Explain how to regenerate the OIDC token for ODCS
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard
parent
a7f6614be8
commit
bb608b558f
1 changed files with 24 additions and 0 deletions
|
|
@ -137,3 +137,27 @@ https://odcs.fedoraproject.org/composes/ by sorting by Last modified
|
|||
fields.
|
||||
* Decrease the *max_seconds_to_live* in ODCS configuration
|
||||
file.
|
||||
|
||||
=== The OIDC token expires
|
||||
|
||||
This will cause the cron job to fail on the backend. Tokens have a lifetime of one year, and should be therefore periodically regenerated.
|
||||
|
||||
To regenerate the token, run the following command in the ansible repo:
|
||||
|
||||
....
|
||||
scripts/generate-oidc-token odcs-prod -e 365 -s https://id.fedoraproject.org/scope/groups -s https://pagure.io/odcs/new-compose -s https://pagure.io/odcs/renew-compose -s https://pagure.io/odcs/delete-compose
|
||||
....
|
||||
|
||||
Follow the instructions given by the script: run the SQL command on the Ipsilon database server:
|
||||
|
||||
....
|
||||
ssh db-fas01.iad2.fedoraproject.org
|
||||
sudo -u postgres -i ipsilon
|
||||
ipsilon=# BEGIN;
|
||||
[...]
|
||||
ipsilon=# COMMIT;
|
||||
....
|
||||
|
||||
Save the value of the token generated by the script in the ansible-private repo under `files/releng/production/releng-odcs-oidc-token`.
|
||||
|
||||
Deploy the change by running the `playbooks/groups/odcs.yml` playbook.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue