With the decommission of OpenID we no longer need this machine on
staging. Let's get rid of it.
See infra/tickets#13265 for more details.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This commit is a first step to decommission OpenID authentication on
staging. It doesn't do much as most of it needs to stay for production.
See infra/tickets#13265 for more info.
Signed-off-by: Michal Konecny <mkonecny@redhat.com>
This worked in staging, so drop the staging conditional and just apply
it in prod too. It should allow websocket connections via the anubis
proxing.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Re-enable anubis for openqa-lab01 and then try and pass it a proxy
statement to pass websockets correctly via the proxy.
disclaimer: claude pointed me in this direction.
Possible fix for infra/tickets#13252
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This reverts commit 514bb44914.
After the discussion with Copr team; 10 was too small, and was set just
for too long time period (originally it was a work-around for the lab
rdu-cc lab movement event).
This commit changes how the podcast@fp.o email alias is configured.
Instead of a manually-curated list of FAS usernames in this config file,
instead, it will now use the FAS group sponsors of the `podcast` FAS
group. This allows a cleaner way of managing the permissions and not
requiring changes to config management to update the alias.
A FAS account admin will be needed for now to update the group sponsors,
but this can be done interactively or in a ticketed workflow with Fedora
Infrastructure Team.
In practice, this means the people who will now get emails for the
podcast@fp.o list are the current `podcast` group sponsors:
* @itguyeric
* @x3mboy
* @jflory7
* @jasonbrooks
Signed-off-by: Justin Wheeler <jwheel@redhat.com>
We have been moving this around, but decided that just putting it in as
a override for the systemd unit would be the best way to do it.
- Putting it in ansible means you have to run ansible every time you
restart the service for any reason. If it's in systemd it will
automagically get that set on start
- If for some reason the socket doesn't appear/the service doesn't start
right or dies, this will error out.
- adding it in the client is tricky and error prone and not needed
possibly for other installs, only fedora, so dropping it from there is
a win.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This should be reverted whenever it becomes available, but it seems to
have been struck by drones and the replication step fails with:
AWSHTTPSConnection(host='ec2.me-south-1.amazonaws.com', port=443):
Failed to establish a new connection: [Errno 113] No route to host
Signed-off-by: Jeremy Cline <jeremycline@microsoft.com>
Per infra/tickets#13171
we want to disable cron runs for now while repos and other things are
sorted out. We can just revert this after things are ready.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
