This commit retires pdc from ansible.
The website should get redirected to a wiki page about the retirement.
If for some reason we need to bring things back, the vm's will still
have their disks and xml saved off so we can bring it back.
Would need to revert this, run proxy playbooks and do a little cleanup
on the redirect, then bring the vm's back up.
Hopefully we don't have to.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This was fixed previously for pagure.io in the context of
paguremirroring. Turns out, it affects all kinds of git operations, so
document and move accordingly.
Fixes: releng#12181
Fixes: fedora-infrastructure#12010
Signed-off-by: Nils Philippsen <nils@redhat.com>
Fix for https://pagure.io/fedora-infrastructure/issue/11957 was introduced to
pagure role, but it wasn't added to dist-git role as well. Let's fix that.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
Right now the cron job is mailing out something like:
/tmp/releng.HEQKVAc ~
Cloning into 'releng'...
~
Hopefully this will make it not send that email unless there's an error.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Related with commit 1efcf8a90b
We need to update the acls table with their descriptions.
pagure/cli/admin.py update-acls
The above command can update the table and it looks for descriptions in the ACLS config variable.
Packit needs this ACLs to be able to update PRs it has already created.
We are implementing this feature:
https://github.com/packit/packit/issues/2182
Packit needs this ACLs just in distgit.
Part of an initiative to remove PDC calls.
Active branches are now checked from a call to bodhi, not to pdc.
Needed for the check in distgit - avoid pushing to EOL branches
Signed-off-by: Lenka Segura <lsegura@redhat.com>
We also have fedora-messaging spewing out on pushes, so lets set that
back to warning, and we also need to change the default pagure logging
root to WARN.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Right now when someone does a https push they get about 100 lines of
INFO and DEBUG from pagure. Everything from acls to messaging to pika to
everything. There's no need for all this debug/info spew.
Lets disable it and go back to just WARNINGS
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Drop resultsdb vars and playbooks.
resultsdb is now in openshift and on a different url.
Adjust bodhi, pagure dist git for the new url.
Drop taskotron roles.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Currently it's not possible to create token with pull_request_close ACL
for user (see https://pagure.io/pagure-dist-git/issue/144).
This commit will allow users to add pull_request_close ACL to their
token. The user is still validated if it has the permission, so adding
this ACL to user token doesn't allow user to use API to close any PR
currently opened in dist-git.
Thanks @pingou for helping me with this.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
This was removed in prod in d0a8837 but left around in stg for
testing purposes. However, it is suspected that this was causing
users to not be able to push to forks in distgit, so removing.
https://pagure.io/fedora-infrastructure/issue/10045
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
Basically, we are now installing a small wrapper in /usr/local/bin
which just echoes to stdout what should be in the authorized_keys
file for that user.
That content is generated by retrieving the ssh key from sssd via
the command sss_ssh_authorizedkeys as well as the usual ssh way to
restrict the action an user/key can do: command="...".
In this case, we're setting a couple of environment variable that
are needed later on for things to work properly as well as only
allow the user to call the aclchecker.py script provided by pagure.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
This ACL turns out to be too confusing to users as it currently
does not work with our OIDC set-up with fedpkg.
Once we'll have figured out how to make both work together or
keep one and remove the other, we can revisit.
Keeping this in staging so we have a place where we can experiment
with this.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
