@Bowl here's another attempt.. lemme know your thoughts sir.
Thanks!
From 0f541f8b1f7dece64bc87957a683990f1e0a9e78 Mon Sep 17 00:00:00 2001 From: bicarbonate <invalid.path@xxxxxxxxx> Date: Tue, 2 May 2017 09:27:20 -0600 Subject: [PATCH 1/2] Egg changes --- roles/bodhi2/base/templates/production.ini | 577 +++++++++++++++++++++++++++++ 1 file changed, 577 insertions(+) create mode 100644 roles/bodhi2/base/templates/production.ini diff --git a/roles/bodhi2/base/templates/production.ini b/roles/bodhi2/base/templates/production.ini new file mode 100644 index 0000000..4bf885f --- /dev/null +++ b/roles/bodhi2/base/templates/production.ini @@ -0,0 +1,577 @@ +[filter:proxy-prefix] +use = egg:PasteDeploy#prefix +prefix = / +scheme = https + +[app:main] +use = egg:bodhi-server +filter-with = proxy-prefix + + +#Misc Info at beginning of files + #PRD Info: + # Release status + # pre-beta enforces the 'Pre Beta' policy defined here: + # https://fedoraproject.org/wiki/Updates_Policy + f26.status = pre_beta + + f26.post_beta.mandatory_days_in_testing = 7 + f26.post_beta.critpath.num_admin_approvals = 0 + f26.post_beta.critpath.min_karma = 2 + f26.post_beta.critpath.stable_after_days_without_neg ative_karma = 14 + + f26.pre_beta.mandatory_days_in_testing = 3 + f26.pre_beta.critpath.num_admin_approvals = 0 + f26.pre_beta.critpath.min_karma = 1 + ## Atomic OSTree support + ## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer + ## https://github.com/fedora-infra/ fedmsg-atomic-composer + ## + compose_atomic_trees = true + +## +## Messages +## + +# A notice to flash on the front page +frontpage_notice = + +# A notice to flash on the New Update page +newupdate_notice = + +testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes +not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> +not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> +stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository + + + testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. + not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. + + +# Libravatar - If this is true libravatar will work as normal. Otherwise, all +# libravatar links will be replaced with the string "libravatar.org" so that +# the tests can still pass. +libravatar_enabled = True +# Set this to true if you want to do federated dns libravatar lookup +libravatar_dns = False + +# Set this to True in order to send fedmsg messages. +fedmsg_enabled = True + +# Captcha - if 'captcha.secret' is not None, then it will be used for comments +# captcha.secret must be 32 url-safe base64-encoded bytes +# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() + +{% if env == "staging" %} +captcha.secret = {{ bodhi2CaptchaSecretSTG }} +{% else %} +captcha.secret = {{ bodhi2CaptchaSecret }} +{% endif %} +# Dimensions +captcha.image_width = 300 +captcha.image_height = 80 +# Any truetype font will do. +captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf +captcha.font_size = 36 +# Colors +captcha.font_color = #000000 +captcha.background_color = #ffffff +# In pixels +captcha.padding = 5 +# If a captcha sits around for this many seconds, it will stop working. +captcha.ttl = 300 + +#datagrepper_url = http://localhost:5000 +{% if env == "staging" %} +datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper +badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands +{% else %} +datagrepper_url = https://apps.fedoraproject.org/datagrepper +badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands +{% endif %} + +## +## Wiki Test Cases +## + +## Query the wiki for test cases +query_wiki_test_cases = False +wiki_url = https://fedoraproject.org/w/api.php +test_case_base_url = https://fedoraproject.org/wiki/ + +# Email domain to prepend usernames to +default_email_domain = fedoraproject.org + +# domain for generated message IDs +{% if env == "staging" %} +message_id_email_domain = admin.stg.fedoraproject.org +{% else %} +message_id_email_domain = admin.fedoraproject.org +{% endif %} + +## +## Mash settings +## + +# If defined, the bodhi masher will ensure that messages are signed with the given cert +{% if env == "staging" %} +releng_fedmsg_certname = shell-bodhi-backend01.stg.phx2.fedoraproject.org +{% else %} +{% if ansible_hostname == 'bodhi-backend01' %} +releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org +{% else %} +releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org +{% endif %} +{% endif %} + +# The masher is a bodhi instance that is responsible for composing the update +# repositories, regenerating metrics, sending update notices, closing bugs, +# and other costly operations. To set an external masher, set the masher to +# the baseurl of the bodhi instance. If set to None, this bodhi instance +# will act as a masher as well. +#masher = None + +# Where to initially mash repositories +{% if env == "staging" %} +mash_dir = /var/cache/bodhi/mashing +{% else %} +mash_stage_dir = /mnt/koji/mash/updates +{% endif %} + +mash_conf = /etc/bodhi/mash.conf + +createrepo_cache_dir = /var/cache/createrepo + +## Our periodic jobs +#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates +jobs = cache_release_data refresh_metrics approve_testing_updates + +## Comps configuration +comps_dir = /var/cache/bodhi/comps +comps_url = https://pagure.io/fedora-comps.git + +## +## Mirror settings +## + +file_url = https://download.fedoraproject.org/pub/fedora/linux/updates +master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml + +fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml +fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml +fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml + +## The base url of this application +{% if env == "staging" %} +base_address = https://bodhi.stg.fedoraproject.org/ +{% else %} +base_address = https://bodhi.fedoraproject.org/ +{% endif %} + +## Supported update types +update_types = bugfix enhancement security newpackage + +## Supported architechures +## +## To handle arch name changes between releases, you +## can also configure bodhi to support one arch *or* +## another. For example, EPEL5 mashes produce 'ppc' +## repos, where EPEL6 produces 'ppc64'. To handle this +## scenario, you can specify something like: +## +## arches = ppc/ppc64 +## +arches = i386 x86_64 armhfp + + +## +## Email setting +## + +{ if env == "production" } +smtp_server = bastion + +# The updates system itself. This email address is used in fetching Bugzilla +# information, as well as email notifications +bodhi_email = updates@xxxxxxxxxxxxxxxxx +bodhi_password = {{ bodhiBugzillaPassword }} +{% else %} +bodhi_email = updates@xxxxxxxxxxxxxxxxx +{% endif %} + +# The address that gets the requests +release_team_address = bodhiadmin-members@xxxxxxxxxxxxxxxxx + +# The address to notify when security updates are initially added to bodhi +security_team = security_respons-members@xxxxxxxxxxxxxxxxx + +# Public announcement lists +fedora_announce_list = package-announce@xxxxxxxxxxxxxxxxxxxxxxx +fedora_test_announce_list = test@xxxxxxxxxxxxxxxxxxxxxxx +fedora_epel_announce_list = epel-package-announce@xxxxxxxxxxxxxxxxxxxxxxx +fedora_epel_test_announce_list = epel-devel@xxxxxxxxxxxxxxxxxxxxxxx + +# Superuser groups +admin_groups = proventesters security_respons bodhiadmin sysadmin-main + +# Users that we don't want to show up in the "leaderboard(s)" +stats_blacklist = bodhi anonymous autoqa taskotron + +# A list of non-person users +system_users = bodhi autoqa taskotron + +# The max length for an update title before we truncate it in the web ui +max_update_length_for_ui = 70 + +# The number of days used for calculating the 'top testers' metric +top_testers_timeframe = 900 + +# The email address of the proventesters +proventesters_email = proventesters-members@xxxxxxxxxxxxxxxxx + +# Disabled for the initial release. +stacks_enabled = False + +# These are the default requirements that we apply to stacks, packages, and +# updates. Users have free-reign to override them for each kind of entity. At +# the end of the day, we only consider the requirements defined by single +# updates themselves when gating in the backend masher process. +site_requirements = depcheck upgradepath +## Some day we'll have rpmgrill, and that will be cool. Ask tflink. +#site_requirements = depcheck upgradepath rpmgrill + +# Where do we send update announcements to ? +# These variables should be named per: Release.prefix_id.lower()_announce_list +#fedora_announce_list = +#fedora_test_announce_list = +#fedora_epel_announce_list = +#fedora_epel_test_announce_list = + +# Cache settings +dogpile.cache.backend = dogpile.cache.dbm +dogpile.cache.expiration_time = 100 +dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm + +# Exclude sending emails to these users +exclude_mail = autoqa taskotron + +## +## Buildsystem settings +## + +# What buildsystem do we want to use? For development, we'll use a fake +# buildsystem that always does what we tell it to do. For production, we'll +# want to use 'koji'. +buildsystem = koji + +# Koji's XML-RPC hub +{ if env == "staging" %} +koji_hub = https://koji.stg.fedoraproject.org/kojihub + +# Root url of the Koji instance to point to. No trailing slash +koji_url = http://koji.stg.fedoraproject.org + +# URL of where users should go to set up their notifications +fmn_url = https://apps.stg.fedoraproject.org/notifications/ + +# URL of the resultsdb for integrating checks and stuff +resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/ +resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/ + +fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu +fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js +{% else %} +# Koji's XML-RPC hub +koji_hub = https://koji.fedoraproject.org/kojihub + +# Root url of the Koji instance to point to. No trailing slash +koji_url = https://koji.fedoraproject.org + +# URL of where users should go to set up their notifications +fmn_url = https://apps.fedoraproject.org/notifications/ + +# URL of the resultsdb for integrating checks and stuff +resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ +resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ + +fedmenu.url = https://apps.fedoraproject.org/fedmenu +fedmenu.data_url = https://apps.fedoraproject.org/js/data.js +{% endif %} + +# Koji Krb stuff +krb_ccache = /tmp/krb5cc_%{uid} +krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} +krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab + +## +## ACL system +## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, +## or 'dummy', which will always return guest credentials (used for local +## development). +## + +{ if env == "staging" %} +acl_system = dummy + +## +## Package DB +## +pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb + +initial_bug_msg = %s has been submitted as an update to %s. %s +stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. +testing_bug_msg = + If you want to test the update, you can install it with + $ su -c 'dnf --enablerepo=updates-testing update %s' + You can provide feedback for this update here: %s +testing_bug_epel_msg = + If you want to test the update, you can install it with + $ su -c 'yum --enablerepo=epel-testing update %s' + You can provide feedback for this update here: %s +{% else %} +acl_system = pkgdb + +## +## Package DB +## +pkgdb_url = https://admin.fedoraproject.org/pkgdb + +bugtracker = bugzilla +initial_bug_msg = %s has been submitted as an update to %s. %s +stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. +testing_bug_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s + +testing_bug_epel_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s +{% endif %} + +# The username/password for our bugzilla account comes +# from the bodhi_{email,password} fields. +#bz_cookie = +# Bodhi will avoid touching bugs that are not against the following products +bz_products = Fedora,Fedora EPEL + +{ if env == "staging" %} +bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi +{% else %} +bz_server = https://bugzilla.redhat.com/xmlrpc.cgi +{% endif %} + +## +## Packages that should suggest a reboot +## +reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus + +## +## Critical Path Packages +## https://fedoraproject.org/wiki/Critical_path_package +## + +# Enable this to query the Fedora Package Database for the list of Critical +# Path Packages. If disabled, it'll just use the hardcoded list below. + +{ if env == "production" %} +critpath.type = pkgdb +{% endif %} + +# You can hardcode a list of critical path packages instead of using the PackageDB +{ if env == "staging" %} +critpath.pkgs = kernel +{% endif %} + +# The number of admin approvals it takes to be able to push a critical path +# update to stable for a pending release. +critpath.num_admin_approvals = 0 + +# The net karma required to submit a critial path update to a pending release) +critpath.min_karma = 2 + +# Allow critpath to submit for stable after 2 weeks with no negative karma +critpath.stable_after_days_without_negative_karma = 14 + +# The minimum amount of time an update must spend in testing before +# it can reach the stable repository +fedora.mandatory_days_in_testing = 7 +fedora_epel.mandatory_days_in_testing = 14 + +## +## Release status +## + +# Pre-beta enforces the Pre Beta policy defined here: +# https://fedoraproject.org/wiki/Updates_Policy +#f15.status = 'pre_beta' +#f15.pre_beta.mandatory_days_in_testing = 3 +#f15.pre_beta.critpath.num_admin_approvals = 0 +#f15.pre_beta.critpath.min_karma = 1 + +# For test cases. +f7.status = post_beta +f7.post_beta.mandatory_days_in_testing = 7 +f7.post_beta.critpath.num_admin_approvals = 0 +f7.post_beta.critpath.min_karma = 2 + +# The number of days worth of updates/comments to display +feeds.num_days_to_show = 7 +feeds.max_entries = 20 + +## +## Buildroot Override +## + +# Number of days before expiring overrides +buildroot_overrides.expire_after = 1 + +## +## Groups +## + +# FAS Groups that we want to pay attention to +# When a user logs in, bodhi will look for any of these groups and associate # +# them with the user. They will then appear as the users effective principals in +# the format "group:groupname" and can be used in Pyramid ACE's. +important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig + +# Groups that can push updates for any package +admin_packager_groups = provenpackager releng-team security_respons + +# User must be a member of this group to submit updates +mandatory_packager_groups = packager + +## +## updateinfo.xml configuraiton +## +updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. + +## +## Authentication & Authorization +## + +# pyramid.openid +{ if env == "staging" %} +openid.success_callback = bodhi.server.security:remember_me +openid.provider = https://id.stg.fedoraproject.org/openid/ +openid.url = https://id.stg.fedoraproject.org/ +openid_template = {username}.id.fedoraproject.org +openid.sreg_required = email +{% else %} +openid.success_callback = bodhi.server.security:remember_me +openid.provider = https://id.fedoraproject.org/openid/ +openid.url = https://id.fedoraproject.org/ +openid_template = {username}.id.fedoraproject.org +openid.sreg_required = email +{% endif %} + +## +## Pyramid settings +## +pyramid.reload_templates = false +pyramid.debug_authorization = false +pyramid.debug_notfound = false +pyramid.debug_routematch = false +pyramid.default_locale_name = en + +pyramid.includes = + pyramid_tm + +debugtoolbar.hosts = 127.0.0.1 ::1 + +## +## Database +## +{ if env == "staging" %} +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db-bodhi/bodhi2 +{% else %} +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 +{% endif %} + +## +## Templates +## +mako.directories = bodhi:server/templates + +## +## Authentication & Sessions +## + +authtkt.secret = {{ bodhi2AuthTkt }} +session.secret = {{ bodhi2SessionSecret }} +authtkt.secure = true + +# pyramid_beaker +session.type = file +session.data_dir = /var/cache/bodhi/sessions/data +session.lock_dir = /var/cache/bodhi/sessions/lock + +{ if env == "staging" %} +session.key = {{ bodhi2SessionKeySTG }} +{% else %} +session.key = {{ bodhi2SessionKey }} +{% endif %} + +session.cookie_on_exception = true +# Tell the browser to only send the cookie over TLS +session.secure = true +# Create a cookie that is only valid for one day +session.timeout = 86400 +cache.regions = default_term, second, short_term, long_term +cache.type = memory +cache.second.expire = 1 +cache.short_term.expire = 60 +cache.default_term.expire = 300 +cache.long_term.expire = 3600 + +[server:main] +use = egg:waitress#main +host = 0.0.0.0 +port = 6543 + +[pshell] +m = bodhi.server.models +t = transaction +# Begin logging configuration + +[loggers] +keys = root, bodhi, sqlalchemy + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = INFO +handlers = console + +[logger_bodhi] +level = DEBUG +handlers = +qualname = bodhi + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine +# "level = INFO" logs SQL queries. +# "level = DEBUG" logs SQL queries and results. +# "level = WARN" logs neither. (Recommended for production systems.) + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic +[formatter_generic] +format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s + +# End logging configuration \ No newline at end of file -- 2.9.4 From 46fec2b7b5e61b942ec16eeda7e2cc0cfd659f0c Mon Sep 17 00:00:00 2001 From: bicarbonate <invalid.path@xxxxxxxxx> Date: Fri, 2 Jun 2017 10:57:53 -0600 Subject: [PATCH 2/2] Please enter the commit message for your changes. Lines starting removed noise --- ...ned-staging-and-production-template-files.patch | 612 +++++++++++ roles/bodhi2/base/templates/0001-Egg-changes.patch | 597 +++++++++++ .../{production.ini => old_production.ini.j2} | 1088 +++++++++----------- roles/bodhi2/base/templates/production.ini.j2 | 1087 ++++++++++--------- 4 files changed, 2296 insertions(+), 1088 deletions(-) create mode 100644 roles/bodhi2/base/templates/0001-Combined-staging-and-production-template-files.patch create mode 100644 roles/bodhi2/base/templates/0001-Egg-changes.patch rename roles/bodhi2/base/templates/{production.ini => old_production.ini.j2} (73%) diff --git a/roles/bodhi2/base/templates/0001-Combined-staging-and-production-template-files.patch b/roles/bodhi2/base/templates/0001-Combined-staging-and-production-template-files.patch new file mode 100644 index 0000000..20dcebc --- /dev/null +++ b/roles/bodhi2/base/templates/0001-Combined-staging-and-production-template-files.patch @@ -0,0 +1,612 @@ +From 557ed944045f3d3241f485f4cf7713d2362a4129 Mon Sep 17 00:00:00 2001 +From: bicarbonate <invalid.path@xxxxxxxxx> +Date: Tue, 2 May 2017 09:27:20 -0600 +Subject: [PATCH] Combined staging and production template files + +--- + roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 | 592 +++++++++++++++++++++++ + 1 file changed, 592 insertions(+) + create mode 100644 roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 + +diff --git a/roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 b/roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 +new file mode 100644 +index 0000000..27f59a4 +--- /dev/null ++++ b/roles/bodhi2/base/templates/bodhi-stg_prd-ini.j2 +@@ -0,0 +1,592 @@ ++[filter:proxy-prefix] ++use = egg:PasteDeploy#prefix ++prefix = / ++scheme = https ++ ++[app:main] ++use = egg:bodhi-server ++filter-with = proxy-prefix ++ ++ ++#Combined template file to cover both STG and PRD. ++ ++#Misc Info at beginning of files ++{% if env -- 'production' %} ++ #PRD Info: ++ # Release status ++ # pre-beta enforces the 'Pre Beta' policy defined here: ++ # https://fedoraproject.org/wiki/Updates_Policy ++ f26.status = pre_beta ++ ++ f26.post_beta.mandatory_days_in_testing = 7 ++ f26.post_beta.critpath.num_admin_approvals = 0 ++ f26.post_beta.critpath.min_karma = 2 ++ f26.post_beta.critpath.stable_after_days_without_neg ative_karma = 14 ++ ++ f26.pre_beta.mandatory_days_in_testing = 3 ++ f26.pre_beta.critpath.num_admin_approvals = 0 ++ f26.pre_beta.critpath.min_karma = 1 ++ ## Atomic OSTree support ++ ## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer ++ ## https://github.com/fedora-infra/ fedmsg-atomic-composer ++ ## ++ compose_atomic_trees = true ++{% endif %} ++ ++## ++## Messages ++## ++ ++# A notice to flash on the front page ++frontpage_notice = ++ ++# A notice to flash on the New Update page ++newupdate_notice = ++ ++testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes ++not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> ++not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> ++stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository ++ ++{% if env -- 'production' %} ++ testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. ++ not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. ++{% endif %} ++ ++# Libravatar - If this is true libravatar will work as normal. Otherwise, all ++# libravatar links will be replaced with the string "libravatar.org" so that ++# the tests can still pass. ++libravatar_enabled = True ++# Set this to true if you want to do federated dns libravatar lookup ++libravatar_dns = False ++ ++# Set this to True in order to send fedmsg messages. ++fedmsg_enabled = True ++ ++# Captcha - if 'captcha.secret' is not None, then it will be used for comments ++# captcha.secret must be 32 url-safe base64-encoded bytes ++# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() ++ ++{% if env == "staging" %} ++captcha.secret = {{ bodhi2CaptchaSecretSTG }} ++{% else %} ++captcha.secret = {{ bodhi2CaptchaSecret }} ++{% endif %} ++# Dimensions ++captcha.image_width = 300 ++captcha.image_height = 80 ++# Any truetype font will do. ++captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf ++captcha.font_size = 36 ++# Colors ++captcha.font_color = #000000 ++captcha.background_color = #ffffff ++# In pixels ++captcha.padding = 5 ++# If a captcha sits around for this many seconds, it will stop working. ++captcha.ttl = 300 ++ ++#datagrepper_url = http://localhost:5000 ++{% if env == "staging" %} ++datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper ++badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands ++{% else %} ++datagrepper_url = https://apps.fedoraproject.org/datagrepper ++badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands ++{% endif %} ++ ++## ++## Wiki Test Cases ++## ++ ++## Query the wiki for test cases ++query_wiki_test_cases = False ++wiki_url = https://fedoraproject.org/w/api.php ++test_case_base_url = https://fedoraproject.org/wiki/ ++ ++# Email domain to prepend usernames to ++default_email_domain = fedoraproject.org ++ ++# domain for generated message IDs ++{% if env == "staging" %} ++message_id_email_domain = admin.stg.fedoraproject.org ++{% else %} ++message_id_email_domain = admin.fedoraproject.org ++{% endif %} ++ ++## ++## Mash settings ++## ++ ++# If defined, the bodhi masher will ensure that messages are signed with the given cert ++{% if env == "staging" %} ++releng_fedmsg_certname = shell-bodhi-backend01.stg.phx2.fedoraproject.org ++{% else %} ++{% if ansible_hostname == 'bodhi-backend01' %} ++releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org ++{% else %} ++releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org ++{% endif %} ++{% endif %} ++ ++# The masher is a bodhi instance that is responsible for composing the update ++# repositories, regenerating metrics, sending update notices, closing bugs, ++# and other costly operations. To set an external masher, set the masher to ++# the baseurl of the bodhi instance. If set to None, this bodhi instance ++# will act as a masher as well. ++#masher = None ++ ++# Where to initially mash repositories ++{% if env == "staging" %} ++mash_dir = /var/cache/bodhi/mashing ++{% else %} ++mash_stage_dir = /mnt/koji/mash/updates ++{% endif %} ++ ++mash_conf = /etc/bodhi/mash.conf ++ ++createrepo_cache_dir = /var/cache/createrepo ++ ++## Our periodic jobs ++#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates ++jobs = cache_release_data refresh_metrics approve_testing_updates ++ ++## Comps configuration ++comps_dir = /var/cache/bodhi/comps ++comps_url = https://pagure.io/fedora-comps.git ++ ++## ++## Mirror settings ++## ++ ++file_url = https://download.fedoraproject.org/pub/fedora/linux/updates ++master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml ++fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml ++fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml ++ ++fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml ++fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml ++fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml ++fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml ++ ++## The base url of this application ++{% if env == "staging" %} ++base_address = https://bodhi.stg.fedoraproject.org/ ++{% else %} ++base_address = https://bodhi.fedoraproject.org/ ++{% endif %} ++ ++## Supported update types ++update_types = bugfix enhancement security newpackage ++ ++## Supported architechures ++## ++## To handle arch name changes between releases, you ++## can also configure bodhi to support one arch *or* ++## another. For example, EPEL5 mashes produce 'ppc' ++## repos, where EPEL6 produces 'ppc64'. To handle this ++## scenario, you can specify something like: ++## ++## arches = ppc/ppc64 ++## ++{ if env == "staging" %} ++arches = i386 x86_64 armhfp ++{% else %} ++arches = x86_64 armhfp i386 ++{% endif %} ++ ++## ++## Email setting ++## ++ ++{ if env == "production" } ++smtp_server = bastion ++ ++# The updates system itself. This email address is used in fetching Bugzilla ++# information, as well as email notifications ++bodhi_email = updates@xxxxxxxxxxxxxxxxx ++bodhi_password = {{ bodhiBugzillaPassword }} ++{% else %} ++bodhi_email = updates@xxxxxxxxxxxxxxxxx ++{% endif %} ++ ++# The address that gets the requests ++release_team_address = bodhiadmin-members@xxxxxxxxxxxxxxxxx ++ ++# The address to notify when security updates are initially added to bodhi ++security_team = security_respons-members@xxxxxxxxxxxxxxxxx ++ ++# Public announcement lists ++fedora_announce_list = package-announce@xxxxxxxxxxxxxxxxxxxxxxx ++fedora_test_announce_list = test@xxxxxxxxxxxxxxxxxxxxxxx ++fedora_epel_announce_list = epel-package-announce@xxxxxxxxxxxxxxxxxxxxxxx ++fedora_epel_test_announce_list = epel-devel@xxxxxxxxxxxxxxxxxxxxxxx ++ ++# Superuser groups ++admin_groups = proventesters security_respons bodhiadmin sysadmin-main ++ ++# Users that we don't want to show up in the "leaderboard(s)" ++stats_blacklist = bodhi anonymous autoqa taskotron ++ ++# A list of non-person users ++system_users = bodhi autoqa taskotron ++ ++# The max length for an update title before we truncate it in the web ui ++max_update_length_for_ui = 70 ++ ++# The number of days used for calculating the 'top testers' metric ++top_testers_timeframe = 900 ++ ++# The email address of the proventesters ++proventesters_email = proventesters-members@xxxxxxxxxxxxxxxxx ++ ++# Disabled for the initial release. ++stacks_enabled = False ++ ++# These are the default requirements that we apply to stacks, packages, and ++# updates. Users have free-reign to override them for each kind of entity. At ++# the end of the day, we only consider the requirements defined by single ++# updates themselves when gating in the backend masher process. ++site_requirements = depcheck upgradepath ++## Some day we'll have rpmgrill, and that will be cool. Ask tflink. ++#site_requirements = depcheck upgradepath rpmgrill ++ ++# Where do we send update announcements to ? ++# These variables should be named per: Release.prefix_id.lower()_announce_list ++#fedora_announce_list = ++#fedora_test_announce_list = ++#fedora_epel_announce_list = ++#fedora_epel_test_announce_list = ++ ++# Cache settings ++dogpile.cache.backend = dogpile.cache.dbm ++dogpile.cache.expiration_time = 100 ++dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm ++ ++# Exclude sending emails to these users ++exclude_mail = autoqa taskotron ++ ++## ++## Buildsystem settings ++## ++ ++# What buildsystem do we want to use? For development, we'll use a fake ++# buildsystem that always does what we tell it to do. For production, we'll ++# want to use 'koji'. ++buildsystem = koji ++ ++# Koji's XML-RPC hub ++{ if env == "staging" %} ++koji_hub = https://koji.stg.fedoraproject.org/kojihub ++ ++# Root url of the Koji instance to point to. No trailing slash ++koji_url = http://koji.stg.fedoraproject.org ++ ++# URL of where users should go to set up their notifications ++fmn_url = https://apps.stg.fedoraproject.org/notifications/ ++ ++# URL of the resultsdb for integrating checks and stuff ++resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/ ++resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/ ++ ++fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu ++fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js ++{% else %} ++# Koji's XML-RPC hub ++koji_hub = https://koji.fedoraproject.org/kojihub ++ ++# Root url of the Koji instance to point to. No trailing slash ++koji_url = https://koji.fedoraproject.org ++ ++# URL of where users should go to set up their notifications ++fmn_url = https://apps.fedoraproject.org/notifications/ ++ ++# URL of the resultsdb for integrating checks and stuff ++resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ ++resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ ++ ++fedmenu.url = https://apps.fedoraproject.org/fedmenu ++fedmenu.data_url = https://apps.fedoraproject.org/js/data.js ++{% endif %} ++ ++# Koji Krb stuff ++krb_ccache = /tmp/krb5cc_%{uid} ++krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} ++krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab ++ ++## ++## ACL system ++## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, ++## or 'dummy', which will always return guest credentials (used for local ++## development). ++## ++ ++{ if env == "staging" %} ++acl_system = dummy ++ ++## ++## Package DB ++## ++pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb ++ ++initial_bug_msg = %s has been submitted as an update to %s. %s ++stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. ++testing_bug_msg = ++ If you want to test the update, you can install it with ++ $ su -c 'dnf --enablerepo=updates-testing update %s' ++ You can provide feedback for this update here: %s ++testing_bug_epel_msg = ++ If you want to test the update, you can install it with ++ $ su -c 'yum --enablerepo=epel-testing update %s' ++ You can provide feedback for this update here: %s ++{% else %} ++acl_system = pkgdb ++ ++## ++## Package DB ++## ++pkgdb_url = https://admin.fedoraproject.org/pkgdb ++ ++bugtracker = bugzilla ++initial_bug_msg = %s has been submitted as an update to %s. %s ++stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. ++testing_bug_msg = ++ See https://fedoraproject.org/wiki/QA:Updates_Testing for ++ instructions on how to install test updates. ++ You can provide feedback for this update here: %s ++ ++testing_bug_epel_msg = ++ See https://fedoraproject.org/wiki/QA:Updates_Testing for ++ instructions on how to install test updates. ++ You can provide feedback for this update here: %s ++{% endif %} ++ ++# The username/password for our bugzilla account comes ++# from the bodhi_{email,password} fields. ++ ++{ if env == "staging" %} ++bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi ++{% else %} ++bz_server = https://bugzilla.redhat.com/xmlrpc.cgi ++{% endif %} ++ ++#bz_cookie = ++ ++# Bodhi will avoid touching bugs that are not against the following products ++bz_products = Fedora,Fedora EPEL ++ ++{ if env == "staging" %} ++bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi?id=%s ++{% else %} ++bz_server = https://bugzilla.redhat.com/xmlrpc.cgi?id=%s ++{% endif %} ++ ++## ++## Packages that should suggest a reboot ++## ++reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus ++ ++## ++## Critical Path Packages ++## https://fedoraproject.org/wiki/Critical_path_package ++## ++ ++# Enable this to query the Fedora Package Database for the list of Critical ++# Path Packages. If disabled, it'll just use the hardcoded list below. ++ ++{ if env == "production" %} ++critpath.type = pkgdb ++{% endif %} ++ ++# You can hardcode a list of critical path packages instead of using the PackageDB ++{ if env == "staging" %} ++critpath.pkgs = kernel ++{% endif %} ++ ++# The number of admin approvals it takes to be able to push a critical path ++# update to stable for a pending release. ++critpath.num_admin_approvals = 0 ++ ++# The net karma required to submit a critial path update to a pending release) ++critpath.min_karma = 2 ++ ++# Allow critpath to submit for stable after 2 weeks with no negative karma ++critpath.stable_after_days_without_negative_karma = 14 ++ ++# The minimum amount of time an update must spend in testing before ++# it can reach the stable repository ++fedora.mandatory_days_in_testing = 7 ++fedora_epel.mandatory_days_in_testing = 14 ++ ++## ++## Release status ++## ++ ++# Pre-beta enforces the Pre Beta policy defined here: ++# https://fedoraproject.org/wiki/Updates_Policy ++#f15.status = 'pre_beta' ++#f15.pre_beta.mandatory_days_in_testing = 3 ++#f15.pre_beta.critpath.num_admin_approvals = 0 ++#f15.pre_beta.critpath.min_karma = 1 ++ ++# For test cases. ++f7.status = post_beta ++f7.post_beta.mandatory_days_in_testing = 7 ++f7.post_beta.critpath.num_admin_approvals = 0 ++f7.post_beta.critpath.min_karma = 2 ++ ++# The number of days worth of updates/comments to display ++feeds.num_days_to_show = 7 ++feeds.max_entries = 20 ++ ++## ++## Buildroot Override ++## ++ ++# Number of days before expiring overrides ++buildroot_overrides.expire_after = 1 ++ ++## ++## Groups ++## ++ ++# FAS Groups that we want to pay attention to ++# When a user logs in, bodhi will look for any of these groups and associate # ++# them with the user. They will then appear as the users effective principals in ++# the format "group:groupname" and can be used in Pyramid ACE's. ++important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig ++ ++# Groups that can push updates for any package ++admin_packager_groups = provenpackager releng-team security_respons ++ ++# User must be a member of this group to submit updates ++mandatory_packager_groups = packager ++ ++## ++## updateinfo.xml configuraiton ++## ++updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. ++ ++## ++## Authentication & Authorization ++## ++ ++# pyramid.openid ++{ if env == "staging" %} ++openid.success_callback = bodhi.server.security:remember_me ++openid.provider = https://id.stg.fedoraproject.org/openid/ ++openid.url = https://id.stg.fedoraproject.org/ ++openid_template = {username}.id.fedoraproject.org ++openid.sreg_required = email ++{% else %} ++openid.success_callback = bodhi.server.security:remember_me ++openid.provider = https://id.fedoraproject.org/openid/ ++openid.url = https://id.fedoraproject.org/ ++openid_template = {username}.id.fedoraproject.org ++openid.sreg_required = email ++{% endif %} ++ ++## ++## Pyramid settings ++## ++pyramid.reload_templates = false ++pyramid.debug_authorization = false ++pyramid.debug_notfound = false ++pyramid.debug_routematch = false ++pyramid.default_locale_name = en ++ ++pyramid.includes = ++ pyramid_tm ++ ++debugtoolbar.hosts = 127.0.0.1 ::1 ++ ++## ++## Database ++## ++{ if env == "staging" %} ++sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db-bodhi/bodhi2 ++{% else %} ++sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 ++{% endif %} ++ ++## ++## Templates ++## ++mako.directories = bodhi:server/templates ++ ++## ++## Authentication & Sessions ++## ++ ++authtkt.secret = {{ bodhi2AuthTkt }} ++session.secret = {{ bodhi2SessionSecret }} ++authtkt.secure = true ++ ++# pyramid_beaker ++session.type = file ++session.data_dir = /var/cache/bodhi/sessions/data ++session.lock_dir = /var/cache/bodhi/sessions/lock ++ ++{ if env == "staging" %} ++session.key = {{ bodhi2SessionKeySTG }} ++{% else %} ++session.key = {{ bodhi2SessionKey }} ++{% endif %} ++ ++session.cookie_on_exception = true ++# Tell the browser to only send the cookie over TLS ++session.secure = true ++# Create a cookie that is only valid for one day ++session.timeout = 86400 ++cache.regions = default_term, second, short_term, long_term ++cache.type = memory ++cache.second.expire = 1 ++cache.short_term.expire = 60 ++cache.default_term.expire = 300 ++cache.long_term.expire = 3600 ++ ++[server:main] ++use = egg:waitress#main ++host = 0.0.0.0 ++port = 6543 ++ ++[pshell] ++m = bodhi.server.models ++t = transaction ++# Begin logging configuration ++ ++[loggers] ++keys = root, bodhi, sqlalchemy ++ ++[handlers] ++keys = console ++ ++[formatters] ++keys = generic ++ ++[logger_root] ++level = INFO ++handlers = console ++ ++[logger_bodhi] ++level = DEBUG ++handlers = ++qualname = bodhi ++ ++[logger_sqlalchemy] ++level = WARN ++handlers = ++qualname = sqlalchemy.engine ++# "level = INFO" logs SQL queries. ++# "level = DEBUG" logs SQL queries and results. ++# "level = WARN" logs neither. (Recommended for production systems.) ++ ++[handler_console] ++class = StreamHandler ++args = (sys.stderr,) ++level = NOTSET ++formatter = generic ++[formatter_generic] ++format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s ++ ++# End logging configuration +\ No newline at end of file +-- +2.9.4 + diff --git a/roles/bodhi2/base/templates/0001-Egg-changes.patch b/roles/bodhi2/base/templates/0001-Egg-changes.patch new file mode 100644 index 0000000..4387d1c --- /dev/null +++ b/roles/bodhi2/base/templates/0001-Egg-changes.patch @@ -0,0 +1,597 @@ +From 0f541f8b1f7dece64bc87957a683990f1e0a9e78 Mon Sep 17 00:00:00 2001 +From: bicarbonate <invalid.path@xxxxxxxxx> +Date: Tue, 2 May 2017 09:27:20 -0600 +Subject: [PATCH] Egg changes + +--- + roles/bodhi2/base/templates/production.ini | 577 +++++++++++++++++++++++++++++ + 1 file changed, 577 insertions(+) + create mode 100644 roles/bodhi2/base/templates/production.ini + +diff --git a/roles/bodhi2/base/templates/production.ini b/roles/bodhi2/base/templates/production.ini +new file mode 100644 +index 0000000..4bf885f +--- /dev/null ++++ b/roles/bodhi2/base/templates/production.ini +@@ -0,0 +1,577 @@ ++[filter:proxy-prefix] ++use = egg:PasteDeploy#prefix ++prefix = / ++scheme = https ++ ++[app:main] ++use = egg:bodhi-server ++filter-with = proxy-prefix ++ ++ ++#Misc Info at beginning of files ++ #PRD Info: ++ # Release status ++ # pre-beta enforces the 'Pre Beta' policy defined here: ++ # https://fedoraproject.org/wiki/Updates_Policy ++ f26.status = pre_beta ++ ++ f26.post_beta.mandatory_days_in_testing = 7 ++ f26.post_beta.critpath.num_admin_approvals = 0 ++ f26.post_beta.critpath.min_karma = 2 ++ f26.post_beta.critpath.stable_after_days_without_neg ative_karma = 14 ++ ++ f26.pre_beta.mandatory_days_in_testing = 3 ++ f26.pre_beta.critpath.num_admin_approvals = 0 ++ f26.pre_beta.critpath.min_karma = 1 ++ ## Atomic OSTree support ++ ## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer ++ ## https://github.com/fedora-infra/ fedmsg-atomic-composer ++ ## ++ compose_atomic_trees = true ++ ++## ++## Messages ++## ++ ++# A notice to flash on the front page ++frontpage_notice = ++ ++# A notice to flash on the New Update page ++newupdate_notice = ++ ++testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes ++not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> ++not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> ++stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository ++ ++ ++ testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. ++ not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. ++ ++ ++# Libravatar - If this is true libravatar will work as normal. Otherwise, all ++# libravatar links will be replaced with the string "libravatar.org" so that ++# the tests can still pass. ++libravatar_enabled = True ++# Set this to true if you want to do federated dns libravatar lookup ++libravatar_dns = False ++ ++# Set this to True in order to send fedmsg messages. ++fedmsg_enabled = True ++ ++# Captcha - if 'captcha.secret' is not None, then it will be used for comments ++# captcha.secret must be 32 url-safe base64-encoded bytes ++# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() ++ ++{% if env == "staging" %} ++captcha.secret = {{ bodhi2CaptchaSecretSTG }} ++{% else %} ++captcha.secret = {{ bodhi2CaptchaSecret }} ++{% endif %} ++# Dimensions ++captcha.image_width = 300 ++captcha.image_height = 80 ++# Any truetype font will do. ++captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf ++captcha.font_size = 36 ++# Colors ++captcha.font_color = #000000 ++captcha.background_color = #ffffff ++# In pixels ++captcha.padding = 5 ++# If a captcha sits around for this many seconds, it will stop working. ++captcha.ttl = 300 ++ ++#datagrepper_url = http://localhost:5000 ++{% if env == "staging" %} ++datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper ++badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands ++{% else %} ++datagrepper_url = https://apps.fedoraproject.org/datagrepper ++badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands ++{% endif %} ++ ++## ++## Wiki Test Cases ++## ++ ++## Query the wiki for test cases ++query_wiki_test_cases = False ++wiki_url = https://fedoraproject.org/w/api.php ++test_case_base_url = https://fedoraproject.org/wiki/ ++ ++# Email domain to prepend usernames to ++default_email_domain = fedoraproject.org ++ ++# domain for generated message IDs ++{% if env == "staging" %} ++message_id_email_domain = admin.stg.fedoraproject.org ++{% else %} ++message_id_email_domain = admin.fedoraproject.org ++{% endif %} ++ ++## ++## Mash settings ++## ++ ++# If defined, the bodhi masher will ensure that messages are signed with the given cert ++{% if env == "staging" %} ++releng_fedmsg_certname = shell-bodhi-backend01.stg.phx2.fedoraproject.org ++{% else %} ++{% if ansible_hostname == 'bodhi-backend01' %} ++releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org ++{% else %} ++releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org ++{% endif %} ++{% endif %} ++ ++# The masher is a bodhi instance that is responsible for composing the update ++# repositories, regenerating metrics, sending update notices, closing bugs, ++# and other costly operations. To set an external masher, set the masher to ++# the baseurl of the bodhi instance. If set to None, this bodhi instance ++# will act as a masher as well. ++#masher = None ++ ++# Where to initially mash repositories ++{% if env == "staging" %} ++mash_dir = /var/cache/bodhi/mashing ++{% else %} ++mash_stage_dir = /mnt/koji/mash/updates ++{% endif %} ++ ++mash_conf = /etc/bodhi/mash.conf ++ ++createrepo_cache_dir = /var/cache/createrepo ++ ++## Our periodic jobs ++#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates ++jobs = cache_release_data refresh_metrics approve_testing_updates ++ ++## Comps configuration ++comps_dir = /var/cache/bodhi/comps ++comps_url = https://pagure.io/fedora-comps.git ++ ++## ++## Mirror settings ++## ++ ++file_url = https://download.fedoraproject.org/pub/fedora/linux/updates ++master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml ++fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml ++fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml ++ ++fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml ++fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml ++fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml ++fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml ++ ++## The base url of this application ++{% if env == "staging" %} ++base_address = https://bodhi.stg.fedoraproject.org/ ++{% else %} ++base_address = https://bodhi.fedoraproject.org/ ++{% endif %} ++ ++## Supported update types ++update_types = bugfix enhancement security newpackage ++ ++## Supported architechures ++## ++## To handle arch name changes between releases, you ++## can also configure bodhi to support one arch *or* ++## another. For example, EPEL5 mashes produce 'ppc' ++## repos, where EPEL6 produces 'ppc64'. To handle this ++## scenario, you can specify something like: ++## ++## arches = ppc/ppc64 ++## ++arches = i386 x86_64 armhfp ++ ++ ++## ++## Email setting ++## ++ ++{ if env == "production" } ++smtp_server = bastion ++ ++# The updates system itself. This email address is used in fetching Bugzilla ++# information, as well as email notifications ++bodhi_email = updates@xxxxxxxxxxxxxxxxx ++bodhi_password = {{ bodhiBugzillaPassword }} ++{% else %} ++bodhi_email = updates@xxxxxxxxxxxxxxxxx ++{% endif %} ++ ++# The address that gets the requests ++release_team_address = bodhiadmin-members@xxxxxxxxxxxxxxxxx ++ ++# The address to notify when security updates are initially added to bodhi ++security_team = security_respons-members@xxxxxxxxxxxxxxxxx ++ ++# Public announcement lists ++fedora_announce_list = package-announce@xxxxxxxxxxxxxxxxxxxxxxx ++fedora_test_announce_list = test@xxxxxxxxxxxxxxxxxxxxxxx ++fedora_epel_announce_list = epel-package-announce@xxxxxxxxxxxxxxxxxxxxxxx ++fedora_epel_test_announce_list = epel-devel@xxxxxxxxxxxxxxxxxxxxxxx ++ ++# Superuser groups ++admin_groups = proventesters security_respons bodhiadmin sysadmin-main ++ ++# Users that we don't want to show up in the "leaderboard(s)" ++stats_blacklist = bodhi anonymous autoqa taskotron ++ ++# A list of non-person users ++system_users = bodhi autoqa taskotron ++ ++# The max length for an update title before we truncate it in the web ui ++max_update_length_for_ui = 70 ++ ++# The number of days used for calculating the 'top testers' metric ++top_testers_timeframe = 900 ++ ++# The email address of the proventesters ++proventesters_email = proventesters-members@xxxxxxxxxxxxxxxxx ++ ++# Disabled for the initial release. ++stacks_enabled = False ++ ++# These are the default requirements that we apply to stacks, packages, and ++# updates. Users have free-reign to override them for each kind of entity. At ++# the end of the day, we only consider the requirements defined by single ++# updates themselves when gating in the backend masher process. ++site_requirements = depcheck upgradepath ++## Some day we'll have rpmgrill, and that will be cool. Ask tflink. ++#site_requirements = depcheck upgradepath rpmgrill ++ ++# Where do we send update announcements to ? ++# These variables should be named per: Release.prefix_id.lower()_announce_list ++#fedora_announce_list = ++#fedora_test_announce_list = ++#fedora_epel_announce_list = ++#fedora_epel_test_announce_list = ++ ++# Cache settings ++dogpile.cache.backend = dogpile.cache.dbm ++dogpile.cache.expiration_time = 100 ++dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm ++ ++# Exclude sending emails to these users ++exclude_mail = autoqa taskotron ++ ++## ++## Buildsystem settings ++## ++ ++# What buildsystem do we want to use? For development, we'll use a fake ++# buildsystem that always does what we tell it to do. For production, we'll ++# want to use 'koji'. ++buildsystem = koji ++ ++# Koji's XML-RPC hub ++{ if env == "staging" %} ++koji_hub = https://koji.stg.fedoraproject.org/kojihub ++ ++# Root url of the Koji instance to point to. No trailing slash ++koji_url = http://koji.stg.fedoraproject.org ++ ++# URL of where users should go to set up their notifications ++fmn_url = https://apps.stg.fedoraproject.org/notifications/ ++ ++# URL of the resultsdb for integrating checks and stuff ++resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/ ++resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/ ++ ++fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu ++fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js ++{% else %} ++# Koji's XML-RPC hub ++koji_hub = https://koji.fedoraproject.org/kojihub ++ ++# Root url of the Koji instance to point to. No trailing slash ++koji_url = https://koji.fedoraproject.org ++ ++# URL of where users should go to set up their notifications ++fmn_url = https://apps.fedoraproject.org/notifications/ ++ ++# URL of the resultsdb for integrating checks and stuff ++resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ ++resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ ++ ++fedmenu.url = https://apps.fedoraproject.org/fedmenu ++fedmenu.data_url = https://apps.fedoraproject.org/js/data.js ++{% endif %} ++ ++# Koji Krb stuff ++krb_ccache = /tmp/krb5cc_%{uid} ++krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} ++krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab ++ ++## ++## ACL system ++## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, ++## or 'dummy', which will always return guest credentials (used for local ++## development). ++## ++ ++{ if env == "staging" %} ++acl_system = dummy ++ ++## ++## Package DB ++## ++pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb ++ ++initial_bug_msg = %s has been submitted as an update to %s. %s ++stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. ++testing_bug_msg = ++ If you want to test the update, you can install it with ++ $ su -c 'dnf --enablerepo=updates-testing update %s' ++ You can provide feedback for this update here: %s ++testing_bug_epel_msg = ++ If you want to test the update, you can install it with ++ $ su -c 'yum --enablerepo=epel-testing update %s' ++ You can provide feedback for this update here: %s ++{% else %} ++acl_system = pkgdb ++ ++## ++## Package DB ++## ++pkgdb_url = https://admin.fedoraproject.org/pkgdb ++ ++bugtracker = bugzilla ++initial_bug_msg = %s has been submitted as an update to %s. %s ++stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. ++testing_bug_msg = ++ See https://fedoraproject.org/wiki/QA:Updates_Testing for ++ instructions on how to install test updates. ++ You can provide feedback for this update here: %s ++ ++testing_bug_epel_msg = ++ See https://fedoraproject.org/wiki/QA:Updates_Testing for ++ instructions on how to install test updates. ++ You can provide feedback for this update here: %s ++{% endif %} ++ ++# The username/password for our bugzilla account comes ++# from the bodhi_{email,password} fields. ++#bz_cookie = ++# Bodhi will avoid touching bugs that are not against the following products ++bz_products = Fedora,Fedora EPEL ++ ++{ if env == "staging" %} ++bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi ++{% else %} ++bz_server = https://bugzilla.redhat.com/xmlrpc.cgi ++{% endif %} ++ ++## ++## Packages that should suggest a reboot ++## ++reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus ++ ++## ++## Critical Path Packages ++## https://fedoraproject.org/wiki/Critical_path_package ++## ++ ++# Enable this to query the Fedora Package Database for the list of Critical ++# Path Packages. If disabled, it'll just use the hardcoded list below. ++ ++{ if env == "production" %} ++critpath.type = pkgdb ++{% endif %} ++ ++# You can hardcode a list of critical path packages instead of using the PackageDB ++{ if env == "staging" %} ++critpath.pkgs = kernel ++{% endif %} ++ ++# The number of admin approvals it takes to be able to push a critical path ++# update to stable for a pending release. ++critpath.num_admin_approvals = 0 ++ ++# The net karma required to submit a critial path update to a pending release) ++critpath.min_karma = 2 ++ ++# Allow critpath to submit for stable after 2 weeks with no negative karma ++critpath.stable_after_days_without_negative_karma = 14 ++ ++# The minimum amount of time an update must spend in testing before ++# it can reach the stable repository ++fedora.mandatory_days_in_testing = 7 ++fedora_epel.mandatory_days_in_testing = 14 ++ ++## ++## Release status ++## ++ ++# Pre-beta enforces the Pre Beta policy defined here: ++# https://fedoraproject.org/wiki/Updates_Policy ++#f15.status = 'pre_beta' ++#f15.pre_beta.mandatory_days_in_testing = 3 ++#f15.pre_beta.critpath.num_admin_approvals = 0 ++#f15.pre_beta.critpath.min_karma = 1 ++ ++# For test cases. ++f7.status = post_beta ++f7.post_beta.mandatory_days_in_testing = 7 ++f7.post_beta.critpath.num_admin_approvals = 0 ++f7.post_beta.critpath.min_karma = 2 ++ ++# The number of days worth of updates/comments to display ++feeds.num_days_to_show = 7 ++feeds.max_entries = 20 ++ ++## ++## Buildroot Override ++## ++ ++# Number of days before expiring overrides ++buildroot_overrides.expire_after = 1 ++ ++## ++## Groups ++## ++ ++# FAS Groups that we want to pay attention to ++# When a user logs in, bodhi will look for any of these groups and associate # ++# them with the user. They will then appear as the users effective principals in ++# the format "group:groupname" and can be used in Pyramid ACE's. ++important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig ++ ++# Groups that can push updates for any package ++admin_packager_groups = provenpackager releng-team security_respons ++ ++# User must be a member of this group to submit updates ++mandatory_packager_groups = packager ++ ++## ++## updateinfo.xml configuraiton ++## ++updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. ++ ++## ++## Authentication & Authorization ++## ++ ++# pyramid.openid ++{ if env == "staging" %} ++openid.success_callback = bodhi.server.security:remember_me ++openid.provider = https://id.stg.fedoraproject.org/openid/ ++openid.url = https://id.stg.fedoraproject.org/ ++openid_template = {username}.id.fedoraproject.org ++openid.sreg_required = email ++{% else %} ++openid.success_callback = bodhi.server.security:remember_me ++openid.provider = https://id.fedoraproject.org/openid/ ++openid.url = https://id.fedoraproject.org/ ++openid_template = {username}.id.fedoraproject.org ++openid.sreg_required = email ++{% endif %} ++ ++## ++## Pyramid settings ++## ++pyramid.reload_templates = false ++pyramid.debug_authorization = false ++pyramid.debug_notfound = false ++pyramid.debug_routematch = false ++pyramid.default_locale_name = en ++ ++pyramid.includes = ++ pyramid_tm ++ ++debugtoolbar.hosts = 127.0.0.1 ::1 ++ ++## ++## Database ++## ++{ if env == "staging" %} ++sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db-bodhi/bodhi2 ++{% else %} ++sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 ++{% endif %} ++ ++## ++## Templates ++## ++mako.directories = bodhi:server/templates ++ ++## ++## Authentication & Sessions ++## ++ ++authtkt.secret = {{ bodhi2AuthTkt }} ++session.secret = {{ bodhi2SessionSecret }} ++authtkt.secure = true ++ ++# pyramid_beaker ++session.type = file ++session.data_dir = /var/cache/bodhi/sessions/data ++session.lock_dir = /var/cache/bodhi/sessions/lock ++ ++{ if env == "staging" %} ++session.key = {{ bodhi2SessionKeySTG }} ++{% else %} ++session.key = {{ bodhi2SessionKey }} ++{% endif %} ++ ++session.cookie_on_exception = true ++# Tell the browser to only send the cookie over TLS ++session.secure = true ++# Create a cookie that is only valid for one day ++session.timeout = 86400 ++cache.regions = default_term, second, short_term, long_term ++cache.type = memory ++cache.second.expire = 1 ++cache.short_term.expire = 60 ++cache.default_term.expire = 300 ++cache.long_term.expire = 3600 ++ ++[server:main] ++use = egg:waitress#main ++host = 0.0.0.0 ++port = 6543 ++ ++[pshell] ++m = bodhi.server.models ++t = transaction ++# Begin logging configuration ++ ++[loggers] ++keys = root, bodhi, sqlalchemy ++ ++[handlers] ++keys = console ++ ++[formatters] ++keys = generic ++ ++[logger_root] ++level = INFO ++handlers = console ++ ++[logger_bodhi] ++level = DEBUG ++handlers = ++qualname = bodhi ++ ++[logger_sqlalchemy] ++level = WARN ++handlers = ++qualname = sqlalchemy.engine ++# "level = INFO" logs SQL queries. ++# "level = DEBUG" logs SQL queries and results. ++# "level = WARN" logs neither. (Recommended for production systems.) ++ ++[handler_console] ++class = StreamHandler ++args = (sys.stderr,) ++level = NOTSET ++formatter = generic ++[formatter_generic] ++format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s ++ ++# End logging configuration +\ No newline at end of file +-- +2.9.4 + diff --git a/roles/bodhi2/base/templates/production.ini b/roles/bodhi2/base/templates/old_production.ini.j2 similarity index 73% rename from roles/bodhi2/base/templates/production.ini rename to roles/bodhi2/base/templates/old_production.ini.j2 index 4bf885f..31fcf12 100644 --- a/roles/bodhi2/base/templates/production.ini +++ b/roles/bodhi2/base/templates/old_production.ini.j2 @@ -1,577 +1,511 @@ -[filter:proxy-prefix] -use = egg:PasteDeploy#prefix -prefix = / -scheme = https - -[app:main] -use = egg:bodhi-server -filter-with = proxy-prefix - - -#Misc Info at beginning of files - #PRD Info: - # Release status - # pre-beta enforces the 'Pre Beta' policy defined here: - # https://fedoraproject.org/wiki/Updates_Policy - f26.status = pre_beta - - f26.post_beta.mandatory_days_in_testing = 7 - f26.post_beta.critpath.num_admin_approvals = 0 - f26.post_beta.critpath.min_karma = 2 - f26.post_beta.critpath.stable_after_days_without_neg ative_karma = 14 - - f26.pre_beta.mandatory_days_in_testing = 3 - f26.pre_beta.critpath.num_admin_approvals = 0 - f26.pre_beta.critpath.min_karma = 1 - ## Atomic OSTree support - ## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer - ## https://github.com/fedora-infra/ fedmsg-atomic-composer - ## - compose_atomic_trees = true - -## -## Messages -## - -# A notice to flash on the front page -frontpage_notice = - -# A notice to flash on the New Update page -newupdate_notice = - -testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes -not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> -not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> -stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository - - - testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. - not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. - - -# Libravatar - If this is true libravatar will work as normal. Otherwise, all -# libravatar links will be replaced with the string "libravatar.org" so that -# the tests can still pass. -libravatar_enabled = True -# Set this to true if you want to do federated dns libravatar lookup -libravatar_dns = False - -# Set this to True in order to send fedmsg messages. -fedmsg_enabled = True - -# Captcha - if 'captcha.secret' is not None, then it will be used for comments -# captcha.secret must be 32 url-safe base64-encoded bytes -# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() - -{% if env == "staging" %} -captcha.secret = {{ bodhi2CaptchaSecretSTG }} -{% else %} -captcha.secret = {{ bodhi2CaptchaSecret }} -{% endif %} -# Dimensions -captcha.image_width = 300 -captcha.image_height = 80 -# Any truetype font will do. -captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf -captcha.font_size = 36 -# Colors -captcha.font_color = #000000 -captcha.background_color = #ffffff -# In pixels -captcha.padding = 5 -# If a captcha sits around for this many seconds, it will stop working. -captcha.ttl = 300 - -#datagrepper_url = http://localhost:5000 -{% if env == "staging" %} -datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper -badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands -{% else %} -datagrepper_url = https://apps.fedoraproject.org/datagrepper -badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands -{% endif %} - -## -## Wiki Test Cases -## - -## Query the wiki for test cases -query_wiki_test_cases = False -wiki_url = https://fedoraproject.org/w/api.php -test_case_base_url = https://fedoraproject.org/wiki/ - -# Email domain to prepend usernames to -default_email_domain = fedoraproject.org - -# domain for generated message IDs -{% if env == "staging" %} -message_id_email_domain = admin.stg.fedoraproject.org -{% else %} -message_id_email_domain = admin.fedoraproject.org -{% endif %} - -## -## Mash settings -## - -# If defined, the bodhi masher will ensure that messages are signed with the given cert -{% if env == "staging" %} -releng_fedmsg_certname = shell-bodhi-backend01.stg.phx2.fedoraproject.org -{% else %} -{% if ansible_hostname == 'bodhi-backend01' %} -releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org -{% else %} -releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org -{% endif %} -{% endif %} - -# The masher is a bodhi instance that is responsible for composing the update -# repositories, regenerating metrics, sending update notices, closing bugs, -# and other costly operations. To set an external masher, set the masher to -# the baseurl of the bodhi instance. If set to None, this bodhi instance -# will act as a masher as well. -#masher = None - -# Where to initially mash repositories -{% if env == "staging" %} -mash_dir = /var/cache/bodhi/mashing -{% else %} -mash_stage_dir = /mnt/koji/mash/updates -{% endif %} - -mash_conf = /etc/bodhi/mash.conf - -createrepo_cache_dir = /var/cache/createrepo - -## Our periodic jobs -#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates -jobs = cache_release_data refresh_metrics approve_testing_updates - -## Comps configuration -comps_dir = /var/cache/bodhi/comps -comps_url = https://pagure.io/fedora-comps.git - -## -## Mirror settings -## - -file_url = https://download.fedoraproject.org/pub/fedora/linux/updates -master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml -fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml -fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml - -fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml -fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml -fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml -fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml - -## The base url of this application -{% if env == "staging" %} -base_address = https://bodhi.stg.fedoraproject.org/ -{% else %} -base_address = https://bodhi.fedoraproject.org/ -{% endif %} - -## Supported update types -update_types = bugfix enhancement security newpackage - -## Supported architechures -## -## To handle arch name changes between releases, you -## can also configure bodhi to support one arch *or* -## another. For example, EPEL5 mashes produce 'ppc' -## repos, where EPEL6 produces 'ppc64'. To handle this -## scenario, you can specify something like: -## -## arches = ppc/ppc64 -## -arches = i386 x86_64 armhfp - - -## -## Email setting -## - -{ if env == "production" } -smtp_server = bastion - -# The updates system itself. This email address is used in fetching Bugzilla -# information, as well as email notifications -bodhi_email = updates@xxxxxxxxxxxxxxxxx -bodhi_password = {{ bodhiBugzillaPassword }} -{% else %} -bodhi_email = updates@xxxxxxxxxxxxxxxxx -{% endif %} - -# The address that gets the requests -release_team_address = bodhiadmin-members@xxxxxxxxxxxxxxxxx - -# The address to notify when security updates are initially added to bodhi -security_team = security_respons-members@xxxxxxxxxxxxxxxxx - -# Public announcement lists -fedora_announce_list = package-announce@xxxxxxxxxxxxxxxxxxxxxxx -fedora_test_announce_list = test@xxxxxxxxxxxxxxxxxxxxxxx -fedora_epel_announce_list = epel-package-announce@xxxxxxxxxxxxxxxxxxxxxxx -fedora_epel_test_announce_list = epel-devel@xxxxxxxxxxxxxxxxxxxxxxx - -# Superuser groups -admin_groups = proventesters security_respons bodhiadmin sysadmin-main - -# Users that we don't want to show up in the "leaderboard(s)" -stats_blacklist = bodhi anonymous autoqa taskotron - -# A list of non-person users -system_users = bodhi autoqa taskotron - -# The max length for an update title before we truncate it in the web ui -max_update_length_for_ui = 70 - -# The number of days used for calculating the 'top testers' metric -top_testers_timeframe = 900 - -# The email address of the proventesters -proventesters_email = proventesters-members@xxxxxxxxxxxxxxxxx - -# Disabled for the initial release. -stacks_enabled = False - -# These are the default requirements that we apply to stacks, packages, and -# updates. Users have free-reign to override them for each kind of entity. At -# the end of the day, we only consider the requirements defined by single -# updates themselves when gating in the backend masher process. -site_requirements = depcheck upgradepath -## Some day we'll have rpmgrill, and that will be cool. Ask tflink. -#site_requirements = depcheck upgradepath rpmgrill - -# Where do we send update announcements to ? -# These variables should be named per: Release.prefix_id.lower()_announce_list -#fedora_announce_list = -#fedora_test_announce_list = -#fedora_epel_announce_list = -#fedora_epel_test_announce_list = - -# Cache settings -dogpile.cache.backend = dogpile.cache.dbm -dogpile.cache.expiration_time = 100 -dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm - -# Exclude sending emails to these users -exclude_mail = autoqa taskotron - -## -## Buildsystem settings -## - -# What buildsystem do we want to use? For development, we'll use a fake -# buildsystem that always does what we tell it to do. For production, we'll -# want to use 'koji'. -buildsystem = koji - -# Koji's XML-RPC hub -{ if env == "staging" %} -koji_hub = https://koji.stg.fedoraproject.org/kojihub - -# Root url of the Koji instance to point to. No trailing slash -koji_url = http://koji.stg.fedoraproject.org - -# URL of where users should go to set up their notifications -fmn_url = https://apps.stg.fedoraproject.org/notifications/ - -# URL of the resultsdb for integrating checks and stuff -resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/ -resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/ - -fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu -fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js -{% else %} -# Koji's XML-RPC hub -koji_hub = https://koji.fedoraproject.org/kojihub - -# Root url of the Koji instance to point to. No trailing slash -koji_url = https://koji.fedoraproject.org - -# URL of where users should go to set up their notifications -fmn_url = https://apps.fedoraproject.org/notifications/ - -# URL of the resultsdb for integrating checks and stuff -resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ -resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ - -fedmenu.url = https://apps.fedoraproject.org/fedmenu -fedmenu.data_url = https://apps.fedoraproject.org/js/data.js -{% endif %} - -# Koji Krb stuff -krb_ccache = /tmp/krb5cc_%{uid} -krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} -krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab - -## -## ACL system -## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, -## or 'dummy', which will always return guest credentials (used for local -## development). -## - -{ if env == "staging" %} -acl_system = dummy - -## -## Package DB -## -pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb - -initial_bug_msg = %s has been submitted as an update to %s. %s -stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. -testing_bug_msg = - If you want to test the update, you can install it with - $ su -c 'dnf --enablerepo=updates-testing update %s' - You can provide feedback for this update here: %s -testing_bug_epel_msg = - If you want to test the update, you can install it with - $ su -c 'yum --enablerepo=epel-testing update %s' - You can provide feedback for this update here: %s -{% else %} -acl_system = pkgdb - -## -## Package DB -## -pkgdb_url = https://admin.fedoraproject.org/pkgdb - -bugtracker = bugzilla -initial_bug_msg = %s has been submitted as an update to %s. %s -stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. -testing_bug_msg = - See https://fedoraproject.org/wiki/QA:Updates_Testing for - instructions on how to install test updates. - You can provide feedback for this update here: %s - -testing_bug_epel_msg = - See https://fedoraproject.org/wiki/QA:Updates_Testing for - instructions on how to install test updates. - You can provide feedback for this update here: %s -{% endif %} - -# The username/password for our bugzilla account comes -# from the bodhi_{email,password} fields. -#bz_cookie = -# Bodhi will avoid touching bugs that are not against the following products -bz_products = Fedora,Fedora EPEL - -{ if env == "staging" %} -bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi -{% else %} -bz_server = https://bugzilla.redhat.com/xmlrpc.cgi -{% endif %} - -## -## Packages that should suggest a reboot -## -reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus - -## -## Critical Path Packages -## https://fedoraproject.org/wiki/Critical_path_package -## - -# Enable this to query the Fedora Package Database for the list of Critical -# Path Packages. If disabled, it'll just use the hardcoded list below. - -{ if env == "production" %} -critpath.type = pkgdb -{% endif %} - -# You can hardcode a list of critical path packages instead of using the PackageDB -{ if env == "staging" %} -critpath.pkgs = kernel -{% endif %} - -# The number of admin approvals it takes to be able to push a critical path -# update to stable for a pending release. -critpath.num_admin_approvals = 0 - -# The net karma required to submit a critial path update to a pending release) -critpath.min_karma = 2 - -# Allow critpath to submit for stable after 2 weeks with no negative karma -critpath.stable_after_days_without_negative_karma = 14 - -# The minimum amount of time an update must spend in testing before -# it can reach the stable repository -fedora.mandatory_days_in_testing = 7 -fedora_epel.mandatory_days_in_testing = 14 - -## -## Release status -## - -# Pre-beta enforces the Pre Beta policy defined here: -# https://fedoraproject.org/wiki/Updates_Policy -#f15.status = 'pre_beta' -#f15.pre_beta.mandatory_days_in_testing = 3 -#f15.pre_beta.critpath.num_admin_approvals = 0 -#f15.pre_beta.critpath.min_karma = 1 - -# For test cases. -f7.status = post_beta -f7.post_beta.mandatory_days_in_testing = 7 -f7.post_beta.critpath.num_admin_approvals = 0 -f7.post_beta.critpath.min_karma = 2 - -# The number of days worth of updates/comments to display -feeds.num_days_to_show = 7 -feeds.max_entries = 20 - -## -## Buildroot Override -## - -# Number of days before expiring overrides -buildroot_overrides.expire_after = 1 - -## -## Groups -## - -# FAS Groups that we want to pay attention to -# When a user logs in, bodhi will look for any of these groups and associate # -# them with the user. They will then appear as the users effective principals in -# the format "group:groupname" and can be used in Pyramid ACE's. -important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig - -# Groups that can push updates for any package -admin_packager_groups = provenpackager releng-team security_respons - -# User must be a member of this group to submit updates -mandatory_packager_groups = packager - -## -## updateinfo.xml configuraiton -## -updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. - -## -## Authentication & Authorization -## - -# pyramid.openid -{ if env == "staging" %} -openid.success_callback = bodhi.server.security:remember_me -openid.provider = https://id.stg.fedoraproject.org/openid/ -openid.url = https://id.stg.fedoraproject.org/ -openid_template = {username}.id.fedoraproject.org -openid.sreg_required = email -{% else %} -openid.success_callback = bodhi.server.security:remember_me -openid.provider = https://id.fedoraproject.org/openid/ -openid.url = https://id.fedoraproject.org/ -openid_template = {username}.id.fedoraproject.org -openid.sreg_required = email -{% endif %} - -## -## Pyramid settings -## -pyramid.reload_templates = false -pyramid.debug_authorization = false -pyramid.debug_notfound = false -pyramid.debug_routematch = false -pyramid.default_locale_name = en - -pyramid.includes = - pyramid_tm - -debugtoolbar.hosts = 127.0.0.1 ::1 - -## -## Database -## -{ if env == "staging" %} -sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db-bodhi/bodhi2 -{% else %} -sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 -{% endif %} - -## -## Templates -## -mako.directories = bodhi:server/templates - -## -## Authentication & Sessions -## - -authtkt.secret = {{ bodhi2AuthTkt }} -session.secret = {{ bodhi2SessionSecret }} -authtkt.secure = true - -# pyramid_beaker -session.type = file -session.data_dir = /var/cache/bodhi/sessions/data -session.lock_dir = /var/cache/bodhi/sessions/lock - -{ if env == "staging" %} -session.key = {{ bodhi2SessionKeySTG }} -{% else %} -session.key = {{ bodhi2SessionKey }} -{% endif %} - -session.cookie_on_exception = true -# Tell the browser to only send the cookie over TLS -session.secure = true -# Create a cookie that is only valid for one day -session.timeout = 86400 -cache.regions = default_term, second, short_term, long_term -cache.type = memory -cache.second.expire = 1 -cache.short_term.expire = 60 -cache.default_term.expire = 300 -cache.long_term.expire = 3600 - -[server:main] -use = egg:waitress#main -host = 0.0.0.0 -port = 6543 - -[pshell] -m = bodhi.server.models -t = transaction -# Begin logging configuration - -[loggers] -keys = root, bodhi, sqlalchemy - -[handlers] -keys = console - -[formatters] -keys = generic - -[logger_root] -level = INFO -handlers = console - -[logger_bodhi] -level = DEBUG -handlers = -qualname = bodhi - -[logger_sqlalchemy] -level = WARN -handlers = -qualname = sqlalchemy.engine -# "level = INFO" logs SQL queries. -# "level = DEBUG" logs SQL queries and results. -# "level = WARN" logs neither. (Recommended for production systems.) - -[handler_console] -class = StreamHandler -args = (sys.stderr,) -level = NOTSET -formatter = generic -[formatter_generic] -format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s - -# End logging configuration \ No newline at end of file +[filter:proxy-prefix] +use = egg:PasteDeploy#prefix +prefix = / +scheme = https + +[app:main] +use = egg:bodhi-server +filter-with = proxy-prefix + +# Release status +# pre-beta enforces the 'Pre Beta' policy defined here: +# https://fedoraproject.org/wiki/Updates_Policy +f26.status = pre_beta + +f26.post_beta.mandatory_days_in_testing = 7 +f26.post_beta.critpath.num_admin_approvals = 0 +f26.post_beta.critpath.min_karma = 2 +f26.post_beta.critpath.stable_after_days_without_negative_karma = 14 + +f26.pre_beta.mandatory_days_in_testing = 3 +f26.pre_beta.critpath.num_admin_approvals = 0 +f26.pre_beta.critpath.min_karma = 1 + +## +## Atomic OSTree support +## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer +## https://github.com/fedora-infra/fedmsg-atomic-composer +## +compose_atomic_trees = true + +## +## Messages +## + +# A notice to flash on the front page +frontpage_notice = + +# A notice to flash on the New Update page +newupdate_notice = + +testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes +not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> +not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> +stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository + +testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. +not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. + +# Libravatar - If this is true libravatar will work as normal. Otherwise, all +# libravatar links will be replaced with the string "libravatar.org" so that +# the tests can still pass. +libravatar_enabled = True +# Set this to true if you want to do federated dns libravatar lookup +libravatar_dns = False + +# Set this to True in order to send fedmsg messages. +fedmsg_enabled = True + + +# Captcha - if 'captcha.secret' is not None, then it will be used for comments +# captcha.secret must be 32 url-safe base64-encoded bytes +# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() +captcha.secret = {{ bodhi2CaptchaSecret }} +# Dimensions +captcha.image_width = 300 +captcha.image_height = 80 +# Any truetype font will do. +captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf +captcha.font_size = 36 +# Colors +captcha.font_color = #000000 +captcha.background_color = #ffffff +# In pixels +captcha.padding = 5 +# If a captcha sits around for this many seconds, it will stop working. +captcha.ttl = 300 + +#datagrepper_url = http://localhost:5000 +datagrepper_url = https://apps.fedoraproject.org/datagrepper +badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands + + +## +## Wiki Test Cases +## + +## Query the wiki for test cases +query_wiki_test_cases = True +wiki_url = https://fedoraproject.org/w/api.php +test_case_base_url = https://fedoraproject.org/wiki/ + +# Email domain to prepend usernames to +default_email_domain = fedoraproject.org + +# domain for generated message IDs +message_id_email_domain = admin.fedoraproject.org + +## +## Mash settings +## + +# If defined, the bodhi masher will ensure that messages are signed with the given cert +{% if ansible_hostname == 'bodhi-backend01' %} +releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org +{% else %} +releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org +{% endif %} + +# The masher is a bodhi instance that is responsible for composing the update +# repositories, regenerating metrics, sending update notices, closing bugs, +# and other costly operations. To set an external masher, set the masher to +# the baseurl of the bodhi instance. If set to None, this bodhi instance +# will act as a masher as well. +#masher = None + +# Where to initially mash repositories +#mash_dir = /var/cache/bodhi/mashing +mash_dir = /mnt/koji/mash/updates + +# Where to symlink the latest repos by their tag name +#mash_stage_dir = /var/cache/bodhi/mashed +mash_stage_dir = /mnt/koji/mash/updates + +mash_conf = /etc/bodhi/mash.conf + +createrepo_cache_dir = /var/cache/createrepo + +## Our periodic jobs +#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates +jobs = cache_release_data refresh_metrics approve_testing_updates + +## Comps configuration +comps_dir = /var/cache/bodhi/comps +comps_url = https://pagure.io/fedora-comps.git + +## +## Mirror settings +## +file_url = https://download.fedoraproject.org/pub/fedora/linux/updates +master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml + +fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml +fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml +fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml + +## The base url of this application +base_address = https://bodhi.fedoraproject.org/ + +## Supported update types +update_types = bugfix enhancement security newpackage + +## Supported architechures +## +## To handle arch name changes between releases, you +## can also configure bodhi to support one arch *or* +## another. For example, EPEL5 mashes produce 'ppc' +## repos, where EPEL6 produces 'ppc64'. To handle this +## scenario, you can specify something like: +## +## arches = ppc/ppc64 +## +arches = x86_64 armhfp i386 + +## +## Email setting +## + +smtp_server = bastion + +# The updates system itself. This email address is used in fetching Bugzilla +# information, as well as email notifications +bodhi_email = updates@xxxxxxxxxxxxxxxxx +bodhi_password = {{ bodhiBugzillaPassword }} + +# The address that gets the requests +release_team_address = bodhiadmin-members@xxxxxxxxxxxxxxxxx + +# The address to notify when security updates are initially added to bodhi +security_team = security_respons-members@xxxxxxxxxxxxxxxxx + +# Public announcement lists +fedora_announce_list = package-announce@xxxxxxxxxxxxxxxxxxxxxxx +fedora_test_announce_list = test@xxxxxxxxxxxxxxxxxxxxxxx +fedora_epel_announce_list = epel-package-announce@xxxxxxxxxxxxxxxxxxxxxxx +fedora_epel_test_announce_list = epel-devel@xxxxxxxxxxxxxxxxxxxxxxx + +# Superuser groups +admin_groups = proventesters security_respons bodhiadmin sysadmin-main + +# Users that we don't want to show up in the "leaderboard(s)" +stats_blacklist = bodhi anonymous autoqa taskotron + +# A list of non-person users +system_users = bodhi autoqa taskotron + +# The max length for an update title before we truncate it in the web ui +max_update_length_for_ui = 70 + +# The number of days used for calculating the 'top testers' metric +top_testers_timeframe = 900 + +# The email address of the proventesters +proventesters_email = proventesters-members@xxxxxxxxxxxxxxxxx + +# Disabled for the initial release. +stacks_enabled = False + +# These are the default requirements that we apply to stacks, packages, and +# updates. Users have free-reign to override them for each kind of entity. At +# the end of the day, we only consider the requirements defined by single +# updates themselves when gating in the backend masher process. +site_requirements = depcheck upgradepath +## Some day we'll have rpmgrill, and that will be cool. Ask tflink. +#site_requirements = depcheck upgradepath rpmgrill + +# Where do we send update announcements to ? +# These variables should be named per: Release.prefix_id.lower()_announce_list +#fedora_announce_list = +#fedora_test_announce_list = +#fedora_epel_announce_list = +#fedora_epel_test_announce_list = + +# Cache settings +dogpile.cache.backend = dogpile.cache.dbm +dogpile.cache.expiration_time = 100 +dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm + +# Exclude sending emails to these users +exclude_mail = autoqa taskotron + +## +## Buildsystem settings +## + +# What buildsystem do we want to use? For development, we'll use a fake +# buildsystem that always does what we tell it to do. For production, we'll +# want to use 'koji'. +buildsystem = koji + +# Koji's XML-RPC hub +koji_hub = https://koji.fedoraproject.org/kojihub + +# Root url of the Koji instance to point to. No trailing slash +koji_url = https://koji.fedoraproject.org + +# URL of where users should go to set up their notifications +fmn_url = https://apps.fedoraproject.org/notifications/ + +# URL of the resultsdb for integrating checks and stuff +resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ +resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ + +fedmenu.url = https://apps.fedoraproject.org/fedmenu +fedmenu.data_url = https://apps.fedoraproject.org/js/data.js + +# Koji Krb stuff +krb_ccache = /tmp/krb5cc_%{uid} +krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} +krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab + +## +## ACL system +## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, +## or 'dummy', which will always return guest credentials (used for local +## development). +## +acl_system = pkgdb + +## +## Package DB +## +pkgdb_url = https://admin.fedoraproject.org/pkgdb + +# We used to get our package tags from pkgdb, but they come from tagger now. +# https://github.com/fedora-infra/fedora-tagger/pull/74 +#pkgtags_url = https://apps.fedoraproject.org/tagger/api/v1/tag/sqlitebuildtags/ + +## +## Bug tracker settings +## +bugtracker = bugzilla + +initial_bug_msg = %s has been submitted as an update to %s. %s +stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. +testing_bug_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s + +testing_bug_epel_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s + +## +## Bugzilla settings. +## + +# The username/password for our bugzilla account comes +# from the bodhi_{email,password} fields. + +bz_server = https://bugzilla.redhat.com/xmlrpc.cgi +#bz_cookie = + +# Bodhi will avoid touching bugs that are not against the following products +bz_products = Fedora,Fedora EPEL + +buglink = https://bugzilla.redhat.com/show_bug.cgi?id=%s + +## +## Packages that should suggest a reboot +## +reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus + +## +## Critical Path Packages +## https://fedoraproject.org/wiki/Critical_path_package +## + +# Enable this to query the Fedora Package Database for the list of Critical +# Path Packages. If disabled, it'll just use the hardcoded list below. +critpath.type = pkgdb + +# You can hardcode a list of critical path packages instead of using the PackageDB +#critpath_pkgs = kernel + +# The number of admin approvals it takes to be able to push a critical path +# update to stable for a pending release. +critpath.num_admin_approvals = 0 + +# The net karma required to submit a critial path update to a pending release) +critpath.min_karma = 2 + +# Allow critpath to submit for stable after 2 weeks with no negative karma +critpath.stable_after_days_without_negative_karma = 14 + +# The minimum amount of time an update must spend in testing before +# it can reach the stable repository +fedora.mandatory_days_in_testing = 7 +fedora_epel.mandatory_days_in_testing = 14 + +## +## Release status +## + +# Pre-beta enforces the Pre Beta policy defined here: +# https://fedoraproject.org/wiki/Updates_Policy +#f15.status = 'pre_beta' +#f15.pre_beta.mandatory_days_in_testing = 3 +#f15.pre_beta.critpath.num_admin_approvals = 0 +#f15.pre_beta.critpath.min_karma = 1 + +# For test cases. +f7.status = post_beta +f7.post_beta.mandatory_days_in_testing = 7 +f7.post_beta.critpath.num_admin_approvals = 0 +f7.post_beta.critpath.min_karma = 2 + +# The number of days worth of updates/comments to display +feeds.num_days_to_show = 7 +feeds.max_entries = 20 + +## +## Buildroot Override +## + +# Number of days before expiring overrides +buildroot_overrides.expire_after = 1 + +## +## Groups +## + +# FAS Groups that we want to pay attention to +# When a user logs in, bodhi will look for any of these groups and associate # +# them with the user. They will then appear as the users effective principals in +# the format "group:groupname" and can be used in Pyramid ACE's. +important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig + +# Groups that can push updates for any package +admin_packager_groups = provenpackager releng-team security_respons + +# User must be a member of this group to submit updates +mandatory_packager_groups = packager + +## +## updateinfo.xml configuraiton +## +updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. + +## +## Authentication & Authorization +## + +# pyramid.openid +openid.success_callback = bodhi.server.security:remember_me +openid.provider = https://id.fedoraproject.org/openid/ +openid.url = https://id.fedoraproject.org/ +openid_template = {username}.id.fedoraproject.org +openid.sreg_required = email + +# CORS allowed origins for cornice services +# This can be wide-open. read-only, we don't care as much about. +cors_origins_ro = * +# This should be more locked down to avoid cross-site request forgery. +cors_origins_rw = https://bodhi.fedoraproject.org +cors_connect_src = https://*.fedoraproject.org/ wss://hub.fedoraproject.org:9939/ + + +## +## Pyramid settings +## +pyramid.reload_templates = false +pyramid.debug_authorization = false +pyramid.debug_notfound = false +pyramid.debug_routematch = false +pyramid.default_locale_name = en + +pyramid.includes = + pyramid_tm + +debugtoolbar.hosts = 127.0.0.1 ::1 + +## +## Database +## +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 + +## +## Templates +## +mako.directories = bodhi:server/templates + +## +## Authentication & Sessions +## + +authtkt.secret = {{ bodhi2AuthTkt }} +session.secret = {{ bodhi2SessionSecret }} +authtkt.secure = true +# How long should an authorization ticket be valid for, in seconds? Defaults to one day. +authtkt.timeout = 1209600 + +# pyramid_beaker +session.type = file +session.data_dir = /var/cache/bodhi/sessions/data +session.lock_dir = /var/cache/bodhi/sessions/lock +session.key = {{ bodhi2SessionKey }} +session.cookie_on_exception = true +# Tell the browser to only send the cookie over TLS +session.secure = true +# Create a cookie that is only valid for one day +session.timeout = 86400 +cache.regions = default_term, second, short_term, long_term +cache.type = memory +cache.second.expire = 1 +cache.short_term.expire = 60 +cache.default_term.expire = 300 +cache.long_term.expire = 3600 + +[server:main] +use = egg:waitress#main +host = 0.0.0.0 +port = 6543 + +[pshell] +m = bodhi.server.models +#db = bodhi.server.models.DBSession +t = transaction + +# Begin logging configuration + +[loggers] +keys = root, bodhi, sqlalchemy + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = INFO +handlers = console + +[logger_bodhi] +level = DEBUG +handlers = +qualname = bodhi + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine +# "level = INFO" logs SQL queries. +# "level = DEBUG" logs SQL queries and results. +# "level = WARN" logs neither. (Recommended for production systems.) + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic + +[formatter_generic] +format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s + +# End logging configuration diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2 index 31fcf12..82fc999 100644 --- a/roles/bodhi2/base/templates/production.ini.j2 +++ b/roles/bodhi2/base/templates/production.ini.j2 @@ -1,511 +1,576 @@ -[filter:proxy-prefix] -use = egg:PasteDeploy#prefix -prefix = / -scheme = https - -[app:main] -use = egg:bodhi-server -filter-with = proxy-prefix - -# Release status -# pre-beta enforces the 'Pre Beta' policy defined here: -# https://fedoraproject.org/wiki/Updates_Policy -f26.status = pre_beta - -f26.post_beta.mandatory_days_in_testing = 7 -f26.post_beta.critpath.num_admin_approvals = 0 -f26.post_beta.critpath.min_karma = 2 -f26.post_beta.critpath.stable_after_days_without_negative_karma = 14 - -f26.pre_beta.mandatory_days_in_testing = 3 -f26.pre_beta.critpath.num_admin_approvals = 0 -f26.pre_beta.critpath.min_karma = 1 - -## -## Atomic OSTree support -## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer -## https://github.com/fedora-infra/fedmsg-atomic-composer -## -compose_atomic_trees = true - -## -## Messages -## - -# A notice to flash on the front page -frontpage_notice = - -# A notice to flash on the New Update page -newupdate_notice = - -testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes -not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> -not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> -stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository - -testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. -not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. - -# Libravatar - If this is true libravatar will work as normal. Otherwise, all -# libravatar links will be replaced with the string "libravatar.org" so that -# the tests can still pass. -libravatar_enabled = True -# Set this to true if you want to do federated dns libravatar lookup -libravatar_dns = False - -# Set this to True in order to send fedmsg messages. -fedmsg_enabled = True - - -# Captcha - if 'captcha.secret' is not None, then it will be used for comments -# captcha.secret must be 32 url-safe base64-encoded bytes -# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() -captcha.secret = {{ bodhi2CaptchaSecret }} -# Dimensions -captcha.image_width = 300 -captcha.image_height = 80 -# Any truetype font will do. -captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf -captcha.font_size = 36 -# Colors -captcha.font_color = #000000 -captcha.background_color = #ffffff -# In pixels -captcha.padding = 5 -# If a captcha sits around for this many seconds, it will stop working. -captcha.ttl = 300 - -#datagrepper_url = http://localhost:5000 -datagrepper_url = https://apps.fedoraproject.org/datagrepper -badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands - - -## -## Wiki Test Cases -## - -## Query the wiki for test cases -query_wiki_test_cases = True -wiki_url = https://fedoraproject.org/w/api.php -test_case_base_url = https://fedoraproject.org/wiki/ - -# Email domain to prepend usernames to -default_email_domain = fedoraproject.org - -# domain for generated message IDs -message_id_email_domain = admin.fedoraproject.org - -## -## Mash settings -## - -# If defined, the bodhi masher will ensure that messages are signed with the given cert -{% if ansible_hostname == 'bodhi-backend01' %} -releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org -{% else %} -releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org -{% endif %} - -# The masher is a bodhi instance that is responsible for composing the update -# repositories, regenerating metrics, sending update notices, closing bugs, -# and other costly operations. To set an external masher, set the masher to -# the baseurl of the bodhi instance. If set to None, this bodhi instance -# will act as a masher as well. -#masher = None - -# Where to initially mash repositories -#mash_dir = /var/cache/bodhi/mashing -mash_dir = /mnt/koji/mash/updates - -# Where to symlink the latest repos by their tag name -#mash_stage_dir = /var/cache/bodhi/mashed -mash_stage_dir = /mnt/koji/mash/updates - -mash_conf = /etc/bodhi/mash.conf - -createrepo_cache_dir = /var/cache/createrepo - -## Our periodic jobs -#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates -jobs = cache_release_data refresh_metrics approve_testing_updates - -## Comps configuration -comps_dir = /var/cache/bodhi/comps -comps_url = https://pagure.io/fedora-comps.git - -## -## Mirror settings -## -file_url = https://download.fedoraproject.org/pub/fedora/linux/updates -master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml -fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml -fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml - -fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml -fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml -fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml -fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml - -## The base url of this application -base_address = https://bodhi.fedoraproject.org/ - -## Supported update types -update_types = bugfix enhancement security newpackage - -## Supported architechures -## -## To handle arch name changes between releases, you -## can also configure bodhi to support one arch *or* -## another. For example, EPEL5 mashes produce 'ppc' -## repos, where EPEL6 produces 'ppc64'. To handle this -## scenario, you can specify something like: -## -## arches = ppc/ppc64 -## -arches = x86_64 armhfp i386 - -## -## Email setting -## - -smtp_server = bastion - -# The updates system itself. This email address is used in fetching Bugzilla -# information, as well as email notifications -bodhi_email = updates@xxxxxxxxxxxxxxxxx -bodhi_password = {{ bodhiBugzillaPassword }} - -# The address that gets the requests -release_team_address = bodhiadmin-members@xxxxxxxxxxxxxxxxx - -# The address to notify when security updates are initially added to bodhi -security_team = security_respons-members@xxxxxxxxxxxxxxxxx - -# Public announcement lists -fedora_announce_list = package-announce@xxxxxxxxxxxxxxxxxxxxxxx -fedora_test_announce_list = test@xxxxxxxxxxxxxxxxxxxxxxx -fedora_epel_announce_list = epel-package-announce@xxxxxxxxxxxxxxxxxxxxxxx -fedora_epel_test_announce_list = epel-devel@xxxxxxxxxxxxxxxxxxxxxxx - -# Superuser groups -admin_groups = proventesters security_respons bodhiadmin sysadmin-main - -# Users that we don't want to show up in the "leaderboard(s)" -stats_blacklist = bodhi anonymous autoqa taskotron - -# A list of non-person users -system_users = bodhi autoqa taskotron - -# The max length for an update title before we truncate it in the web ui -max_update_length_for_ui = 70 - -# The number of days used for calculating the 'top testers' metric -top_testers_timeframe = 900 - -# The email address of the proventesters -proventesters_email = proventesters-members@xxxxxxxxxxxxxxxxx - -# Disabled for the initial release. -stacks_enabled = False - -# These are the default requirements that we apply to stacks, packages, and -# updates. Users have free-reign to override them for each kind of entity. At -# the end of the day, we only consider the requirements defined by single -# updates themselves when gating in the backend masher process. -site_requirements = depcheck upgradepath -## Some day we'll have rpmgrill, and that will be cool. Ask tflink. -#site_requirements = depcheck upgradepath rpmgrill - -# Where do we send update announcements to ? -# These variables should be named per: Release.prefix_id.lower()_announce_list -#fedora_announce_list = -#fedora_test_announce_list = -#fedora_epel_announce_list = -#fedora_epel_test_announce_list = - -# Cache settings -dogpile.cache.backend = dogpile.cache.dbm -dogpile.cache.expiration_time = 100 -dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm - -# Exclude sending emails to these users -exclude_mail = autoqa taskotron - -## -## Buildsystem settings -## - -# What buildsystem do we want to use? For development, we'll use a fake -# buildsystem that always does what we tell it to do. For production, we'll -# want to use 'koji'. -buildsystem = koji - -# Koji's XML-RPC hub -koji_hub = https://koji.fedoraproject.org/kojihub - -# Root url of the Koji instance to point to. No trailing slash -koji_url = https://koji.fedoraproject.org - -# URL of where users should go to set up their notifications -fmn_url = https://apps.fedoraproject.org/notifications/ - -# URL of the resultsdb for integrating checks and stuff -resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ -resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ - -fedmenu.url = https://apps.fedoraproject.org/fedmenu -fedmenu.data_url = https://apps.fedoraproject.org/js/data.js - -# Koji Krb stuff -krb_ccache = /tmp/krb5cc_%{uid} -krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} -krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab - -## -## ACL system -## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, -## or 'dummy', which will always return guest credentials (used for local -## development). -## -acl_system = pkgdb - -## -## Package DB -## -pkgdb_url = https://admin.fedoraproject.org/pkgdb - -# We used to get our package tags from pkgdb, but they come from tagger now. -# https://github.com/fedora-infra/fedora-tagger/pull/74 -#pkgtags_url = https://apps.fedoraproject.org/tagger/api/v1/tag/sqlitebuildtags/ - -## -## Bug tracker settings -## -bugtracker = bugzilla - -initial_bug_msg = %s has been submitted as an update to %s. %s -stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. -testing_bug_msg = - See https://fedoraproject.org/wiki/QA:Updates_Testing for - instructions on how to install test updates. - You can provide feedback for this update here: %s - -testing_bug_epel_msg = - See https://fedoraproject.org/wiki/QA:Updates_Testing for - instructions on how to install test updates. - You can provide feedback for this update here: %s - -## -## Bugzilla settings. -## - -# The username/password for our bugzilla account comes -# from the bodhi_{email,password} fields. - -bz_server = https://bugzilla.redhat.com/xmlrpc.cgi -#bz_cookie = - -# Bodhi will avoid touching bugs that are not against the following products -bz_products = Fedora,Fedora EPEL - -buglink = https://bugzilla.redhat.com/show_bug.cgi?id=%s - -## -## Packages that should suggest a reboot -## -reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus - -## -## Critical Path Packages -## https://fedoraproject.org/wiki/Critical_path_package -## - -# Enable this to query the Fedora Package Database for the list of Critical -# Path Packages. If disabled, it'll just use the hardcoded list below. -critpath.type = pkgdb - -# You can hardcode a list of critical path packages instead of using the PackageDB -#critpath_pkgs = kernel - -# The number of admin approvals it takes to be able to push a critical path -# update to stable for a pending release. -critpath.num_admin_approvals = 0 - -# The net karma required to submit a critial path update to a pending release) -critpath.min_karma = 2 - -# Allow critpath to submit for stable after 2 weeks with no negative karma -critpath.stable_after_days_without_negative_karma = 14 - -# The minimum amount of time an update must spend in testing before -# it can reach the stable repository -fedora.mandatory_days_in_testing = 7 -fedora_epel.mandatory_days_in_testing = 14 - -## -## Release status -## - -# Pre-beta enforces the Pre Beta policy defined here: -# https://fedoraproject.org/wiki/Updates_Policy -#f15.status = 'pre_beta' -#f15.pre_beta.mandatory_days_in_testing = 3 -#f15.pre_beta.critpath.num_admin_approvals = 0 -#f15.pre_beta.critpath.min_karma = 1 - -# For test cases. -f7.status = post_beta -f7.post_beta.mandatory_days_in_testing = 7 -f7.post_beta.critpath.num_admin_approvals = 0 -f7.post_beta.critpath.min_karma = 2 - -# The number of days worth of updates/comments to display -feeds.num_days_to_show = 7 -feeds.max_entries = 20 - -## -## Buildroot Override -## - -# Number of days before expiring overrides -buildroot_overrides.expire_after = 1 - -## -## Groups -## - -# FAS Groups that we want to pay attention to -# When a user logs in, bodhi will look for any of these groups and associate # -# them with the user. They will then appear as the users effective principals in -# the format "group:groupname" and can be used in Pyramid ACE's. -important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig - -# Groups that can push updates for any package -admin_packager_groups = provenpackager releng-team security_respons - -# User must be a member of this group to submit updates -mandatory_packager_groups = packager - -## -## updateinfo.xml configuraiton -## -updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. - -## -## Authentication & Authorization -## - -# pyramid.openid -openid.success_callback = bodhi.server.security:remember_me -openid.provider = https://id.fedoraproject.org/openid/ -openid.url = https://id.fedoraproject.org/ -openid_template = {username}.id.fedoraproject.org -openid.sreg_required = email - -# CORS allowed origins for cornice services -# This can be wide-open. read-only, we don't care as much about. -cors_origins_ro = * -# This should be more locked down to avoid cross-site request forgery. -cors_origins_rw = https://bodhi.fedoraproject.org -cors_connect_src = https://*.fedoraproject.org/ wss://hub.fedoraproject.org:9939/ - - -## -## Pyramid settings -## -pyramid.reload_templates = false -pyramid.debug_authorization = false -pyramid.debug_notfound = false -pyramid.debug_routematch = false -pyramid.default_locale_name = en - -pyramid.includes = - pyramid_tm - -debugtoolbar.hosts = 127.0.0.1 ::1 - -## -## Database -## -sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 - -## -## Templates -## -mako.directories = bodhi:server/templates - -## -## Authentication & Sessions -## - -authtkt.secret = {{ bodhi2AuthTkt }} -session.secret = {{ bodhi2SessionSecret }} -authtkt.secure = true -# How long should an authorization ticket be valid for, in seconds? Defaults to one day. -authtkt.timeout = 1209600 - -# pyramid_beaker -session.type = file -session.data_dir = /var/cache/bodhi/sessions/data -session.lock_dir = /var/cache/bodhi/sessions/lock -session.key = {{ bodhi2SessionKey }} -session.cookie_on_exception = true -# Tell the browser to only send the cookie over TLS -session.secure = true -# Create a cookie that is only valid for one day -session.timeout = 86400 -cache.regions = default_term, second, short_term, long_term -cache.type = memory -cache.second.expire = 1 -cache.short_term.expire = 60 -cache.default_term.expire = 300 -cache.long_term.expire = 3600 - -[server:main] -use = egg:waitress#main -host = 0.0.0.0 -port = 6543 - -[pshell] -m = bodhi.server.models -#db = bodhi.server.models.DBSession -t = transaction - -# Begin logging configuration - -[loggers] -keys = root, bodhi, sqlalchemy - -[handlers] -keys = console - -[formatters] -keys = generic - -[logger_root] -level = INFO -handlers = console - -[logger_bodhi] -level = DEBUG -handlers = -qualname = bodhi - -[logger_sqlalchemy] -level = WARN -handlers = -qualname = sqlalchemy.engine -# "level = INFO" logs SQL queries. -# "level = DEBUG" logs SQL queries and results. -# "level = WARN" logs neither. (Recommended for production systems.) - -[handler_console] -class = StreamHandler -args = (sys.stderr,) -level = NOTSET -formatter = generic - -[formatter_generic] -format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s - -# End logging configuration +[filter:proxy-prefix] +use = egg:PasteDeploy#prefix +prefix = / +scheme = https + +[app:main] +use = egg:bodhi-server +filter-with = proxy-prefix + + +#Misc Info at beginning of files + #PRD Info: + # Release status + # pre-beta enforces the 'Pre Beta' policy defined here: + # https://fedoraproject.org/wiki/Updates_Policy + f26.status = pre_beta + + f26.post_beta.mandatory_days_in_testing = 7 + f26.post_beta.critpath.num_admin_approvals = 0 + f26.post_beta.critpath.min_karma = 2 + f26.post_beta.critpath.stable_after_days_without_neg ative_karma = 14 + + f26.pre_beta.mandatory_days_in_testing = 3 + f26.pre_beta.critpath.num_admin_approvals = 0 + f26.pre_beta.critpath.min_karma = 1 + ## Atomic OSTree support + ## This will compose Atomic OSTrees during the push process using the fedmsg-atomic-composer + ## https://github.com/fedora-infra/ fedmsg-atomic-composer + ## + compose_atomic_trees = true + +## +## Messages +## + +# A notice to flash on the front page +frontpage_notice = + +# A notice to flash on the New Update page +newupdate_notice = + +testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes +not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria";>Package Update Acceptance Criteria</a> +not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy";>EPEL Updates Policy</a> +stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository + + + testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes. + not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold. + + +# Libravatar - If this is true libravatar will work as normal. Otherwise, all +# libravatar links will be replaced with the string "libravatar.org" so that +# the tests can still pass. +libravatar_enabled = True +# Set this to true if you want to do federated dns libravatar lookup +libravatar_dns = False + +# Set this to True in order to send fedmsg messages. +fedmsg_enabled = True + +# Captcha - if 'captcha.secret' is not None, then it will be used for comments +# captcha.secret must be 32 url-safe base64-encoded bytes +# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key() + +{% if env == "staging" %} +captcha.secret = {{ bodhi2CaptchaSecretSTG }} +{% else %} +captcha.secret = {{ bodhi2CaptchaSecret }} +{% endif %} +# Dimensions +captcha.image_width = 300 +captcha.image_height = 80 +# Any truetype font will do. +captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf +captcha.font_size = 36 +# Colors +captcha.font_color = #000000 +captcha.background_color = #ffffff +# In pixels +captcha.padding = 5 +# If a captcha sits around for this many seconds, it will stop working. +captcha.ttl = 300 + +{% if env == "staging" %} +datagrepper_url = https://apps.stg.fedoraproject.org/datagrepper +badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands +{% else %} +datagrepper_url = https://apps.fedoraproject.org/datagrepper +badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands +{% endif %} + +## +## Wiki Test Cases +## + +## Query the wiki for test cases +query_wiki_test_cases = False +wiki_url = https://fedoraproject.org/w/api.php +test_case_base_url = https://fedoraproject.org/wiki/ + +# Email domain to prepend usernames to +default_email_domain = fedoraproject.org + +# domain for generated message IDs +{% if env == "staging" %} +message_id_email_domain = admin.stg.fedoraproject.org +{% else %} +message_id_email_domain = admin.fedoraproject.org +{% endif %} + +## +## Mash settings +## + +# If defined, the bodhi masher will ensure that messages are signed with the given cert +{% if env == "staging" %} +releng_fedmsg_certname = shell-bodhi-backend01.stg.phx2.fedoraproject.org +{% else %} +{% if ansible_hostname == 'bodhi-backend01' %} +releng_fedmsg_certname = shell-bodhi-backend01.phx2.fedoraproject.org +{% else %} +releng_fedmsg_certname = shell-bodhi-backend03.phx2.fedoraproject.org +{% endif %} +{% endif %} + +# The masher is a bodhi instance that is responsible for composing the update +# repositories, regenerating metrics, sending update notices, closing bugs, +# and other costly operations. To set an external masher, set the masher to +# the baseurl of the bodhi instance. If set to None, this bodhi instance +# will act as a masher as well. +#masher = None + +# Where to initially mash repositories +{% if env == "staging" %} +mash_dir = /var/cache/bodhi/mashing +{% else %} +mash_stage_dir = /mnt/koji/mash/updates +{% endif %} + +mash_conf = /etc/bodhi/mash.conf + +createrepo_cache_dir = /var/cache/createrepo + +## Our periodic jobs +#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates +jobs = cache_release_data refresh_metrics approve_testing_updates + +## Comps configuration +comps_dir = /var/cache/bodhi/comps +comps_url = https://pagure.io/fedora-comps.git + +## +## Mirror settings +## + +file_url = https://download.fedoraproject.org/pub/fedora/linux/updates +master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_epel_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml + +fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml +fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml +fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml +fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml + +## The base url of this application +{% if env == "staging" %} +base_address = https://bodhi.stg.fedoraproject.org/ +{% else %} +base_address = https://bodhi.fedoraproject.org/ +{% endif %} + +## Supported update types +update_types = bugfix enhancement security newpackage + +## Supported architechures +## +## To handle arch name changes between releases, you +## can also configure bodhi to support one arch *or* +## another. For example, EPEL5 mashes produce 'ppc' +## repos, where EPEL6 produces 'ppc64'. To handle this +## scenario, you can specify something like: +## +## arches = ppc/ppc64 +## +arches = i386 x86_64 armhfp + + +## +## Email setting +## + +{ if env == "production" } +smtp_server = bastion + +# The updates system itself. This email address is used in fetching Bugzilla +# information, as well as email notifications +bodhi_email = updates@xxxxxxxxxxxxxxxxx +bodhi_password = {{ bodhiBugzillaPassword }} +{% else %} +bodhi_email = updates@xxxxxxxxxxxxxxxxx +{% endif %} + +# The address that gets the requests +release_team_address = bodhiadmin-members@xxxxxxxxxxxxxxxxx + +# The address to notify when security updates are initially added to bodhi +security_team = security_respons-members@xxxxxxxxxxxxxxxxx + +# Public announcement lists +fedora_announce_list = package-announce@xxxxxxxxxxxxxxxxxxxxxxx +fedora_test_announce_list = test@xxxxxxxxxxxxxxxxxxxxxxx +fedora_epel_announce_list = epel-package-announce@xxxxxxxxxxxxxxxxxxxxxxx +fedora_epel_test_announce_list = epel-devel@xxxxxxxxxxxxxxxxxxxxxxx + +# Superuser groups +admin_groups = proventesters security_respons bodhiadmin sysadmin-main + +# Users that we don't want to show up in the "leaderboard(s)" +stats_blacklist = bodhi anonymous autoqa taskotron + +# A list of non-person users +system_users = bodhi autoqa taskotron + +# The max length for an update title before we truncate it in the web ui +max_update_length_for_ui = 70 + +# The number of days used for calculating the 'top testers' metric +top_testers_timeframe = 900 + +# The email address of the proventesters +proventesters_email = proventesters-members@xxxxxxxxxxxxxxxxx + +# Disabled for the initial release. +stacks_enabled = False + +# These are the default requirements that we apply to stacks, packages, and +# updates. Users have free-reign to override them for each kind of entity. At +# the end of the day, we only consider the requirements defined by single +# updates themselves when gating in the backend masher process. +site_requirements = depcheck upgradepath +## Some day we'll have rpmgrill, and that will be cool. Ask tflink. +#site_requirements = depcheck upgradepath rpmgrill + +# Where do we send update announcements to ? +# These variables should be named per: Release.prefix_id.lower()_announce_list +#fedora_announce_list = +#fedora_test_announce_list = +#fedora_epel_announce_list = +#fedora_epel_test_announce_list = + +# Cache settings +dogpile.cache.backend = dogpile.cache.dbm +dogpile.cache.expiration_time = 100 +dogpile.cache.arguments.filename = /var/cache/bodhi/dogpile-cache.dbm + +# Exclude sending emails to these users +exclude_mail = autoqa taskotron + +## +## Buildsystem settings +## + +# What buildsystem do we want to use? For development, we'll use a fake +# buildsystem that always does what we tell it to do. For production, we'll +# want to use 'koji'. +buildsystem = koji + +# Koji's XML-RPC hub +{ if env == "staging" %} +koji_hub = https://koji.stg.fedoraproject.org/kojihub + +# Root url of the Koji instance to point to. No trailing slash +koji_url = http://koji.stg.fedoraproject.org + +# URL of where users should go to set up their notifications +fmn_url = https://apps.stg.fedoraproject.org/notifications/ + +# URL of the resultsdb for integrating checks and stuff +resultsdb_url = https://taskotron.stg.fedoraproject.org/resultsdb/ +resultsdb_api_url = https://taskotron.stg.fedoraproject.org/resultsdb_api/ + +fedmenu.url = https://apps.stg.fedoraproject.org/fedmenu +fedmenu.data_url = https://apps.stg.fedoraproject.org/js/data.js +{% else %} +# Koji's XML-RPC hub +koji_hub = https://koji.fedoraproject.org/kojihub + +# Root url of the Koji instance to point to. No trailing slash +koji_url = https://koji.fedoraproject.org + +# URL of where users should go to set up their notifications +fmn_url = https://apps.fedoraproject.org/notifications/ + +# URL of the resultsdb for integrating checks and stuff +resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/ +resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/ + +fedmenu.url = https://apps.fedoraproject.org/fedmenu +fedmenu.data_url = https://apps.fedoraproject.org/js/data.js +{% endif %} + +# Koji Krb stuff +krb_ccache = /tmp/krb5cc_%{uid} +krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }} +krb_keytab = /etc/krb5.bodhi_bodhi{{ env_suffix }}.fedoraproject.org.keytab + +## +## ACL system +## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below, +## or 'dummy', which will always return guest credentials (used for local +## development). +## + +{ if env == "staging" %} +acl_system = dummy + +## +## Package DB +## +pkgdb_url = https://admin.stg.fedoraproject.org/pkgdb + +initial_bug_msg = %s has been submitted as an update to %s. %s +stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. +testing_bug_msg = + If you want to test the update, you can install it with + $ su -c 'dnf --enablerepo=updates-testing update %s' + You can provide feedback for this update here: %s +testing_bug_epel_msg = + If you want to test the update, you can install it with + $ su -c 'yum --enablerepo=epel-testing update %s' + You can provide feedback for this update here: %s +{% else %} +acl_system = pkgdb + +## +## Package DB +## +pkgdb_url = https://admin.fedoraproject.org/pkgdb + +bugtracker = bugzilla +initial_bug_msg = %s has been submitted as an update to %s. %s +stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report. +testing_bug_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s + +testing_bug_epel_msg = + See https://fedoraproject.org/wiki/QA:Updates_Testing for + instructions on how to install test updates. + You can provide feedback for this update here: %s +{% endif %} + +# The username/password for our bugzilla account comes +# from the bodhi_{email,password} fields. +#bz_cookie = +# Bodhi will avoid touching bugs that are not against the following products +bz_products = Fedora,Fedora EPEL + +{ if env == "staging" %} +bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi +{% else %} +bz_server = https://bugzilla.redhat.com/xmlrpc.cgi +{% endif %} + +## +## Packages that should suggest a reboot +## +reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus + +## +## Critical Path Packages +## https://fedoraproject.org/wiki/Critical_path_package +## + +# Enable this to query the Fedora Package Database for the list of Critical +# Path Packages. If disabled, it'll just use the hardcoded list below. + +{ if env == "production" %} +critpath.type = pkgdb +{% endif %} + +# You can hardcode a list of critical path packages instead of using the PackageDB +{ if env == "staging" %} +critpath.pkgs = kernel +{% endif %} + +# The number of admin approvals it takes to be able to push a critical path +# update to stable for a pending release. +critpath.num_admin_approvals = 0 + +# The net karma required to submit a critial path update to a pending release) +critpath.min_karma = 2 + +# Allow critpath to submit for stable after 2 weeks with no negative karma +critpath.stable_after_days_without_negative_karma = 14 + +# The minimum amount of time an update must spend in testing before +# it can reach the stable repository +fedora.mandatory_days_in_testing = 7 +fedora_epel.mandatory_days_in_testing = 14 + +## +## Release status +## + +# Pre-beta enforces the Pre Beta policy defined here: +# https://fedoraproject.org/wiki/Updates_Policy +#f15.status = 'pre_beta' +#f15.pre_beta.mandatory_days_in_testing = 3 +#f15.pre_beta.critpath.num_admin_approvals = 0 +#f15.pre_beta.critpath.min_karma = 1 + +# For test cases. +f7.status = post_beta +f7.post_beta.mandatory_days_in_testing = 7 +f7.post_beta.critpath.num_admin_approvals = 0 +f7.post_beta.critpath.min_karma = 2 + +# The number of days worth of updates/comments to display +feeds.num_days_to_show = 7 +feeds.max_entries = 20 + +## +## Buildroot Override +## + +# Number of days before expiring overrides +buildroot_overrides.expire_after = 1 + +## +## Groups +## + +# FAS Groups that we want to pay attention to +# When a user logs in, bodhi will look for any of these groups and associate # +# them with the user. They will then appear as the users effective principals in +# the format "group:groupname" and can be used in Pyramid ACE's. +important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig + +# Groups that can push updates for any package +admin_packager_groups = provenpackager releng-team security_respons + +# User must be a member of this group to submit updates +mandatory_packager_groups = packager + +## +## updateinfo.xml configuraiton +## +updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others. + +## +## Authentication & Authorization +## + +# pyramid.openid +{ if env == "staging" %} +openid.success_callback = bodhi.server.security:remember_me +openid.provider = https://id.stg.fedoraproject.org/openid/ +openid.url = https://id.stg.fedoraproject.org/ +openid_template = {username}.id.fedoraproject.org +openid.sreg_required = email +{% else %} +openid.success_callback = bodhi.server.security:remember_me +openid.provider = https://id.fedoraproject.org/openid/ +openid.url = https://id.fedoraproject.org/ +openid_template = {username}.id.fedoraproject.org +openid.sreg_required = email +{% endif %} + +## +## Pyramid settings +## +pyramid.reload_templates = false +pyramid.debug_authorization = false +pyramid.debug_notfound = false +pyramid.debug_routematch = false +pyramid.default_locale_name = en + +pyramid.includes = + pyramid_tm + +debugtoolbar.hosts = 127.0.0.1 ::1 + +## +## Database +## +{ if env == "staging" %} +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@db-bodhi/bodhi2 +{% else %} +sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi/bodhi2 +{% endif %} + +## +## Templates +## +mako.directories = bodhi:server/templates + +## +## Authentication & Sessions +## + +authtkt.secret = {{ bodhi2AuthTkt }} +session.secret = {{ bodhi2SessionSecret }} +authtkt.secure = true + +# pyramid_beaker +session.type = file +session.data_dir = /var/cache/bodhi/sessions/data +session.lock_dir = /var/cache/bodhi/sessions/lock + +{ if env == "staging" %} +session.key = {{ bodhi2SessionKeySTG }} +{% else %} +session.key = {{ bodhi2SessionKey }} +{% endif %} + +session.cookie_on_exception = true +# Tell the browser to only send the cookie over TLS +session.secure = true +# Create a cookie that is only valid for one day +session.timeout = 86400 +cache.regions = default_term, second, short_term, long_term +cache.type = memory +cache.second.expire = 1 +cache.short_term.expire = 60 +cache.default_term.expire = 300 +cache.long_term.expire = 3600 + +[server:main] +use = egg:waitress#main +host = 0.0.0.0 +port = 6543 + +[pshell] +m = bodhi.server.models +t = transaction +# Begin logging configuration + +[loggers] +keys = root, bodhi, sqlalchemy + +[handlers] +keys = console + +[formatters] +keys = generic + +[logger_root] +level = INFO +handlers = console + +[logger_bodhi] +level = DEBUG +handlers = +qualname = bodhi + +[logger_sqlalchemy] +level = WARN +handlers = +qualname = sqlalchemy.engine +# "level = INFO" logs SQL queries. +# "level = DEBUG" logs SQL queries and results. +# "level = WARN" logs neither. (Recommended for production systems.) + +[handler_console] +class = StreamHandler +args = (sys.stderr,) +level = NOTSET +formatter = generic +[formatter_generic] +format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s + +# End logging configuration -- 2.9.4
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
