Re: [Freeze Break Request: ] Switch anitya backups to use --exclude-table-data rather than excluding entire tables
On Wed, 2018-10-10 at 00:17 +, ke...@scrye.com wrote: > +/usr/bin/pg_dump --exclude-table-data users --exclude-table-data > tokens --exclude-table-data 'social*' --exclude-table-data sessions > -C $DB | /usr/bin/pxz -T4 > /backups/$DB-public-$(date +%F).dump.xz It might be good to add a comment over this line that explains that it's excluding the data since it has personally identifiable info, so that nobody removes it in the future not knowing what it was for. signature.asc Description: This is a digitally signed message part ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch to in-Pagure https cloning and enable keyhelper/aclchecker for prod
+! On Thu, 11 Oct 2018 at 16:11, Kevin Fenzi wrote: > > +1 > > kevin > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch to in-Pagure https cloning and enable keyhelper/aclchecker for prod
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Meeting Agenda Item: Introduction Juan Pablo Máscolo
Hi, looking forward to collaborate on fedora infra. Im currently at UTC-3 can be found on IRC as Kal3ssiN / jungle_juice fas: kalessin Im ok with bash scripting, some experience with python, mostly a foss/sysadmin/networking background guy. =) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Switch to in-Pagure https cloning and enable keyhelper/aclchecker for prod
Hi all, Can I get +1s for these last two patches, which should make Pagure.io fully repoSpanner compatible? It switches the prod sshd to the new sshd_config with keyhelper, and the other patch disables the scriptalias, which means it hits the code in Pagure that multiplexes this to gitolite (for us) or repoSpanner (future). Patrick commit 93bdfdf91339df06dda9b61bc9bda7d27e6cc4e7 (HEAD -> master) Author: Patrick Uiterwijk Date: Thu Oct 11 21:08:48 2018 +0200 Switch over prod pagure.io to keyhelper/aclchecker Signed-off-by: Patrick Uiterwijk diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure index afa936a6f..a172bf8b9 100644 --- a/inventory/group_vars/pagure +++ b/inventory/group_vars/pagure @@ -17,6 +17,8 @@ stunnel_service: "eventsource" stunnel_source_port: 8088 stunnel_destination_port: 8080 +sshd_config: ssh/sshd_config.pagure + # These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: - service: shell commit 2b45182edde6b7896500088da7d430e5435c49b8 Author: Patrick Uiterwijk Date: Thu Oct 11 21:08:09 2018 +0200 Remove ScriptAlias to use in-Pagure https clone Signed-off-by: Patrick Uiterwijk diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf index cd1004845..50c2d6e9b 100644 --- a/roles/pagure/frontend/templates/0_pagure.conf +++ b/roles/pagure/frontend/templates/0_pagure.conf @@ -80,15 +80,6 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na SetEnv GIT_PROJECT_ROOT /srv/git/repositories - AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /srv/git/repositories/$1 - AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/repositories/$1 - ScriptAliasMatch \ -"(?x)^/(.*/(HEAD | \ -info/refs | \ -objects/info/[^/]+ | \ -git-(upload|receive)-pack))$" \ -/usr/libexec/git-core/git-http-backend/$1 - WSGIProcessGroup pagure ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
+1 -re On 10/11/2018 02:22 PM, Patrick マルタインアンドレアス Uiterwijk wrote: > Hi, > > This is the next step of preparing pagure.io for repoSpanner: switch the > entry command to aclchecker, which is a small script that calls either > repoBridge for repos on repoSpanner (none at this moment) or gitolite for all > others. > This adds some configuration for repobridge, but that won't be used yet. > This can be reverted by switching the SSH config back to no longer calling > keyhelper. > > Patrick > > > commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master) > Author: Patrick Uiterwijk > Date: Thu Oct 11 20:19:11 2018 +0200 > > Switch Pagure.io over to aclchecker > > This will make it possible to migrate repositories to repoSpanner. > > Signed-off-by: Patrick Uiterwijk > > diff --git a/roles/pagure/frontend/templates/pagure.cfg > b/roles/pagure/frontend/templates/pagure.cfg > index 4fddd17e7..54e28930b 100644 > --- a/roles/pagure/frontend/templates/pagure.cfg > +++ b/roles/pagure/frontend/templates/pagure.cfg > @@ -313,4 +313,21 @@ THEME = 'pagureio' > MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh' > > SSH_KEYS_USERNAME_EXPECT = "git" > -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell > %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty' > +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py > %(username)s"' > + > +SSH_COMMAND_REPOSPANNER = ([ > +"/usr/libexec/repobridge", > +"--extra", "username", "%(username)s", > +"--extra", "repotype", "%(repotype)s", > +"--extra", "project_name", "%(project_name)s", > +"--extra", "project_user", "%(project_user)s", > +"--extra", "project_namespace", "%(project_namespace)s", > +"%(cmd)s", > +"'pagure/%(repotype)s/%(reponame)s'", > +], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"}) > +SSH_COMMAND_NON_REPOSPANNER = ([ > +"/usr/share/gitolite3/gitolite-shell", > +"%(username)s", > +"%(cmd)s", > +"%(reponame)s", > +], {}) > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
+1 kevin signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: Switch Pagure over to aclchecker
(Actually, until a future PR where I apply the correct sshd_Config to pagure01, it won't even change anything on prod for now other than the existance of these config options.) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
FBR: Switch Pagure over to aclchecker
Hi, This is the next step of preparing pagure.io for repoSpanner: switch the entry command to aclchecker, which is a small script that calls either repoBridge for repos on repoSpanner (none at this moment) or gitolite for all others. This adds some configuration for repobridge, but that won't be used yet. This can be reverted by switching the SSH config back to no longer calling keyhelper. Patrick commit 6d313b60b05b022c1ae04dc81f9956cff33fb5b5 (HEAD -> master) Author: Patrick Uiterwijk Date: Thu Oct 11 20:19:11 2018 +0200 Switch Pagure.io over to aclchecker This will make it possible to migrate repositories to repoSpanner. Signed-off-by: Patrick Uiterwijk diff --git a/roles/pagure/frontend/templates/pagure.cfg b/roles/pagure/frontend/templates/pagure.cfg index 4fddd17e7..54e28930b 100644 --- a/roles/pagure/frontend/templates/pagure.cfg +++ b/roles/pagure/frontend/templates/pagure.cfg @@ -313,4 +313,21 @@ THEME = 'pagureio' MIRROR_SSHKEYS_FOLDER='/srv/mirror/ssh' SSH_KEYS_USERNAME_EXPECT = "git" -SSH_KEYS_OPTIONS = 'command="/usr/share/gitolite3/gitolite-shell %(username)s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty' +SSH_KEYS_OPTIONS = 'restrict,command="/usr/libexec/pagure/aclchecker.py %(username)s"' + +SSH_COMMAND_REPOSPANNER = ([ +"/usr/libexec/repobridge", +"--extra", "username", "%(username)s", +"--extra", "repotype", "%(repotype)s", +"--extra", "project_name", "%(project_name)s", +"--extra", "project_user", "%(project_user)s", +"--extra", "project_namespace", "%(project_namespace)s", +"%(cmd)s", +"'pagure/%(repotype)s/%(reponame)s'", +], {"REPOBRIDGE_CONFIG": "/etc/repobridge/rpms.json"}) +SSH_COMMAND_NON_REPOSPANNER = ([ +"/usr/share/gitolite3/gitolite-shell", +"%(username)s", +"%(cmd)s", +"%(reponame)s", +], {}) ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [Freeze Break Request: ] Upgrade pagure.io to pagure 5.1.3
+1 as it has a needed tix On Thu, 11 Oct 2018 at 11:38, Pierre-Yves Chibon wrote: > > Good Morning Everyone, > > We managed yesterday and today to fixes a couple of not hard but annoying > little > bugs in pagure. They lead to the release 5.1.3 with the following changelog: > > 5.1.3 (2018-10-11) > -- > > - Don't sync up ssh keys if there are already some > - Do not notify twice when pushing commits to an open PR > - Update git-multimail to the 1.4.0 version (fixes getting it working with > py3) > > > I've pushed 5.1.3 to staging and after giving some more testing tomorrow I was > thinking about pushing it to prod if people thinks it's a good idea. > > So, what do you think? :) > > > Pierre > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: [Freeze Break Request: ] Upgrade pagure.io to pagure 5.1.2
+1 this should be simple enough to back out if it fails. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org