This is needed for now because we are updating mock-core-configs,
and there is an incompatible variant of the centos-stream configuration:
https://pagure.io/copr/copr/issue/1691
While we're getting flatpak-indexer tested and working in staging, we still
need regindexer, and we don't want the httpd config changes that are
part of the regindexer => flatpak-indexer change.
Fixes: https://pagure.io/fedora-infrastructure/issue/9631
Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
flatpak-indexer replaces regindexer for creating an index of Fedora
Flatpaks. It adds an additional capability - creating "diffs" between image versions
allowing for incremental updates.
Add a new openshift namespace: flatpak-indexer, with three deploymentconfigs
in it:
- flatpak-indexer: generates the index
- flatpak-indexer-differ: worker(s) to run the expensive tardiff operation
- redis: used for cache and communication between indexer and differ
The staging version of the indexer targets the *production* bodhi/koji/registry,
since we don't have useful Flatpak content in staging. This could be changed.
The registry reverse proxy configuration is updated to a slightly different
set of generated indexes (the 'annotations' indexes for F31 and older are
now suffixed with -annotations, and the 'labels' indexes unsuffixed.)
Signed-off-by: Owen W. Taylor <otaylor@fishsoup.net>
In staging we set a 'staging' datacenter, but this makes the chrony
template think they are external hosts not in iad2, which is wrong.
So, add a conditional to make them use our internal iad2 ntp servers if
they are in staging datacenter too.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
For some reason starting with F33, the tmp dirs are created with 700
perms and that is causing issues with running scripts in releng dir
Signed-off-by: Mohan Boddu <mboddu@bhujji.com>
This used a syntax that was from an old EL and does not work with
newer Fedora with systemctl. Hat tip to misc for helping me figure out
which rpm had the file in it and then what the right syntax was.
This permits users to create API tokens that have the ability to
commit to repositories through HTTPS. This is especially useful for
non-packagers that are trying to contribute through pull requests,
because they lack the normal packager SSH permissions.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
The old, TOTPCGI-enabled sudo configuration breaks when it should be
verifying password and OTP token against what's stored in IPA.
If found, or /etc/pam.d/sudo or the sudo package are missing, reinstall
the sudo package to fix.
Signed-off-by: Nils Philippsen <nils@redhat.com>
The fas_client role and 2fa_client tasks are incompatible with the
ipa/client role, so mask them out for MBS and OSBS hosts in staging,
just as with the bugzilla2fedmsg and github2fedmsg group playbooks.
This will have to be done for all hosts, groups using the ipa/client
role.
Signed-off-by: Nils Philippsen <nils@redhat.com>
Fixes https://pagure.io/fedora-infrastructure/issue/9170
Lets just have rabbitmq cleaup any queues in the /bodhi vhost that are
around for more than a week idle.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
