Re: Introduction
Thanks Patrick. On Fri, Sep 8, 2017 at 1:49 AM, Patrick Kuny wrote: > Hi Dominic! Welcome to the Fedora Project's Infrastructure team. > Feel free to drop into #fedora-admin and #fedora-noc on Freenode and get > started interacting with the admin team. > > If you'd like to contribute and haven't already, I suggest you read the > Getting Started page on the Infrastructure Wiki: > https://fedoraproject.org/wiki/Infrastructure/GettingStarted > > Thanks, > Patrick > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-leave@lists. > fedoraproject.org > -- Regards, Dominic.P.Geevarghese ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Setup proxying and VPN for certgetter01
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Setup proxying and VPN for certgetter01
Thanks. It looks like I need one more thing to make sure the challenge doesn't get redirected to https (acme challenges are always over plain http). Can I also get +1s for: From fd0a29275ad4f37f42f6383e14a298adf1db0978 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Sat, 9 Sep 2017 23:42:19 + Subject: [PATCH] Do not httpd-redirect for acme challenges Signed-off-by: Patrick Uiterwijk --- roles/httpd/website/templates/website.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf index 8eed648..804942a 100644 --- a/roles/httpd/website/templates/website.conf +++ b/roles/httpd/website/templates/website.conf @@ -17,6 +17,7 @@ {% if sslonly %} RewriteEngine On RewriteCond %{HTTPS} off + RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/.* RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] {% else %} Include "conf.d/{{ name }}/*.conf" -- 1.8.3.1 On Sat, Sep 9, 2017 at 7:26 PM, Stephen John Smoogen wrote: > +1 from me > > On 9 September 2017 at 19:04, Patrick Uiterwijk wrote: >> Hi, >> >> Could I get +1s for these patches: >> >> From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001 >> From: Patrick Uiterwijk >> Date: Sat, 9 Sep 2017 22:25:08 + >> Subject: [PATCH 1/3] Allow setting up a vhost for certgetter >> >> Signed-off-by: Patrick Uiterwijk >> --- >> roles/httpd/website/defaults/main.yml | 1 + >> roles/httpd/website/templates/website.conf | 4 >> 2 files changed, 5 insertions(+) >> >> diff --git a/roles/httpd/website/defaults/main.yml >> b/roles/httpd/website/defaults/main.yml >> index 99aa8b0..8ad299d 100644 >> --- a/roles/httpd/website/defaults/main.yml >> +++ b/roles/httpd/website/defaults/main.yml >> @@ -4,6 +4,7 @@ >> >> server_aliases: [] >> server_admin: webmas...@fedoraproject.org >> +certbot: false >> ssl: true >> sslonly: false >> SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert >> diff --git a/roles/httpd/website/templates/website.conf >> b/roles/httpd/website/templates/website.conf >> index 6547452..8eed648 100644 >> --- a/roles/httpd/website/templates/website.conf >> +++ b/roles/httpd/website/templates/website.conf >> @@ -10,6 +10,10 @@ >>SetOutputFilter DEFLATE >> {% endif %} >> >> +{% if certbot %} >> + ProxyPass "/.well-known/acme-challenge" >> "http://certgetter01/.well-known/acme-challenge"; >> +{% endif %} >> + >> {% if sslonly %} >>RewriteEngine On >>RewriteCond %{HTTPS} off >> -- >> 1.8.3.1 >> >> From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001 >> From: Patrick Uiterwijk >> Date: Sat, 9 Sep 2017 22:26:40 + >> Subject: [PATCH 2/3] Enable certbot for secondary kojis >> >> Signed-off-by: Patrick Uiterwijk >> --- >> playbooks/include/proxies-websites.yml | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/playbooks/include/proxies-websites.yml >> b/playbooks/include/proxies-websites.yml >> index 9735c89..6362509 100644 >> --- a/playbooks/include/proxies-websites.yml >> +++ b/playbooks/include/proxies-websites.yml >> @@ -499,6 +499,7 @@ >>- role: httpd/website >> name: ppc.koji.fedoraproject.org >> sslonly: true >> +certbot: true >> server_aliases: >> - ppcpkgs.fedoraproject.org >> cert_name: secondary.koji.fedoraproject.org.letsencrypt >> @@ -507,6 +508,7 @@ >>- role: httpd/website >> name: s390.koji.fedoraproject.org >> sslonly: true >> +certbot: true >> server_aliases: >> - s390pkgs.fedoraproject.org >> cert_name: secondary.koji.fedoraproject.org.letsencrypt >> @@ -515,6 +517,7 @@ >>- role: httpd/website >> name: arm.koji.fedoraproject.org >> sslonly: true >> +certbot: true >> server_aliases: >> - armpkgs.fedoraproject.org >> cert_name: secondary.koji.fedoraproject.org.letsencrypt >> -- >> 1.8.3.1 >> >> From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001 >> From: Patrick Uiterwijk >> Date: Sat, 9 Sep 2017 23:02:21 + >> Subject: [PATCH 3/3] Add certgetter01 ccd file >> >> Signed-off-by: Patrick Uiterwijk >> --- >> roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++ >> 1 file changed, 2 insertions(+) >> create mode 100644 >> roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org >> >> diff --git >> a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org >> b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org >> new file mode 100644 >> index 000..6b4c087 >> --- /dev/null >> +++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org >> @@ -0,0 +1,2 @@ >> +# ifconfig-push actualIP PtPIP >> +ifconfig-push 192.168.1.177 192.168.0.177 >> -- >> 1.8.3.1 >> ___ >> infrastructure mailing list -- infrastructure@lists.fedoraproject.org >> To unsubscribe send an email to infrastructure-le...@lists.fedora
Re: FBR: Setup proxying and VPN for certgetter01
+1 from me On 9 September 2017 at 19:04, Patrick Uiterwijk wrote: > Hi, > > Could I get +1s for these patches: > > From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001 > From: Patrick Uiterwijk > Date: Sat, 9 Sep 2017 22:25:08 + > Subject: [PATCH 1/3] Allow setting up a vhost for certgetter > > Signed-off-by: Patrick Uiterwijk > --- > roles/httpd/website/defaults/main.yml | 1 + > roles/httpd/website/templates/website.conf | 4 > 2 files changed, 5 insertions(+) > > diff --git a/roles/httpd/website/defaults/main.yml > b/roles/httpd/website/defaults/main.yml > index 99aa8b0..8ad299d 100644 > --- a/roles/httpd/website/defaults/main.yml > +++ b/roles/httpd/website/defaults/main.yml > @@ -4,6 +4,7 @@ > > server_aliases: [] > server_admin: webmas...@fedoraproject.org > +certbot: false > ssl: true > sslonly: false > SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert > diff --git a/roles/httpd/website/templates/website.conf > b/roles/httpd/website/templates/website.conf > index 6547452..8eed648 100644 > --- a/roles/httpd/website/templates/website.conf > +++ b/roles/httpd/website/templates/website.conf > @@ -10,6 +10,10 @@ >SetOutputFilter DEFLATE > {% endif %} > > +{% if certbot %} > + ProxyPass "/.well-known/acme-challenge" > "http://certgetter01/.well-known/acme-challenge"; > +{% endif %} > + > {% if sslonly %} >RewriteEngine On >RewriteCond %{HTTPS} off > -- > 1.8.3.1 > > From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001 > From: Patrick Uiterwijk > Date: Sat, 9 Sep 2017 22:26:40 + > Subject: [PATCH 2/3] Enable certbot for secondary kojis > > Signed-off-by: Patrick Uiterwijk > --- > playbooks/include/proxies-websites.yml | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/playbooks/include/proxies-websites.yml > b/playbooks/include/proxies-websites.yml > index 9735c89..6362509 100644 > --- a/playbooks/include/proxies-websites.yml > +++ b/playbooks/include/proxies-websites.yml > @@ -499,6 +499,7 @@ >- role: httpd/website > name: ppc.koji.fedoraproject.org > sslonly: true > +certbot: true > server_aliases: > - ppcpkgs.fedoraproject.org > cert_name: secondary.koji.fedoraproject.org.letsencrypt > @@ -507,6 +508,7 @@ >- role: httpd/website > name: s390.koji.fedoraproject.org > sslonly: true > +certbot: true > server_aliases: > - s390pkgs.fedoraproject.org > cert_name: secondary.koji.fedoraproject.org.letsencrypt > @@ -515,6 +517,7 @@ >- role: httpd/website > name: arm.koji.fedoraproject.org > sslonly: true > +certbot: true > server_aliases: > - armpkgs.fedoraproject.org > cert_name: secondary.koji.fedoraproject.org.letsencrypt > -- > 1.8.3.1 > > From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001 > From: Patrick Uiterwijk > Date: Sat, 9 Sep 2017 23:02:21 + > Subject: [PATCH 3/3] Add certgetter01 ccd file > > Signed-off-by: Patrick Uiterwijk > --- > roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++ > 1 file changed, 2 insertions(+) > create mode 100644 > roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org > > diff --git > a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org > b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org > new file mode 100644 > index 000..6b4c087 > --- /dev/null > +++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org > @@ -0,0 +1,2 @@ > +# ifconfig-push actualIP PtPIP > +ifconfig-push 192.168.1.177 192.168.0.177 > -- > 1.8.3.1 > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: [PATCH] allow bodhi to tag the secure boot packages into -override tags
+1, should get this fixed. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: FBR: Setup proxying and VPN for certgetter01
Seems reasonable +1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: Freeze break request: teach nagios about noswap
Applied, thanks, kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
FBR: Setup proxying and VPN for certgetter01
Hi, Could I get +1s for these patches: From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Sat, 9 Sep 2017 22:25:08 + Subject: [PATCH 1/3] Allow setting up a vhost for certgetter Signed-off-by: Patrick Uiterwijk --- roles/httpd/website/defaults/main.yml | 1 + roles/httpd/website/templates/website.conf | 4 2 files changed, 5 insertions(+) diff --git a/roles/httpd/website/defaults/main.yml b/roles/httpd/website/defaults/main.yml index 99aa8b0..8ad299d 100644 --- a/roles/httpd/website/defaults/main.yml +++ b/roles/httpd/website/defaults/main.yml @@ -4,6 +4,7 @@ server_aliases: [] server_admin: webmas...@fedoraproject.org +certbot: false ssl: true sslonly: false SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf index 6547452..8eed648 100644 --- a/roles/httpd/website/templates/website.conf +++ b/roles/httpd/website/templates/website.conf @@ -10,6 +10,10 @@ SetOutputFilter DEFLATE {% endif %} +{% if certbot %} + ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"; +{% endif %} + {% if sslonly %} RewriteEngine On RewriteCond %{HTTPS} off -- 1.8.3.1 From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Sat, 9 Sep 2017 22:26:40 + Subject: [PATCH 2/3] Enable certbot for secondary kojis Signed-off-by: Patrick Uiterwijk --- playbooks/include/proxies-websites.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml index 9735c89..6362509 100644 --- a/playbooks/include/proxies-websites.yml +++ b/playbooks/include/proxies-websites.yml @@ -499,6 +499,7 @@ - role: httpd/website name: ppc.koji.fedoraproject.org sslonly: true +certbot: true server_aliases: - ppcpkgs.fedoraproject.org cert_name: secondary.koji.fedoraproject.org.letsencrypt @@ -507,6 +508,7 @@ - role: httpd/website name: s390.koji.fedoraproject.org sslonly: true +certbot: true server_aliases: - s390pkgs.fedoraproject.org cert_name: secondary.koji.fedoraproject.org.letsencrypt @@ -515,6 +517,7 @@ - role: httpd/website name: arm.koji.fedoraproject.org sslonly: true +certbot: true server_aliases: - armpkgs.fedoraproject.org cert_name: secondary.koji.fedoraproject.org.letsencrypt -- 1.8.3.1 From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Sat, 9 Sep 2017 23:02:21 + Subject: [PATCH 3/3] Add certgetter01 ccd file Signed-off-by: Patrick Uiterwijk --- roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org diff --git a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org new file mode 100644 index 000..6b4c087 --- /dev/null +++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org @@ -0,0 +1,2 @@ +# ifconfig-push actualIP PtPIP +ifconfig-push 192.168.1.177 192.168.0.177 -- 1.8.3.1 ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Re: [PATCH] pagure: allow to delete forks
On 09/08/2017 03:56 AM, Pierre-Yves Chibon wrote: > On Thu, Sep 07, 2017 at 11:56:57AM -0700, Kevin Fenzi wrote: >> +1 here. >> > > > +1 as well, sorry I forgot to do this before freeze :s Applied. However, when I tried deleting one of my forks it gave a 500 error, then when I tried to fork that same project again it said it already existed. ;( kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org