fix: use rocky group, cleanup

This commit is contained in:
Neil Hanlon 2024-08-30 15:34:13 -04:00
parent 8ffe1ad7e1
commit e009155a72
Signed by untrusted user: neil
GPG Key ID: 705BC21EC3C70F34
4 changed files with 22 additions and 9 deletions

View File

@ -24,6 +24,7 @@ RUN mkdir -p /opt/mirrormanager2
WORKDIR /opt/mirrormanager2 WORKDIR /opt/mirrormanager2
RUN git clone https://github.com/fedora-infra/mirrormanager2.git . RUN git clone https://github.com/fedora-infra/mirrormanager2.git .
RUN sed -e 's/signed_fpca/signed_rosca/' -i mirrormanager2/perms.py mirrormanager2/auth.py
RUN pip install --prefix=/install . RUN pip install --prefix=/install .
# Stage 2: Final stage with runtime dependencies # Stage 2: Final stage with runtime dependencies

View File

@ -44,13 +44,22 @@ THEME_FOLDER = os.environ.get('MM2_THEME_FOLDER', 'fedora')
#MM_AUTHENTICATION = "fas" #MM_AUTHENTICATION = "fas"
OIDC_CLIENT_SECRETS = "/etc/mirrormanager/client_secrets.json" OIDC_CLIENT_SECRETS = "/etc/mirrormanager/client_secrets.json"
OIDC_SCOPES = " ".join(
[
"openid",
"email",
"profile",
"https://id.fedoraproject.org/scope/groups",
"https://id.fedoraproject.org/scope/agreements",
]
)
# If the authentication method is `fas`, groups in which should be the user # If the authentication method is `fas`, groups in which should be the user
# to be recognized as an admin. # to be recognized as an admin.
#ADMIN_GROUP = ["sysadmin-main"] ADMIN_GROUP = ["infrastructure"]
# Email of the admin to which send notification or error # Email of the admin to which send notification or error
ADMIN_EMAIL = "admin@fedoraproject.org" ADMIN_EMAIL = "infrastructure@rockylinux.org"
# Email address used in the "From" field of the emails sent. # Email address used in the "From" field of the emails sent.
# Default: ``nobody@fedoraproject.org``. # Default: ``nobody@fedoraproject.org``.

8
run.py
View File

@ -1,5 +1,13 @@
from werkzeug.middleware.proxy_fix import ProxyFix from werkzeug.middleware.proxy_fix import ProxyFix
from mirrormanager2.app import create_app from mirrormanager2.app import create_app
from flask_session import Session
from cachelib.file import FileSystemCache
import os
application = create_app() application = create_app()
application.debug = os.environ.get("MM2_DEBUG", False)
application.config['SESSION_TYPE'] = "cachelib"
application.config['SESSION_CACHELIB'] = FileSystemCache(cache_dir='/tmp/sessions', threshold=500)
Session(application)
application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1, x_host=1) application.wsgi_app = ProxyFix(application.wsgi_app, x_proto=1, x_host=1)

View File

@ -2,13 +2,6 @@ POD=mirrormanager2
podman pod exists $POD || podman pod create -p 5000:5000 -n $POD podman pod exists $POD || podman pod create -p 5000:5000 -n $POD
#podman run \
# --pod $POD \
# --name nginx \
# --replace \
# -v $PWD/nginx.conf:/etc/nginx/conf.d/default.conf:ro \
# -d docker.io/library/nginx:1.13-alpine
test -d tmp || mkdir tmp test -d tmp || mkdir tmp
test -f client_secrets.json || (echo "missing client_secrets" && exit 2) test -f client_secrets.json || (echo "missing client_secrets" && exit 2)
@ -22,6 +15,8 @@ podman run \
-e "MM2_SECRET_KEY=$(openssl rand -hex 32)" \ -e "MM2_SECRET_KEY=$(openssl rand -hex 32)" \
-e "MM2_PASSWORD_SEED=$(openssl rand -hex 32)" \ -e "MM2_PASSWORD_SEED=$(openssl rand -hex 32)" \
-e 'MM2_THEME_FOLDER=rocky' \ -e 'MM2_THEME_FOLDER=rocky' \
-e 'FLASK_DEBUG=1' \
-e 'MM2_DEBUG=1' \
-v $PWD/mirrormanager2.cfg:/etc/mirrormanager/mirrormanager2.cfg \ -v $PWD/mirrormanager2.cfg:/etc/mirrormanager/mirrormanager2.cfg \
-v $PWD/client_secrets.json:/etc/mirrormanager/client_secrets.json \ -v $PWD/client_secrets.json:/etc/mirrormanager/client_secrets.json \
-v $PWD/tmp:/var/tmp:rw \ -v $PWD/tmp:/var/tmp:rw \