.background_color = #ffffff +# In pixels +captcha.padding = 5 +# If a captcha sits around for this many seconds, it will stop working. +captcha.ttl = 300 + +#datagrepper_url = http://localhost:5000 +{% if env == "staging" %} +datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper +badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands +{% else %} +datagrepper_url = https://apps.fedoraproject.org/datagrepper +badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands +{% endif %} + +## +## Wiki Test Cases +## + +## Query the wiki for test cases +query_wiki_test_cases = False +wiki_url = https://fedoraproject.org/w/api.php +test_case_base_url = https://fedoraproject.org/wiki/ + +# Email domain to prepend usernames to +default_email_domain = fedoraproject.org + +# domain for generated message IDs +{% if env == "staging" %} +message_id_email_domain = admin.stg.fedoraproject.org +{% else %} +message_id_email_domain = admin.fedoraproject.org +{% endif %} + +## +## Mash settings +## + +# If defined, the bodhi masher will ensure that messages are signed with the given cert +{% if env == "staging" %} +releng_fedmsg_certname = shell-bodhi-backend01.stg.phx2.fedoraproject.org +{% else %} +{% if ansible_hostname == 'bodhi-backend01' %} +releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org +{% else %} +releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org +{% endif %} +{% endif %} + +# The masher is a bodhi instance that is responsible for composing the update +# repositories, regenerating metrics, sending update notices, closing bugs, +# and other costly operations. To set an external masher, set the masher to +# the baseurl of the bodhi instance. If set to None, this bodhi instance +# will act as a masher as well. +#masher = None + +# Where to initially mash repositories +{% if env == "staging" %} +mash_dir = /var/cache/bodhi/mashing +{% else %} +mash_stage_dir = /mnt/koji/mash/updates +{% endif %} + +mash_conf = /etc/bodhi/mash.conf + +createrepo_cache_dir = /var/cache/createrepo + +## Our periodic jobs +#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates +jobs = cache_release_data refresh_metrics approve_testing_updates + +## Comps configuration +comps_dir = /var/cache/bodhi/comps +comps_url = https://pagure.io/fedora-comps.git + +## +## Mirror settings +## + +file_url = https://download.fedoraproject.org/pub/fedora/linux/updates +master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml + +fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml +fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml +fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml + +## The base url of this application +{% if env == "staging" %} +base_address = https://bodhi.stg.fedoraproject.org/ +{% else %} +base_address = https://bodhi.fedoraproject.org/ +{% endif %} + +## Supported update types +update_types = bugfix enhancement security newpackage + +## Supported architechures +## +## To handle arch name changes between releases, you +## can also configure bodhi to support one arch *or* +## another. For example, EPEL5 mashes produce 'ppc' +## repos, where EPEL6 produces 'ppc64'. To handle this +## scenario, you can specify something like: +## +## arches = ppc/ppc64 +## +arches = i386 x86_64 armhfp + + +## +## Email setting +## + +{ if env == "production" } +smtp_server = bastion + +# The updates system itself. This email address is used in fetching Bugzilla +# information, as well as email notifications +bodhi_email = [email protected] +bodhi_password = {{ bodhiBugzillaPassword }} +{% else %} +bodhi_email = [email protected] +{% endif %} + +# The address that gets the requests +release_team_address = [email protected] + +# The address to notify when security updates are initially added to bodhi +security_team = [email protected] + +# Public announcement lists +fedora_announce_list = [email protected] +fedora_test_announce_list = [email protected] +fedora_epel_announce_list = [email protected] +fedora_epel_test_announce_list = [email protected] + +# Superuser groups +admin_groups = proventesters security_respons bodhiadmin sysadmin-main + +# Users that we don't want to show up in the "leaderboard(s)" +stats_blacklist = bodhi anonymous autoqa taskotron + +# A list of non-person users +system_users = bodhi autoqa taskotron + +# The max length for an update title before we truncate it in the web ui +max_update_length_for_ui = 70 + +# The number of days used for calculating the 'top testers' metric +top_testers_timeframe = 900 + +# The email address of the proventesters +proventesters_email = [email protected] + +# Disabled for the initial release. +stacks_enabled = False + +# These are the default requirements that we apply to stacks, packages, and +# updates. Users have free-reign to override them for each kind of entity. At +# the end of the day, we only consider the requirements defined by single +# updates themselves when gating in the backend masher process. +site_requirements = depcheck upgradepath +## Some day we'll have rpmgrill, and that will be cool. Ask tflink. +#site_requirements = depcheck upgradepath rpmgrill + +# Where do we send update announcements to ? +# These variables should be named per: Release.prefix_id.lower()_announce_list +#fedora_announce_list = +#fedora_test_announce_list = +#fedora_epel_announce_list = +#fedora_epel_test_announce_list = + +# Cache settings +dogpile.cache.backend = dogpile.cache.dbm +dogpile.cache.expiration_time = 100 +dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm + +# Exclude sending emails to these users +exclude_mail = autoqa taskotron + +## +## Buildsystem settings +## + +# What buildsystem do we want to use? For development, we'll use a fake +# buildsystem that always does what we tell it to do. For production, we'll +# want to use 'koji'. +buildsystem = koji + +# Koji's XML-RPC hub +{ if env == "staging" %} +koji_hub = https://koji.stg.fedoraproject.org/kojihub + +# Root url of the Koji instance to point to. No trailing slash +koji_url = http://koji.stg.fedoraproject.org + +# URL of where users should go to set up their notifications +fmn_url = https://apps.stg.fedoraproject.org/notifications/ + +# URL of the resultsdb for integrating checks and stuff +resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/ +resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/ + +fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu +fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js +{% else %} +# Koji's XML-RPC hub +koji_hub = https://koji.fedoraproject.org/kojihub + +# Root url of the Koji instance to point to. No trailing slash +koji_url = https://koji.fedoraproject.org + +# URL of where users should go to set up their notifications +fmn_url = https://apps.fedoraproject.org/notifications/ + +# URL of the resultsdb for integrating checks and stuff +resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ +resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ + +fedmenu.url = https://apps.fedoraproject.org/fedmenu +fedmenu.data_url = https://apps.fedoraproject.org/js/data.js +{% endif %} + +# Koji Krb stuff +krb_ccache = /tmp/krb5cc_%{uid} +krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} +krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab + +## +## ACL system +## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, +## or 'dummy', which will always return guest credentials (used for local +## development). +## + +{ if env == "staging" %} +acl_system = dummy + +## +## Package DB +## +pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb + +initial_bug_msg = %s has been submitted as an update to %s. %s +stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. +testing_bug_msg = + If you want to test the update, you can install it with + $ su -c 'dnf --enablerepo=updates-testing update %s' + You can provide feedback for this update here: %s +testing_bug_epel_msg = + If you want to test the update, you can install it with + $ su -c 'yum --enablerepo=epel-testing update %s' + You can provide feedback for this update here: %s +{% else %} +acl_system = pkgdb + +## +## Package DB +## +pkgdb_url = https://admin.fedoraproject.org/pkgdb + +bugtracker = bugzilla +initial_bug_msg = %s has been submitted as an update to %s. %s +stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. +testing_bug_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s + +testing_bug_epel_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s +{% endif %} + +# The username/password for our bugzilla account comes +# from the bodhi_{email,password} fields. +#bz_cookie = +# Bodhi will avoid touching bugs that are not against the following products +bz_products = Fedora,Fedora EPEL + +{ if env == "staging" %} +bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi +{% else %} +bz_server = https://bugzilla.redhat.com/xmlrpc.cgi +{% endif %} + +## +## Packages that should suggest a reboot +## +reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus + +## +## Critical Path Packages +## https://fedoraproject.org/wiki/Critical_path_package +## + +# Enable this to query the Fedora Package Database for the list of Critical +# Path Packages. If disabled, it'll just use the hardcoded list below. + +{ if env == "production" %} +critpath.type = pkgdb +{% endif %} + +# You can hardcode a list of critical path packages instead of using the PackageDB +{ if env == "staging" %} +critpath.pkgs = kernel +{% endif %} + +# The number of admin approvals it takes to be able to push a critical path +# update to stable for a pending release. +critpath.num_admin_approvals = 0 + +# The net karma required to submit a critial path update to a pending release) +critpath.min_karma = 2 + +# Allow critpath to submit for stable after 2 weeks with no negative karma +critpath.stable_after_days_without_negative_karma = 14 + +# The minimum amount of time an update must spend in testing before +# it can reach the stable repository +fedora.mandatory_days_in_testing = 7 +fedora_epel.mandatory_days_in_testing = 14 + +## +## Release status +## + +# Pre-beta enforces the Pre Beta policy defined here: +# https://fedoraproject.org/wiki/Updates_Policy +#f15.status = 'pre_beta' +#f15.pre_beta.mandatory_days_in_testing = 3 +#f15.pre_beta.critpath.num_admin_approvals = 0 +#f15.pre_beta.critpath.min_karma = 1 + +# For test cases. +f7.status = post_beta +f7.post_beta.mandatory_days_in_testing = 7 +f7.post_beta.critpath.num_admin_approvals = 0 +f7.post_beta.critpath.min_karma = 2 + +# The number of days worth of updates/comments to display +feeds.num_days_to_show = 7 +feeds.max_entries = 20 + +## +## Buildroot Override +## + +# Number of days before expiring overrides +buildroot_overrides.expire_after = 1 + +## +## Groups +## + +# FAS Groups that we want to pay attention to +# When a user logs in, bodhi will look for any of these groups and associate # +# them with the user. They will then appear as the users effective principals in +# the format "group:groupname" and can be used in Pyramid ACE's. +important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig + +# Groups that can push updates for any package +admin_packager_groups = provenpackager releng-team security_respons + +# User must be a member of this group to submit updates +mandatory_packager_groups = packager + +## +## updateinfo.xml configuraiton +## +updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. + +## +## Authentication & Authorization +## + +# pyramid.openid +{ if env == "staging" %} +openid.success_callback = bodhi.server.security:remember_me +openid.provider = https://id.stg.fedoraproject.org/openid/ +openid.url = https://id.stg.fedoraproject.org/ +openid_template = {username}.id.fedoraproject.org +openid.sreg_required = email +{% else %} +openid.success_callback = bodhi.server.security:remember_me +openid.provider = https://id.fedoraproject.org/openid/ +openid.url = https://id.fedoraproject.org/ +openid_template = {username}.id.fedoraproject.org +openid.sreg_required = email +{% endif %} + +## +## Pyramid settings +## +pyramid.reload_templates = false +pyramid.debug_authorization = false +pyramid.debug_notfound = false +pyramid.debug_routematch = false +pyramid.default_locale_name = en + +pyramid.includes = + pyramid_tm + +debugtoolbar.hosts = 127.0.0.1 ::1 + +## +## Database +## +{ if env == "staging" %} +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db-bodhi/bodhi2 +{% else %} +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 +{% endif %} + +## +## Templates +## +mako.directories = bodhi:server/templates + +## +## Authentication & Sessions +## + +authtkt.secret = {{ bodhi2AuthTkt }} +session.secret = {{ bodhi2SessionSecret }} +authtkt.secure = true + +# pyramid_beaker +session.type = file +session.data_dir = /var/cache/bodhi/sessions/data +session.lock_dir = /var/cache/bodhi/sessions/lock + +{ if env == "staging" %} +session.key = {{ bodhi2SessionKeySTG }} +{% else %} +session.key = {{ bodhi2SessionKey }} +{% endif %} + +session.cookie_on_exception = true +# Tell the browser to only send the cookie over TLS +session.secure = true +# Create a cookie that is only valid for one day +session.timeout = 86400 +cache.regions = default_term, second, short_term, long_term +cache.type = memory +cache.second.expire = 1 +cache.short_term.expire = 60 +cache.default_term.expire = 300 +cache.long_term.expire = 3600 + +[server:main] +use = egg:waitress#main +host = 0.0.0.0 +port = 6543 + +[pshell] +m = bodhi.server.models +t = transaction +# Begin logging configuration + +[loggers] +keys = root, bodhi, sqlalchemy + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = INFO +handlers = console + +[logger_bodhi] +level = DEBUG +handlers = +qualname = bodhi + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine +# "level = INFO" logs SQL queries. +# "level = DEBUG" logs SQL queries and results. +# "level = WARN" logs neither. (Recommended for production systems.) + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic +[formatter_generic] +format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s + +# End logging configuration \ No newline at end of file -- 2.9.4
_______________________________________________ infrastructure mailing list -- [email protected] To unsubscribe send an email to [email protected]
