production.ini

# The commented values in this config file represent the defaults.

[app:main]
use = egg:bodhi-server

##
## Messages
##

# The bodhi-approve-testing cron job will post this message as a comment from the bodhi user on
# updates that reach the required time in testing if they are not stable yet. Positional
# substitution is used, and the %d will be replaced with the time in testing required for the
# update.
# testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes

# not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a>

# not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy">EPEL Update Policy</a>

# Bodhi will post this comment on Updates that don't use autokarma when they reach the stable
# threshold.
# testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.

# The comment that Bodhi will post on updates when a user posts negative karma.
# disable_automatic_push_to_stable = Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.


# Libravatar - If this is true libravatar will work as normal. Otherwise, all
# libravatar links will be replaced with the string "libravatar.org" so that
# the tests can still pass.
# libravatar_enabled = True

# Set this to true if you want to do federated dns libravatar lookup
# libravatar_dns = False

# If libravatar_dns is True, prefer_ssl will define what gets handed to
# libravatar.libravatar_url()'s https setting. It may be set to True or False, but defaults to None,
# which is effectively False.
# prefer_ssl =

# Set this to True in order to send fedmsg messages.
# fedmsg_enabled = False


# Captcha - if 'captcha.secret' is set, then it will be used for comments. Comment it to turn it
# off. captcha.secret must be 32 url-safe base64-encoded bytes.
# You can generate one with >>> cryptography.fernet.Fernet.generate_key()
# captcha.secret = CHANGEME

# Dimensions
# captcha.image_width = 300
# captcha.image_height = 80

# Any truetype font will do.
# /usr/share/fonts/liberation/LiberationMono-Regular.ttf lives in liberation-mono-fonts.
# /usr/share/fonts/pcaro-hermit/Hermit-medium.otf lives in pcaro-hermit-fonts package.
# captcha.font_path = /usr/share/fonts/liberation/LiberationMono-Regular.ttf
# captcha.font_size = 36

# Colors
# captcha.font_color = #000000
# captcha.background_color = #ffffff

# In pixels
# captcha.padding = 5

# If a captcha sits around for this many seconds, it will stop working.
# captcha.ttl = 300


# The URL for a datagrepper to use in various templates.
# datagrepper_url = https://apps.fedoraproject.org/datagrepper
# badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands


##
## Testing
##

## Query the wiki for test cases
# query_wiki_test_cases = False
# wiki_url = https://fedoraproject.org/w/api.php
# test_case_base_url = https://fedoraproject.org/wiki/

# URL of the resultsdb for integrating checks and stuff
# resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/

# Set this to True to enable gating based on policies enforced by Greenwave. If you set this to
# True, be sure to add a cron job to run the bodhi-check-policies CLI periodically.
# test_gating.required = False

# If this is set to a URL, a "More information about test gating" link will appear on update pages for users
# to click and learn more.
# test_gating.url =

# The API url of Greenwave.
# greenwave_api_url = https://greenwave-web-greenwave.app.os.fedoraproject.org/api/v1.0

# Email domain to prepend usernames to
# default_email_domain = fedoraproject.org

# domain for generated message IDs
# message_id_email_domain = admin.fedoraproject.org

##
## Masher settings
##

# Where to initially mash repositories. You can use %(here)s to reference the location of this file.
# mash_dir =

# The max number of mash threads running at the same time
# max_concurrent_mashes = 2

# Where to symlink the latest repos by their tag name. You can use %(here)s to reference the
# location of this file.
# mash_stage_dir =

# The following jinja2 template variables are available for use to customize the Pungi configs and
# variants files to the Release and Updates:
#
#  * 'id': The id of the Release being mashed.
#  * 'release': The Release being mashed.
#  * 'request': The request being mashed.
#  * 'updates': The Updates being mashed.
#
# NOTE: The jinja2 configuration for these templates replaces the {'s and }'s with ['s and ]'.
# e.g.: a block becomes [% if <something %], and a variable is [[ varname ]].

# The base path where pungi configs will be stored. You will need to put variants.xml templates
# inside pungi.basepath as well. These templates will have access to the same template variables
# described above, and should be named variants.rpm.xml.j2 and variants.module.xml.j2, for RPM
# composes and module composes, respectively.
# pungi.basepath = /etc/bodhi

# The Pungi executable to use when mashing.
# pungi.cmd = /usr/bin/pungi-koji

# The following settings reference filenames of jinja2 templates found in pungi.basepath to be used
# as Pungi configs for mashing modules or RPMs (The RPM config includes dnf, yum, and atomic repos).
# pungi.conf.module = pungi.module.conf
# pungi.conf.rpm = pungi.rpm.conf

# A space separated list of extra arguments to be passed on to Pungi during mashing.
# pungi.extracmdline =

# What to pass to Pungi's --label flag, which is metadata included in its composeinfo.json.
# pungi.labeltype = Update


##
## Mirror settings
##
# file_url: Used in the repo metadata to set RPM URLs.
# file_url = https://download.fedoraproject.org/pub/fedora/linux/updates

# {release}_{request}_master_repomd: This is used by the masher to determine when a
#     primary architecture push has been synchronized to the master mirror for a given release and
#     request. The masher will verify that the checksum of repomd.xml at the master URL matches the
#     expected value, and will poll the URL until this test passes. Substitute release and request
#     for each release id (replacing -'s with _'s) and request (stable, testing). Used for the
#     arches listed in {release}_{version}_primary_arches when it is defined, else used for all
#     arches. You must put two %s's in this setting - the first will be replaced with the release
#     version and the second will be replaced with the architecture.
# fedora_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/%s/%s/repodata/repomd.xml
# fedora_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora/linux/updates/testing/%s/%s/repodata/repomd.xml
# fedora_epel_stable_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/%s/%s/repodata/repomd.xml
# fedora_epel_testing_master_repomd = http://download01.phx2.fedoraproject.org/pub/epel/testing/%s/%s/repodata/repomd.xml

# {release}_{request}_alt_master_repomd: This is used by the masher to determine when a
#     secondary architecture push has been synchronized to the master mirror for a given release and
#     request. The masher will verify that the checksum of repomd.xml at the master URL matches the
#     expected value, and will poll the URL until this test passes. Substitute release and request
#     for each release id (replacing -'s with _'s) and request (stable, testing). Used for the
#     arches not listed in {release}_{version}_primary_arches if it is defined. You must put two
#     %s's in this setting - the first will be replaced with the release version and the second will
#     be replaced with the architecture.
# fedora_stable_alt_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora-secondary/updates/%s/%s/repodata/repomd.xml
# fedora_testing_alt_master_repomd = http://download01.phx2.fedoraproject.org/pub/fedora-secondary/updates/testing/%s/%s/repodata/repomd.xml


## The base url of this application
# base_address = https://admin.fedoraproject.org/updates/


## Primary architechures by release
##
## {release}_{version}_primary_arches: Releases that have alternative arches must define their
##      primary arches here. Any arches found during mashing that are not present here are asssumed
##      to be alternative arches. This is used during the wait_for_repo() step of the mash where
##      Bodhi polls the master repo to find out whether the mash has made it to the repo or not.
##      Bodhi looks for primary arches with the {release}_{request}_master_repomd setting above, and
##      for alternative arches at the {release}_{request}_alt_master_repomd setting above. If this
##      is not set, Bodhi will assume the release only has primary arches.
# fedora_26_primary_arches = armhfp x86_64

##
## Email setting
##

# The hostname of an SMTP server Bodhi can use to deliver e-mail.
# smtp_server =

# The updates system itself.  This email address is used in fetching Bugzilla
# information, as well as email notifications
# bodhi_email = updates@fedoraproject.org
# This is the password used to access Bodhi's bugzilla account.
# bodhi_password =

# The address that gets the requests
# release_team_address = bodhiadmin-members@fedoraproject.org

# Public lists where we send update announcements.
# These variables should be named per: Release.prefix_id.lower()_announce_list
# fedora_announce_list = package-announce@lists.fedoraproject.org
# fedora_test_announce_list = test@lists.fedoraproject.org
# fedora_epel_announce_list = epel-package-announce@lists.fedoraproject.org
# fedora_epel_test_announce_list = epel-devel@lists.fedoraproject.org

# Superuser groups
# admin_groups = proventesters security_respons bodhiadmin sysadmin-main

# Users that we don't want to show up in the "leaderboard(s)"
# stats_blacklist = bodhi anonymous autoqa taskotron

# A list of non-person users
# system_users = bodhi autoqa taskotron

# The max length for an update title before we truncate it in the web ui
# max_update_length_for_ui = 30

# The number of days used for calculating the 'top testers' metric
# top_testers_timeframe = 7

# This defaults to False.  We're disabling stacks for the initial release
# because, while you can create stacks, you can't automatically create updates
# *from* a stack (which was the whole point).  We'll work on that for a later
# release.
# stacks_enabled = False


# These are the default requirements that we apply to stacks, packages, and
# updates.  Users have free-reign to override them for each kind of entity.  At
# the end of the day, we only consider the requirements defined by single
# updates themselves when gating in the backend masher process.
# site_requirements = dist.rpmdeplint dist.upgradepath

# Cache settings
# dogpile.cache.backend = dogpile.cache.dbm
# dogpile.cache.expiration_time = 100
# dogpile.cache.arguments.filename = /var/cache/bodhi-dogpile-cache.dbm

# Exclude sending emails to these users
# exclude_mail = autoqa taskotron

##
## Buildsystem settings
##

# What buildsystem do we want to use?  For development, we'll use a fake
# buildsystem that always does what we tell it to do.  For production, we'll
# want to use 'koji'.
# buildsystem = dev

# Koji's XML-RPC hub
# koji_hub = https://koji.stg.fedoraproject.org/kojihub


# URL of where users should go to set up their notifications
# fmn_url = https://apps.fedoraproject.org/notifications/

# If this is defined, fedmenu's JS will be injected into the master template. Fedora's fedmenu URL
# is https://apps.fedoraproject.org/fedmenu and its data_url is
# https://apps.fedoraproject.org/js/data.js
# fedmenu.url =
# fedmenu.data_url =


# Koji krb5
# krb_principal =
# krb_keytab =
# krb_ccache=

##
## ACL system
## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below,
## 'pagure', which will query the pagure_url below, or 'dummy', which will
## always return guest credentials (used for local development).
##
# acl_system = dummy

##
## Package DB
##
# pkgdb_url = https://admin.fedoraproject.org/pkgdb

##
## Pagure
##
# pagure_url = https://src.fedoraproject.org/pagure/

##
## Product Definition Center (PDC)
##
# pdc_url = https://pdc.fedoraproject.org/


##
## Bug tracker settings
##
# Set this to bugzilla to turn on Bugzilla integration.
# bugtracker =

# A template that Bodhi will use when commenting on Bugzilla tickets when Updates that reference
# them are created. Positional substitution is used, and the three %s's will be filled in with the
# update title, the release's long name, and the URL to the update, respectively.
# initial_bug_msg = %s has been submitted as an update to %s. %s

# A template that Bodhi will use when commenting on Bugzilla tickets when Updates that reference
# them are marked stable. Positional substitution is used, and the first %s will be filled in with
# the update title and the second will be filled in with the release's long name and the update
# status.
# stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report.

# The following two templates are used to comment on Bugzilla tickets. %s will be substituted with
# the update's URL. The first is used for all updates, unless the epel setting in defined, which
# will be used for all Updates on Releases that have an id_prefix of FEDORA-EPEL.
# testing_bug_msg =
#     See https://fedoraproject.org/wiki/QA:Updates_Testing for
#     instructions on how to install test updates.
#     You can provide feedback for this update here: %s
# testing_bug_epel_msg =
#     See https://fedoraproject.org/wiki/QA:Updates_Testing for
#     instructions on how to install test updates.
#     You can provide feedback for this update here: %s


##
## Bugzilla settings.
##

# The username/password for our bugzilla account comes
# from the bodhi_{email,password} fields.

# A URL to a Bugzilla instance's xmlrpc.cgi script for Bodhi to use.
# bz_server = https://bugzilla.redhat.com/xmlrpc.cgi

# Bodhi will avoid touching bugs that are not against the following comma-separated products.
# Fedora's production Bodhi instance sets this to Fedora,Fedora EPEL
# bz_products =

# A template to use for links to Bugzilla tickets. %s will be filled in with the bug number.
# buglink = https://bugzilla.redhat.com/show_bug.cgi?id=%s


##
## Critical Path Packages
## https://fedoraproject.org/wiki/Critical_path_package
##

# You can allow Bodhi to query for critpath packages from the Fedora Package
# Database by setting this value to `pkgdb` or the Product Definition
# Center by setting this value to `pdc`. If it isn't set, it'll just use the
# hardcoded list below.
# critpath.type =

# You can hardcode a list of critical path packages instead of using the PkgDB
# or PDC. This is used if critpath.type is not defined.
# critpath_pkgs =

# The number of admin approvals it takes to be able to push a critical path
# update to stable for a pending release.
# critpath.num_admin_approvals = 2

# The net karma required to submit a critial path update to a pending release.
# critpath.min_karma = 2

# Allow critpath to submit for stable after 2 weeks with no negative karma
# critpath.stable_after_days_without_negative_karma = 14

# The minimum amount of time an update must spend in testing before
# it can reach the stable repository
fedora.mandatory_days_in_testing = 7
fedora_epel.mandatory_days_in_testing = 14

##
## Release status
##

# You can define alternative policies than the defaults for specific Releases by defining a setting
# of the form Release.name.status (with -'s removed from the name). You can set the status to any
# string you like, and then for each status, you can override the mandatory days in testing, the
# critpath number of admin approvals, and the critpath minimum karma. For example, if we want to set
# Fedora 28 as a pre-beta, and we want it to have different rules in pre-beta and post-beta, we
# could do something like this:
#f28.status = pre_beta
#f28.pre_beta.mandatory_days_in_testing = 3
#f28.pre_beta.critpath.num_admin_approvals = 0
#f28.pre_beta.critpath.min_karma = 1
#f28.post_beta.mandatory_days_in_testing = 7
#f28.post_beta.critpath.num_admin_approvals = 0
#f28.post_beta.critpath.min_karma = 2


##
## Buildroot Override
##

# Maximum number of days a buildroot override may expire in, from creation time.
# buildroot_limit = 31


##
## Groups
##

# FAS Groups that we want to pay attention to
# When a user logs in, bodhi will look for any of these groups and associate #
# them with the user. They will then appear as the users effective principals in
# the format "group:groupname" and can be used in Pyramid ACE's.
# important_groups = proventesters provenpackager releng security_respons packager bodhiadmin

# Groups that can push updates for any package
# admin_packager_groups = provenpackager releng security_respons

# User must be a member of this group to submit updates
# mandatory_packager_groups = packager


##
## updateinfo.xml configuraiton
##
# updateinfo_rights = Copyright (C) {CURRENT_YEAR} Red Hat, Inc. and others.

##
## Authentication & Authorization
##

# pyramid.openid settings.
# openid.success_callback = bodhi.server.security:remember_me
# openid.provider = https://id.fedoraproject.org/openid/
# openid.url = https://id.fedoraproject.org/
# openid_template = {username}.id.fedoraproject.org
# openid.sreg_required = email
# If this is undefined, Bodhi will concatenate the groups listed in the following other settings
# from this file: important_groups, admin_packager_groups, mandatory_packager_groups, and
# admin_groups. You likely want this default, but can override it here if you know what you are
# doing. You can also override it here if you do not know what you are doing, but that would be
# unadvisable.
# openid.groups = DEFAULT_DOCUMENTED_ABOVE


# CORS allowed origins for cornice services
# This can be wide-open.  read-only, we don't care as much about.
cors_origins_ro = *
# This should be more locked down to avoid cross-site request forgery.
cors_origins_rw = https://bodhi.fedoraproject.org

cors_connect_src = https://*.fedoraproject.org/ wss://hub.fedoraproject.org:9939/


##
## Pyramid settings
##
pyramid.reload_templates = true
pyramid.debug_authorization = true
pyramid.debug_notfound = true
pyramid.debug_routematch = true
pyramid.default_locale_name = en

pyramid.includes =
    pyramid_tm

debugtoolbar.hosts = 127.0.0.1 ::1

##
## Database
##
# This must be a PostgreSQL database. It is weirdly defaulted to sqlite, but that would not be
# suitable for a production environment. You can encode a username and password in the URL. For
# example, postgresql://username:password@hostname/database_name
# sqlalchemy.url = sqlite:////var/cache/bodhi.db

##
## Templates
##
# Where Bodhi's templates are stored. You likely don't want or need to adjust this setting.
# mako.directories = bodhi:server/templates

##
## Authentication & Sessions
##

# CHANGE THESE IN PRODUCTION!
# authtkt.secret = CHANGEME
# session.secret = CHANGEME
# authtkt.secure = True
# How long should an authorization ticket be valid for, in seconds? Defaults to one day.
# authtkt.timeout = 86400


# pyramid_beaker
session.type = file
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = mykey
session.cookie_on_exception = true
# Tell the browser to only send the cookie over TLS
session.secure = true
# Create a cookie that is only valid for one day
session.timeout = 86400
cache.regions = default_term, second, short_term, long_term
cache.type = memory
cache.second.expire = 1
cache.short_term.expire = 60
cache.default_term.expire = 300
cache.long_term.expire = 3600

[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543

[pshell]
m = bodhi.server.models
#db = bodhi.server.util.pshell_db
t = transaction

# Begin logging configuration

[loggers]
keys = root, bodhi, sqlalchemy

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console

[logger_bodhi]
level = DEBUG
handlers =
qualname = bodhi

[logger_sqlalchemy]
level = INFO
handlers =
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither.  (Recommended for production systems.)

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s

# End logging configuration