[ansible] Update apache kojiweb.conf
by Nicolas Chauvet
commit 1def58382ae7a77ea79c1a1bdafb909511e572aa
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 15 12:16:26 2020 +0100
Update apache kojiweb.conf
roles/koji_hub/templates/kojiweb.conf.j2 | 20 ++++++++++++++++----
1 files changed, 16 insertions(+), 4 deletions(-)
---
diff --git a/roles/koji_hub/templates/kojiweb.conf.j2 b/roles/koji_hub/templates/kojiweb.conf.j2
index 347537a..4e8fe71 100644
--- a/roles/koji_hub/templates/kojiweb.conf.j2
+++ b/roles/koji_hub/templates/kojiweb.conf.j2
@@ -17,6 +17,8 @@ Alias /robots.txt /var/www/html/robots.txt
<Directory "/usr/share/koji-web/scripts/">
Options ExecCGI
SetHandler wsgi-script
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIScriptReloading Off
Require all granted
</Directory>
@@ -63,13 +65,24 @@ Alias /buildgroups "/mnt/koji/buildgroups/"
Require all granted
</Directory>
-Alias /compose "/mnt/koji/compose/"
+Alias /kojira "/mnt/koji/kojira/"
+<Directory "/mnt/koji/kojira/">
+ Options Indexes FollowSymLinks
+ Require all granted
+</Directory>
+Alias /compose "/mnt/koji/compose/"
<Directory "/mnt/koji/compose/">
Options Indexes FollowSymLinks
Require all granted
</Directory>
+Alias /ostree "/mnt/koji/ostree/"
+<Directory "/mnt/koji/ostree/">
+ Options Indexes FollowSymLinks
+ Require all granted
+</Directory>
+
Alias /packages "/mnt/koji/packages/"
<Directory "/mnt/koji/packages/">
@@ -77,10 +90,9 @@ Alias /packages "/mnt/koji/packages/"
Require all granted
</Directory>
-# from kojipkgs
-Alias /kojifiles "/mnt/koji/"
+Alias /repos-dist "/mnt/koji/repos-dist/"
-<Directory "/mnt/koji/">
+<Directory "/mnt/koji/repos-dist/">
Options Indexes FollowSymLinks
Require all granted
</Directory>
4 years
[ansible] Update koji-web cert
by Nicolas Chauvet
commit 6fa5d73e5911f13d891ffd8a47eacc0292f67b08
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 15 12:15:54 2020 +0100
Update koji-web cert
roles/koji_hub/templates/web.conf.j2 | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_hub/templates/web.conf.j2 b/roles/koji_hub/templates/web.conf.j2
index c4b9357..21e407a 100644
--- a/roles/koji_hub/templates/web.conf.j2
+++ b/roles/koji_hub/templates/web.conf.j2
@@ -30,3 +30,6 @@ Secret = {{ kojiSecret }}
LibPath = /usr/share/koji-web/lib
loginDisabled = True
+
+KojiHubCA = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+
4 years
[ansible] Update policy
by Nicolas Chauvet
commit d4c9a36dfa611455511683c304dc8f09b970c429
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 15 12:15:34 2020 +0100
Update policy
roles/koji_hub/templates/hub.conf.j2 | 4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
---
diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
index c38dc94..fdbe56d 100644
--- a/roles/koji_hub/templates/hub.conf.j2
+++ b/roles/koji_hub/templates/hub.conf.j2
@@ -89,11 +89,9 @@ tag =
all :: deny
channel =
- method createrepo :: use createrepo
- method createdistrepo :: use createrepo
+ method createrepo newRepo distRepo buildSRPMFromSCM :: use createrepo
method buildContainer :: use powerbuilder
buildtag *-rpi :: use powerbuilder
- method buildSRPMFromSCM :: use createrepo
method buildSRPMFromSCM && buildtag *rpi :: use powerbuilder
has req_channel && has_perm customchannel :: req
is_child_task :: parent
4 years
[ansible] Fix koji-gc serverca parameter
by Nicolas Chauvet
commit f7a57c089aa33fc0a8284f1763f92a544766aa9e
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 15 12:09:31 2020 +0100
Fix koji-gc serverca parameter
roles/koji_hub/files/koji-gc.conf | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_hub/files/koji-gc.conf b/roles/koji_hub/files/koji-gc.conf
index f37f91f..26c5187 100644
--- a/roles/koji_hub/files/koji-gc.conf
+++ b/roles/koji_hub/files/koji-gc.conf
@@ -56,6 +56,7 @@ unprotected_keys =
server = https://koji.rpmfusion.org/kojihub
#serverca = /etc/koji-gc/serverca.crt
+serverca = /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
weburl = https://koji.rpmfusion.org/koji
from_addr = RPM Fusion Koji Build System <buildsys(a)rpmfusion.org>
email-domain = rpmfusion.org
4 years
[ansible] Update koji-gc cron jobs
by Nicolas Chauvet
commit 446c6aa2853c417b5e30cff8c0be7f39e8c628e4
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 15 12:09:05 2020 +0100
Update koji-gc cron jobs
roles/koji_hub/files/koji-gc | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/roles/koji_hub/files/koji-gc b/roles/koji_hub/files/koji-gc
index 39eb222..a9f962b 100644
--- a/roles/koji_hub/files/koji-gc
+++ b/roles/koji_hub/files/koji-gc
@@ -1,6 +1,6 @@
# Run garbage collector nightly
SCRIPT=/usr/sbin/koji-gc
MAILTO=sysadmin(a)lists.rpmfusion.org
-0 8 * * * apache $SCRIPT --action=delete
-0 10 * * * apache $SCRIPT --action=prune
-0 9 * * * apache $SCRIPT --action=trash
+0 8 * * * apache /usr/local/bin/lock-wrapper koji-gc-delete $SCRIPT --action=delete --lock-file /var/tmp/koji-gc.lock
+0 10 * * * apache /usr/local/bin/lock-wrapper koji-gc-prune $SCRIPT --action=prune --lock-file /var/tmp/koji-gc.lock
+0 9 * * * apache /usr/local/bin/lock-wrapper koji-gc-trash $SCRIPT --action=trash --lock-file /var/tmp/koji-gc.lock
4 years
[ansible] Upate koji_builder defaults
by Nicolas Chauvet
commit 1f2197f214836f375601f6a1d2589c2208fa4e10
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Tue Dec 15 11:10:17 2020 +0100
Upate koji_builder defaults
.../koji_builder/files/builders/site-defaults.cfg | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/site-defaults.cfg b/roles/koji_builder/files/builders/site-defaults.cfg
index a3c7e13..8a6305b 100644
--- a/roles/koji_builder/files/builders/site-defaults.cfg
+++ b/roles/koji_builder/files/builders/site-defaults.cfg
@@ -4,6 +4,7 @@ config_opts['dnf_common_opts'] = ['--setopt=install_weak_deps=0']
config_opts['http_proxy'] = 'http://proxy:3128'
config_opts['nosync'] = True
config_opts['nosync_force'] = True
-config_opts['environment']['LANG'] = os.environ.setdefault('LANG', 'C.UTF-8')
-config_opts['use_bootstrap'] = False
+config_opts['environment']['LANG'] = 'C.UTF-8'
+config_opts['use_bootstrap'] = True
+config_opts['yum_install_command'] += " -x devtoolset*"
config_opts['dnf_warning'] = False
4 years
[ansible] Drop memory payload limit
by Nicolas Chauvet
commit 7e82184c7c8a2b6606e24b77a0ff5e6197eac2f2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Dec 10 19:14:47 2020 +0100
Drop memory payload limit
roles/sigul/server/templates/server.conf.j2 | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/sigul/server/templates/server.conf.j2 b/roles/sigul/server/templates/server.conf.j2
index 604ffd4..bbc2a98 100644
--- a/roles/sigul/server/templates/server.conf.j2
+++ b/roles/sigul/server/templates/server.conf.j2
@@ -11,7 +11,7 @@ bridge-port: 44333
# Maximum accepted size of payload stored on disk
max-file-payload-size: 5147483648
# Maximum accepted size of payload stored in server's memory
-max-memory-payload-size: 10485760
+#max-memory-payload-size: 10485760
# Whether to relax the CN vs username check
#lenient-username-check: yes
4 years
[ansible] Switch to live letsencrypt for koji
by Nicolas Chauvet
commit 4fcbf2f1d61d84c79f04dc3f2805dfe48df7ac69
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 5 18:15:05 2020 +0100
Switch to live letsencrypt for koji
roles/koji_hub/templates/koji-ssl.conf | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
---
diff --git a/roles/koji_hub/templates/koji-ssl.conf b/roles/koji_hub/templates/koji-ssl.conf
index 47a08d6..daaf40c 100644
--- a/roles/koji_hub/templates/koji-ssl.conf
+++ b/roles/koji_hub/templates/koji-ssl.conf
@@ -98,7 +98,8 @@ SSLCipherSuite {{ ssl_ciphers }}
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-SSLCertificateFile /etc/pki/tls/certs/koji_cert.pem
+#SSLCertificateFile /etc/pki/tls/certs/koji_cert.pem
+SSLCertificateFile /etc/letsencrypt/live/koji.rpmfusion.org/cert.pem
# Server Private Key:
# If the key is not combined with the certificate, use this
@@ -106,7 +107,8 @@ SSLCertificateFile /etc/pki/tls/certs/koji_cert.pem
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-SSLCertificateKeyFile /etc/pki/tls/private/koji_key.pem
+#SSLCertificateKeyFile /etc/pki/tls/private/koji_key.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/koji.rpmfusion.org/privkey.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
@@ -116,7 +118,8 @@ SSLCertificateKeyFile /etc/pki/tls/private/koji_key.pem
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
-SSLCertificateChainFile /etc/pki/tls/certs/extras_cacert.pem
+#SSLCertificateChainFile /etc/pki/tls/certs/extras_cacert.pem
+SSLCertificateChainFile /etc/letsencrypt/live/koji.rpmfusion.org/chain.pem
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
4 years