This adds:
- Matrix media type
- User for a Matrix bot
- Trigger using Matrix & the bot
- PSK configuration, using the PSK file already deployed
- 2 base templates
- a general one suitable even for Koji
- a dependant one for all other hosts
- Autoregistration config to use the new base template
This is all scoped to staging via a new include in main.yml
kernel-firmware is the old provide and it's no longer provided by newer
versions of linux-firmware. This is causing our builders to downgrade to
an older linux-firmware, then dnf-automatic just updates it the next
time to the newer one (because it's a security update).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
The only secrets in this file, AFAIK, are the client secrets.
Most of those are already defined as secret variables for the
plays in this repo that deploy the services to use.
So instead of duplicating most of the secrets, and keeping this
file in the private repo where we can't do PRs and editing it is
awkward, let's just make all the client secrets be variables,
and make this file public.
For all the cases where a secret wasn't already defined as a
variable, I've added it, so this should work as-is.
Note that the use of `flask_oidc_dev_stg_oidc_client_secret`
twice is not an error in this PR; that secret was reused for
the staging community blog client config. I have reported this
at https://pagure.io/fedora-infrastructure/issue/12161#comment-963303 .
This also removes the client configurations for several services
which no longer exist.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
As the pause module is only executed on first machine in the group I
decided to rather remove it completely.
This means that the replica will only be reinstalled, if the machine
isn't master node and the /var/log/ipainstall.log doesn't exist.
If somebody wants to re-install the replica they just need to remove
/var/log/ipainstall.log and the playbook will do the rest.
OpenID support in FAS is going away. openQA has OAuth2 support.
I've tested this config to work with manual edits on lab, now
ansiblizing it (for lab only to start with).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We haven't had a beaker since 2018 or so, and none of these
various staging/test/dev bugzilla instances exist any more.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
We had set the wrong file context for log files.
This changes is followed by these commands:
- `ansible -m command rabbitmq\* -a 'semanage fcontext -d -t var_log_t "/var/log/rabbitmq(/.*)?"'`
- `ansible -m command rabbitmq\* -a 'restorecon -v -R /var/log/rabbitmq'`
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
We want to pin to these versions as the ones that get pulled in by other
collections are too new and don't support our ansible-core version.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
To make changing the gunicorn configuration more easily let's move
configuration values from systemd service to separate configuration
file.
The file will live in /etc/mailman3/gunicorn.conf.py.
Today the pagure started to be unresponsive. After few hours of
debugging we narrowed the issue to worker limit. We tweaked the value to
something that should be more responsive and it helped.
Here is the PR to make the change permanent.
Thanks @gwmngilfen and @nphillip for help with that.
