kernel-firmware is the old provide and it's no longer provided by newer
versions of linux-firmware. This is causing our builders to downgrade to
an older linux-firmware, then dnf-automatic just updates it the next
time to the newer one (because it's a security update).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The only secrets in this file, AFAIK, are the client secrets.
Most of those are already defined as secret variables for the
plays in this repo that deploy the services to use.
So instead of duplicating most of the secrets, and keeping this
file in the private repo where we can't do PRs and editing it is
awkward, let's just make all the client secrets be variables,
and make this file public.
For all the cases where a secret wasn't already defined as a
variable, I've added it, so this should work as-is.
Note that the use of `flask_oidc_dev_stg_oidc_client_secret`
twice is not an error in this PR; that secret was reused for
the staging community blog client config. I have reported this
at https://pagure.io/fedora-infrastructure/issue/12161#comment-963303 .
This also removes the client configurations for several services
which no longer exist.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
As the pause module is only executed on first machine in the group I
decided to rather remove it completely.
This means that the replica will only be reinstalled, if the machine
isn't master node and the /var/log/ipainstall.log doesn't exist.
If somebody wants to re-install the replica they just need to remove
/var/log/ipainstall.log and the playbook will do the rest.
OpenID support in FAS is going away. openQA has OAuth2 support.
I've tested this config to work with manual edits on lab, now
ansiblizing it (for lab only to start with).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We haven't had a beaker since 2018 or so, and none of these
various staging/test/dev bugzilla instances exist any more.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We had set the wrong file context for log files.
This changes is followed by these commands:
- `ansible -m command rabbitmq\* -a 'semanage fcontext -d -t var_log_t "/var/log/rabbitmq(/.*)?"'`
- `ansible -m command rabbitmq\* -a 'restorecon -v -R /var/log/rabbitmq'`
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
I had reinstalled these both with no encryption in an attempt to see if
I could get more performance from them. Since we moved to iscsi this is
moot, and we should probibly reinstall them like the others again, but
for now just disable nbde so everything works with the playbook.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We want to pin to these versions as the ones that get pulled in by other
collections are too new and don't support our ansible-core version.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
To make changing the gunicorn configuration more easily let's move
configuration values from systemd service to separate configuration
file.
The file will live in /etc/mailman3/gunicorn.conf.py.
Today the pagure started to be unresponsive. After few hours of
debugging we narrowed the issue to worker limit. We tweaked the value to
something that should be more responsive and it helped.
Here is the PR to make the change permanent.
Thanks @gwmngilfen and @nphillip for help with that.
