Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Configure keyhelper/aclchecker for prod

Browse source 
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
This commit is contained in:
Patrick Uiterwijk 2018-11-21 11:58:48 +01:00
parent 66802257fa
commit 3c408d88b0
1 changed files with 20 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

38
roles/distgit/pagure/templates/pagure_shared.cfg
View file

@ -80,6 +80,26 @@ ALLOW_HTTP_PUSH = True
PDC_URL = 'https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/' PDC_URL = 'https://pdc{{ env_suffix }}.fedoraproject.org/rest_api/v1/'
SSH_KEYS_USERNAME_LOOKUP = True
SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
SSH_COMMAND_REPOSPANNER = ([
"/usr/libexec/repobridge",
"--extra", "username", "%(username)s",
"--extra", "repotype", "%(repotype)s",
"--extra", "project_name", "%(project_name)s",
"--extra", "project_user", "%(project_user)s",
"--extra", "project_namespace", "%(project_namespace)s",
"%(cmd)s",
"'pagure/%(repotype)s/%(reponame)s'",
], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
SSH_COMMAND_NON_REPOSPANNER = ([
"/usr/share/gitolite3/gitolite-shell",
"%(username)s",
"%(cmd)s",
"%(reponame)s",
], {})
{% if env == "staging" %} {% if env == "staging" %}
ACL_DEBUG = True ACL_DEBUG = True
@ -102,23 +122,5 @@ REPOSPANNER_REGIONS = {
} }
} }
REPOSPANNER_PSEUDO_FOLDER = '/srv/git/repositories/pseudo' REPOSPANNER_PSEUDO_FOLDER = '/srv/git/repositories/pseudo'
SSH_KEYS_USERNAME_LOOKUP = True
SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
SSH_COMMAND_REPOSPANNER = ([
"/usr/libexec/repobridge",
"--extra", "username", "%(username)s",
"--extra", "repotype", "%(repotype)s",
"--extra", "project_name", "%(project_name)s",
"--extra", "project_user", "%(project_user)s",
"--extra", "project_namespace", "%(project_namespace)s",
"%(cmd)s",
"'pagure/%(repotype)s/%(reponame)s'",
], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
SSH_COMMAND_NON_REPOSPANNER = ([
"/usr/share/gitolite3/gitolite-shell",
"%(username)s",
"%(cmd)s",
"%(reponame)s",
], {})
{% endif %} {% endif %}