Deploy initial repoSpanner config for stg dist-git

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2018-10-05 05:05:17 +02:00 · 2018-10-05 05:05:17 +02:00 · f68bb7e4aa
commit f68bb7e4aa
parent d1683f98cd
2 changed files with 56 additions and 0 deletions
--- a/roles/distgit/pagure/templates/pagure.cfg
+++ b/roles/distgit/pagure/templates/pagure.cfg
@ -347,3 +347,43 @@ BLACKLISTED_GROUPS = ['forks', 'group']

 PROJECT_NAME_REGEX = '^[a-zA-z0-9_][a-zA-Z0-9-_\.+]*$'

+{% if env == "staging" %}
+# repoSpanner setup
+
+# For now, repoSpanner is enabled on a per-repo basis
+REPOSPANNER_NEW_REPO = None
+REPOSPANNER_NEW_REPO_ADMIN_OVERRIDE = True
+REPOSPANNER_NEW_FORK = True
+REPOSPANNER_ADMIN_MIGRATION = True
+REPOSPANNER_REGIONS = {
+    'rpms': {'url': 'https://fedora01.rpms.stg.fedoraproject.org',
+             'repo_prefix': '',
+	     'hook': None,
+	     'ca': '/etc/pagure/ca.crt',
+	     'admin_cert': {'cert': '/etc/pagure/fedora_rpms_admin.crt',
+	                    'key': '/etc/pagure/fedora_rpms_admin.key'},
+	     'push_cert': {'cert': '/etc/pagure/fedora_rpms_push.crt',
+	                   'key': '/etc/pagure/fedora_rpms_push.key'}
+            }
+}
+REPOSPANNER_PSEUDO_FOLDER = '/srv/git/repositories/pseudo'
+SSH_KEYS_USERNAME_LOOKUP = True
+SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"'
+SSH_COMMAND_REPOSPANNER = ([
+    "/usr/libexec/repobridge",
+    "--extra", "username", "%(username)s",
+    "--extra", "repotype", "%(repotype)s",
+    "--extra", "project_name", "%(project_name)s",
+    "--extra", "project_user", "%(project_user)s",
+    "--extra", "project_namespace", "%(project_namespace)s",
+    "%(cmd)s",
+    "'pagure/%(repotype)s/%(reponame)s'",
+], {"REPOBRIDGE_CONFIG": "/etc/repospanner/bridge_%(region)s.json"})
+SSH_COMMAND_NON_REPOSPANNER = ([
+    "/usr/share/gitolite3/gitolite-shell",
+    "%(username)s",
+    "%(cmd)s",
+    "%(reponame)s",
+], {})
+
+{% endif %}
--- a/roles/distgit/tasks/main.yml
+++ b/roles/distgit/tasks/main.yml
@ -189,6 +189,22 @@
  - distgit
  - mass-branching

+# -- repoSpanner certs ---....etc...
+- name: Install the certificates for repoSpanner access
+  copy: src="{{private}}/files/repoSpanner/{{env}}/ca/{{item}}"
+        dest="/etc/pagure/{{item}}"
+        owner=git group=git mode=0600
+  with_items:
+  - ca.crt
+  - fedora_rpms_admin.crt
+  - fedora_rpms_admin.key
+  - fedora_rpms_push.crt
+  - fedora_rpms_push.key
+  when: env == "staging"
+  tags:
+  - config
+  - distgit
+
 # -- Gitolite --------------------------------------------
 # This is the permission management for package maintainers, using Gitolite.
 - name: create the /var/log/gitolite directory