[ansible] Update koji-gc
by Nicolas Chauvet
commit 815fa2b5d047f2c2f2d74d4bdc4c67aafbcabb85
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Aug 25 14:39:07 2017 +0200
Update koji-gc
roles/koji_hub/files/koji-gc.conf | 15 +++++++++++++--
1 files changed, 13 insertions(+), 2 deletions(-)
---
diff --git a/roles/koji_hub/files/koji-gc.conf b/roles/koji_hub/files/koji-gc.conf
index bee62a4..445338a 100644
--- a/roles/koji_hub/files/koji-gc.conf
+++ b/roles/koji_hub/files/koji-gc.conf
@@ -13,6 +13,10 @@ key_aliases =
FA7A179A fedora-25-nonfree
9690E4AF fedora-26-free
3276F4B3 fedora-26-nonfree
+ 38FF4B0798900DAF5E67D7D11DBDE6057D838377 fedora-27-free
+ C1D5D3457F317578802EE33787047784B9C13282 fedora-27-nonfree
+ 34249D2CB3758B5548E2874FC08D326909EAB3F2 fedora-28-free
+ 3DE8C682E38EE9BC0FDFEA47FCAE2EA87F858107 fedora-28-nonfree
E74F0522 fedora-el-5-free
B1981B68 fedora-el-5-nonfree
849C449F fedora-el-6-free
@@ -37,8 +41,11 @@ unprotected_keys =
fedora-el-7-nonfree
server = https://koji.rpmfusion.org/kojihub
-weburl = http://koji.rpmfusion.org/koji
+serverca = /etc/koji-gc/serverca.crt
+weburl = https://koji.rpmfusion.org/koji
from_addr = RPM Fusion Koji Build System <buildsys(a)rpmfusion.org>
+email-domain = rpmfusion.org
+smtp_host = localhost
[prune]
policy =
@@ -56,6 +63,10 @@ policy =
sig fedora-25-nonfree && age < 12 weeks :: keep
sig fedora-26-free && age < 12 weeks :: keep
sig fedora-26-nonfree && age < 12 weeks :: keep
+ sig fedora-27-free && age < 12 weeks :: keep
+ sig fedora-27-nonfree && age < 12 weeks :: keep
+ sig fedora-28-free && age < 12 weeks :: keep
+ sig fedora-28-nonfree && age < 12 weeks :: keep
sig fedora-el-5-free && age < 12 weeks :: keep
sig fedora-el-5-nonfree && age < 12 weeks :: keep
sig fedora-el-6-free && age < 12 weeks :: keep
@@ -65,7 +76,7 @@ policy =
#stuff to chuck semi-rapidly
tag *-testing *-candidate *-override && order >= 2 :: untag
- tag *-testing *-candidate && order > 0 && age > 6 weeks :: untag
+ tag *-override && order > 0 && age > 2 weeks :: untag
tag *-candidate && age > 8 weeks :: untag
#default: keep the last 3
7 years, 1 month
[ansible] Update openid endpoint
by Nicolas Chauvet
commit 017fd72f10fe50534ebd8caf7799f0e48ae96df0
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Aug 25 12:44:25 2017 +0200
Update openid endpoint
roles/pkgdb2/templates/pkgdb2.cfg | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/roles/pkgdb2/templates/pkgdb2.cfg b/roles/pkgdb2/templates/pkgdb2.cfg
index 51a69dd..95f35ca 100644
--- a/roles/pkgdb2/templates/pkgdb2.cfg
+++ b/roles/pkgdb2/templates/pkgdb2.cfg
@@ -85,7 +85,7 @@ SITE_ROOT = 'https://admin.rpmfusion.org'
SITE_URL = '%s/pkgdb' % SITE_ROOT
## Upon changes in pkgdb, update bugzilla
PKGDB2_BUGZILLA_NOTIFICATION = False
-FAS_OPENID_ENDPOINT = 'https://id.rpmfusion.org/'
+FAS_OPENID_ENDPOINT = 'https://id.rpmfusion.org/openid/'
{% else %}
PKGDB2_FAS_URL = 'http://fas01.online.rpmfusion.net/accounts'
PKGDB2_FAS_INSECURE = True
@@ -93,7 +93,7 @@ SITE_ROOT = 'https://admin.rpmfusion.org'
SITE_URL = '%s/pkgdb' % SITE_ROOT
## Upon changes in pkgdb, update bugzilla
PKGDB2_BUGZILLA_NOTIFICATION = True
-FAS_OPENID_ENDPOINT = 'https://id.rpmfusion.org/'
+FAS_OPENID_ENDPOINT = 'https://id.rpmfusion.org/openid/'
{% endif %}
## name of the user the pkgdb application can log in to FAS with
7 years, 1 month
[ansible] Fixup squid playbook
by Nicolas Chauvet
commit 1030c5a10e84c2dede04dea8b469b0760593fc7c
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Aug 24 17:22:15 2017 +0200
Fixup squid playbook
playbooks/groups/squid.xml | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
---
diff --git a/playbooks/groups/squid.xml b/playbooks/groups/squid.xml
index 3b8d505..2dd9367 100644
--- a/playbooks/groups/squid.xml
+++ b/playbooks/groups/squid.xml
@@ -1,7 +1,5 @@
# create a new squid server
-- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=squid:squid-stg"
-
- name: make the box be real
hosts: squid-stg:squid
user: root
@@ -21,7 +19,7 @@
- sudo
- rsyncd
- { role: openvpn/client,
- when: env != "staging" }
+ when: datacenter != "online" }
- fas_client
- squid
7 years, 1 month
[ansible] Hardening sender and recipient restrictions
by Nicolas Chauvet
commit c3f15a5494c0539eabc6b1a16f7fd9de03bce02d
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Aug 24 17:19:13 2017 +0200
Hardening sender and recipient restrictions
.../main.cf/main.cf.hv01.online.rpmfusion.net | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
index a4bc364..f38ca7d 100644
--- a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
+++ b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
@@ -718,12 +718,19 @@ smtpd_helo_restrictions =
permit
smtpd_sender_restrictions =
- permit_mynetworks,
- reject_unknown_sender_domain,
+ permit_mynetworks,
+ reject_non_fqdn_sender,
+ reject_unknown_sender_domain,
+ permit
smtpd_recipient_restrictions =
- permit_mynetworks,
- reject_unauth_destination,
+ reject_unauth_pipelining,
+ reject_non_fqdn_recipient,
+ reject_unknown_recipient_domain,
+ permit_mynetworks,
+ reject_unauth_destination,
+ check_sender_access
+ hash:/etc/postfix/sender_access,
# check_policy_service unix:postgrey/socket,
body_checks = regexp:/etc/postfix/body_checks
7 years, 1 month
[ansible] Access aarch64 builders
by Nicolas Chauvet
commit 3b5542842d63dfe5c67dcb47772c8937f667d1ac
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Aug 24 16:48:07 2017 +0200
Access aarch64 builders
inventory/builders | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/inventory/builders b/inventory/builders
index d254be8..b1f621f 100644
--- a/inventory/builders
+++ b/inventory/builders
@@ -1,6 +1,6 @@
[buildaarch64]
-aarch64-01.linaro.rpmfusion.net
-aarch64-02.linaro.rpmfusion.net
+aarch64-01.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
+aarch64-02.linaro.rpmfusion.net ansible_user=fedora ansible_become=yes
[buildvm]
buildvm-01.online.rpmfusion.net
7 years, 1 month