Re: [Freeze Break Request: ] Switch anitya backups to use --exclude-table-data rather than excluding entire tables
On Wed, 2018-10-10 at 00:17 +, ke...@scrye.com wrote: > +/usr/bin/pg_dump --exclude-table-data users --exclude-table-data > tokens --exclude-table-data 'social*' --exclude-table-data sessions > -C $DB | /usr/bin/pxz -T4 > /backups/$DB-public-$(date +%F).dump.xz It might be good to add a comment over this line that explains that it's excluding the data since it has personally identifiable info, so that nobody removes it in the future not knowing what it was for. signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch to in-Pagure https cloning and enable keyhelper/aclchecker for prod
+! On Thu, 11 Oct 2018 at 16:11, Kevin Fenzi wrote: > > +1 > > kevin > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch to in-Pagure https cloning and enable keyhelper/aclchecker for prod
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Meeting Agenda Item: Introduction Juan Pablo Máscolo
Hi, looking forward to collaborate on fedora infra. Im currently at UTC-3 can be found on IRC as Kal3ssiN / jungle_juice fas: kalessin Im ok with bash scripting, some experience with python, mostly a foss/sysadmin/networking background guy. =) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Switch to in-Pagure https cloning and enable keyhelper/aclchecker for prod
Hi all,
Can I get +1s for these last two patches, which should make Pagure.io fully
repoSpanner compatible?
It switches the prod sshd to the new sshd_config with keyhelper, and the other
patch disables the scriptalias, which means it hits the code in Pagure that
multiplexes this to gitolite (for us) or repoSpanner (future).
Patrick
commit 93bdfdf91339df06dda9b61bc9bda7d27e6cc4e7 (HEAD -> master)
Author: Patrick Uiterwijk
Date: Thu Oct 11 21:08:48 2018 +0200
Switch over prod pagure.io to keyhelper/aclchecker
Signed-off-by: Patrick Uiterwijk
diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure
index afa936a6f..a172bf8b9 100644
--- a/inventory/group_vars/pagure
+++ b/inventory/group_vars/pagure
@@ -17,6 +17,8 @@ stunnel_service: "eventsource"
stunnel_source_port: 8088
stunnel_destination_port: 8080
+sshd_config: ssh/sshd_config.pagure
+
# These are consumed by a task in roles/fedmsg/base/main.yml
fedmsg_certs:
- service: shell
commit 2b45182edde6b7896500088da7d430e5435c49b8
Author: Patrick Uiterwijk
Date: Thu Oct 11 21:08:09 2018 +0200
Remove ScriptAlias to use in-Pagure https clone
Signed-off-by: Patrick Uiterwijk
diff --git a/roles/pagure/frontend/templates/0_pagure.conf
b/roles/pagure/frontend/templates/0_pagure.conf
index cd1004845..50c2d6e9b 100644
--- a/roles/pagure/frontend/templates/0_pagure.conf
+++ b/roles/pagure/frontend/templates/0_pagure.conf
@@ -80,15 +80,6 @@ WSGIDaemonProcess paguredocs user=git group=git
maximum-requests=1000 display-na
SetEnv GIT_PROJECT_ROOT /srv/git/repositories
- AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$
/srv/git/repositories/$1
- AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$
/srv/git/repositories/$1
- ScriptAliasMatch \
-"(?x)^/(.*/(HEAD | \
-info/refs | \
-objects/info/[^/]+ | \
-git-(upload|receive)-pack))$" \
-/usr/libexec/git-core/git-http-backend/$1
-
WSGIProcessGroup pagure
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
+1
-re
On 10/11/2018 02:22 PM, Patrick マルタインアンドレアス Uiterwijk wrote:
> Hi,
>
> This is the next step of preparing pagure.io for repoSpanner: switch the
> entry command to aclchecker, which is a small script that calls either
> repoBridge for repos on repoSpanner (none at this moment) or gitolite for all
> others.
> This adds some configuration for repobridge, but that won't be used yet.
> This can be reverted by switching the SSH config back to no longer calling
> keyhelper.
>
> Patrick
>
>
> commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master)
> Author: Patrick Uiterwijk
> Date: Thu Oct 11 20:19:11 2018 +0200
>
> Switch Pagure.io over to aclchecker
>
> This will make it possible to migrate repositories to repoSpanner.
>
> Signed-off-by: Patrick Uiterwijk
>
> diff --git a/roles/pagure/frontend/templates/pagure.cfg
> b/roles/pagure/frontend/templates/pagure.cfg
> index 4fddd17e7..54e28930b 100644
> --- a/roles/pagure/frontend/templates/pagure.cfg
> +++ b/roles/pagure/frontend/templates/pagure.cfg
> @@ -313,4 +313,21 @@ THEME = 'pagureio'
> MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh'
>
> SSH_KEYS_USERNAME_EXPECT = "git"
> -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell
> %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty'
> +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py
> %(username)s"'
> +
> +SSH_COMMAND_REPOSPANNER = ([
> +"/usr/libexec/repobridge",
> +"--extra", "username", "%(username)s",
> +"--extra", "repotype", "%(repotype)s",
> +"--extra", "project_name", "%(project_name)s",
> +"--extra", "project_user", "%(project_user)s",
> +"--extra", "project_namespace", "%(project_namespace)s",
> +"%(cmd)s",
> +"'pagure/%(repotype)s/%(reponame)s'",
> +], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
> +SSH_COMMAND_NON_REPOSPANNER = ([
> +"/usr/share/gitolite3/gitolite-shell",
> +"%(username)s",
> +"%(cmd)s",
> +"%(reponame)s",
> +], {})
> ___
> infrastructure mailing list -- infrastructure@lists.fedoraproject.org
> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
signature.asc
Description: OpenPGP digital signature
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
(Actually, until a future PR where I apply the correct sshd_Config to pagure01, it won't even change anything on prod for now other than the existance of these config options.) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Switch Pagure over to aclchecker
Hi,
This is the next step of preparing pagure.io for repoSpanner: switch the entry
command to aclchecker, which is a small script that calls either repoBridge for
repos on repoSpanner (none at this moment) or gitolite for all others.
This adds some configuration for repobridge, but that won't be used yet.
This can be reverted by switching the SSH config back to no longer calling
keyhelper.
Patrick
commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master)
Author: Patrick Uiterwijk
Date: Thu Oct 11 20:19:11 2018 +0200
Switch Pagure.io over to aclchecker
This will make it possible to migrate repositories to repoSpanner.
Signed-off-by: Patrick Uiterwijk
diff --git a/roles/pagure/frontend/templates/pagure.cfg
b/roles/pagure/frontend/templates/pagure.cfg
index 4fddd17e7..54e28930b 100644
--- a/roles/pagure/frontend/templates/pagure.cfg
+++ b/roles/pagure/frontend/templates/pagure.cfg
@@ -313,4 +313,21 @@ THEME = 'pagureio'
MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh'
SSH_KEYS_USERNAME_EXPECT = "git"
-SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell
%(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty'
+SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py
%(username)s"'
+
+SSH_COMMAND_REPOSPANNER = ([
+"/usr/libexec/repobridge",
+"--extra", "username", "%(username)s",
+"--extra", "repotype", "%(repotype)s",
+"--extra", "project_name", "%(project_name)s",
+"--extra", "project_user", "%(project_user)s",
+"--extra", "project_namespace", "%(project_namespace)s",
+"%(cmd)s",
+"'pagure/%(repotype)s/%(reponame)s'",
+], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"})
+SSH_COMMAND_NON_REPOSPANNER = ([
+"/usr/share/gitolite3/gitolite-shell",
+"%(username)s",
+"%(cmd)s",
+"%(reponame)s",
+], {})
___
infrastructure mailing list -- infrastructure@lists.fedoraproject.org
To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [Freeze Break Request: ] Upgrade pagure.io to pagure 5.1.3
+1 as it has a needed tix On Thu, 11 Oct 2018 at 11:38, Pierre-Yves Chibon wrote: > > Good Morning Everyone, > > We managed yesterday and today to fixes a couple of not hard but annoying > little > bugs in pagure. They lead to the release 5.1.3 with the following changelog: > > 5.1.3 (2018-10-11) > -- > > - Don't sync up ssh keys if there are already some > - Do not notify twice when pushing commits to an open PR > - Update git-multimail to the 1.4.0 version (fixes getting it working with > py3) > > > I've pushed 5.1.3 to staging and after giving some more testing tomorrow I was > thinking about pushing it to prod if people thinks it's a good idea. > > So, what do you think? :) > > > Pierre > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [Freeze Break Request: ] Upgrade pagure.io to pagure 5.1.2
+1 this should be simple enough to back out if it fails. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
