Re: FBR: add proxy101/proxy110 to static syncHttpLogs.sh
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: add proxy101/proxy110 to static syncHttpLogs.sh
Hi, So it would seem that even though there's a syncHttpLogs.sh.j2 template, that is not actually used... The one that's used is a static syncHttpLogs.sh file. Could I get +1s to add proxy101/proxy110 to that file (see patch underneath) until it gets replaced with the template? Thanks, Patrick diff --git a/roles/base/files/syncHttpLogs.sh b/roles/base/files/syncHttpLogs.sh index 88aecbf44..c64f805c4 100644 --- a/roles/base/files/syncHttpLogs.sh +++ b/roles/base/files/syncHttpLogs.sh @@ -42,6 +42,8 @@ syncHttpLogs proxy11.vpn.fedoraproject.org syncHttpLogs proxy12.vpn.fedoraproject.org syncHttpLogs proxy13.vpn.fedoraproject.org syncHttpLogs proxy14.vpn.fedoraproject.org +syncHttpLogs proxy101.phx2.fedoraproject.org +syncHttpLogs proxy110.phx2.fedoraproject.org syncHttpLogs proxy01.stg.phx2.fedoraproject.org syncHttpLogs fas01.phx2.fedoraproject.org syncHttpLogs fas02.phx2.fedoraproject.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: To add coreos-continuous permission to koji hub policy
The lines broke in my email but if the real patch doesn’t have that problem then I think it can be applied On Thu, Mar 28, 2019 at 9:50 AM Mohan Boddu wrote: > Core OS folks wanted to have a separate koji tag to build and tag their > Core OS continuous builds. This has been discussed in the releng ticket - > https://pagure.io/releng/issue/8165. > > Also, we tested it staging koji and has been working fine. Here's the > staging koji ansible commit: > https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=c07ff32 > > Once, this patch is deployed, I will make the necessary koji tags and > permissions as we did in staging koji (which are listed in the releng issue > linked above). > > diff --git a/roles/koji_hub/templates/hub.conf.j2 > b/roles/koji_hub/templates/hub.conf.j2 > index 71792c7..5142491 100644 > --- a/roles/koji_hub/templates/hub.conf.j2 > +++ b/roles/koji_hub/templates/hub.conf.j2 > @@ -96,6 +96,8 @@ tag = > # These two rules makes sure people can't build srpms in infra tags and > tag them into distribution tags > tag *infra* && fromtag *infra* && has_perm infra :: allow > fromtag *infra* :: deny > +# CoreOS continuous builds, https://pagure.io/releng/issue/8165 > +tag f{{FedoraRawhideNumber}}-coreos-continuous > f{{FedoraBranchedNumber}}-coreos-continuous f{{Fedora > CycleNumber}}-coreos-continuous > f{{FedoraPreviousCycleNumber}}-coreos-continuous && has_perm coreos-conti > nuous && match action add unblock block :: allow > all :: allow > > channel = > > > If you have any questions, please let me know. > > Thanks. > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Enable central http logging for internal proxies
+1 thanks On Thu, Mar 28, 2019 at 6:50 PM Kevin Fenzi wrote: > +1 > > sorry we missed this. > > kevin > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Enable central http logging for internal proxies
+1 sorry we missed this. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Enable central http logging for internal proxies
Hi, Can I get +1s for applying the underneath patch and running the logserver.yml playbook? This will make sure we also capture the proxy101/proxy110 http logs on log01. Patrick diff --git a/roles/base/templates/syncHttpLogs.sh.j2 b/roles/base/templates/syncHttpLogs.sh.j2 index d83f63d65..8cca68d5d 100644 --- a/roles/base/templates/syncHttpLogs.sh.j2 +++ b/roles/base/templates/syncHttpLogs.sh.j2 @@ -33,6 +33,11 @@ function syncHttpLogs { syncHttpLogs {{host}} {% endfor %} +## Sync up all internal proxies +{% for host in groups['proxies-internal'] %} +syncHttpLogs {{host}} +{% endfor %} + ## Sync up all staging proxies {% for host in groups['proxies-stg'] %} syncHttpLogs {{host}} ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: Future of fedora-packages
On 3/28/19 8:54 AM, Clement Verna wrote: > On Thu, 28 Mar 2019 at 16:27, Kevin Fenzi wrote: >> >> On 3/27/19 3:50 AM, Clement Verna wrote: >>> So the fun fact is that we are already running elasticsearch with >>> kibana and logstash [0] in our Openshift clusters. So maybe we can >>> leverage on how this is deployed to run a dedicated instance for >>> fedora-packages. >> >> Yeah. >> >> However, it's pretty tailored to logs of pods. It would likely be easier >> to start with a dedicated elastic pod for searching packages, but then >> you would need to teach it how to gather the info and write a frontend >> for it. :( > > Yes, it does not look like we can easily reuse this. I think our best > chance is to work on making src.fp.o the new central place for > packages, but we need to improve the search functionality of Pagure. I > personally don't think we will have enough time to work on making a > fedora-packages 2.0 except if someone else is interested in working on > it. Do you think this could be a good project for outreachy or the like if you have time to mentor? Or is it too big for that kind of timeframe? kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] proxies: fix logic for websockets in reversepassproxy (small change from first one)
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Unfreeze RelEng to push updates
On 3/28/19 2:50 PM, Mohan Boddu wrote: > Hello, > > I dont know if this FBR is needed or not, but now that we have a GOLD > compose for F30 Beta and all the requested f30 builds pushed stable and I > cloned f30-Beta tag from f30, now we can start pushing updates to F30 > stable as well along with the others. > > +1's please > > diff --git a/vars/all/RelEngFrozen.yaml b/vars/all/RelEngFrozen.yaml > index bd7553f..72af779 100644 > --- a/vars/all/RelEngFrozen.yaml > +++ b/vars/all/RelEngFrozen.yaml > @@ -1 +1 @@ > -RelEngFrozen: True > +RelEngFrozen: False +1 I assume beta is all tagged now. In some ways it might be nice to let the compose tonight happen before we start pushing more updates, but I guess it doesn't matter as long as it's tagged. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Unfreeze RelEng to push updates
Hello, I dont know if this FBR is needed or not, but now that we have a GOLD compose for F30 Beta and all the requested f30 builds pushed stable and I cloned f30-Beta tag from f30, now we can start pushing updates to F30 stable as well along with the others. +1's please diff --git a/vars/all/RelEngFrozen.yaml b/vars/all/RelEngFrozen.yaml index bd7553f..72af779 100644 --- a/vars/all/RelEngFrozen.yaml +++ b/vars/all/RelEngFrozen.yaml @@ -1 +1 @@ -RelEngFrozen: True +RelEngFrozen: False Thanks. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [FBR] proxies: fix logic for websockets in reversepassproxy (small change from first one)
I forgot to make a change in the regexp for the RewriteCond - new patch follows: The last patch I did for this added some bits that didn't need to be there and made a bad assumption about the default value for remotepath for the reversepassproxy.conf template. This ended up with unneccesarry complication in the ws balancers and a unintended RewriteCond for any declared reversepassproxy that didn't redefine remotepath. This patch fixes the bad assumptions and removes the cruft that didn't actually do or fix anything --- roles/httpd/reverseproxy/templates/reversepassproxy.conf | 12 ++-- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index 1e4afe0..93baefd 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -29,26 +29,18 @@ SSLProxyEngine On {% for member in balancer_members %} {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %} -{% if remotepath is defined %} -BalancerMember "ws://{{ member }}{{ remotepath }} -{% else %} BalancerMember "ws://{{ member }}" -{% endif %} -{% else %} -{% if remotepath is defined %} -BalancerMember "wss://{{ member }}{{ remotepath }} {% else %} BalancerMember "wss://{{ member }}" {% endif %} -{% endif %} {% endfor %} RewriteEngine on RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC] RewriteCond %{HTTP:Connection} Upgrade [NC] -{% if remotepath is defined %} -RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)* +{% if remotepath != "/" %} +RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.*) {% endif %} RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P] -- 1.8.3.1 ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
[FBR] proxies: fix logic for websockets in reversepassproxy
The last patch I did for this added some bits that didn't need to be there and made a bad assumption about the default value for remotepath for the reversepassproxy.conf template. This ended up with unneccesarry complication in the ws balancers and a unintended RewriteCond for any declared reversepassproxy that didn't redefine remotepath. This patch fixes the bad assumptions and removes the cruft that didn't actually do or fix anything --- roles/httpd/reverseproxy/templates/reversepassproxy.conf | 10 +- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/roles/httpd/reverseproxy/templates/reversepassproxy.conf b/roles/httpd/reverseproxy/templates/reversepassproxy.conf index 1e4afe0..1ea0b97 100644 --- a/roles/httpd/reverseproxy/templates/reversepassproxy.conf +++ b/roles/httpd/reverseproxy/templates/reversepassproxy.conf @@ -29,25 +29,17 @@ SSLProxyEngine On {% for member in balancer_members %} {% if http_not_https_yes_this_is_insecure_and_i_feel_bad %} -{% if remotepath is defined %} -BalancerMember "ws://{{ member }}{{ remotepath }} -{% else %} BalancerMember "ws://{{ member }}" -{% endif %} -{% else %} -{% if remotepath is defined %} -BalancerMember "wss://{{ member }}{{ remotepath }} {% else %} BalancerMember "wss://{{ member }}" {% endif %} -{% endif %} {% endfor %} RewriteEngine on RewriteCond %{HTTP:Upgrade} ^WebSocket$ [NC] RewriteCond %{HTTP:Connection} Upgrade [NC] -{% if remotepath is defined %} +{% if remotepath != "/" %} RewriteCond %{REQUEST_URI} ^{{ remotepath }}/(.)* {% endif %} RewriteRule .* "balancer://{{ balancer_name }}-websocket%{REQUEST_URI}" [P] -- 1.8.3.1 ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: Future of fedora-packages
On Thu, 28 Mar 2019 at 16:27, Kevin Fenzi wrote: > > On 3/27/19 3:50 AM, Clement Verna wrote: > > So the fun fact is that we are already running elasticsearch with > > kibana and logstash [0] in our Openshift clusters. So maybe we can > > leverage on how this is deployed to run a dedicated instance for > > fedora-packages. > > Yeah. > > However, it's pretty tailored to logs of pods. It would likely be easier > to start with a dedicated elastic pod for searching packages, but then > you would need to teach it how to gather the info and write a frontend > for it. :( Yes, it does not look like we can easily reuse this. I think our best chance is to work on making src.fp.o the new central place for packages, but we need to improve the search functionality of Pagure. I personally don't think we will have enough time to work on making a fedora-packages 2.0 except if someone else is interested in working on it. > > kevin > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [PATCH] distgit/pagure: Increase the cross-project ACLs
On 3/28/19 2:58 AM, Pierre-Yves Chibon wrote: > This just makes pagure accept to generate project-less API tokens > with these two ACLs. > > Signed-off-by: Pierre-Yves Chibon > --- > roles/distgit/pagure/templates/pagure.cfg | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/roles/distgit/pagure/templates/pagure.cfg > b/roles/distgit/pagure/templates/pagure.cfg > index a66b3278b..385b80464 100644 > --- a/roles/distgit/pagure/templates/pagure.cfg > +++ b/roles/distgit/pagure/templates/pagure.cfg > @@ -273,10 +273,8 @@ USER_ACLS = [ > CROSS_PROJECT_ACLS = [ > 'fork_project', > 'modify_project', > -{% if env == 'staging' %} > 'pull_request_create', > 'pull_request_comment', > -{% endif %} > ] > > ADMIN_API_ACLS = [ +1 here, sounds like a good thing to have. kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: Future of fedora-packages
On 3/27/19 3:50 AM, Clement Verna wrote: > So the fun fact is that we are already running elasticsearch with > kibana and logstash [0] in our Openshift clusters. So maybe we can > leverage on how this is deployed to run a dedicated instance for > fedora-packages. Yeah. However, it's pretty tailored to logs of pods. It would likely be easier to start with a dedicated elastic pod for searching packages, but then you would need to teach it how to gather the info and write a frontend for it. :( kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: Need someone to run Thursday meeting
On Wed, Mar 27, 2019 at 7:10 PM Kevin Fenzi wrote: > > On 3/25/19 4:01 AM, Stephen John Smoogen wrote: > > I will be gone Wed->Sun this week and will need someone to run the > > Thursday Infrastructure meeting. The basics of the meeting are in the > > gobby-0.5 on infinote.fedoraproject.org > > > > On Wednesday, call for items to be added to the document on IRC in > > #fedora-admin, #fedora-apps, #fedora-noc, #fedora-releng . Send out an > > email around 20:00 UTC. > > > > On Thursday, go to IRC an hour before meeting and remind people on > > #fedora-admin, #fedora-apps, #fedora-noc, #fedora-releng . Start the > > meeting and follow the form. After each section either mark sub-items > > to be used next meeting or remove it. > > I can do it if no one else wants to... but it's a great chance to get > involved and it's kinda fun the first few times. ;) > > Any takers? I'll do it. -- Mikolaj Izdebski ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: To add coreos-continuous permission to koji hub policy
Core OS folks wanted to have a separate koji tag to build and tag their Core OS continuous builds. This has been discussed in the releng ticket - https://pagure.io/releng/issue/8165. Also, we tested it staging koji and has been working fine. Here's the staging koji ansible commit: https://infrastructure.fedoraproject.org/cgit/ansible.git/commit/?id=c07ff32 Once, this patch is deployed, I will make the necessary koji tags and permissions as we did in staging koji (which are listed in the releng issue linked above). diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index 71792c7..5142491 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -96,6 +96,8 @@ tag = # These two rules makes sure people can't build srpms in infra tags and tag them into distribution tags tag *infra* && fromtag *infra* && has_perm infra :: allow fromtag *infra* :: deny +# CoreOS continuous builds, https://pagure.io/releng/issue/8165 +tag f{{FedoraRawhideNumber}}-coreos-continuous f{{FedoraBranchedNumber}}-coreos-continuous f{{Fedora CycleNumber}}-coreos-continuous f{{FedoraPreviousCycleNumber}}-coreos-continuous && has_perm coreos-conti nuous && match action add unblock block :: allow all :: allow channel = If you have any questions, please let me know. Thanks. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Apply MBS PR#1185 to fix Module Stream Expansion with new platform streams
LGTM +1 On Wed, Mar 27, 2019 at 1:29 PM Kevin Fenzi wrote: > +1 > > kevin > > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
[PATCH] distgit/pagure: Increase the cross-project ACLs
This just makes pagure accept to generate project-less API tokens with these two ACLs. Signed-off-by: Pierre-Yves Chibon --- roles/distgit/pagure/templates/pagure.cfg | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/distgit/pagure/templates/pagure.cfg b/roles/distgit/pagure/templates/pagure.cfg index a66b3278b..385b80464 100644 --- a/roles/distgit/pagure/templates/pagure.cfg +++ b/roles/distgit/pagure/templates/pagure.cfg @@ -273,10 +273,8 @@ USER_ACLS = [ CROSS_PROJECT_ACLS = [ 'fork_project', 'modify_project', -{% if env == 'staging' %} 'pull_request_create', 'pull_request_comment', -{% endif %} ] ADMIN_API_ACLS = [ -- 2.20.1 ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Retirement of sse2fedmsg
Hi everybody, month ago I sent an e-mail asking about the future of this project and nobody responded. So our team decided to retire this project. Project will be officially retired on 28th April 2019. Here is the link to previous e-mail in archive list: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org/message/ILPEPLDEHNEKADFCGL6IUNRYTWR7UTRG/ Regards, mkonecny ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR clean up repospanner on batcave01/pagure01
On Wed, Mar 27, 2019 at 10:41:45AM -0700, Kevin Fenzi wrote: > Greetings. > > Back a long time ago we setup a repospanner cluster for our ansible > repo. We used repospanner01, batcave01 and pagure01 in this cluster. > > However, there were some things that needed fixing up before we could > use it, so we never used it. > > Fast forward to todaay and we have setup a new cluster for src, but will > also just reuse it for ansible repo as well. That cluster has > repospanner01 (reinstalled), repospanner-osuosl01, and > repospanner-cc-rdu01 in it. > > That is all great, however, we still have repospanner installed and > trying to cluster on batcave01 and pagure01. it's sending many messages > per second about it's missing repospanner01 cluster member being gone. > > So, I would like to apply the following to ansible, stop and remove the > repospanner package from batcave01/pagure01. It shouldn't cause any > issues I wouldn't think. > > +1s? > > kevin > -- > > diff --git a/playbooks/groups/batcave.yml b/playbooks/groups/batcave.yml > > index e0f7213..fe0f450 100644 > > --- a/playbooks/groups/batcave.yml > > +++ b/playbooks/groups/batcave.yml > > @@ -31,7 +31,6 @@ > > SSLCertificateChainFile: "{{wildcard_int_file}}" > >- openvpn/client > >- batcave > > - - { role: repospanner/server, when: > > inventory_hostname.startswith('batcave01'), node: batcave01, region: > > ansible, spawn_repospanner_node: false, join_repospanner_node: > > repospanner01.ansible.fedoraproject.org } > >- { role: nfs/client, when: inventory_hostname.startswith('batcave'), > > mnt_dir: '/srv/web/pub', nfs_src_dir: 'fedora_ftp/fedora.redhat.com/pub' } > >- { role: nfs/client, when: inventory_hostname.startswith('batcave01'), > > mnt_dir: '/mnt/fedora/app', nfs_src_dir: 'fedora_app/app' } > > > > diff --git a/playbooks/groups/pagure.yml b/playbooks/groups/pagure.yml > > index a6dd601..d9f8c29 100644 > > --- a/playbooks/groups/pagure.yml > > +++ b/playbooks/groups/pagure.yml > > @@ -56,7 +56,6 @@ > >roles: > >- pagure/frontend > >- pagure/fedmsg > > - - { role: repospanner/server, when: > > inventory_hostname.startswith('pagure01'), node: pagure01, region: ansible, > > spawn_repospanner_node: false, join_repospanner_node: > > repospanner01.ansible.fedoraproject.org } > > > >handlers: > >- import_tasks: "{{ handlers_path }}/restart_services.yml" +1 for me Pierre signature.asc Description: PGP signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org