758 lines
33 KiB
Django/Jinja
758 lines
33 KiB
Django/Jinja
# The commented values in this config file represent the defaults.
|
|
[filter:proxy-prefix]
|
|
use = egg:PasteDeploy#prefix
|
|
prefix = /
|
|
scheme = https
|
|
|
|
[app:main]
|
|
use = egg:bodhi-server
|
|
filter-with = proxy-prefix
|
|
|
|
##
|
|
## Messages
|
|
##
|
|
|
|
# The approve-testing scheduled task will post this message as a comment from the bodhi user on
|
|
# updates that reach the required time in testing if they are not stable yet. Positional
|
|
# substitution is used, and the %%d will be replaced with the time in testing required for the
|
|
# update.
|
|
# testing_approval_msg = This update has reached %%d days in testing and can be pushed to stable now if the maintainer wishes
|
|
|
|
# not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a>
|
|
|
|
# not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy">EPEL Update Policy</a>
|
|
|
|
# Bodhi will post this comment on Updates that don't use autokarma when they reach the stable
|
|
# threshold.
|
|
# testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
|
|
|
|
# The comment that Bodhi will post on updates when a user posts negative karma.
|
|
# disable_automatic_push_to_stable = Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.
|
|
|
|
# Libravatar - If this is true libravatar will work as normal. Otherwise, all
|
|
# libravatar links will be replaced with the string "libravatar.org" so that
|
|
# the tests can still pass.
|
|
# libravatar_enabled = True
|
|
|
|
# Set this to true if you want to do federated dns libravatar lookup
|
|
# libravatar_dns = False
|
|
|
|
# If libravatar_dns is True, libravatar_prefer_tls will define what gets handed to
|
|
# libravatar.libravatar_url()'s https setting. Defaults to True.
|
|
# libravatar_prefer_tls =
|
|
|
|
|
|
##
|
|
### Legal
|
|
###
|
|
#
|
|
## If you set this, Bodhi will display a link in the footer called "Legal" that points to the
|
|
## supplied link.
|
|
legal_link = https://fedoraproject.org/wiki/Legal:Main
|
|
## If you set this, Bodhi will display a link in the footer called "Privacy policy" that points to
|
|
## the supplied link. It will also link the privacy policy under the comment box.
|
|
privacy_link = https://fedoraproject.org/wiki/Legal:PrivacyPolicy
|
|
|
|
|
|
# Captcha - if 'captcha.secret' is set, then it will be used for comments. Comment it to turn it
|
|
# off. captcha.secret must be 32 url-safe base64-encoded bytes.
|
|
# You can generate one with >>> cryptography.fernet.Fernet.generate_key()
|
|
# captcha.secret = CHANGEME
|
|
captcha.secret = {{ bodhi2CaptchaSecret }}
|
|
|
|
# Dimensions
|
|
# captcha.image_width = 300
|
|
# captcha.image_height = 80
|
|
|
|
# Any truetype font will do.
|
|
# /usr/share/fonts/liberation/LiberationMono-Regular.ttf lives in liberation-mono-fonts.
|
|
# /usr/share/fonts/pcaro-hermit/Hermit-medium.otf lives in pcaro-hermit-fonts package.
|
|
# captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf
|
|
# captcha.font_size = 36
|
|
|
|
# Colors
|
|
# captcha.font_color = #000000
|
|
# captcha.background_color = #ffffff
|
|
|
|
# In pixels
|
|
# captcha.padding = 5
|
|
|
|
# If a captcha sits around for this many seconds, it will stop working.
|
|
# captcha.ttl = 300
|
|
|
|
|
|
# The URL for a datagrepper to use in various templates.
|
|
# datagrepper_url = https://apps.fedoraproject.org/datagrepper
|
|
datagrepper_url = https://apps{{env_suffix}}.fedoraproject.org/datagrepper
|
|
# badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands
|
|
|
|
|
|
##
|
|
## Testing
|
|
##
|
|
|
|
## Query the wiki for test cases
|
|
# query_wiki_test_cases = False
|
|
query_wiki_test_cases = True
|
|
# wiki_url = https://fedoraproject.org/w/api.php
|
|
# test_case_base_url = https://fedoraproject.org/wiki/
|
|
wiki_url = https://{{env_prefix}}fedoraproject.org/w/api.php
|
|
test_case_base_url = https://{{env_prefix}}fedoraproject.org/wiki/
|
|
|
|
# URL of the resultsdb for integrating checks and stuff
|
|
# resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/
|
|
resultsdb_url = https://taskotron{{env_suffix}}.fedoraproject.org/resultsdb/
|
|
|
|
# Set this to True to enable gating based on policies enforced by Greenwave. If you set this to
|
|
# True, be sure to have celery-beat enabled in one of the Celery workers.
|
|
# test_gating.required = False
|
|
test_gating.required = True
|
|
|
|
# If this is set to a URL, a "More information about test gating" link will appear on update pages for users
|
|
# to click and learn more.
|
|
# test_gating.url =
|
|
|
|
# The API url of Greenwave.
|
|
# greenwave_api_url = https://greenwave.fedoraproject.org/api/v1.0
|
|
greenwave_api_url = https://greenwave-web-greenwave.app.os{{env_suffix}}.fedoraproject.org/api/v1.0
|
|
|
|
# The URL for waiverdb's API
|
|
# waiverdb_api_url = https://waiverdb-web-waiverdb.app.os.fedoraproject.org/api/v1.0
|
|
waiverdb_api_url = https://waiverdb-web-waiverdb.app.os{{env_suffix}}.fedoraproject.org/api/v1.0
|
|
|
|
# An access token used to authenticate to waiverdb
|
|
{% if env == "staging" %}
|
|
waiverdb.access_token = {{ bodhi2WaiverTokenSTG }}
|
|
{% else %}
|
|
waiverdb.access_token = {{ bodhi2WaiverToken }}
|
|
{% endif %}
|
|
|
|
# Email domain to prepend usernames to
|
|
# default_email_domain = fedoraproject.org
|
|
default_email_domain = {{env_suffix}}fedoraproject.org
|
|
|
|
# domain for generated message IDs
|
|
# message_id_email_domain = admin.fedoraproject.org
|
|
message_id_email_domain = admin{{env_suffix}}.fedoraproject.org
|
|
|
|
##
|
|
## Masher settings
|
|
##
|
|
|
|
# Where to initially mash repositories. You can use %(here)s to reference the location of this file.
|
|
# compose_dir =
|
|
{% if inventory_hostname.startswith('bodhi-backend') %}
|
|
compose_dir = /mnt/koji/compose/updates/
|
|
{% else %}
|
|
# do not use on frontends as bodhi will check the mount and refuse to run without it.
|
|
# compose_dir = /mnt/koji/compose/updates/
|
|
{% endif %}
|
|
|
|
# The max number of composer threads running at the same time
|
|
# max_concurrent_composes = 2
|
|
max_concurrent_composes = 3
|
|
|
|
# Whether to clean old composes at the end of each run.
|
|
clean_old_composes = false
|
|
|
|
# Where to symlink the latest repos by their tag name. You can use %(here)s to reference the
|
|
# location of this file.
|
|
# compose_stage_dir =
|
|
{% if inventory_hostname.startswith('bodhi-backend') %}
|
|
compose_stage_dir = /mnt/koji/compose/updates/
|
|
{% else %}
|
|
# do not use on frontends as bodhi will check the mount and refuse to run without it.
|
|
# compose_stage_dir = /mnt/koji/compose/updates/
|
|
{% endif %}
|
|
|
|
# The following jinja2 template variables are available for use to customize the Pungi configs and
|
|
# variants files to the Release and Updates:
|
|
#
|
|
# * 'id': The id of the Release being mashed.
|
|
# * 'release': The Release being mashed.
|
|
# * 'request': The request being mashed.
|
|
# * 'updates': The Updates being mashed.
|
|
#
|
|
# NOTE: The jinja2 configuration for these templates replaces the {'s and }'s with ['s and ]'.
|
|
# e.g.: a block becomes [% if <something %], and a variable is [[ varname ]].
|
|
|
|
# The base path where pungi configs will be stored. You will need to put variants.xml templates
|
|
# inside pungi.basepath as well. These templates will have access to the same template variables
|
|
# described above, and should be named variants.rpm.xml.j2 and variants.module.xml.j2, for RPM
|
|
# composes and module composes, respectively.
|
|
# pungi.basepath = /etc/bodhi
|
|
|
|
# The Pungi executable to use when mashing.
|
|
# pungi.cmd = /usr/bin/pungi-koji
|
|
|
|
# The following settings reference filenames of jinja2 templates found in pungi.basepath to be used
|
|
# as Pungi configs for mashing modules or RPMs (The RPM config includes dnf, yum, and atomic repos).
|
|
# pungi.conf.module = pungi.module.conf
|
|
# pungi.conf.rpm = pungi.rpm.conf
|
|
pungi.conf.rpm = pungi.rpm.conf.j2
|
|
pungi.conf.module = pungi.module.conf.j2
|
|
|
|
# A space separated list of extra arguments to be passed on to Pungi during mashing.
|
|
# pungi.extracmdline =
|
|
pungi.extracmdline = --notification-script=/usr/bin/pungi-fedmsg-notification --notification-script=pungi-wait-for-signed-ostree-handler
|
|
|
|
# What to pass to Pungi's --label flag, which is metadata included in its composeinfo.json.
|
|
# pungi.labeltype = Update
|
|
|
|
|
|
# The skopeo executable to use to copy container images.
|
|
# You can put credentials for skopeo to use in $HOME/.docker/config.json
|
|
# https://github.com/projectatomic/skopeo#private-registries-with-authentication
|
|
# skopeo.cmd = /usr/bin/skopeo
|
|
skopeo.cmd = /usr/bin/bodhi-skopeo-lite
|
|
|
|
# Comma separated list of extra flags to pass to the skopeo copy command.
|
|
# skopeo.extra_copy_flags =
|
|
|
|
# Container hostnames. You can specify a port as well, using the traditional syntax (i.e., localhost:5000).
|
|
# container.destination_registry = registry.fedoraproject.org
|
|
# container.source_registry = candidate-registry.fedoraproject.org
|
|
{% if env == 'staging' %}
|
|
container.destination_registry = registry.stg.fedoraproject.org
|
|
container.source_registry = candidate-registry.stg.fedoraproject.org
|
|
{% endif %}
|
|
|
|
|
|
##
|
|
## Mirror settings
|
|
##
|
|
# file_url: Used in the repo metadata to set RPM URLs.
|
|
# file_url = https://download.fedoraproject.org/pub/fedora/linux/updates
|
|
|
|
# {release}_({version}_){request}_master_repomd: This is used by the masher to determine when a
|
|
# primary architecture push has been synchronized to the master mirror for a given release and
|
|
# request. The masher will verify that the checksum of repomd.xml at the master URL matches the
|
|
# expected value, and will poll the URL until this test passes. Substitute release and request
|
|
# for each release id (replacing -'s with _'s) and request (stable, testing). Used for the
|
|
# arches listed in {release}_{version}_primary_arches when it is defined, else used for all
|
|
# arches. You must put two %%s's in this setting - the first will be replaced with the release
|
|
# version and the second will be replaced with the architecture.
|
|
# If a version of the option exists with a matching version, it has priority over one without.
|
|
# examples (these settings do not have defaults):
|
|
# fedora_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/%%s/%%s/repodata/repomd.xml
|
|
# fedora_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/testing/%%s/%%s/repodata/repomd.xml
|
|
# fedora_epel_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/%%s/%%s/repodata/repomd.xml
|
|
# fedora_epel_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/%%s/repodata/repomd.xml
|
|
{% if env == 'production' %}
|
|
fedora_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/%%s/Everything/%%s/repodata/repomd.xml
|
|
fedora_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/testing/%%s/Everything/%%s/repodata/repomd.xml
|
|
fedora_epel_8_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/%%s/Everything/%%s/repodata/repomd.xml
|
|
fedora_epel_8_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/Everything/%%s/repodata/repomd.xml
|
|
fedora_epel_modular_8_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/%%s/Modular/%%s/repodata/repomd.xml
|
|
fedora_epel_modular_8_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/Modular/%%s/repodata/repomd.xml
|
|
fedora_epel_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/%%s/%%s/repodata/repomd.xml
|
|
fedora_epel_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/%%s/repodata/repomd.xml
|
|
fedora_modular_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/%%s/Modular/%%s/repodata/repomd.xml
|
|
fedora_modular_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora/linux/updates/testing/%%s/Modular/%%s/repodata/repomd.xml
|
|
{% elif env == 'staging' %}
|
|
fedora_stable_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%%s-updates/compose/Everything/%%s/os/repodata/repomd.xml
|
|
fedora_testing_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%%s-updates-testing/compose/Everything/%%s/os/repodata/repomd.xml
|
|
fedora_epel_stable_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/%%s/%%s/repodata/repomd.xml
|
|
fedora_epel_testing_master_repomd = http://dl-iad05.fedoraproject.org/pub/epel/testing/%%s/%%s/repodata/repomd.xml
|
|
fedora_modular_stable_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%%s-modular-updates/compose/Everything/%%s/os/repodata/repomd.xml
|
|
fedora_modular_testing_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%%s-modular-updates-testing/compose/Everything/%%s/os/repodata/repomd.xml
|
|
{% endif %}
|
|
|
|
# {release}_({version}_){request}_alt_master_repomd: This is used by the masher to determine when a
|
|
# secondary architecture push has been synchronized to the master mirror for a given release and
|
|
# request. The masher will verify that the checksum of repomd.xml at the master URL matches the
|
|
# expected value, and will poll the URL until this test passes. Substitute release and request
|
|
# for each release id (replacing -'s with _'s) and request (stable, testing). Used for the
|
|
# arches not listed in {release}_{version}_primary_arches if it is defined. You must put two
|
|
# %%s's in this setting - the first will be replaced with the release version and the second will
|
|
# be replaced with the architecture.
|
|
# If a version of the option exists with a matching version, it has priority over one without.
|
|
# examples (these settings do not have defaults):
|
|
# fedora_stable_alt_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora-secondary/updates/%%s/%%s/repodata/repomd.xml
|
|
# fedora_testing_alt_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora-secondary/updates/testing/%%s/%%s/repodata/repomd.xml
|
|
{% if env == 'production' %}
|
|
fedora_stable_alt_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora-secondary/updates/%%s/Everything/%%s/repodata/repomd.xml
|
|
fedora_testing_alt_master_repomd = http://dl-iad05.fedoraproject.org/pub/fedora-secondary/updates/testing/%%s/Everything/%%s/repodata/repomd.xml
|
|
{% elif env == 'staging' %}
|
|
fedora_stable_alt_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%%s-updates/compose/Everything/%%s/os/repodata/repomd.xml
|
|
fedora_testing_alt_master_repomd = https://kojipkgs.stg.fedoraproject.org/compose/updates/f%%s-updates-testing/compose/Everything/%%s/os/repodata/repomd.xml
|
|
{% endif %}
|
|
|
|
## The base url of this application
|
|
# base_address = https://admin.fedoraproject.org/updates/
|
|
base_address = https://bodhi{{env_suffix}}.fedoraproject.org/
|
|
|
|
|
|
## Primary architechures by release
|
|
##
|
|
## {release}_{version}_primary_arches: Releases that have alternative arches must define their
|
|
## primary arches here. Any arches found during mashing that are not present here are asssumed
|
|
## to be alternative arches. This is used during the wait_for_repo() step of the mash where
|
|
## Bodhi polls the master repo to find out whether the mash has made it to the repo or not.
|
|
## Bodhi looks for primary arches with the {release}_{request}_master_repomd setting above, and
|
|
## for alternative arches at the {release}_{request}_alt_master_repomd setting above. If this
|
|
## is not set, Bodhi will assume the release only has primary arches.
|
|
# fedora_26_primary_arches = armhfp x86_64
|
|
fedora_26_primary_arches = armhfp x86_64
|
|
fedora_27_primary_arches = armhfp x86_64
|
|
fedora_28_primary_arches = aarch64 armhfp x86_64
|
|
fedora_29_primary_arches = aarch64 armhfp x86_64
|
|
fedora_30_primary_arches = aarch64 armhfp x86_64
|
|
|
|
##
|
|
## Email setting
|
|
##
|
|
|
|
# The hostname of an SMTP server Bodhi can use to deliver e-mail.
|
|
# smtp_server =
|
|
{% if env == "production" %}
|
|
smtp_server = bastion
|
|
{% endif %}
|
|
|
|
# The updates system itself. This e-mail address is used as the From address for e-mails that Bodhi
|
|
# sends. It is also used as the username for Bugzilla if bugzilla_api_key is undefined and
|
|
# bodhi_password is defined.
|
|
# bodhi_email = updates@fedoraproject.org
|
|
{% if env == "staging" %}
|
|
bodhi_email = updates@stg.fedoraproject.org
|
|
{% else %}
|
|
bodhi_email = updates@fedoraproject.org
|
|
{% endif %}
|
|
|
|
# An API key that Bodhi should use when accessing Bugzilla. If set, the bodhi_password setting is
|
|
# ignored.
|
|
{% if env == "production" %}
|
|
bugzilla_api_key = {{ bodhi_bugzilla_api_key }}
|
|
{% endif %}
|
|
|
|
# This is the password used to access Bodhi's bugzilla account. Ignored if bugzilla_api_key is set.
|
|
# bodhi_password =
|
|
{% if env == "staging" %}
|
|
bodhi_password = {{ bodhiBugzillaPassword }}
|
|
{% endif %}
|
|
|
|
# The address that gets the requests
|
|
# release_team_address = bodhiadmin-members@fedoraproject.org
|
|
|
|
# Public lists where we send update announcements.
|
|
# These variables should be named per: Release.prefix_id.lower()_announce_list
|
|
# fedora_announce_list = package-announce@lists.fedoraproject.org
|
|
# fedora_test_announce_list = test@lists.fedoraproject.org
|
|
# fedora_epel_announce_list = epel-package-announce@lists.fedoraproject.org
|
|
# fedora_epel_test_announce_list = epel-devel@lists.fedoraproject.org
|
|
fedora_announce_list = package-announce@lists.fedoraproject.org
|
|
fedora_test_announce_list = test@lists.fedoraproject.org
|
|
fedora_epel_announce_list = epel-package-announce@lists.fedoraproject.org
|
|
fedora_epel_test_announce_list = epel-devel@lists.fedoraproject.org
|
|
|
|
#
|
|
# Public lists where we send module update announcments.
|
|
#
|
|
# These are commented due to https://github.com/fedora-infra/bodhi/issues/2396
|
|
# fedora_modular_announce_list = package-announce@lists.fedoraproject.org
|
|
# fedora_modular_test_announce_list = test@lists.fedoraproject.org
|
|
|
|
# Superuser groups
|
|
# admin_groups = proventesters security_respons bodhiadmin sysadmin-main
|
|
|
|
# Users that we don't want to show up in the "leaderboard(s)"
|
|
# stats_blacklist = bodhi anonymous autoqa taskotron
|
|
|
|
# A list of non-person users
|
|
# system_users = bodhi autoqa taskotron
|
|
|
|
# The max length for an update title before we truncate it in the web ui
|
|
# max_update_length_for_ui = 30
|
|
max_update_length_for_ui = 70
|
|
|
|
# The number of days used for calculating the 'top testers' metric
|
|
# top_testers_timeframe = 7
|
|
top_testers_timeframe = 900
|
|
|
|
# This defaults to False. We're disabling stacks for the initial release
|
|
# because, while you can create stacks, you can't automatically create updates
|
|
# *from* a stack (which was the whole point). We'll work on that for a later
|
|
# release.
|
|
# stacks_enabled = False
|
|
|
|
# These are the default requirements that we apply to stacks, packages, and
|
|
# updates. Users have free-reign to override them for each kind of entity. At
|
|
# the end of the day, we only consider the requirements defined by single
|
|
# updates themselves when gating in the backend masher process.
|
|
# site_requirements = dist.rpmdeplint dist.upgradepath
|
|
|
|
# Cache settings
|
|
# dogpile.cache.backend = dogpile.cache.dbm
|
|
# dogpile.cache.expiration_time = 100
|
|
# dogpile.cache.arguments.filename = /var/cache/bodhi-dogpile-cache.dbm
|
|
dogpile.cache.backend = dogpile.cache.memory_pickle
|
|
# Cache expires every 6 hours.
|
|
dogpile.cache.expiration_time = 21600
|
|
|
|
# Exclude sending emails to these users
|
|
# exclude_mail = autoqa taskotron
|
|
|
|
##
|
|
## Buildsystem settings
|
|
##
|
|
|
|
# What buildsystem do we want to use? For development, we'll use a fake
|
|
# buildsystem that always does what we tell it to do. For production, we'll
|
|
# want to use 'koji'.
|
|
# buildsystem = dev
|
|
buildsystem = koji
|
|
|
|
# The base URL to Koji, used to construct HTML links to Koji builds in the web UI
|
|
# koji_web_url = https://koji.fedoraproject.org/koji/
|
|
{% if env == 'staging' %}
|
|
koji_web_url = https://koji.stg.fedoraproject.org/koji/
|
|
{% endif %}
|
|
|
|
# Koji's XML-RPC hub
|
|
# koji_hub = https://koji.stg.fedoraproject.org/kojihub
|
|
koji_hub = https://koji{{env_suffix}}.fedoraproject.org/kojihub
|
|
|
|
# Root url of the Koji instance to point to. No trailing slash
|
|
koji_url = https://koji{{env_suffix}}.fedoraproject.org
|
|
|
|
# URL of where users should go to set up their notifications
|
|
# fmn_url = https://apps.fedoraproject.org/notifications/
|
|
fmn_url = https://apps{{env_suffix}}.fedoraproject.org/notifications/
|
|
|
|
# Koji krb5
|
|
# krb_principal =
|
|
# krb_keytab =
|
|
# krb_ccache=
|
|
{% if env == 'staging' %}
|
|
krb_ccache = /tmp/krb5cc_%%{uid}
|
|
{% else %}
|
|
krb_ccache = /tmp/krb5cc_%%{uid}
|
|
{% endif %}
|
|
krb_principal = bodhi/bodhi{{ env_suffix }}.fedoraproject.org@{{ ipa_realm }}
|
|
krb_keytab = /etc/krb5.bodhi_bodhi.fedoraproject.org.keytab
|
|
|
|
##
|
|
## ACL system
|
|
## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below,
|
|
## 'pagure', which will query the pagure_url below, or 'dummy', which will
|
|
## always return guest credentials (used for local development).
|
|
##
|
|
# acl_system = dummy
|
|
acl_system = pagure
|
|
|
|
##
|
|
## Package DB
|
|
##
|
|
# pkgdb_url = https://admin.fedoraproject.org/pkgdb
|
|
|
|
##
|
|
## Pagure
|
|
##
|
|
# pagure_url = https://src.fedoraproject.org/pagure/
|
|
pagure_url = https://src{{env_suffix}}.fedoraproject.org/
|
|
|
|
# This is the namespace where we expect to find the git sources for a Flatpak.
|
|
# The default - 'modules' instead of 'flatpaks' - is for backward compatibility
|
|
# pagure_flatpak_namespace = modules
|
|
pagure_flatpak_namespace = flatpaks
|
|
|
|
##
|
|
## Product Definition Center (PDC)
|
|
##
|
|
# pdc_url = https://pdc.fedoraproject.org/
|
|
pdc_url = https://pdc{{env_suffix}}.fedoraproject.org/
|
|
|
|
|
|
##
|
|
## Bug tracker settings
|
|
##
|
|
# Set this to bugzilla to turn on Bugzilla integration.
|
|
# bugtracker =
|
|
bugtracker = bugzilla
|
|
|
|
# A template that Bodhi will use when commenting on Bugzilla tickets when Updates that reference
|
|
# them are created. Positional substitution is used, and the three %%s's will be filled in with the
|
|
# update title, the release's long name, and the URL to the update, respectively.
|
|
# initial_bug_msg = %%s has been submitted as an update to %%s. %%s
|
|
|
|
# A template that Bodhi will use when commenting on Bugzilla tickets when Updates that reference
|
|
# them are marked stable. Positional substitution is used, and the first %%s will be filled in with
|
|
# the update title and the second will be filled in with the release's long name and the update
|
|
# status.
|
|
# stable_bug_msg = %%s has been pushed to the %%s repository. If problems still persist, please make note of it in this bug report.
|
|
|
|
# The following two templates are used to comment on Bugzilla tickets. %%s will be substituted with
|
|
# the update's URL. The first is used for all updates, unless the epel setting in defined, which
|
|
# will be used for all Updates on Releases that have an id_prefix of FEDORA-EPEL.
|
|
# testing_bug_msg =
|
|
# See https://fedoraproject.org/wiki/QA:Updates_Testing for
|
|
# instructions on how to install test updates.
|
|
# You can provide feedback for this update here: %%s
|
|
# testing_bug_epel_msg =
|
|
# See https://fedoraproject.org/wiki/QA:Updates_Testing for
|
|
# instructions on how to install test updates.
|
|
# You can provide feedback for this update here: %%s
|
|
|
|
|
|
##
|
|
## Bugzilla settings.
|
|
##
|
|
|
|
# The username/password for our bugzilla account comes
|
|
# from the bodhi_{email,password} fields.
|
|
|
|
# A URL to a Bugzilla instance's xmlrpc.cgi script for Bodhi to use.
|
|
# bz_server = https://bugzilla.redhat.com/xmlrpc.cgi
|
|
# A URL to a Bugzilla instance's REST api for Bodhi to use.
|
|
# bz_server_rest = https://bugzilla.redhat.com/rest/
|
|
{% if env == 'production' %}
|
|
bz_server = https://bugzilla.redhat.com/xmlrpc.cgi
|
|
bz_server_rest = https://bugzilla.redhat.com/rest/
|
|
{% elif env == 'staging' %}
|
|
bz_server = https://partner-bugzilla.redhat.com/xmlrpc.cgi
|
|
bz_server_rest = https://partner-bugzilla.redhat.com/rest/
|
|
{% endif %}
|
|
|
|
# Bodhi will avoid touching bugs that are not against the following comma-separated products.
|
|
# Fedora's production Bodhi instance sets this to Fedora,Fedora EPEL
|
|
# bz_products =
|
|
bz_products = Fedora,Fedora EPEL,Fedora Modules
|
|
|
|
# A template to use for links to Bugzilla tickets. %%s will be filled in with the bug number.
|
|
# buglink = https://bugzilla.redhat.com/show_bug.cgi?id=%%s
|
|
{% if env == 'production' %}
|
|
buglink = https://bugzilla.redhat.com/show_bug.cgi?id=%%s
|
|
{% elif env == 'staging' %}
|
|
buglink = https://partner-bugzilla.redhat.com/show_bug.cgi?id=%%s
|
|
{% endif %}
|
|
|
|
##
|
|
## Packages that should suggest a reboot
|
|
##
|
|
reboot_pkgs = kernel kernel-smp kernel-PAE glibc hal dbus
|
|
|
|
|
|
##
|
|
## Critical Path Packages
|
|
## https://fedoraproject.org/wiki/Critical_path_package
|
|
##
|
|
|
|
# You can allow Bodhi to query for critpath packages from the Fedora Package
|
|
# Database by setting this value to `pkgdb` or the Product Definition
|
|
# Center by setting this value to `pdc`. If it isn't set, it'll just use the
|
|
# hardcoded list below.
|
|
# critpath.type =
|
|
critpath.type = pdc
|
|
|
|
# You can hardcode a list of critical path packages instead of using the PkgDB
|
|
# or PDC. This is used if critpath.type is not defined.
|
|
# critpath_pkgs =
|
|
|
|
# The number of admin approvals it takes to be able to push a critical path
|
|
# update to stable for a pending release.
|
|
# critpath.num_admin_approvals = 2
|
|
critpath.num_admin_approvals = 0
|
|
|
|
# The net karma required to submit a critial path update to a pending release.
|
|
# critpath.min_karma = 2
|
|
|
|
# Allow critpath to submit for stable after 2 weeks with no negative karma
|
|
# critpath.stable_after_days_without_negative_karma = 14
|
|
|
|
# The minimum amount of time an update must spend in testing before
|
|
# it can reach the stable repository
|
|
fedora.mandatory_days_in_testing = 7
|
|
fedora_container.mandatory_days_in_testing = 7
|
|
fedora_epel.mandatory_days_in_testing = 14
|
|
fedora_epel_modular.mandatory_days_in_testing = 14
|
|
fedora_flatpak.mandatory_days_in_testing = 7
|
|
fedora_modular.mandatory_days_in_testing = 7
|
|
|
|
##
|
|
## Release status
|
|
##
|
|
|
|
# You can define alternative policies than the defaults for specific Releases by defining a setting
|
|
# of the form Release.name.status (with -'s removed from the name). You can set the status to any
|
|
# string you like, and then for each status, you can override the mandatory days in testing, the
|
|
# critpath number of admin approvals, and the critpath minimum karma. For example, if we want to set
|
|
# Fedora 28 as a pre-beta, and we want it to have different rules in pre-beta and post-beta, we
|
|
# could do something like this:
|
|
{% if FedoraBranchedBodhi is defined and FedoraBranchedBodhi == 'prebeta' %}
|
|
f{{ FedoraBranchedNumber }}.status = pre_beta
|
|
f{{ FedoraBranchedNumber }}.pre_beta.mandatory_days_in_testing = 3
|
|
f{{ FedoraBranchedNumber }}.pre_beta.critpath.min_karma = 1
|
|
f{{ FedoraBranchedNumber }}.pre_beta.critpath.stable_after_days_without_negative_karma = 14
|
|
{% elif FedoraBranchedBodhi is defined and FedoraBranchedBodhi == 'postbeta' %}
|
|
f{{ FedoraBranchedNumber }}.status = post_beta
|
|
f{{ FedoraBranchedNumber }}.post_beta.mandatory_days_in_testing = 7
|
|
f{{ FedoraBranchedNumber }}.post_beta.critpath.min_karma = 2
|
|
f{{ FedoraBranchedNumber }}.post_beta.critpath.stable_after_days_without_negative_karma = 14
|
|
{% endif %}
|
|
|
|
# Rawhide layered containers are shipped through bodhi and rawhide containers not require any day
|
|
# in testing
|
|
f{{ FedoraRawhideNumber }}c.status = pre_beta
|
|
f{{ FedoraRawhideNumber }}c.pre_beta.mandatory_days_in_testing = 0
|
|
# Rawhide gating - Updates in rawhide don't require any days in testing.
|
|
f{{ FedoraRawhideNumber }}.status = pre_beta
|
|
f{{ FedoraRawhideNumber }}.pre_beta.mandatory_days_in_testing = 0
|
|
|
|
# ELN gating - Updates in ELN don't require any days in testing.
|
|
eln.status = pre_beta
|
|
eln.pre_beta.mandatory_days_in_testing = 0
|
|
##
|
|
## Buildroot Override
|
|
##
|
|
|
|
# Maximum number of days a buildroot override may expire in, from creation time.
|
|
# buildroot_limit = 31
|
|
buildroot_overrides.expire_after = 1
|
|
|
|
##
|
|
## Groups
|
|
##
|
|
|
|
# FAS Groups that we want to pay attention to
|
|
# When a user logs in, bodhi will look for any of these groups and associate #
|
|
# them with the user. They will then appear as the users effective principals in
|
|
# the format "group:groupname" and can be used in Pyramid ACE's.
|
|
# important_groups = proventesters provenpackager releng security_respons packager bodhiadmin
|
|
important_groups = proventesters provenpackager releng-team security_respons packager bodhiadmin virtmaint-sig kde-sig eclipse-sig infra-sig gnome-sig python-sig robotics-sig qa-tools-sig nodejs-sig lxqt-sig astro-sig
|
|
|
|
# Groups that can push updates for any package
|
|
# admin_packager_groups = provenpackager releng security_respons
|
|
admin_packager_groups = provenpackager releng-team security_respons
|
|
|
|
# User must be a member of this group to submit updates
|
|
# mandatory_packager_groups = packager
|
|
|
|
|
|
##
|
|
## updateinfo.xml configuraiton
|
|
##
|
|
# updateinfo_rights = Copyright (C) {CURRENT_YEAR} Red Hat, Inc. and others.
|
|
|
|
##
|
|
## Authentication & Authorization
|
|
##
|
|
|
|
# pyramid.openid settings.
|
|
# openid.success_callback = bodhi.server.security:remember_me
|
|
# openid.provider = https://id.fedoraproject.org/openid/
|
|
# openid.url = https://id.fedoraproject.org/
|
|
# openid_template = {username}.id.fedoraproject.org
|
|
# openid.sreg_required = email
|
|
# If this is undefined, Bodhi will concatenate the groups listed in the following other settings
|
|
# from this file: important_groups, admin_packager_groups, mandatory_packager_groups, and
|
|
# admin_groups. You likely want this default, but can override it here if you know what you are
|
|
# doing. You can also override it here if you do not know what you are doing, but that would be
|
|
# unadvisable.
|
|
# openid.groups = DEFAULT_DOCUMENTED_ABOVE
|
|
openid.provider = https://id{{env_suffix}}.fedoraproject.org/openid/
|
|
openid.url = https://id{{env_suffix}}.fedoraproject.org/
|
|
openid_template = {username}.id{{env_suffix}}.fedoraproject.org
|
|
openid.sreg_required = email nickname
|
|
|
|
# CORS allowed origins for cornice services
|
|
# This can be wide-open. read-only, we don't care as much about.
|
|
cors_origins_ro = *
|
|
# This should be more locked down to avoid cross-site request forgery.
|
|
cors_origins_rw = https://bodhi{{env_suffix}}.fedoraproject.org
|
|
|
|
{% if env == 'production' %}
|
|
cors_connect_src = https://*.fedoraproject.org/ wss://hub.fedoraproject.org:9939/
|
|
{% elif env == 'staging' %}
|
|
cors_connect_src = https://*.stg.fedoraproject.org/ wss://hub.stg.fedoraproject.org:9939/
|
|
{% endif %}
|
|
|
|
|
|
##
|
|
## Pyramid settings
|
|
##
|
|
pyramid.reload_templates = false
|
|
pyramid.debug_authorization = false
|
|
pyramid.debug_notfound = false
|
|
pyramid.debug_routematch = false
|
|
pyramid.default_locale_name = en
|
|
|
|
pyramid.includes =
|
|
pyramid_sawing
|
|
pyramid_sawing.file = /etc/bodhi/logging.yaml
|
|
|
|
debugtoolbar.hosts = 127.0.0.1 ::1
|
|
|
|
##
|
|
## Database
|
|
##
|
|
# This must be a PostgreSQL database. It is weirdly defaulted to sqlite, but that would not be
|
|
# suitable for a production environment. You can encode a username and password in the URL. For
|
|
# example, postgresql://username:password@hostname/database_name
|
|
# sqlalchemy.url = sqlite:////var/cache/bodhi.db
|
|
{% if env == 'production' and datacenter == 'phx2' %}
|
|
sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi.phx2.fedoraproject.org/bodhi2
|
|
{% elif env == 'production' and datacenter == 'iad2' %}
|
|
sqlalchemy.url = postgresql://bodhi2:{{ bodhi2Password }}@db-bodhi.iad2.fedoraproject.org/bodhi2
|
|
{% elif env == 'staging' %}
|
|
sqlalchemy.url = postgresql://bodhi2:{{ bodhi2PasswordSTG }}@pgbdr.stg.phx2.fedoraproject.org/bodhi2
|
|
{% endif %}
|
|
|
|
##
|
|
## Templates
|
|
##
|
|
# Where Bodhi's templates are stored. You likely don't want or need to adjust this setting.
|
|
# mako.directories = bodhi:server/templates
|
|
|
|
##
|
|
## Authentication & Sessions
|
|
##
|
|
|
|
# CHANGE THESE IN PRODUCTION!
|
|
# authtkt.secret = CHANGEME
|
|
# session.secret = CHANGEME
|
|
# authtkt.secure = True
|
|
# How long should an authorization ticket be valid for, in seconds? Defaults to one day.
|
|
# authtkt.timeout = 86400
|
|
{% if env == 'production' %}
|
|
authtkt.secret = {{ bodhi2AuthTkt }}
|
|
session.secret = {{ bodhi2SessionSecret }}
|
|
{% elif env == 'staging' %}
|
|
authtkt.secret = {{ bodhi2AuthTktSTG }}
|
|
session.secret = {{ bodhi2SessionSecretSTG }}
|
|
{% endif %}
|
|
authtkt.secure = true
|
|
authtkt.timeout = 1209600
|
|
|
|
# pyramid_beaker
|
|
session.type = file
|
|
session.data_dir = %(here)s/data/sessions/data
|
|
session.lock_dir = %(here)s/data/sessions/lock
|
|
{% if env == 'production' %}
|
|
session.key = {{ bodhi2SessionKey }}
|
|
{% elif env == 'staging' %}
|
|
session.key = {{ bodhi2SessionKeySTG }}
|
|
{% endif %}
|
|
session.cookie_on_exception = true
|
|
# Tell the browser to only send the cookie over TLS
|
|
session.secure = true
|
|
# Create a cookie that is only valid for one day
|
|
session.timeout = 86400
|
|
cache.regions = default_term, second, short_term, long_term
|
|
cache.type = memory
|
|
cache.second.expire = 1
|
|
cache.short_term.expire = 60
|
|
cache.default_term.expire = 300
|
|
cache.long_term.expire = 3600
|
|
|
|
# Celery configuration file
|
|
celery_config = /etc/bodhi/celeryconfig.py
|
|
|
|
[server:main]
|
|
use = egg:waitress#main
|
|
host = 0.0.0.0
|
|
port = 6543
|
|
|
|
[pshell]
|
|
m = bodhi.server.models
|
|
#db = bodhi.server.util.pshell_db
|