Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

MirrorManager: fix config

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2024-01-17 10:48:59 +01:00
parent 844ac8e499
commit 035f018242
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 32 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

66
roles/openshift-apps/mirrormanager/templates/mm.cfg.py
View file

@ -2,16 +2,16 @@
# This is the config file for MirrorManager as intended to be used in OpenShift # This is the config file for MirrorManager as intended to be used in OpenShift
# #
OIDC_CLIENT_SECRETS = '/etc/mirrormanager-secrets/client_secrets.json'
# This is the directory the code enabled by SHOW_STATISTICS will use # Set the time after which the session expires. Flask's default is 31 days.
# to locate the statistics files and display them. # Default: ``timedelta(hours=1)`` corresponds to 1 hour.
STATISTICS_BASE = "/var/www/mirrormanager-statistics/data" # from datetime import timedelta
# PERMANENT_SESSION_LIFETIME = timedelta(hours=1)
{% if env == 'staging' %} {% if env == 'staging' %}
# url to the database server: # url to the database server:
DB_URL='postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}' SQLALCHEMY_DATABASE_URI = 'postgresql://{{ mirrormanager_stg_db_user }}:{{ mirrormanager_stg_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_stg_db_name }}'
# secret key used to generate unique csrf token # secret key used to generate unique csrf token
SECRET_KEY = '{{ mirrormanager_stg_secret_key }}' SECRET_KEY = '{{ mirrormanager_stg_secret_key }}'
@ -23,7 +23,7 @@ PASSWORD_SEED = "{{ mirrormanager_stg_password_seed }}"
{% else %} {% else %}
# url to the database server: # url to the database server:
DB_URL='postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}' SQLALCHEMY_DATABASE_URI = 'postgresql://{{ mirrormanager_db_user }}:{{ mirrormanager_db_pass }}@{{ mirrormanager_db_host }}/{{ mirrormanager_db_name }}'
# secret key used to generate unique csrf token # secret key used to generate unique csrf token
SECRET_KEY = '{{ mirrormanager_secret_key }}' SECRET_KEY = '{{ mirrormanager_secret_key }}'
@ -34,35 +34,33 @@ PASSWORD_SEED = "{{ mirrormanager_password_seed }}"
{% endif %} {% endif %}
ITEMS_PER_PAGE = 50 # the number of items to display on the search pages
# Default: ``50``.
# ITEMS_PER_PAGE = 50
# Make browsers send session cookie only via HTTPS # Make browsers send session cookie only via HTTPS
SESSION_COOKIE_SECURE=True SESSION_COOKIE_SECURE=True
from datetime import timedelta
# Set the time after which the session expires. Flask's default is 31 days.
# Default: ``timedelta(hours=1)`` corresponds to 1 hour.
PERMANENT_SESSION_LIFETIME = timedelta(hours=1)
# Folder containing the theme to use. # Folder containing the theme to use.
# Default: ``fedora``. # Default: ``fedora``.
THEME_FOLDER = 'fedora' # THEME_FOLDER = 'fedora'
# Which authentication method to use, defaults to `fas` can be or `local` # Which authentication method to use, defaults to `fas` can be or `local`
# Default: ``fas``. # Default: ``fas``.
MM_AUTHENTICATION = 'fas' # MM_AUTHENTICATION = 'fas'
OIDC_CLIENT_SECRETS = '/etc/mirrormanager-secrets/client_secrets.json'
# If the authentication method is `fas`, groups in which should be the user # If the authentication method is `fas`, groups in which should be the user
# to be recognized as an admin. # to be recognized as an admin.
ADMIN_GROUP = ['sysadmin-main', 'sysadmin-web'] ADMIN_GROUP = ['sysadmin-main', 'sysadmin-web']
# Email of the admin to which send notification or error # Email of the admin to which send notification or error
ADMIN_EMAIL = ['admin@fedoraproject.org'] # ADMIN_EMAIL = 'admin@fedoraproject.org'
# Email address used in the 'From' field of the emails sent. # Email address used in the 'From' field of the emails sent.
# Default: ``nobody@fedoraproject.org``. # Default: ``nobody@fedoraproject.org``.
EMAIL_FROM = 'nobody@fedoraproject.org' # EMAIL_FROM = 'nobody@fedoraproject.org'
# SMTP server to use, # SMTP server to use,
# Default: ``localhost``. # Default: ``localhost``.
@ -75,36 +73,36 @@ SMTP_SERVER = 'bastion{{ env_suffix }}.fedoraproject.org'
# When this is set to True, an additional menu item is shown which can # When this is set to True, an additional menu item is shown which can
# be used to browse the different statistics generated by # be used to browse the different statistics generated by
# mirrorlist_statistics.py. # mirrorlist_statistics.py.
SHOW_STATISTICS = True # SHOW_STATISTICS = True
# This is the directory the code enabled by SHOW_STATISTICS will use # This is the directory the code enabled by SHOW_STATISTICS will use
# to locate the statistics files and display them. # to locate the statistics files and display them.
STATISTICS_BASE = '/var/www/mirrormanager-statistics/data' # STATISTICS_BASE = '/var/www/mirrormanager-statistics/data'
# Countries which have to be excluded. # Countries which have to be excluded.
EMBARGOED_COUNTRIES = ['CU', 'IR', 'KP', 'SD', 'SY'] EMBARGOED_COUNTRIES = ['CU', 'IR', 'KP', 'SD', 'SY']
# When this is set to True, an additional menu item is shown which # When this is set to True, an additional menu item is shown which
# displays the maps generated with mm2_generate-worldmap. # displays the maps generated with mm2_generate-worldmap.
SHOW_MAPS = True # SHOW_MAPS = True
# Location of the static map displayed in the map tab. # Location of the static map displayed in the map tab.
STATIC_MAP = '/map/map.png' # STATIC_MAP = '/map/map.png'
# Location of the interactive openstreetmap based map. # Location of the interactive openstreetmap based map.
INTERACTIVE_MAP = '/map/mirrors.html' # INTERACTIVE_MAP = '/map/mirrors.html'
# The crawler can generate propagation statistics which can be # The crawler can generate propagation statistics which can be
# converted into svg/pdf with mm2_propagation. These files # converted into svg/pdf with mm2_propagation. These files
# can be displayed next to the statistics and maps tab if desired. # can be displayed next to the statistics and maps tab if desired.
SHOW_PROPAGATION = True # SHOW_PROPAGATION = True
# Where to look for the above mentioned propagation images. # Where to look for the above mentioned propagation images.
PROPAGATION_BASE = '/var/www/mirrormanager-statistics/data/propagation' # PROPAGATION_BASE = '/var/www/mirrormanager-statistics/data/propagation'
# Disable master rsync server ACL # Disable master rsync server ACL
# Fedora does not use it and therefore it is set to False # Fedora does not use it and therefore it is set to False
MASTER_RSYNC_ACL = False # MASTER_RSYNC_ACL = False
# When this is set to True, the session cookie will only be returned to the # When this is set to True, the session cookie will only be returned to the
# server via ssl (https). If you connect to the server via plain http, the # server via ssl (https). If you connect to the server via plain http, the
@ -112,11 +110,11 @@ MASTER_RSYNC_ACL = False
# This may be set to False when testing your application but should always # This may be set to False when testing your application but should always
# be set to True in production. # be set to True in production.
# Default: ``True``. # Default: ``True``.
MM_COOKIE_REQUIRES_HTTPS = True # MM_COOKIE_REQUIRES_HTTPS = True
# The name of the cookie used to store the session id. # The name of the cookie used to store the session id.
# Default: ``.MirrorManager``. # Default: ``.MirrorManager``.
MM_COOKIE_NAME = 'MirrorManager' # MM_COOKIE_NAME = 'MirrorManager'
# If this variable is set (and the directory exists) the crawler # If this variable is set (and the directory exists) the crawler
# will create per host log files in MM_LOG_DIR/crawler/<hostid>.log # will create per host log files in MM_LOG_DIR/crawler/<hostid>.log
@ -130,24 +128,24 @@ MM_LOG_DIR = '-'
# The following is the default for Fedora to exclude FTP based # The following is the default for Fedora to exclude FTP based
# mirrors to be added. Removing this confguration option # mirrors to be added. Removing this confguration option
# or setting it to '' removes any protocol restrictions. # or setting it to '' removes any protocol restrictions.
MM_PROTOCOL_REGEX = '^(?!ftp)(.*)$' # MM_PROTOCOL_REGEX = '^(?!ftp)(.*)$'
# The netblock size parameters define which netblock sizes can be # The netblock size parameters define which netblock sizes can be
# added by a site administrator. Larger networks can only be added by # added by a site administrator. Larger networks can only be added by
# mirrormanager admins. # mirrormanager admins.
MM_IPV4_NETBLOCK_SIZE = '/16' # MM_IPV4_NETBLOCK_SIZE = '/16'
MM_IPV6_NETBLOCK_SIZE = '/32' # MM_IPV6_NETBLOCK_SIZE = '/32'
# If not specified the application will rely on the root_url when sending # If not specified the application will rely on the root_url when sending
# emails, otherwise it will use this URL # emails, otherwise it will use this URL
# Default: ``None``. # Default: ``None``.
APPLICATION_URL = None # APPLICATION_URL = None
# Boolean specifying wether to check the user's IP address when retrieving # Boolean specifying wether to check the user's IP address when retrieving
# its session. This make things more secure (thus is on by default) but # its session. This make things more secure (thus is on by default) but
# under certain setup it might not work (for example is there are proxies # under certain setup it might not work (for example is there are proxies
# in front of the application). # in front of the application).
CHECK_SESSION_IP = True # CHECK_SESSION_IP = True
# Specify additional rsync parameters for the crawler # Specify additional rsync parameters for the crawler
# # --timeout 14400: abort rsync crawl after 4 hours # # --timeout 14400: abort rsync crawl after 4 hours
@ -174,7 +172,7 @@ CRAWLER_SEND_EMAIL = False
# If a host fails for CRAWLER_AUTO_DISABLE times in a row # If a host fails for CRAWLER_AUTO_DISABLE times in a row
# the host will be disable automatically (user_active) # the host will be disable automatically (user_active)
CRAWLER_AUTO_DISABLE = 4 # CRAWLER_AUTO_DISABLE = 4
UMDL_PREFIX = '/srv/' UMDL_PREFIX = '/srv/'