Time to retire ODCS. ELN is moved off and that was the last thing using
it. Thanks for all the service ODCS!
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We want to allow internal mx'es to send us email still.
We want to drop the global allow for port 25 now that we hopefully have
all the legit senders listed.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Setup things so we accept smtp connections from all the places we
currently do, but also from mimecast as incoming emails may come via
that. We don't want to globally allow everyone to inject emails here.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
In various roles I maintain I use `python3 -m pip install` to
directly install a Python project (usually a fedora-messaging
consumer), to avoid the pointless bureaucracy of packaging them.
The roles install all the deps of these projects as packages
first, so pip doesn't have to install any deps, it only installs
the project itself. Well...that's the idea. It's possible for
this to go wrong (say I forget to update the roles when adding
a dep to the project), and in that case I think we'd rather have
things blow up (so I know something's wrong) than have pip
silently install some random upstream wheel system-wide to make
it work. The intent is that all the deps still come from proper
Fedora packages, only these projects themselves get installed
directly.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
This reverts commit 5e0ad1134d (pr #2200).
Unfortunately, using buildah inside an unprivileged OpenShift container
turns out to not be very simple, even though we're not building any
containers, just importing and pushing them.
We can either figure out how to make it work with OpenShift (and while
it is definitely possible, I don't know if folks are okay with the
compromises that might be required) or deploy it in a VM for now.
In the meantime, the staging container is bootlooping so I'd like to
back this configuration out for the sake of my inbox.
It seems sometimes now db-datanommer is taking more than 24hours to
backup, and currently that means it starts another one while the
previous one is running. Thats no good for anyone, so lets put in a lock
wrapper to avoid that.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Upload images to the stage registry. Rather than massaging the
credentials into the format written out by podman-login, just pass the
credentials in and have the app run podman-login with them. The
configuration includes the registry along with the prefix used for the
environment variables containing the credentials.
