Turns out commenting out this alias did not help, so instead I'm
pointing it to the Fedora theme folder which should thus make
/ui/res valid.
Fingers crossed!
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
If I'm reading ipsilon's code correctly this should now be
handled by ipsilon itself.
If I'm mistaken, I'll revert and keep looking for the proper
fix
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Currently we let ipsilon's magic load the tempate and asset from
that variable and it looks like it's somehow not doing what we want
with the asset since we can't access the fedora-authn-logo and the
login.css of the Fedora theme.
So let's see if using the full path to the directory helps or not.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
koji is odd in that it will allow all caps for the sig in some places,
but not others. We need to report this and get it fixed.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
... it is down on staging. So the whole role/messaging/base is broken,
and we can not depend on it:
TASK [rabbit/user : Create the user in RabbitMQ] ***********************
Tuesday 11 August 2020 05:37:34 +0000 (0:00:00.121) 0:05:22.244 *
Tuesday 11 August 2020 05:37:34 +0000 (0:00:00.121) 0:05:22.243 *
[WARNING]: Unhandled error in Python interpreter discovery for host
rabbitmq01.stg.iad2.fedoraproject.org: Failed to connect to the host via
ssh: ssh: connect to host rabbitmq01.stg.iad2.fedoraproject.org port 22:
Connection timed out
fatal: [copr-be-dev.aws.fedoraproject.org]: UNREACHABLE! => {"changed":
false, "msg": "Data could not be sent to remote host
\"rabbitmq01.stg.iad2.fedoraproject.org\". Make sure this host can be
reached over ssh: ssh: connect to host rab
bitmq01.stg.iad2.fedoraproject.org port 22: Connection timed out\r\n",
"unreachable": true}
So there's now a new toggle named "copr_messaging", turned on only for
production copr instance.
This still had all the phx2 local servers, adjust them to the new iad2
ips and see if that helps the wiki stop thowing so many 503's.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
For the same reason as the last commit. We don't have staging back yet
and so we can't get certs for them.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We don't own fpaste.org, in the past the owners just pointed it to our
proxies and we got a cert for it. However, it's still pointing to the
old phx2 proxies right now. So, drop it until it's fixed to point to the
new ones, or given to us as a domain.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Doing this makes letsencrypt try and get a cert for it, but it's not
setup to do that correctly. Wait until stg is back.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
I think the lack of ! on the osbs rule meant that nothing ever went to
the cdn. This increases load on the real registry a lot.
Also, we are using varnish here, but lets try and just go via haproxy.
varnish might be having problems keeping all the 404s in memory/cache.
The cdn thing should help that, but since we have cloudfront I don't
think we also need to use varnish here.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
One of the 2 patches we were carrying for kojira was merged upstream in
1.22. The other wasn't yet, so we need to keep it around for now.
But we need to merge in the other 1.22 changes or auth fails.
Hopefully this rebases to 1.22
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Upstream switched from python-requests-kerberos to
python-requests-gssapi and dropped some options.
Unfortunately, these cause kojid / kojira to not even start if they are
present, so we have to remove them to make things happy.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
