production.ini

[app:main]
use = egg:bodhi-server

##
## Messages
##

# A notice to flash on the front page
frontpage_notice =

# A notice to flash on the New Update page
newupdate_notice =

testing_approval_msg = This update has reached %d days in testing and can be pushed to stable now if the maintainer wishes
not_yet_tested_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/Package_update_acceptance_criteria">Package Update Acceptance Criteria</a>
not_yet_tested_epel_msg = This update has not yet met the minimum testing requirements defined in the <a href="https://fedoraproject.org/wiki/EPEL_Updates_Policy">EPEL Update Policy</a>
stablekarma_comment = This update has reached the stable karma threshold and will be pushed to the stable updates repository

testing_approval_msg_based_on_karma = This update has reached the stable karma threshold and can be pushed to stable now if the maintainer wishes.
not_yet_tested_msg_based_on_karma = This update has not reached the stable karma threshold.

# Libravatar - If this is true libravatar will work as normal. Otherwise, all
# libravatar links will be replaced with the string "libravatar.org" so that
# the tests can still pass.
libravatar_enabled = True
# Set this to true if you want to do federated dns libravatar lookup
libravatar_dns = False

# Set this to True in order to send fedmsg messages.
#fedmsg_enabled = True


# Captcha - if 'captcha.secret' is not None, then it will be used for comments
# captcha.secret must be 32 url-safe base64-encoded bytes
# you can generate afresh with >>> cryptography.fernet.Fernet.generate_key()
captcha.secret = CHANGEME
# Dimensions
captcha.image_width = 300
captcha.image_height = 80
# Any truetype font will do.
# This font lives in pcaro-hermit-fonts package
captcha.font_path = /usr/share/fonts/pcaro-hermit/Hermit-medium.otf
captcha.font_size = 36
# Colors
captcha.font_color = #000000
captcha.background_color = #ffffff
# In pixels
captcha.padding = 5
# If a captcha sits around for this many seconds, it will stop working.
captcha.ttl = 300

#datagrepper_url = http://localhost:5000
datagrepper_url = https://apps.fedoraproject.org/datagrepper
badge_ids = binary-star|both-bull-and-self-transcended-tester-viii|catching-the-bull-tester-iv|corporate-drone|corporate-overlord|corporate-shill|discovery-of-the-footprints-tester-ii|in-search-of-the-bull-tester-i|is-this-thing-on-updates-testing-i|is-this-thing-on-updates-testing-ii|is-this-thing-on-updates-testing-iii|is-this-thing-on-updates-testing-iv|it-still-works!|like-a-rock-updates-stable-i|like-a-rock-updates-stable-ii|like-a-rock-updates-stable-iii|like-a-rock-updates-stable-iv|mic-check!-updates-testing-v|missed-the-train|override,-you-say|perceiving-the-bull-tester-iii|reaching-the-source-tester-ix|return-to-society-tester-x|riding-the-bull-home-tester-vi|stop-that-update!|take-this-and-call-me-in-the-morning|taming-the-bull-tester-v|tectonic!-updates-stable-v|the-bull-transcended-tester-vii|what-goes-around-comes-around-karma-i|what-goes-around-comes-around-karma-ii|what-goes-around-comes-around-karma-iii|what-goes-around-comes-around-karma-iv|white-hat|you-can-pry-it-from-my-cold,-dead-hands


##
## Wiki Test Cases
##

## Query the wiki for test cases
query_wiki_test_cases = False
wiki_url = https://fedoraproject.org/w/api.php
test_case_base_url = https://fedoraproject.org/wiki/

# Email domain to prepend usernames to
default_email_domain = fedoraproject.org

# domain for generated message IDs
message_id_email_domain = admin.fedoraproject.org

##
## Mash settings
##

# If defined, the bodhi masher will ensure that messages are signed with the given cert
#releng_fedmsg_certname = releng-releng04.phx2.fedoraproject.org

# The masher is a bodhi instance that is responsible for composing the update
# repositories, regenerating metrics, sending update notices, closing bugs,
# and other costly operations.  To set an external masher, set the masher to
# the baseurl of the bodhi instance.  If set to None, this bodhi instance
# will act as a masher as well.
#masher = None

# Where to initially mash repositories
mash_dir = %(here)s/masher/mash/

# Where to symlink the latest repos by their tag name
mash_stage_dir = %(here)s/masher/

mash_conf = /etc/mash/mash.conf

createrepo_cache_dir = /var/cache/createrepo

## Our periodic jobs
#jobs = clean_repo nagmail fix_bug_titles cache_release_data approve_testing_updates
jobs = cache_release_data refresh_metrics approve_testing_updates

## Comps configuration
comps_dir = /usr/share/bodhi/
comps_url = https://git.fedorahosted.org/comps.git

##
## Mirror settings
##
file_url = https://download.fedoraproject.org/pub/fedora/linux/updates
master_repomd = http://download.fedora.redhat.com/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml
fedora_master_repomd = http://download.fedora.redhat.com/pub/fedora/linux/updates/%d/i386/repodata/repomd.xml
fedora_epel_master_repomd = http://download.fedora.redhat.com/pub/epel/%d/i386/repodata/repomd.xml

## The base url of this application
base_address = https://admin.fedoraproject.org/updates/

## Supported update types
update_types = bugfix enhancement security newpackage

## Supported architechures
##
## To handle arch name changes between releases, you
## can also configure bodhi to support one arch *or*
## another. For example, EPEL5 mashes produce 'ppc'
## repos, where EPEL6 produces 'ppc64'. To handle this
## scenario, you can specify something like:
##
##   arches = ppc/ppc64
##
arches = x86_64 i386 armhfp

##
## Email setting
##

smtp_server = bastion

# The updates system itself.  This email address is used in fetching Bugzilla
# information, as well as email notifications
bodhi_email = updates@fedoraproject.org
#bodhi_password =

# The address that gets the requests
release_team_address = bodhiadmin-members@fedoraproject.org

# The address to notify when security updates are initially added to bodhi
security_team = security_respons-members@fedoraproject.org

# Public announcement lists
fedora_announce_list = package-announce@lists.fedoraproject.org
fedora_test_announce_list = test@lists.fedoraproject.org
fedora_epel_announce_list = epel-package-announce@lists.fedoraproject.org
fedora_epel_test_announce_list = epel-devel@lists.fedoraproject.org

# Superuser groups
admin_groups = proventesters security_respons bodhiadmin sysadmin-main

# Users that we don't want to show up in the "leaderboard(s)"
stats_blacklist = bodhi anonymous autoqa taskotron

# A list of non-person users
system_users = bodhi autoqa taskotron

# The max length for an update title before we truncate it in the web ui
max_update_length_for_ui = 70

# The number of days used for calculating the 'top testers' metric
top_testers_timeframe = 900

# The email address of the proventesters
proventesters_email = proventesters-members@fedoraproject.org

# This defaults to False.  We're disabling stacks for the initial release
# because, while you can create stacks, you can't automatically create updates
# *from* a stack (which was the whole point).  We'll work on that for a later
# release.
stacks_enabled = False


# These are the default requirements that we apply to stacks, packages, and
# updates.  Users have free-reign to override them for each kind of entity.  At
# the end of the day, we only consider the requirements defined by single
# updates themselves when gating in the backend masher process.
site_requirements = depcheck upgradepath
## Some day we'll have rpmgrill, and that will be cool.  Ask tflink.
#site_requirements = depcheck upgradepath rpmgrill

# Where do we send update announcements to ?
# These variables should be named per: Release.prefix_id.lower()_announce_list
#fedora_announce_list =
#fedora_test_announce_list =
#fedora_epel_announce_list =
#fedora_epel_test_announce_list =

# Cache settings
dogpile.cache.backend = dogpile.cache.dbm
dogpile.cache.expiration_time = 100
dogpile.cache.arguments.filename = /var/cache/bodhi-dogpile-cache.dbm

# Exclude sending emails to these users
exclude_mail = autoqa taskotron

##
## Buildsystem settings
##

# What buildsystem do we want to use?  For development, we'll use a fake
# buildsystem that always does what we tell it to do.  For production, we'll
# want to use 'koji'.
buildsystem = dev

# Koji's XML-RPC hub
koji_hub = https://koji.stg.fedoraproject.org/kojihub

# Root url of the Koji instance to point to. No trailing slash
koji_url = http://koji.stg.fedoraproject.org

# URL of where users should go to set up their notifications
fmn_url = https://apps.fedoraproject.org/notifications/

# URL of the resultsdb for integrating checks and stuff
resultsdb_url = https://taskotron.fedoraproject.org/resultsdb/
resultsdb_api_url = https://taskotron.fedoraproject.org/resultsdb_api/

# Koji krb5
#krb_principal =
#krb_keytab =
#krb_ccache=

##
## ACL system
## Choices are 'pkgdb', which will send a JSON query to the pkgdb_url below,
## or 'dummy', which will always return guest credentials (used for local
## development).
##
acl_system = dummy

##
## Package DB
##
pkgdb_url = https://admin.fedoraproject.org/pkgdb

# We used to get our package tags from pkgdb, but they come from tagger now.
# https://github.com/fedora-infra/fedora-tagger/pull/74
#pkgtags_url = https://apps.fedoraproject.org/tagger/api/v1/tag/sqlitebuildtags/

##
## Bug tracker settings
##
#bugtracker = bugzilla

initial_bug_msg = %s has been submitted as an update to %s. %s
stable_bug_msg = %s has been pushed to the %s repository. If problems still persist, please make note of it in this bug report.
testing_bug_msg =
    See https://fedoraproject.org/wiki/QA:Updates_Testing for
    instructions on how to install test updates.
    You can provide feedback for this update here: %s
testing_bug_epel_msg =
    See https://fedoraproject.org/wiki/QA:Updates_Testing for
    instructions on how to install test updates.
    You can provide feedback for this update here: %s

##
## Bugzilla settings.
##

# The username/password for our bugzilla account comes
# from the bodhi_{email,password} fields.

bz_server = https://bugzilla.redhat.com/xmlrpc.cgi
#bz_cookie =

# Bodhi will avoid touching bugs that are not against the following products
bz_products = Fedora,Fedora EPEL

buglink = https://bugzilla.redhat.com/show_bug.cgi?id=%s

##
## Packages that should suggest a reboot
##
reboot_pkgs = kernel kernel-smp kernel-xen-hypervisor kernel-PAE kernel-xen0 kernel-xenU kernel-xen kernel-xen-guest glibc hal dbus

##
## Critical Path Packages
## https://fedoraproject.org/wiki/Critical_path_package
##

# Enable this to query the Fedora Package Database for the list of Critical
# Path Packages.  If disabled, it'll just use the hardcoded list below.
#critpath.type = pkgdb

# You can hardcode a list of critical path packages instead of using the PackageDB
critpath_pkgs = kernel

# The number of admin approvals it takes to be able to push a critical path
# update to stable for a pending release.
critpath.num_admin_approvals = 0

# The net karma required to submit a critial path update to a pending release)
critpath.min_karma = 2

# Allow critpath to submit for stable after 2 weeks with no negative karma
critpath.stable_after_days_without_negative_karma = 14

# The minimum amount of time an update must spend in testing before
# it can reach the stable repository
fedora.mandatory_days_in_testing = 7
fedora_epel.mandatory_days_in_testing = 14

##
## Release status
##

# Pre-beta enforces the Pre Beta policy defined here:
# https://fedoraproject.org/wiki/Updates_Policy
#f15.status = 'pre_beta'
#f15.pre_beta.mandatory_days_in_testing = 3
#f15.pre_beta.critpath.num_admin_approvals = 0
#f15.pre_beta.critpath.min_karma = 1

# For test cases.
f7.status = post_beta
f7.post_beta.mandatory_days_in_testing = 7
f7.post_beta.critpath.num_admin_approvals = 0
f7.post_beta.critpath.min_karma = 2

# The number of days worth of updates/comments to display
feeds.num_days_to_show = 7
feeds.max_entries = 20

##
## Buildroot Override
##

# Number of days before expiring overrides
buildroot_overrides.expire_after = 1

##
## Groups
##

# FAS Groups that we want to pay attention to
# When a user logs in, bodhi will look for any of these groups and associate #
# them with the user. They will then appear as the users effective principals in
# the format "group:groupname" and can be used in Pyramid ACE's.
important_groups = proventesters provenpackager releng security_respons packager bodhiadmin

# Groups that can push updates for any package
admin_packager_groups = provenpackager releng security_respons

# User must be a member of this group to submit updates
mandatory_packager_groups = packager

##
## updateinfo.xml configuraiton
##
updateinfo_rights = Copyright (C) 2015 Red Hat, Inc. and others.

##
## Authentication & Authorization
##

# pyramid.openid
openid.success_callback = bodhi.server.security:remember_me
openid.provider = https://id.fedoraproject.org/openid/
openid_template = {username}.id.fedoraproject.org

# CORS allowed origins for cornice services
# This can be wide-open.  read-only, we don't care as much about.
cors_origins_ro = *
# This should be more locked down to avoid cross-site request forgery.
cors_origins_rw = https://bodhi.fedoraproject.org

cors_connect_src = https://*.fedoraproject.org/ wss://hub.fedoraproject.org:9939/

##
## Pyramid settings
##
pyramid.reload_templates = true
pyramid.debug_authorization = true
pyramid.debug_notfound = true
pyramid.debug_routematch = true
pyramid.default_locale_name = en

pyramid.includes =
    pyramid_tm

debugtoolbar.hosts = 127.0.0.1 ::1

##
## Database
##
# XXX - you should really change this to postgres
sqlalchemy.url = sqlite:////var/cache/bodhi.db

##
## Templates
##
mako.directories = bodhi:server/templates

##
## Authentication & Sessions
##

# CHANGE THESE IN PRODUCTION!
authtkt.secret = changethisinproduction!
session.secret = ChangeThisSecret!!1
authtkt.secure = false

# pyramid_beaker
session.type = file
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = mykey
session.cookie_on_exception = true
cache.regions = default_term, second, short_term, long_term
cache.type = memory
cache.second.expire = 1
cache.short_term.expire = 60
cache.default_term.expire = 300
cache.long_term.expire = 3600

[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543

[pshell]
m = bodhi.server.models
#db = bodhi.server.util.pshell_db
t = transaction

# Begin logging configuration

[loggers]
keys = root, bodhi, sqlalchemy

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console

[logger_bodhi]
level = DEBUG
handlers =
qualname = bodhi

[logger_sqlalchemy]
level = INFO
handlers =
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither.  (Recommended for production systems.)

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s

# End logging configuration