date:20170909

Re: Introduction

2017-09-09 Thread Dominic P Geevarghese

Thanks Patrick.

On Fri, Sep 8, 2017 at 1:49 AM, Patrick Kuny 
wrote:

> Hi Dominic! Welcome to the Fedora Project's Infrastructure team.
> Feel free to drop into #fedora-admin and #fedora-noc on Freenode and get
> started interacting with the admin team.
>
> If you'd like to contribute and haven't already, I suggest you read the
> Getting Started page on the Infrastructure Wiki:
> https://fedoraproject.org/wiki/Infrastructure/GettingStarted
>
> Thanks,
> Patrick
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-leave@lists.
> fedoraproject.org
>



-- 
Regards,
Dominic.P.Geevarghese
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Setup proxying and VPN for certgetter01

2017-09-09 Thread Kevin Fenzi

+1

kevin




signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Setup proxying and VPN for certgetter01

2017-09-09 Thread Patrick Uiterwijk

Thanks.

It looks like I need one more thing to make sure the challenge doesn't
get redirected to https (acme challenges are always over plain http).
Can I also get +1s for:

From fd0a29275ad4f37f42f6383e14a298adf1db0978 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk 
Date: Sat, 9 Sep 2017 23:42:19 +
Subject: [PATCH] Do not httpd-redirect for acme challenges

Signed-off-by: Patrick Uiterwijk 
---
 roles/httpd/website/templates/website.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/httpd/website/templates/website.conf
b/roles/httpd/website/templates/website.conf
index 8eed648..804942a 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -17,6 +17,7 @@
 {% if sslonly %}
   RewriteEngine On
   RewriteCond %{HTTPS} off
+  RewriteCond %{REQUEST_URI} !/.well-known/acme-challenge/.*
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
 {% else %}
   Include "conf.d/{{ name }}/*.conf"
-- 
1.8.3.1

On Sat, Sep 9, 2017 at 7:26 PM, Stephen John Smoogen  wrote:
> +1 from me
>
> On 9 September 2017 at 19:04, Patrick Uiterwijk  wrote:
>> Hi,
>>
>> Could I get +1s for these patches:
>>
>> From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001
>> From: Patrick Uiterwijk 
>> Date: Sat, 9 Sep 2017 22:25:08 +
>> Subject: [PATCH 1/3] Allow setting up a vhost for certgetter
>>
>> Signed-off-by: Patrick Uiterwijk 
>> ---
>>  roles/httpd/website/defaults/main.yml  | 1 +
>>  roles/httpd/website/templates/website.conf | 4 
>>  2 files changed, 5 insertions(+)
>>
>> diff --git a/roles/httpd/website/defaults/main.yml
>> b/roles/httpd/website/defaults/main.yml
>> index 99aa8b0..8ad299d 100644
>> --- a/roles/httpd/website/defaults/main.yml
>> +++ b/roles/httpd/website/defaults/main.yml
>> @@ -4,6 +4,7 @@
>>
>>  server_aliases: []
>>  server_admin: webmas...@fedoraproject.org
>> +certbot: false
>>  ssl: true
>>  sslonly: false
>>  SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
>> diff --git a/roles/httpd/website/templates/website.conf
>> b/roles/httpd/website/templates/website.conf
>> index 6547452..8eed648 100644
>> --- a/roles/httpd/website/templates/website.conf
>> +++ b/roles/httpd/website/templates/website.conf
>> @@ -10,6 +10,10 @@
>>SetOutputFilter DEFLATE
>>  {% endif %}
>>
>> +{% if certbot %}
>> +  ProxyPass "/.well-known/acme-challenge"
>> "http://certgetter01/.well-known/acme-challenge";
>> +{% endif %}
>> +
>>  {% if sslonly %}
>>RewriteEngine On
>>RewriteCond %{HTTPS} off
>> --
>> 1.8.3.1
>>
>> From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001
>> From: Patrick Uiterwijk 
>> Date: Sat, 9 Sep 2017 22:26:40 +
>> Subject: [PATCH 2/3] Enable certbot for secondary kojis
>>
>> Signed-off-by: Patrick Uiterwijk 
>> ---
>>  playbooks/include/proxies-websites.yml | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/playbooks/include/proxies-websites.yml
>> b/playbooks/include/proxies-websites.yml
>> index 9735c89..6362509 100644
>> --- a/playbooks/include/proxies-websites.yml
>> +++ b/playbooks/include/proxies-websites.yml
>> @@ -499,6 +499,7 @@
>>- role: httpd/website
>>  name: ppc.koji.fedoraproject.org
>>  sslonly: true
>> +certbot: true
>>  server_aliases:
>>  - ppcpkgs.fedoraproject.org
>>  cert_name: secondary.koji.fedoraproject.org.letsencrypt
>> @@ -507,6 +508,7 @@
>>- role: httpd/website
>>  name: s390.koji.fedoraproject.org
>>  sslonly: true
>> +certbot: true
>>  server_aliases:
>>  - s390pkgs.fedoraproject.org
>>  cert_name: secondary.koji.fedoraproject.org.letsencrypt
>> @@ -515,6 +517,7 @@
>>- role: httpd/website
>>  name: arm.koji.fedoraproject.org
>>  sslonly: true
>> +certbot: true
>>  server_aliases:
>>  - armpkgs.fedoraproject.org
>>  cert_name: secondary.koji.fedoraproject.org.letsencrypt
>> --
>> 1.8.3.1
>>
>> From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001
>> From: Patrick Uiterwijk 
>> Date: Sat, 9 Sep 2017 23:02:21 +
>> Subject: [PATCH 3/3] Add certgetter01 ccd file
>>
>> Signed-off-by: Patrick Uiterwijk 
>> ---
>>  roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++
>>  1 file changed, 2 insertions(+)
>>  create mode 100644
>> roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
>>
>> diff --git 
>> a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
>> b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
>> new file mode 100644
>> index 000..6b4c087
>> --- /dev/null
>> +++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
>> @@ -0,0 +1,2 @@
>> +# ifconfig-push actualIP PtPIP
>> +ifconfig-push 192.168.1.177 192.168.0.177
>> --
>> 1.8.3.1
>> ___
>> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
>> To unsubscribe send an email to infrastructure-le...@lists.fedora

Re: FBR: Setup proxying and VPN for certgetter01

2017-09-09 Thread Stephen John Smoogen

+1 from me

On 9 September 2017 at 19:04, Patrick Uiterwijk  wrote:
> Hi,
>
> Could I get +1s for these patches:
>
> From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk 
> Date: Sat, 9 Sep 2017 22:25:08 +
> Subject: [PATCH 1/3] Allow setting up a vhost for certgetter
>
> Signed-off-by: Patrick Uiterwijk 
> ---
>  roles/httpd/website/defaults/main.yml  | 1 +
>  roles/httpd/website/templates/website.conf | 4 
>  2 files changed, 5 insertions(+)
>
> diff --git a/roles/httpd/website/defaults/main.yml
> b/roles/httpd/website/defaults/main.yml
> index 99aa8b0..8ad299d 100644
> --- a/roles/httpd/website/defaults/main.yml
> +++ b/roles/httpd/website/defaults/main.yml
> @@ -4,6 +4,7 @@
>
>  server_aliases: []
>  server_admin: webmas...@fedoraproject.org
> +certbot: false
>  ssl: true
>  sslonly: false
>  SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
> diff --git a/roles/httpd/website/templates/website.conf
> b/roles/httpd/website/templates/website.conf
> index 6547452..8eed648 100644
> --- a/roles/httpd/website/templates/website.conf
> +++ b/roles/httpd/website/templates/website.conf
> @@ -10,6 +10,10 @@
>SetOutputFilter DEFLATE
>  {% endif %}
>
> +{% if certbot %}
> +  ProxyPass "/.well-known/acme-challenge"
> "http://certgetter01/.well-known/acme-challenge";
> +{% endif %}
> +
>  {% if sslonly %}
>RewriteEngine On
>RewriteCond %{HTTPS} off
> --
> 1.8.3.1
>
> From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk 
> Date: Sat, 9 Sep 2017 22:26:40 +
> Subject: [PATCH 2/3] Enable certbot for secondary kojis
>
> Signed-off-by: Patrick Uiterwijk 
> ---
>  playbooks/include/proxies-websites.yml | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/playbooks/include/proxies-websites.yml
> b/playbooks/include/proxies-websites.yml
> index 9735c89..6362509 100644
> --- a/playbooks/include/proxies-websites.yml
> +++ b/playbooks/include/proxies-websites.yml
> @@ -499,6 +499,7 @@
>- role: httpd/website
>  name: ppc.koji.fedoraproject.org
>  sslonly: true
> +certbot: true
>  server_aliases:
>  - ppcpkgs.fedoraproject.org
>  cert_name: secondary.koji.fedoraproject.org.letsencrypt
> @@ -507,6 +508,7 @@
>- role: httpd/website
>  name: s390.koji.fedoraproject.org
>  sslonly: true
> +certbot: true
>  server_aliases:
>  - s390pkgs.fedoraproject.org
>  cert_name: secondary.koji.fedoraproject.org.letsencrypt
> @@ -515,6 +517,7 @@
>- role: httpd/website
>  name: arm.koji.fedoraproject.org
>  sslonly: true
> +certbot: true
>  server_aliases:
>  - armpkgs.fedoraproject.org
>  cert_name: secondary.koji.fedoraproject.org.letsencrypt
> --
> 1.8.3.1
>
> From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk 
> Date: Sat, 9 Sep 2017 23:02:21 +
> Subject: [PATCH 3/3] Add certgetter01 ccd file
>
> Signed-off-by: Patrick Uiterwijk 
> ---
>  roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++
>  1 file changed, 2 insertions(+)
>  create mode 100644
> roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
>
> diff --git 
> a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> new file mode 100644
> index 000..6b4c087
> --- /dev/null
> +++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> @@ -0,0 +1,2 @@
> +# ifconfig-push actualIP PtPIP
> +ifconfig-push 192.168.1.177 192.168.0.177
> --
> 1.8.3.1
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org



-- 
Stephen J Smoogen.
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: [PATCH] allow bodhi to tag the secure boot packages into -override tags

2017-09-09 Thread Kevin Fenzi

+1, should get this fixed.

kevin



signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: FBR: Setup proxying and VPN for certgetter01

2017-09-09 Thread Kevin Fenzi

Seems reasonable +1

kevin



signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Freeze break request: teach nagios about noswap

2017-09-09 Thread Kevin Fenzi

Applied, thanks,

kevin




signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

FBR: Setup proxying and VPN for certgetter01

2017-09-09 Thread Patrick Uiterwijk

Hi,

Could I get +1s for these patches:

From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk 
Date: Sat, 9 Sep 2017 22:25:08 +
Subject: [PATCH 1/3] Allow setting up a vhost for certgetter

Signed-off-by: Patrick Uiterwijk 
---
 roles/httpd/website/defaults/main.yml  | 1 +
 roles/httpd/website/templates/website.conf | 4 
 2 files changed, 5 insertions(+)

diff --git a/roles/httpd/website/defaults/main.yml
b/roles/httpd/website/defaults/main.yml
index 99aa8b0..8ad299d 100644
--- a/roles/httpd/website/defaults/main.yml
+++ b/roles/httpd/website/defaults/main.yml
@@ -4,6 +4,7 @@

 server_aliases: []
 server_admin: webmas...@fedoraproject.org
+certbot: false
 ssl: true
 sslonly: false
 SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
diff --git a/roles/httpd/website/templates/website.conf
b/roles/httpd/website/templates/website.conf
index 6547452..8eed648 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -10,6 +10,10 @@
   SetOutputFilter DEFLATE
 {% endif %}

+{% if certbot %}
+  ProxyPass "/.well-known/acme-challenge"
"http://certgetter01/.well-known/acme-challenge";
+{% endif %}
+
 {% if sslonly %}
   RewriteEngine On
   RewriteCond %{HTTPS} off
-- 
1.8.3.1

From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk 
Date: Sat, 9 Sep 2017 22:26:40 +
Subject: [PATCH 2/3] Enable certbot for secondary kojis

Signed-off-by: Patrick Uiterwijk 
---
 playbooks/include/proxies-websites.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/playbooks/include/proxies-websites.yml
b/playbooks/include/proxies-websites.yml
index 9735c89..6362509 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -499,6 +499,7 @@
   - role: httpd/website
 name: ppc.koji.fedoraproject.org
 sslonly: true
+certbot: true
 server_aliases:
 - ppcpkgs.fedoraproject.org
 cert_name: secondary.koji.fedoraproject.org.letsencrypt
@@ -507,6 +508,7 @@
   - role: httpd/website
 name: s390.koji.fedoraproject.org
 sslonly: true
+certbot: true
 server_aliases:
 - s390pkgs.fedoraproject.org
 cert_name: secondary.koji.fedoraproject.org.letsencrypt
@@ -515,6 +517,7 @@
   - role: httpd/website
 name: arm.koji.fedoraproject.org
 sslonly: true
+certbot: true
 server_aliases:
 - armpkgs.fedoraproject.org
 cert_name: secondary.koji.fedoraproject.org.letsencrypt
-- 
1.8.3.1

From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk 
Date: Sat, 9 Sep 2017 23:02:21 +
Subject: [PATCH 3/3] Add certgetter01 ccd file

Signed-off-by: Patrick Uiterwijk 
---
 roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644
roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org

diff --git a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
new file mode 100644
index 000..6b4c087
--- /dev/null
+++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
@@ -0,0 +1,2 @@
+# ifconfig-push actualIP PtPIP
+ifconfig-push 192.168.1.177 192.168.0.177
-- 
1.8.3.1
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: [PATCH] pagure: allow to delete forks

2017-09-09 Thread Kevin Fenzi

On 09/08/2017 03:56 AM, Pierre-Yves Chibon wrote:
> On Thu, Sep 07, 2017 at 11:56:57AM -0700, Kevin Fenzi wrote:
>> +1 here.
>>
> 
> 
> +1 as well, sorry I forgot to do this before freeze :s

Applied.

However, when I tried deleting one of my forks it gave a 500 error, then
when I tried to fork that same project again it said it already existed. ;(



kevin





signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org

Re: Introduction

Re: FBR: Setup proxying and VPN for certgetter01

Re: FBR: Setup proxying and VPN for certgetter01

Re: FBR: Setup proxying and VPN for certgetter01

Re: [PATCH] allow bodhi to tag the secure boot packages into -override tags

Re: FBR: Setup proxying and VPN for certgetter01

Re: Freeze break request: teach nagios about noswap

FBR: Setup proxying and VPN for certgetter01

Re: [PATCH] pagure: allow to delete forks

9 matches

Site Navigation

Mail list logo

Footer information