Mathieu Bridon and I have been working for a little while now on migrating our
existing distgit solution from RHEL6 to RHEL7, this as involved three migrations
* Migrate from RHEL6 to RHEL7
* Migrate from puppet to Ansible
* Migrate from gitolite2 to gitolite3
All this running now with SELinux enforcing (Many thanks to tfirg on #selinux for
his more than generous help on this point).
We are at the point were we are satisfied with it and all our tests have passed.
So before we actually migrate our production instance we would like to ask for
How to test?
1/ On /etc/rpkg/fedpkg.conf add the following block:
lookaside = http://pkgs.stg.fedoraproject.org/repo/pkgs
lookasidehash = md5
lookaside_cgi = https://pkgs.stg.fedoraproject.org/repo/pkgs/upload.cgi
gitbaseurl = ssh://%(user)firstname.lastname@example.org/%(module)s
anongiturl = git://pkgs.stg.fedoraproject.org/%(module)s
tracbaseurl = https://%(user)s:%(password)email@example.com/rel-eng/login/xmlrpc
branchre = f\d$|f\d\d$|el\d$|olpc\d$|master$
kojiconfig = /etc/koji.conf
build_client = koji
2/ create your fedpkgstg
ln -s /usr/bin/fedpkg ~/bin/fedpkgstg
(might involve creating the ~/bin directory)
3/ call fedpkgstg instead of fedpkg
What to test?
* clone a package
* push allowed on packages you have commit ACL for
* push blocked on packages you do not have commit ACL for (unless provenpackager
* push blocked on branches named: origin/<something>
* upload new sources work
* download existing sources work (note: we synced most of the git repos from
two days ago but we did not sync the lookaside cache, so you will most likely
have to upload to test the download)
When you test, you can drop by #fedora-fedmsg on IRC and see that the fedmsg
messages are sent properly.
You should also be receiving the emails about your upload/changes as you do with
the production system.
If you want to play further with the system and need to change the ACLs on some
packages, feel free to poke at pkgdb in stg (and give it a couple of minutes to
sync between pkgdb and gitolite):
All the change made there are only valid for stg, so you can orphan all your
packages without risk, just be sure of the URL ;-)
If you face any problem, please let us know
* by email
* on irc #fedora-admin
* on the fedora infrastructure trac: https://admin.stg.fedoraproject.org/pkgdb/
Thanks in advance for your help,
Pierre, Mathieu and your dear Fedora Infrastructure team