diff --git a/roles/bodhi2/backend/tasks/main.yml b/roles/bodhi2/backend/tasks/main.yml
index 2a16d9b498..814f9d4b8b 100644
--- a/roles/bodhi2/backend/tasks/main.yml
+++ b/roles/bodhi2/backend/tasks/main.yml
@@ -338,28 +338,14 @@
- bodhi
- cron
-- name: setup basic /etc/bodhi/ contents (staging)
- template: >
- src="{{ roles_path }}/bodhi2/base/templates/staging.ini.j2"
- dest="/etc/bodhi/production.ini"
- owner=apache
- group=apache
- mode=0600
- when: inventory_hostname.startswith('bodhi-backend') and env == 'staging'
- notify:
- - reload bodhi httpd
- tags:
- - config
- - bodhi
-
-- name: setup basic /etc/bodhi/ contents (production)
+- name: setup basic /etc/bodhi/ contents
template: >
src="{{ roles_path }}/bodhi2/base/templates/production.ini.j2"
dest="/etc/bodhi/production.ini"
owner=apache
group=apache
mode=0600
- when: inventory_hostname.startswith('bodhi-backend') and env == 'production'
+ when: inventory_hostname.startswith('bodhi-backend')
notify:
- reload bodhi httpd
tags:
diff --git a/roles/bodhi2/base/tasks/main.yml b/roles/bodhi2/base/tasks/main.yml
index 121525845f..2ebbb7e75e 100644
--- a/roles/bodhi2/base/tasks/main.yml
+++ b/roles/bodhi2/base/tasks/main.yml
@@ -19,14 +19,14 @@
- config
- bodhi
-- name: setup basic /etc/bodhi/ contents (staging)
+- name: setup basic /etc/bodhi/ contents
template: >
- src="staging.ini.j2"
+ src="production.ini.j2"
dest="/etc/bodhi/production.ini"
owner=bodhi
group=bodhi
mode=0600
- when: inventory_hostname.startswith('bodhi0') and env == 'staging'
+ when: inventory_hostname.startswith('bodhi0')
notify:
- reload bodhi httpd
tags:
@@ -43,20 +43,6 @@
- config
- bodhi
-- name: setup basic /etc/bodhi/ contents (production)
- template: >
- src="production.ini.j2"
- dest="/etc/bodhi/production.ini"
- owner=bodhi
- group=bodhi
- mode=0600
- when: inventory_hostname.startswith('bodhi0') and env == 'production'
- notify:
- - reload bodhi httpd
- tags:
- - config
- - bodhi
-
- name: Copy some fedmsg configuration of our own for fedmsg-hub
template: >
src={{item}}
diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2
index bf067f1279..94789b4bb1 100644
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@@ -1,3 +1,4 @@
+# The commented values in this config file represent the defaults.
[filter:proxy-prefix]
use = egg:PasteDeploy#prefix
prefix = /
@@ -7,138 +8,176 @@ scheme = https
use = egg:bodhi-server
filter-with = proxy-prefix
-# Release status
-# pre-beta enforces the 'Pre Beta' policy defined here:
-# https://fedoraproject.org/wiki/Updates_Policy
-f27.status = post_beta
-
-f27.post_beta.mandatory_days_in_testing = 7
-f27.post_beta.critpath.num_admin_approvals = 0
-f27.post_beta.critpath.min_karma = 2
-f27.post_beta.critpath.stable_after_days_without_negative_karma = 14
-
-f27.pre_beta.mandatory_days_in_testing = 3
-f27.pre_beta.critpath.num_admin_approvals = 0
-f27.pre_beta.critpath.min_karma = 1
-
-##
-## Atomic OSTree support
-## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer
-## https://github.com/fedora-infra/fedmsg-atomic-composer
-##
-compose_atomic_trees = true
-
##
## Messages
##
-# A notice to flash on the front page
-frontpage_notice =
+# The bodhi-approve-testing cron job will post this message as a comment from the bodhi user on
+# updates that reach the required time in testing if they are not stable yet. Positional
+# substitution is used, and the %d will be replaced with the time in testing required for the
+# update.
+# testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes
-# A notice to flash on the New Update page
-newupdate_notice =
+# not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the Package Update Acceptance Criteria
-testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes
-not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the Package Update Acceptance Criteria
-not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the EPEL Updates Policy
-stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository
+# not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the EPEL Update Policy
-testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
-not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold.
+# Bodhi will post this comment on Updates that don't use autokarma when they reach the stable
+# threshold.
+# testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
+
+# The comment that Bodhi will post on updates when a user posts negative karma.
+# disable_automatic_push_to_stable = Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
# Libravatar - If this is true libravatar will work as normal. Otherwise, all
# libravatar links will be replaced with the string "libravatar.org" so that
# the tests can still pass.
-libravatar_enabled = True
+# libravatar_enabled = True
+
# Set this to true if you want to do federated dns libravatar lookup
-libravatar_dns = False
+# libravatar_dns = False
+
+# If libravatar_dns is True, prefer_ssl will define what gets handed to
+# libravatar.libravatar_url()'s https setting. It may be set to True or False, but defaults to None,
+# which is effectively False.
+# prefer_ssl =
# Set this to True in order to send fedmsg messages.
+# fedmsg_enabled = False
fedmsg_enabled = True
-
-# Captcha - if 'captcha.secret' is not None, then it will be used for comments
-# captcha.secret must be 32 url-safe base64-encoded bytes
-# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key()
+# Captcha - if 'captcha.secret' is set, then it will be used for comments. Comment it to turn it
+# off. captcha.secret must be 32 url-safe base64-encoded bytes.
+# You can generate one with >>> cryptography.fernet.Fernet.generate_key()
+# captcha.secret = CHANGEME
captcha.secret = {{ bodhi2CaptchaSecret }}
-# Dimensions
-captcha.image_width = 300
-captcha.image_height = 80
-# Any truetype font will do.
-captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf
-captcha.font_size = 36
-# Colors
-captcha.font_color = #000000
-captcha.background_color = #ffffff
-# In pixels
-captcha.padding = 5
-# If a captcha sits around for this many seconds, it will stop working.
-captcha.ttl = 300
-#datagrepper_url = http://localhost:5000
-datagrepper_url = https://apps.fedoraproject.org/datagrepper
-badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands
+# Dimensions
+# captcha.image_width = 300
+# captcha.image_height = 80
+
+# Any truetype font will do.
+# /usr/share/fonts/liberation/LiberationMono-Regular.ttf lives in liberation-mono-fonts.
+# /usr/share/fonts/pcaro-hermit/Hermit-medium.otf lives in pcaro-hermit-fonts package.
+# captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf
+# captcha.font_size = 36
+
+# Colors
+# captcha.font_color = #000000
+# captcha.background_color = #ffffff
+
+# In pixels
+# captcha.padding = 5
+
+# If a captcha sits around for this many seconds, it will stop working.
+# captcha.ttl = 300
+
+
+# The URL for a datagrepper to use in various templates.
+# datagrepper_url = https://apps.fedoraproject.org/datagrepper
+datagrepper_url = https://apps{{env_suffix}}.fedoraproject.org/datagrepper
+# badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands
##
-## Wiki Test Cases
+## Testing
##
## Query the wiki for test cases
+# query_wiki_test_cases = False
query_wiki_test_cases = True
-wiki_url = https://fedoraproject.org/w/api.php
-test_case_base_url = https://fedoraproject.org/wiki/
+# wiki_url = https://fedoraproject.org/w/api.php
+# test_case_base_url = https://fedoraproject.org/wiki/
+wiki_url = https://{{env_suffix}}fedoraproject.org/w/api.php
+test_case_base_url = https://{{env_suffix}}fedoraproject.org/wiki/
+
+# URL of the resultsdb for integrating checks and stuff
+# resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/
+resultsdb_url = https://taskotron{{env_suffix}}.fedoraproject.org/resultsdb/
+
+# Set this to True to enable gating based on policies enforced by Greenwave. If you set this to
+# True, be sure to add a cron job to run the bodhi-check-policies CLI periodically.
+# test_gating.required = False
+test_gating.required = True
+
+# If this is set to a URL, a "More information about test gating" link will appear on update pages for users
+# to click and learn more.
+# test_gating.url =
+
+# The API url of Greenwave.
+# greenwave_api_url = https://greenwave.fedoraproject.org/api/v1.0
+greenwave_api_url = https://greenwave-web-greenwave.app.os{{env_suffix}}.fedoraproject.org/api/v1.0
# Email domain to prepend usernames to
-default_email_domain = fedoraproject.org
+# default_email_domain = fedoraproject.org
+default_email_domain = {{env_suffix}}fedoraproject.org
# domain for generated message IDs
-message_id_email_domain = admin.fedoraproject.org
+# message_id_email_domain = admin.fedoraproject.org
+message_id_email_domain = admin{{env_suffix}}.fedoraproject.org
##
-## Mash settings
+## Masher settings
##
+releng_fedmsg_certname = shell-bodhi-backend01{{env_suffix}}.phx2.fedoraproject.org
-# If defined, the bodhi masher will ensure that messages are signed with the given cert
-{% if ansible_hostname == 'bodhi-backend01' %}
-releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org
-{% else %}
-releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org
-{% endif %}
-
-# The masher is a bodhi instance that is responsible for composing the update
-# repositories, regenerating metrics, sending update notices, closing bugs,
-# and other costly operations. To set an external masher, set the masher to
-# the baseurl of the bodhi instance. If set to None, this bodhi instance
-# will act as a masher as well.
-#masher = None
-
-{% if 'backend' in inventory_hostname %}
+# Where to initially mash repositories. You can use %(here)s to reference the location of this file.
+# mash_dir =
mash_dir = /mnt/koji/compose/updates/
-mash_stage_dir = /mnt/koji/compose/updates/
-{% endif %}
-pungi.basepath = /etc/bodhi
-pungi.conf.rpm = pungi.rpm.conf.j2
-pungi.conf.module = pungi.module.conf.j2
-pungi.labeltype = Update
-pungi.extracmdline = --notification-script=/usr/bin/pungi-fedmsg-notification --notification-script=pungi-wait-for-signed-ostree-handler
+
+# The max number of mash threads running at the same time
+# max_concurrent_mashes = 2
max_concurrent_mashes = 4
-## Our periodic jobs
-#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates
-jobs = cache_release_data refresh_metrics approve_testing_updates
+# Where to symlink the latest repos by their tag name. You can use %(here)s to reference the
+# location of this file.
+# mash_stage_dir =
+mash_stage_dir = /mnt/koji/compose/updates/
-## Comps configuration
-comps_dir = /var/cache/bodhi/comps
-comps_url = https://pagure.io/fedora-comps.git
+# The following jinja2 template variables are available for use to customize the Pungi configs and
+# variants files to the Release and Updates:
+#
+# * 'id': The id of the Release being mashed.
+# * 'release': The Release being mashed.
+# * 'request': The request being mashed.
+# * 'updates': The Updates being mashed.
+#
+# NOTE: The jinja2 configuration for these templates replaces the {'s and }'s with ['s and ]'.
+# e.g.: a block becomes [% if Package Update Acceptance Criteria
-not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the EPEL Updates Policy
-stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository
-
-# Libravatar - If this is true libravatar will work as normal. Otherwise, all
-# libravatar links will be replaced with the string "libravatar.org" so that
-# the tests can still pass.
-libravatar_enabled = True
-# Set this to true if you want to do federated dns libravatar lookup
-libravatar_dns = False
-
-# Set this to True in order to send fedmsg messages.
-fedmsg_enabled = True
-
-
-# Captcha - if 'captcha.secret' is not None, then it will be used for comments
-# captcha.secret must be 32 url-safe base64-encoded bytes
-# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key()
-captcha.secret = {{ bodhi2CaptchaSecretSTG }}
-# Dimensions
-captcha.image_width = 300
-captcha.image_height = 80
-# Any truetype font will do.
-captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf
-captcha.font_size = 36
-# Colors
-captcha.font_color = #000000
-captcha.background_color = #ffffff
-# In pixels
-captcha.padding = 5
-# If a captcha sits around for this many seconds, it will stop working.
-captcha.ttl = 300
-
-#datagrepper_url = http://localhost:5000
-datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper
-badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands
-
-
-##
-## Wiki Test Cases
-##
-
-## Query the wiki for test cases
-query_wiki_test_cases = False
-wiki_url = https://fedoraproject.org/w/api.php
-test_case_base_url = https://fedoraproject.org/wiki/
-
-# Email domain to prepend usernames to
-default_email_domain = fedoraproject.org
-
-# domain for generated message IDs
-message_id_email_domain = admin.stg.fedoraproject.org
-
-##
-## Mash settings
-##
-
-# If defined, the bodhi masher will ensure that messages are signed with the given cert
-releng_fedmsg_certname = shell-bodhi-backend01.stg.phx2.fedoraproject.org
-
-# The masher is a bodhi instance that is responsible for composing the update
-# repositories, regenerating metrics, sending update notices, closing bugs,
-# and other costly operations. To set an external masher, set the masher to
-# the baseurl of the bodhi instance. If set to None, this bodhi instance
-# will act as a masher as well.
-#masher = None
-
-{% if 'backend' in inventory_hostname %}
-mash_dir = /mnt/koji/compose/updates/
-mash_stage_dir = /mnt/koji/compose/updates/
-{% endif %}
-pungi.basepath = /etc/bodhi
-pungi.conf.rpm = pungi.rpm.conf.j2
-pungi.conf.module = pungi.module.conf.j2
-pungi.labeltype = Update
-pungi.extracmdline = --notification-script=/usr/bin/pungi-fedmsg-notification --notification-script=pungi-wait-for-signed-ostree-handler
-
-## Our periodic jobs
-#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates
-jobs = cache_release_data refresh_metrics approve_testing_updates
-
-## Comps configuration
-comps_dir = /var/cache/bodhi/comps
-comps_url = https://pagure.io/fedora-comps.git
-
-##
-## Mirror settings
-##
-file_url = http://download.fedoraproject.org/pub/fedora/linux/updates
-
-# {release}_{request}_master_repomd: This is used by the masher to determine when a
-# primary architecture push has been synchronized to the master mirror for a given release and
-# request. The masher will verify that the checksum of repomd.xml at the master URL matches the
-# expected value, and will poll the URL until this test passes. Substitute release and request
-# for each release id (replacing -'s with _'s) and request (stable, testing). Used for the
-# arches listed in {release}_{version}_primary_arches when it is defined, else used for all
-# arches. You must put two %s's in this setting - the first will be replaced with the release
-# version and the second will be replaced with the architecture.
-fedora_stable_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%s-updates/compose/Everything/%s/os/repodata/repomd.xml
-fedora_testing_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%s-updates-testing/compose/Everything/%s/os/repodata/repomd.xml
-fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml
-fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml
-fedora_modular_stable_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%s-modular-updates/compose/Everything/%s/os/repodata/repomd.xml
-fedora_modular_testing_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%s-modular-updates-testing/compose/Everything/%s/os/repodata/repomd.xml
-
-# {release}_{request}_alt_master_repomd: This is used by the masher to determine when a
-# secondary architecture push has been synchronized to the master mirror for a given release and
-# request. The masher will verify that the checksum of repomd.xml at the master URL matches the
-# expected value, and will poll the URL until this test passes. Substitute release and request
-# for each release id (replacing -'s with _'s) and request (stable, testing). Used for the
-# arches not listed in {release}_{version}_primary_arches if it is defined. You must put two %s's
-# in this setting - the first will be replaced with the release version and the second will be
-# replaced with the architecture.
-fedora_stable_alt_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%s-updates/compose/Everything/%s/os/repodata/repomd.xml
-fedora_testing_alt_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%s-updates-testing/compose/Everything/%s/os/repodata/repomd.xml
-
-
-## The base url of this application
-base_address = https://bodhi.stg.fedoraproject.org/
-
-
-## Primary architechures by release
-##
-## {release}_{version}_primary_arches: Releases that have alternative arches must define their
-## primary arches here. Any arches found during mashing that are not present here are asssumed
-## to be alternative arches. This is used during the wait_for_repo() step of the mash where
-## Bodhi polls the master repo to find out whether the mash has made it to the repo or not.
-## Bodhi looks for primary arches with the {release}_{request}_master_repomd setting above, and
-## for alternative arches at the {release}_{request}_alt_master_repomd setting above. If this
-## is not set, Bodhi will assume the release only has primary arches.
-fedora_26_primary_arches = armhfp x86_64
-
-
-## Supported update types
-update_types = bugfix enhancement security newpackage
-
-## Supported architechures
-##
-## To handle arch name changes between releases, you
-## can also configure bodhi to support one arch *or*
-## another. For example, EPEL5 mashes produce 'ppc'
-## repos, where EPEL6 produces 'ppc64'. To handle this
-## scenario, you can specify something like:
-##
-## arches = ppc/ppc64
-##
-arches = i386 x86_64 armhfp
-
-##
-## Email setting
-##
-
-# Keep email disabled in staging so rube doesn't spam helpless packagers.
-#smtp_server = bastion
-
-# The updates system itself. This email address is used in fetching Bugzilla
-# information, as well as email notifications
-bodhi_email = updates@fedoraproject.org
-#bodhi_password =
-
-# The address that gets the requests
-release_team_address = bodhiadmin-members@fedoraproject.org
-
-# The address to notify when security updates are initially added to bodhi
-security_team = security_respons-members@fedoraproject.org
-
-# Public announcement lists
-fedora_announce_list = package-announce@lists.fedoraproject.org
-fedora_test_announce_list = test@lists.fedoraproject.org
-fedora_epel_announce_list = epel-package-announce@lists.fedoraproject.org
-fedora_epel_test_announce_list = epel-devel@lists.fedoraproject.org
-fedora_modular_announce_list = package-announce@lists.fedoraproject.org
-fedora_modular_test_announce_list = test@lists.fedoraproject.org
-
-# Superuser groups
-admin_groups = proventesters security_respons bodhiadmin sysadmin-main
-
-# Users that we don't want to show up in the "leaderboard(s)"
-stats_blacklist = bodhi anonymous autoqa taskotron
-
-# A list of non-person users
-system_users = bodhi autoqa taskotron
-
-# The max length for an update title before we truncate it in the web ui
-max_update_length_for_ui = 70
-
-# The number of days used for calculating the 'top testers' metric
-top_testers_timeframe = 900
-
-# The email address of the proventesters
-proventesters_email = proventesters-members@fedoraproject.org
-
-# Disabled for the initial release.
-stacks_enabled = False
-
-# These are the default requirements that we apply to stacks, packages, and
-# updates. Users have free-reign to override them for each kind of entity. At
-# the end of the day, we only consider the requirements defined by single
-# updates themselves when gating in the backend masher process.
-site_requirements = dist.rpmdeplint dist.upgradepath
-## Some day we'll have rpmgrill, and that will be cool. Ask tflink.
-#site_requirements = depcheck upgradepath rpmgrill
-
-# Where do we send update announcements to ?
-# These variables should be named per: Release.prefix_id.lower()_announce_list
-#fedora_announce_list =
-#fedora_test_announce_list =
-#fedora_epel_announce_list =
-#fedora_epel_test_announce_list =
-
-# Cache settings
-dogpile.cache.backend = dogpile.cache.dbm
-dogpile.cache.expiration_time = 100
-dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm
-
-# Exclude sending emails to these users
-exclude_mail = autoqa taskotron
-
-##
-## Buildsystem settings
-##
-
-# What buildsystem do we want to use? For development, we'll use a fake
-# buildsystem that always does what we tell it to do. For production, we'll
-# want to use 'koji'.
-buildsystem = koji
-
-# Koji's XML-RPC hub
-koji_hub = https://koji.stg.fedoraproject.org/kojihub
-
-# Root url of the Koji instance to point to. No trailing slash
-koji_url = http://koji.stg.fedoraproject.org
-
-# URL of where users should go to set up their notifications
-fmn_url = https://apps.stg.fedoraproject.org/notifications/
-
-# URL of the resultsdb for integrating checks and stuff
-resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/
-resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/
-
-# Set this to True to enable gating based on policies enforced by Greenwave. If you set this to True,
-# be sure to add a cron job to run the bodhi-check-policies CLI periodically.
-test_gating.required = True
-
-# If this is set to a URL, a "More information about test gating" link will appear on update pages for users
-# to click and learn more.
-# test_gating.url =
-
-# The API url of Greenwave.
-greenwave_api_url = https://greenwave-web-greenwave.app.os.stg.fedoraproject.org/api/v1.0
-
-fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu
-fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js
-
-# Koji Krb stuff
-krb_ccache = /tmp/krb5cc_%{uid}
-krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }}
-krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab
-
-##
-## ACL system
-## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below,
-## 'pagure', which will query the pagure_url below, or 'dummy', which will
-## always return guest credentials (used for local development).
-##
-acl_system = pagure
-
-##
-## Package DB
-##
-pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb
-
-##
-## Pagure
-##
-pagure_url = https://src.stg.fedoraproject.org/
-
-##
-## Product Definition Center (PDC)
-##
-pdc_url = https://pdc.stg.fedoraproject.org/
-
-
-# We used to get our package tags from pkgdb, but they come from tagger now.
-# https://github.com/fedora-infra/fedora-tagger/pull/74
-#pkgtags_url = https://apps.fedoraproject.org/tagger/api/v1/tag/sqlitebuildtags/
-
-##
-## Bug tracker settings
-##
-#bugtracker = bugzilla
-
-initial_bug_msg = %s has been submitted as an update to %s. %s
-stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report.
-testing_bug_msg =
- If you want to test the update, you can install it with
- $ su -c 'dnf --enablerepo=updates-testing update %s'
- You can provide feedback for this update here: %s
-testing_bug_epel_msg =
- If you want to test the update, you can install it with
- $ su -c 'yum --enablerepo=epel-testing update %s'
- You can provide feedback for this update here: %s
-
-##
-## Bugzilla settings.
-##
-
-# The username/password for our bugzilla account comes
-# from the bodhi_{email,password} fields.
-
-bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi
-#bz_cookie =
-
-# Bodhi will avoid touching bugs that are not against the following products
-bz_products = Fedora,Fedora EPEL
-
-buglink = https://partner-bugzilla.redhat.com/show_bug.cgi?id=%s
-
-##
-## Packages that should suggest a reboot
-##
-reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus
-
-##
-## Critical Path Packages
-## https://fedoraproject.org/wiki/Critical_path_package
-##
-
-# You can allow Bodhi to query for critpath packages from the Fedora Package
-# Database by setting this value to `pkgdb` or the Product Definition
-# Center by setting this value to `pdc`. If it isn't set, it'll just use the
-# hardcoded list below.
-critpath.type = pdc
-
-# You can hardcode a list of critical path packages instead of using the PackageDB
-critpath_pkgs = kernel
-
-# The number of admin approvals it takes to be able to push a critical path
-# update to stable for a pending release.
-critpath.num_admin_approvals = 0
-
-# The net karma required to submit a critial path update to a pending release)
-critpath.min_karma = 2
-
-# Allow critpath to submit for stable after 2 weeks with no negative karma
-critpath.stable_after_days_without_negative_karma = 14
-
-# The minimum amount of time an update must spend in testing before
-# it can reach the stable repository
-fedora.mandatory_days_in_testing = 7
-fedora_epel.mandatory_days_in_testing = 14
-fedora_modular.mandatory_days_in_testing = 7
-
-##
-## Release status
-##
-
-# Pre-beta enforces the Pre Beta policy defined here:
-# https://fedoraproject.org/wiki/Updates_Policy
-f27.status = pre_beta
-
-f27.post_beta.mandatory_days_in_testing = 7
-f27.post_beta.critpath.num_admin_approvals = 0
-f27.post_beta.critpath.min_karma = 2
-f27.post_beta.critpath.stable_after_days_without_negative_karma = 14
-
-f27.pre_beta.mandatory_days_in_testing = 3
-f27.pre_beta.critpath.num_admin_approvals = 0
-f27.pre_beta.critpath.min_karma = 1
-
-# The number of days worth of updates/comments to display
-feeds.num_days_to_show = 7
-feeds.max_entries = 20
-
-##
-## Buildroot Override
-##
-
-# Number of days before expiring overrides
-buildroot_overrides.expire_after = 1
-
-##
-## Groups
-##
-
-# FAS Groups that we want to pay attention to
-# When a user logs in, bodhi will look for any of these groups and associate #
-# them with the user. They will then appear as the users effective principals in
-# the format "group:groupname" and can be used in Pyramid ACE's.
-important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig
-
-# Groups that can push updates for any package
-admin_packager_groups = provenpackager releng-team security_respons
-
-# User must be a member of this group to submit updates
-mandatory_packager_groups = packager
-
-##
-## updateinfo.xml configuraiton
-##
-updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others.
-
-##
-## Authentication & Authorization
-##
-
-# pyramid.openid
-openid.success_callback = bodhi.server.security:remember_me
-openid.provider = https://id.stg.fedoraproject.org/openid/
-openid.url = https://id.stg.fedoraproject.org/
-openid_template = {username}.id.fedoraproject.org
-openid.sreg_required = email
-
-# CORS allowed origins for cornice services
-# This can be wide-open. read-only, we don't care as much about.
-cors_origins_ro = *
-# This should be more locked down to avoid cross-site request forgery.
-cors_origins_rw = https://bodhi.stg.fedoraproject.org
-cors_connect_src = https://*.fedoraproject.org/ wss://hub.fedoraproject.org:9939/
-
-
-##
-## Pyramid settings
-##
-pyramid.reload_templates = false
-pyramid.debug_authorization = false
-pyramid.debug_notfound = false
-pyramid.debug_routematch = false
-pyramid.default_locale_name = en
-
-pyramid.includes =
- pyramid_tm
-
-debugtoolbar.hosts = 127.0.0.1 ::1
-
-##
-## Database
-##
-sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@pgbdr.stg.phx2.fedoraproject.org/bodhi2
-
-##
-## Templates
-##
-mako.directories = bodhi:server/templates
-
-##
-## Authentication & Sessions
-##
-
-authtkt.secret = {{ bodhi2AuthTktSTG }}
-session.secret = {{ bodhi2SessionSecretSTG }}
-authtkt.secure = true
-# How long should an authorization ticket be valid for, in seconds? Defaults to one day.
-authtkt.timeout = 1209600
-
-# pyramid_beaker
-session.type = file
-session.data_dir = /var/cache/bodhi/sessions/data
-session.lock_dir = /var/cache/bodhi/sessions/lock
-session.key = {{ bodhi2SessionKeySTG }}
-session.cookie_on_exception = true
-# Tell the browser to only send the cookie over TLS
-session.secure = true
-# Create a cookie that is only valid for one day
-session.timeout = 86400
-cache.regions = default_term, second, short_term, long_term
-cache.type = memory
-cache.second.expire = 1
-cache.short_term.expire = 60
-cache.default_term.expire = 300
-cache.long_term.expire = 3600
-
-[server:main]
-use = egg:waitress#main
-host = 0.0.0.0
-port = 6543
-
-
-[pshell]
-m = bodhi.server.models
-t = transaction
-
-# Begin logging configuration
-
-[loggers]
-keys = root, bodhi, sqlalchemy
-
-[handlers]
-keys = console
-
-[formatters]
-keys = generic
-
-[logger_root]
-level = INFO
-handlers = console
-
-[logger_bodhi]
-level = DEBUG
-handlers =
-qualname = bodhi
-
-[logger_sqlalchemy]
-level = WARN
-handlers =
-qualname = sqlalchemy.engine
-# "level = INFO" logs SQL queries.
-# "level = DEBUG" logs SQL queries and results.
-# "level = WARN" logs neither. (Recommended for production systems.)
-
-[handler_console]
-class = StreamHandler
-args = (sys.stderr,)
-level = NOTSET
-formatter = generic
-
-[formatter_generic]
-format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
-
-# End logging configuration