[Pagure] Disable OIDC on production for now

Limiting the number of processes to 1 caused unexpected error on production instance. For more info see https://pagure.io/fedora-infrastructure/issue/10372#comment-868823 Signed-off-by: Michal Konecny <mkonecny@redhat.com>
2023-08-14 12:30:45 +02:00 · 2023-08-14 12:30:45 +02:00 · 4c2dc64958
commit 4c2dc64958
parent 88f7258c7b
2 changed files with 8 additions and 0 deletions
--- a/roles/pagure/templates/0_pagure.conf
+++ b/roles/pagure/templates/0_pagure.conf
@ -3,8 +3,12 @@ WSGISocketPrefix run/wsgi
 WSGIRestrictSignal Off
 WSGIPythonOptimize 1
 WSGIPassAuthorization On
+{% if env == 'pagure-staging' %}
 # Only use a single process because flask-oidc stores its credentials in a dictionary.
 WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=1 threads=20 inactivity-timeout=300
+{% else %}
+WSGIDaemonProcess pagure user=git group=git maximum-requests=1000 display-name=pagure processes=10 threads=6 inactivity-timeout=300
+{% endif %}
 WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-name=paguredocs processes=4 threads=4 inactivity-timeout=300

 Protocols h2 h2c http/1.1
--- a/roles/pagure/templates/pagure.cfg
+++ b/roles/pagure/templates/pagure.cfg
@ -195,6 +195,7 @@ DISABLED_PLUGINS = ['IRC']
 ### Switch the authentication method
 # Specify which authentication method to use: `openid`, `oidc`, `local`
 # Default: ``fas``.
+{% if env == 'pagure-staging' %}
 PAGURE_AUTH = 'oidc'
 OIDC_CLIENT_SECRETS = "/etc/pagure/client_secrets.json"
 OIDC_ID_TOKEN_COOKIE_SECURE = True
@ -209,6 +210,9 @@ OIDC_PAGURE_USERNAME = 'preferred_username'
 OIDC_PAGURE_SSH_KEY = 'ssh_key'
 OIDC_PAGURE_GROUPS = 'groups'
 OIDC_PAGURE_USERNAME_FALLBACK = 'nickname'
+{% else %}
+PAGURE_AUTH = 'openid'
+{% endif %}

 # When this is set to True, the session cookie will only be returned to the
 # server via ssl (https). If you connect to the server via plain http, the