fedora-infra / ansible

Clone
Source Code
GIT

#1374 Add cron job to enact FESCo SIG Policy
Merged a year ago by zlopez. Opened a year ago by patrikp.
fedora-infra/ patrikp/ansible main  into  main

file modified
+7 
@@ -133,6 +133,7 @@ 
 

      - fedora-messaging # needed by pungi to emit fedora-messages.
 

      - python3-bugzilla # needed by ftbfs scrips/cron.
 

      - fedora-repo-zdicts # needed for pungi to make zchunk repodata
 

+     - fedrq # needed by `sig_policy` script
 

    tags:
 

    - releng
 

  
@@ -205,6 +206,12 @@ 
 

    copy: src="rawhide-iot" dest=/etc/cron.d/rawhide-iot
 

    when: inventory_hostname.startswith('compose-iot-01.iad2')
 

  

+ # put cron job in for enforcing FESCo SIG Policy
 

+ # https://docs.fedoraproject.org/en-US/fesco/SIG_policy/
 

+ - name: sig_policy cron
 

+   template: src="sig_policy.j2" dest=/etc/cron.d/sig_policy
 

+   when: inventory_hostname.startswith('compose-x86-01.iad2')
 

+ 

  - name: Create /etc/pki/fedora-messaging
 

    file:
 

      dest: /etc/pki/fedora-messaging

file added
+4 
@@ -0,0 +1,4 @@ 
 

+ # Runs the `sig_policy.py` script
 

+ MAILTO=releng-cron@lists.fedoraproject.org
 

+ PAGURE_API_TOKEN={{ fesco-sig-policy-src-token }}

The variable name should change to something with underscores (e.g. {{ fesco_sig_policy_src_token }}) and that needs to be defined in the ansible-private repo like @kevin said.

 
+ 30 9 * * 1 root TMPDIR=`mktemp -d /tmp/sig_policy` && chmod 755 $TMPDIR && cd $TMPDIR && git clone https://pagure.io/releng.git && cd releng/scripts/fesco/sig-policy && python sig_policy.py

Signed-off-by: Patrik Polakovič patrik@alphamail.org

Thanks for working on this!

2 items:

  1. Can we wait until after freeze for this? I don't think it's to urgent and we unfreeze wed. ;)

  2. We need to pass this script a api token that has perms to do the work here. I guess best would be to move to this being a template and using 'PAGURE_API_TOKEN={{ fesco-sig-policy-src-token }}' and then someone in main can setup that token in the ansible-private repo.

rebased onto af4f550baeb4c2a877a1c562f7aacc62424b4bcd
a year ago

This script requires fedrq to be installed.

rebased onto df85ad5849d3b8c10a5aba126a1f1ed79820d97f
a year ago

@patrikp Are you still working on this or it is now ready for merge?

I think it's done. If you feel that way as well feel free to merge.

rebased onto 7714377
a year ago

Pull-Request has been merged by zlopez
a year ago

I merged this and tried to deploy it, but it failed with following error:

The full traceback is:                                                                                                                                                                                                                        
Traceback (most recent call last):                                                                                                                                                                                                            
  File "/usr/lib/python3.9/site-packages/ansible/template/__init__.py", line 1128, in do_template                                                                                                                                             
    res = self.environment.concat(rf)                                                                                                                                                                                                         
  File "/usr/lib/python3.9/site-packages/ansible/template/native_helpers.py", line 88, in ansible_concat                                                                                                                                      
    return ''.join([to_text(v) for v in nodes])                                                                                                                                                                                               
  File "/usr/lib/python3.9/site-packages/ansible/template/native_helpers.py", line 88, in <listcomp>                                                                                                                                          
    return ''.join([to_text(v) for v in nodes])                                                                                                                                                                                               
  File "<template>", line 17, in root                                                                                                                                                                                                         
  File "/usr/lib/python3.9/site-packages/ansible/_vendor/jinja2/runtime.py", line 852, in _fail_with_undefined_error                                                                                                                          
    raise self._undefined_exception(self._undefined_message)                                                                                                                                                                                  
jinja2.exceptions.UndefinedError: 'fesco' is undefined                                                                                                                                                                                        

During handling of the above exception, another exception occurred:                                                                                                                                                                           

Traceback (most recent call last):                                                                                                                                                                                                            
  File "/usr/lib/python3.9/site-packages/ansible/plugins/action/template.py", line 138, in run                                                                                                                                                
    resultant = templar.do_template(template_data, preserve_trailing_newlines=True, escape_backslashes=False)                                                                                                                                 
  File "/usr/lib/python3.9/site-packages/ansible/template/__init__.py", line 1162, in do_template                                                                                                                                             
    raise AnsibleUndefinedVariable(e)                                                                                                                                                                                                         
ansible.errors.AnsibleUndefinedVariable: 'fesco' is undefined                                                                                                                                                                                 
fatal: [compose-x86-01.iad2.fedoraproject.org]: FAILED! => {                                                                                                                                                                                  
    "changed": false,                                                                                                                                                                                                                         
    "msg": "AnsibleUndefinedVariable: 'fesco' is undefined"                                                                                                                                                                                   
}
Edited a year ago by zlopez

The variable name should change to something with underscores (e.g. {{ fesco_sig_policy_src_token }}) and that needs to be defined in the ansible-private repo like @kevin said.
Metadata
None
No Tags
Changes Summary 2
+7 -0
file changed
roles/releng/tasks/main.yml
+4
file added
roles/releng/templates/sig_policy.j2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.