Explain how to regenerate the OIDC token for ODCS
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard
parent
a7f6614be8
commit
bb608b558f
1 changed files with 24 additions and 0 deletions
|
|
@ -137,3 +137,27 @@ https://odcs.fedoraproject.org/composes/ by sorting by Last modified
|
||||||
fields.
|
fields.
|
||||||
* Decrease the *max_seconds_to_live* in ODCS configuration
|
* Decrease the *max_seconds_to_live* in ODCS configuration
|
||||||
file.
|
file.
|
||||||
|
|
||||||
|
=== The OIDC token expires
|
||||||
|
|
||||||
|
This will cause the cron job to fail on the backend. Tokens have a lifetime of one year, and should be therefore periodically regenerated.
|
||||||
|
|
||||||
|
To regenerate the token, run the following command in the ansible repo:
|
||||||
|
|
||||||
|
....
|
||||||
|
scripts/generate-oidc-token odcs-prod -e 365 -s https://id.fedoraproject.org/scope/groups -s https://pagure.io/odcs/new-compose -s https://pagure.io/odcs/renew-compose -s https://pagure.io/odcs/delete-compose
|
||||||
|
....
|
||||||
|
|
||||||
|
Follow the instructions given by the script: run the SQL command on the Ipsilon database server:
|
||||||
|
|
||||||
|
....
|
||||||
|
ssh db-fas01.iad2.fedoraproject.org
|
||||||
|
sudo -u postgres -i ipsilon
|
||||||
|
ipsilon=# BEGIN;
|
||||||
|
[...]
|
||||||
|
ipsilon=# COMMIT;
|
||||||
|
....
|
||||||
|
|
||||||
|
Save the value of the token generated by the script in the ansible-private repo under `files/releng/production/releng-odcs-oidc-token`.
|
||||||
|
|
||||||
|
Deploy the change by running the `playbooks/groups/odcs.yml` playbook.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue