infrastructure/ansible
2
0
Fork 0
Code Pull requests 7 Activity Actions
38328 commits 9 branches 0 tags 110 MiB
Commit graph

47 commits

Author SHA1 Message Date
Kevin Fenzi
d44bc3991c pagure: handle stunnel bundled cert in letsencrypt renews 
This commit removes the old tasks to try and create a cert/intermediate
bundle file for stunnel in favor of just doing it when we renew/get the
cert. It also fixes stunnel to use the correct bundled cert.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-20 11:55:13 -08:00
Kevin Fenzi
c3718a166a pagure: put websites block back in place 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-17 16:10:04 -08:00
Kevin Fenzi
639fb415e9 pagure: try and put fedora-websites back to normal 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-11 11:22:25 -08:00
Kevin Fenzi
1c1780c931 pagure / staging: set correct env 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-09-19 14:28:17 -07:00
Kevin Fenzi
f183f5262b pagure-stg01 / ipsilon*.stg: split db passwords from stg and prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-09-19 13:53:15 -07:00
Kevin Fenzi
12b64f5370 Revert "pagure: drop websites rule for old DDoS" 
This reverts commit 415f621bdf.

Seems the DDoS is back
 2022-08-18 08:55:33 -07:00
Kevin Fenzi
ebcf1ff795 pagure: fix "ServerLimit cannot occur within <VirtualHost> section" error 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-08-03 11:59:46 -07:00
Kevin Fenzi
c11827de9f pagure/src: see about enabling h2 
I'll try this in stg first and then roll to prod if all looks ok.
I don't see any reason why it wouldn't work off hand.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-08-03 11:46:46 -07:00
Kevin Fenzi
415f621bdf pagure: drop websites rule for old DDoS 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-07-31 12:04:12 -07:00
Kevin Fenzi
7105387724 pagure: increase some httpd worker limits 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-15 14:23:06 -07:00
Kevin Fenzi
45c28c27c5 pagure: add hack to 403 DDoS attack 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-15 14:18:39 -07:00
Kevin Fenzi
575d1ea238 pagure: increase processes 
pagure was processing a lot of things, increasing this seemed to help.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-06-03 11:41:11 -07:00
Kevin Fenzi
9bfed779bb pagure: also use the pagure.io cert for pagure.org as it has a alt name for that 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-04-30 09:58:07 -07:00
Nick Bebout
608d769edc Add nb to pagure.io admins 2022-04-27 16:07:48 -05:00
Michal Konečný
2be4e10676 [pagure] Enable ACLs for API key for closing issue 
In https://pagure.io/fedora-infra/ansible/pull-request/1013 change to enable
new ACLs for API tokens was introduced, unfortunately the `issue_close` ACL
don't exists and to close the issue in Pagure it needs
`issue_change_status` and `issue_update` ACLs. This commit is fixing the
previous mistake.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-03-31 13:01:45 +02:00
Michal Konečný
34af94b291 [pagure] Make more ACLs available for API token 
Add issue_close and pull_request_close ACLs to cross project ACLs. These ACLs
are already used in Pagure API, you can't just create API token with these ACLs.

Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2022-03-30 11:07:56 +00:00
Michael Scherer
989b0c433d Fix pagure templating to take its own IP v6 in account 
ssh git@pagure.io was broken (no longer accepting ssh connection).
A quick debug show that it was caused by the helper script not working,
showing a 403 error. And the httpd logs were complaining about
authorized IPs not present in the configuration.

The root cause is in 938e63fa71 as the variables were renamed
from eth0_ip and eth0_ipv6 to eth0_ipv4_ip and eth0_ipv6_ip

Then pagure config got regenerated later and this triggered the
bug preventing people from pushing.
 2022-01-27 15:53:38 +01:00
Kevin Fenzi
1176de7808 pagure / staging: use normal cert, not bundle for stunnel 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-09-08 12:28:33 -07:00
Stephen Smoogen
2adb66f4d5 General cleanup of aliases and add mobrien to various places. 
Remove old smooge lines
Remove centos box which is no longer existant.

Signed-off-by: Stephen Smoogen <smooge@smoogespace.com>
 2021-03-23 16:52:20 +00:00
Pierre-Yves Chibon
d0f112f435 pagure: make ADMIN_GROUP be None, this works fine 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-17 16:01:17 +01:00
Pierre-Yves Chibon
deee7e9b9f pagure: define ADMIN_GROUP to a group that do not exists 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-16 22:41:32 +01:00
Pierre-Yves Chibon
9ce8e6eac3 pagure: explicitely undefine the ADMIN_GROUP variable 
Otherwise it goes back to using sysadmin-main which is the default
value, while here we want to rely on a list of users, not a group.

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-16 20:12:38 +01:00
Pierre-Yves Chibon
eba9565e3b pagure: make the instance-wide admins be a list of users rather than a group 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-11 10:58:55 +01:00
Pierre-Yves Chibon
7d29b2fbf7 pagure: allow the commit ACL on API token to not be project-specific 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-04 17:40:18 +01:00
Pierre-Yves Chibon
8b0ec42622 pagure: send the logs to stderr instead of stdout 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-20 23:08:38 +01:00
Pierre-Yves Chibon
e8e25afce5 pagure: fix the path to the new location of the intermediate cert 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-13 10:06:45 +01:00
Pierre-Yves Chibon
467113e65d pagure: fix the path to the ssl cert in the stunnel config 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 10:29:46 +01:00
Kevin Fenzi
d6244f86ef pagure / production: fix a key path in prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:44:21 -08:00
Kevin Fenzi
467731347d pagure / staging: fix path to cert in 2 places. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:33:53 -08:00
Kevin Fenzi
b31730d841 pagure / staging: combine certs to 1, clean up logic 
There's no reason to not just use one letsencrypt cert for stg.pagure.
Also clean up logic in the web config and make sure all the servernames
are handled correctly.

Once this works, will roll this to production.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 11:52:09 -08:00
Pierre-Yves Chibon
e63f2d99ad pagure: use staging ipsilon in staging pagure 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-11-09 10:30:32 +01:00
Pierre-Yves Chibon
8a8b1731b3 pagure: add a publish_exchange variable to the fedora-messaging config 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-05 14:58:58 +02:00
Pierre-Yves Chibon
dc59446b99 pagure: drop the frontend sub-directory 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 16:14:06 +02:00
Ralph Bean
8298f7e068 Give pagure its own fedmsg bus. 2015-05-18 18:03:11 +00:00
Pierre-Yves Chibon
af34ed04a1 Move the temp folder of pagure to fix cloning 2015-05-18 14:10:02 +02:00
Pierre-Yves Chibon
80463e9893 Enforce the pagure cookie to be over https 2015-05-17 10:36:21 +02:00
Pierre-Yves Chibon
483de08e8b Create and specify the TMP_FOLDER for pagure 2015-05-14 00:07:35 +02:00
Pierre-Yves Chibon
65edd60cb1 Fix typo in path 2015-05-14 00:07:35 +02:00
Pierre-Yves Chibon
41db3ed818 One more adjustment for pagure-stg 2015-05-13 17:19:49 +02:00
Pierre-Yves Chibon
ac08e100fe Adjust the pagure configuration for gitolite3 2015-05-13 15:35:29 +02:00
Pierre-Yves Chibon
efa80d60e3 Specify the tickets folder for the tickets git repo 2015-05-13 15:26:22 +02:00
Pierre-Yves Chibon
d187a370e6 Add a gitolite3 .rc file 2015-05-13 12:45:09 +02:00
Pierre-Yves Chibon
b1da9162b0 Adjust the pagure configuration file to rely on pagure-staging 2015-04-02 21:40:14 +02:00
Pierre-Yves Chibon
9e55b6cb44 Use stg instead of dev and set the FROM_EMAIL where it needs to be 2015-04-02 21:33:38 +02:00
Pierre-Yves Chibon
e2608e9cbc Add missing imports in the configuration files 2015-04-02 20:49:52 +02:00
Pierre-Yves Chibon
32688fad29 Add the missing pagure_admin configuration file 2015-04-02 20:47:13 +02:00
Pierre-Yves Chibon
2d45402570 Import first work on the pagure role 2015-04-02 19:44:09 +02:00