Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
39209 commits 9 branches 0 tags 111 MiB
Commit graph

43 commits

Author SHA1 Message Date
Michal Konečný
d1dc3f649b [Pagure] Enable OIDC in staging 
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
 2023-07-17 17:35:38 +02:00
Kevin Fenzi
d44bc3991c pagure: handle stunnel bundled cert in letsencrypt renews 
This commit removes the old tasks to try and create a cert/intermediate
bundle file for stunnel in favor of just doing it when we renew/get the
cert. It also fixes stunnel to use the correct bundled cert.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2023-01-20 11:55:13 -08:00
Kevin Fenzi
f183f5262b pagure-stg01 / ipsilon*.stg: split db passwords from stg and prod 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-09-19 13:53:15 -07:00
Kevin Fenzi
1133e45da3 pagure: fix ssl cert deployment 
The current playbook assumes the old digicert ssl cert thats in private.
However, we got that in 2020 and it's expired. We switched pagure.io
over to letsencrypt a while back. Somehow we didn't change the playbook
however, or the change was lost somewhere. :(

So, this adds 2 calls to the letsencrypt role to get certs for the prod
and staging pagure instances. I think this should do the right thing
with placement of files, but more eyes welcome.

Without this playbooks runs have the chance of messing up pagure.io
certs, so I think we should fix this asap.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-04-30 16:52:39 +00:00
Kevin Fenzi
5f14ef5388 pagure: fix typo in playbook enabling pagure_mirror service 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2022-01-11 17:30:22 -08:00
Kevin Fenzi
4415adee47 pagure: enable pagure_mirror service on boot 
For some reason pagure_mirror wasn't enabled by default on boot.
We do use this service and want it on. Upstream can likely enable it,
but in the mean time we will enable it on our instances.

See https://pagure.io/fedora-infrastructure/issue/10262

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-11-03 21:54:17 +00:00
Pierre-Yves Chibon
30336150a8 pagure: add another tag 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-02-12 09:52:00 +01:00
Pierre-Yves Chibon
5d18697e9c pagure: add a couple of tags 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 10:53:11 +01:00
Pierre-Yves Chibon
677e20cf5d pagure: install python3-pagure-messages on the host 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 10:38:51 +01:00
Pierre-Yves Chibon
78ecdfe13d pagure: the hotfix to the stream server needs to restart the pagure_ev service, not httpd 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 09:58:07 +01:00
Pierre-Yves Chibon
7142c188a0 pagure: hotfix the stream server with the py3-only version 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2021-01-08 09:56:39 +01:00
Kevin Fenzi
8316535c1a pagure / production: fix typo 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:36:05 -08:00
Kevin Fenzi
c0025e4cce pagure / production: add letsencrypt config for pagure.io ssl certs. 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:34:24 -08:00
Kevin Fenzi
5d8fd0a764 pagure / staging: www and lists do not exist in staging 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:07:00 -08:00
Kevin Fenzi
6866165646 pagure / staging: try a different format for aliases 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 12:04:42 -08:00
Kevin Fenzi
b31730d841 pagure / staging: combine certs to 1, clean up logic 
There's no reason to not just use one letsencrypt cert for stg.pagure.
Also clean up logic in the web config and make sure all the servernames
are handled correctly.

Once this works, will roll this to production.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
 2021-01-04 11:52:09 -08:00
Pierre-Yves Chibon
dc59446b99 pagure: drop the frontend sub-directory 
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
 2020-10-01 16:14:06 +02:00
Ralph Bean
8298f7e068 Give pagure its own fedmsg bus. 2015-05-18 18:03:11 +00:00
Pierre-Yves Chibon
483de08e8b Create and specify the TMP_FOLDER for pagure 2015-05-14 00:07:35 +02:00
Pierre-Yves Chibon
3dda247c94 Install mod_ssl to allow https 2015-05-13 15:18:22 +02:00
Pierre-Yves Chibon
990aca7267 Fix the apache configuration file name 2015-05-13 15:15:44 +02:00
Pierre-Yves Chibon
cb85333343 Install the SSL certs and redirect pagure.io to https://pagure.io 2015-05-13 15:13:35 +02:00
Pierre-Yves Chibon
177af74f42 Do it otherwise 2015-05-13 14:51:50 +02:00
Pierre-Yves Chibon
be71a52ef3 Be more specific about what postgresql-setup creates 2015-05-13 14:47:26 +02:00
Pierre-Yves Chibon
b520ee417a Make sure the group is created correctly 2015-05-13 13:37:10 +02:00
Pierre-Yves Chibon
a695b09789 Rename the gitolite3 user to git 2015-05-13 13:30:22 +02:00
Pierre-Yves Chibon
7ef2204cf4 On EL7 there is gitolite3 but not gitolite 2015-05-13 13:21:56 +02:00
Pierre-Yves Chibon
1dfe934564 Adjust the folders created for gitolite3 2015-05-13 12:45:19 +02:00
Pierre-Yves Chibon
0445c5e6e4 Initialize the postgresql DB for pagure if necessary 2015-05-12 18:16:39 +02:00
Pierre-Yves Chibon
92439d00a5 Install and set-up the pagure_milter service 2015-04-03 17:45:37 +02:00
Pierre-Yves Chibon
fcf914c975 Add a specific /etc/aliases file to pagure 2015-04-03 17:45:37 +02:00
Pierre-Yves Chibon
e697254992 Use colon not equal 2015-04-02 21:46:12 +02:00
Pierre-Yves Chibon
866f378321 Adjust the ownership of the configuration file 2015-04-02 21:44:36 +02:00
Pierre-Yves Chibon
890d224c18 Install the wsgi file separately as it has different privileges 2015-04-02 21:10:42 +02:00
Pierre-Yves Chibon
64633aaf2c Let's try using the postgresql_server group for pagure 2015-04-02 20:10:04 +02:00
Pierre-Yves Chibon
cb3c4e13eb Move installing postgresql-server into the postgresql section 2015-04-02 20:04:34 +02:00
Pierre-Yves Chibon
cf70059e7c Let's try without gl-setup see if we can do it manually 2015-04-02 20:03:00 +02:00
Pierre-Yves Chibon
0beaa65982 Assume usermod created the home and modified the group both worked 2015-04-02 20:03:00 +02:00
Pierre-Yves Chibon
965f2f5f64 Renaming the gitolite user creates the /srv/git folder directly 2015-04-02 19:56:03 +02:00
Pierre-Yves Chibon
63f3d09e6d Ensure gitolite is installed in the gitolite section 2015-04-02 19:53:07 +02:00
Pierre-Yves Chibon
9ff5ceeaf8 Move the check up 2015-04-02 19:51:30 +02:00
Pierre-Yves Chibon
3ee9f119ee Give it some space 2015-04-02 19:49:14 +02:00
Pierre-Yves Chibon
2d45402570 Import first work on the pagure role 2015-04-02 19:44:09 +02:00