From 0f7714cb1bdc94a0180e84878b8bb936b45d64e6 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Sun, 9 Feb 2014 22:43:22 +0000 Subject: [PATCH 1/5] Add support for signing and importing into the testing repository --- playbooks/sign_and_import.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/playbooks/sign_and_import.yml b/playbooks/sign_and_import.yml index d252e0ecc4..24fc541998 100644 --- a/playbooks/sign_and_import.yml +++ b/playbooks/sign_and_import.yml @@ -1,10 +1,13 @@ # This playbook takes new rpms specified with a fileglob, signs them, and adds # them to the infrastructure repo. # +# To push to infra-testing: +# requires --extra-vars="rpmdir='/home/fedora/ralph/rpms/' testing=True" +# +# To push to infra: # requires --extra-vars="rpmdir='/home/fedora/ralph/rpms/'" # TODO -- grab rpms from koji build/task ids beforehand? -# TODO -- how do make it easy to select the infra-testing repo? # TODO -- other arches than x86_64? - name: batch sign and import a directory full of rpms @@ -16,8 +19,7 @@ # repo. Since we're in freeze right now, we'll default to the testing repo. # It would be nice to be able to toggle this from the command line. vars: - #- repodir: /mnt/fedora/app/fi-repo/testing/6 - - repodir: /mnt/fedora/app/fi-repo/6 + - repodir: /mnt/fedora/app/fi-repo/{% if testing %}testing/{% endif %}6 tasks: - name: Fail if no rpmdir provided @@ -32,7 +34,7 @@ - name: make a directory where we store the rpms afterwards file: path={{ rpmdir }}-old state=directory - - name: copy the source rpms to the SRPMS dir + - name: copy the source rpms to the SRPMS dir of {{ repodir }} copy: src={{ item }} dest={{ repodir }}/SRPMS/ with_fileglob: - "{{ rpmdir }}/*.src.rpm" @@ -45,7 +47,7 @@ with_fileglob: - "{{ rpmdir }}/*.src.rpm" - - name: copy the binary rpms to the x86_64 dir + - name: copy the binary rpms to the x86_64 dir of {{ repodir }} copy: src={{ item }} dest={{ repodir }}/x86_64/ with_fileglob: - "{{ rpmdir }}/*.rpm" From f327ef20c595c65c3bf766bad7ebfaca6605c4f0 Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Mon, 10 Feb 2014 00:04:51 +0100 Subject: [PATCH 2/5] We need to declare the variable to override it in the cli --- playbooks/sign_and_import.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/playbooks/sign_and_import.yml b/playbooks/sign_and_import.yml index 24fc541998..9cfdd38466 100644 --- a/playbooks/sign_and_import.yml +++ b/playbooks/sign_and_import.yml @@ -20,6 +20,7 @@ # It would be nice to be able to toggle this from the command line. vars: - repodir: /mnt/fedora/app/fi-repo/{% if testing %}testing/{% endif %}6 + - testing: False tasks: - name: Fail if no rpmdir provided From 03a1ca0abd037586f2800bde7dd0619116d1037c Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Sun, 9 Feb 2014 23:54:46 +0000 Subject: [PATCH 3/5] Add trusted_openid patterns for badges. --- roles/badges-frontend/templates/tahrir.ini | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/badges-frontend/templates/tahrir.ini b/roles/badges-frontend/templates/tahrir.ini index c208eacad0..66b2b04bf8 100644 --- a/roles/badges-frontend/templates/tahrir.ini +++ b/roles/badges-frontend/templates/tahrir.ini @@ -44,12 +44,14 @@ dogpile.cache.arguments.distributed_lock = True tahrir.title = Fedora Badges (staging!) tahrir.base_url = https://badges.stg.fedoraproject.org tahrir.openid_identifier = http://id.stg.fedoraproject.org/ +tahrir.trusted_openid = ^http(s)?:\/\/([a-zA-Z0-9]+\.)?stg.id\.fedoraproject\.org(/)?$ tahrir.openid_realm = https://badges.stg.fedoraproject.org tahrir.websocket.topic = org.fedoraproject.stg.fedbadges.badge.award {% else %} tahrir.title = Fedora Badges tahrir.base_url = https://badges.fedoraproject.org tahrir.openid_identifier = http://id.fedoraproject.org/ +tahrir.trusted_openid = ^http(s)?:\/\/([a-zA-Z0-9]+\.)?id\.fedoraproject\.org(/)?$ tahrir.openid_realm = https://badges.fedoraproject.org tahrir.websocket.topic = org.fedoraproject.prod.fedbadges.badge.award {% endif %} From 2b7198bd7697f5353476be3202b4cce46623a97f Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 10 Feb 2014 18:39:26 +0000 Subject: [PATCH 4/5] Move badges-web02 to vh15 --- inventory/host_vars/badges-web02.phx2.fedoraproject.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory/host_vars/badges-web02.phx2.fedoraproject.org b/inventory/host_vars/badges-web02.phx2.fedoraproject.org index 63f076ca4c..5db61afc23 100644 --- a/inventory/host_vars/badges-web02.phx2.fedoraproject.org +++ b/inventory/host_vars/badges-web02.phx2.fedoraproject.org @@ -4,7 +4,7 @@ gw: 10.5.126.254 dns: 10.5.126.21 ks_url: http://10.5.126.23/repo/rhel/ks/kvm-rhel-6 ks_repo: http://10.5.126.23/repo/rhel/RHEL6-x86_64/ -volgroup: /dev/VirtGuests00 +volgroup: /dev/vg_guests00 eth0_ip: 10.5.126.102 -vmhost: virthost01.phx2.fedoraproject.org +vmhost: virthost15.phx2.fedoraproject.org datacenter: phx2 From ce990461f9039a60b8933f0c548a9cee4ce7cc04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Mon, 10 Feb 2014 19:22:18 +0000 Subject: [PATCH 5/5] Mailman: small fixes --- roles/mailman/files/post-update.sh | 3 +++ roles/mailman/templates/postfix-main.cf.j2 | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/mailman/files/post-update.sh b/roles/mailman/files/post-update.sh index b16d4dade0..f04228f6cf 100755 --- a/roles/mailman/files/post-update.sh +++ b/roles/mailman/files/post-update.sh @@ -21,6 +21,9 @@ chmod g+w -R $INDEXDIR # Give database rights to the non-admin user $BASEDIR/bin/pg-give-rights.py +# SELinux contexts +restorecon -r "$BASEDIR" + # Reload Apache to flush the python cache systemctl reload httpd # Restart Mailman3 since kittystore was updated diff --git a/roles/mailman/templates/postfix-main.cf.j2 b/roles/mailman/templates/postfix-main.cf.j2 index 9d0c830dd9..3d50a7390e 100644 --- a/roles/mailman/templates/postfix-main.cf.j2 +++ b/roles/mailman/templates/postfix-main.cf.j2 @@ -314,7 +314,7 @@ unknown_local_recipient_reject_code = 550 #relayhost = [mailserver.isp.tld] #relayhost = uucphost #relayhost = [an.ip.add.ress] -relayhost = bastion +relayhost = bastion.phx2.fedoraproject.org # REJECTING UNKNOWN RELAY USERS