The proxies seem to be hitting file limits, so try increasing them.
Also, set httpd to restart on failure, this should help mask the problem
if it persists with the higher limit.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now releng-bot has a fas address of 'releng-bot@fedoraproject.org'
which is... confusing. The alias overrides this and sends email to
admin, but it results in a duplicate, causing the cron job to send mail
about the duplicate everytime newaliases run.
So, instead drop the alias here and switch the user in fas to be
admin+relengbot. This will still go to admin, not run into problems with
the address already in use in fas and should cause the newaliases to
stop complaining.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now this cron is sometimes running while reg is updating the
index on sundries01, so move it out 10min to avoid that window.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit removes the old tasks to try and create a cert/intermediate
bundle file for stunnel in favor of just doing it when we renew/get the
cert. It also fixes stunnel to use the correct bundled cert.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This switches the Bodhi staging instance to use (and regularly
update) its own grouped critical path data, instead of consuming
the data from PDC that is non-grouped and irregularly updated by
releng. If this works out well, we'll also apply it to prod.
This requires Bodhi 7 or higher.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
I have probably made this a bit wordy but I have found long jinja2
logic statements to be a bit hard to debug or go off the rails. So I
copied the section for Red Hat and used it for Fedora.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
We also have fedora-messaging spewing out on pushes, so lets set that
back to warning, and we also need to change the default pagure logging
root to WARN.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now when someone does a https push they get about 100 lines of
INFO and DEBUG from pagure. Everything from acls to messaging to pika to
everything. There's no need for all this debug/info spew.
Lets disable it and go back to just WARNINGS
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Remove redis from playbook, it's no longer used. We are using memcached instead.
Start the services automatically after deployment.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
We hit a case with an old update that was almost ready to be untagged,
but then was submitted as an update and _then_ untagged.
See https://pagure.io/fedora-infrastructure/issue/11058
Telling koji-gc to keep anything in pending tags should avoid this small
window for problems.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
While we actually use SLAAC in aws, there's a dhcp6d sending out the
router advertisements, so without that the instance doesn't get an ipv6
ip and just doesn't work. With this it does.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Get new certs per instructions
Put new certs in ansible_private from letsencrypt
Change the cert name in configs to 2023 to show different from 2017 one.
Signed-off-by: Stephen Smoogen <ssmoogen@redhat.com>
Thanks to @jforbes for reminding me of this - now F35 is EOL,
we don't run the openQA upgrade tests on F36, so we have to
upgrade the gating policy or no F35 updates can be pushed.
Also drop other fedora-35 references in openQA-related rules.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Now that we've pruned 1.2T from the repo let's put the pruner back
to sleep over the holidays. It's a brand new service and if anything
goes awry we want to be around to investigate.
Will re-enabled in January.
