1
0

configuration.rst 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675
  1. Configuration
  2. =============
  3. Pagure offers a wide varieties of options that must or can be used to
  4. adjust its behavior.
  5. Must options
  6. ------------
  7. Here are the options you must set up in order to get pagure running.
  8. SECRET_KEY
  9. ~~~~~~~~~~
  10. This configuration key is used by flask to create the session. It should be kept secret
  11. and set as a long and random string.
  12. SALT_EMAIL
  13. ~~~~~~~~~~
  14. This configuration key is used to ensure that when sending
  15. notifications to different users, each one of them has a different, unique
  16. and unfakeable ``Reply-To`` header. This header is then used by the milter to find
  17. out if the response received is a real one or a fake/invalid one.
  18. DB_URL
  19. ~~~~~~
  20. This configuration key indicates to the framework how and where to connect to the database
  21. server. Pagure uses `SQLAchemy <http://www.sqlalchemy.org/>`_ to connect
  22. to a wide range of database server including MySQL, PostgreSQL, and SQLite.
  23. Examples values:
  24. ::
  25. DB_URL = 'mysql://user:pass@host/db_name'
  26. DB_URL = 'postgres://user:pass@host/db_name'
  27. DB_URL = 'sqlite:////var/tmp/pagure_dev.sqlite'
  28. Defaults to ``sqlite:////var/tmp/pagure_dev.sqlite``
  29. APP_URL
  30. ~~~~~~~
  31. This configuration key indicates the URL at which this pagure instance will be made available.
  32. Defaults to: ``https://pagure.org/``
  33. EMAIL_ERROR
  34. ~~~~~~~~~~~
  35. Pagure sends email when it catches an unexpected error (which saves you from
  36. having to monitor the logs regularly; but if you like, the error is still
  37. present in the logs).
  38. This configuration key allows you to specify to which email address to send
  39. these error reports.
  40. GIT_URL_SSH
  41. ~~~~~~~~~~~
  42. This configuration key provides the information to the user on how to clone
  43. the git repos hosted on pagure via `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_.
  44. The URL should end with a slash ``/``.
  45. Defaults to: ``'ssh://git@pagure.org/'``
  46. GIT_URL_GIT
  47. ~~~~~~~~~~~
  48. This configuration key provides the information to the user on how to clone
  49. the git repos hosted on pagure anonymously. This access can be granted via
  50. the ``git://`` or ``http(s)://`` protocols.
  51. The URL should end with a slash ``/``.
  52. Defaults to: ``'git://pagure.org/'``
  53. Repo Directories
  54. ----------------
  55. Each project in pagure has 4 git repositories:
  56. - the main repo for the code
  57. - the doc repo showed in the doc server
  58. - the ticket repo storing the metadata of the tickets
  59. - the request repo storing the metadata of the pull-requests
  60. There are then another 3 folders: one for specifying the locations of the forks, one
  61. for the remote git repo used for the remotes pull-requests (ie: those coming from
  62. a project not hosted on this instance of pagure), and one for user-uploaded tarballs.
  63. GIT_FOLDER
  64. ~~~~~~~~~~
  65. This configuration key points to the folder where the git repos for the
  66. source code of the projects are stored.
  67. DOCS_FOLDER
  68. ~~~~~~~~~~~
  69. This configuration key points to the folder where the git repos for the
  70. documentation of the projects are stored.
  71. TICKETS_FOLDER
  72. ~~~~~~~~~~~~~~
  73. This configuration key points to the folder where the git repos for the
  74. metadata of the tickets opened against the project are stored .
  75. REQUESTS_FOLDER
  76. ~~~~~~~~~~~~~~~
  77. This configuration key points to the folder where the git repos for the
  78. metadata of the pull-requests opened against the project are stored.
  79. REMOTE_GIT_FOLDER
  80. ~~~~~~~~~~~~~~~~~
  81. This configuration key points to the folder where the remote git repos (ie:
  82. not hosted on pagure) that someone used to open a pull-request against a
  83. project hosted on pagure are stored.
  84. UPLOAD_FOLDER_PATH
  85. ~~~~~~~~~~~~~~~~~~
  86. This configuration key points to the folder where user-uploaded tarballs
  87. are stored and served from.
  88. UPLOAD_FOLDER_URL
  89. ~~~~~~~~~~~~~~~~~~
  90. Full URL to where the uploads are available. It is highly recommended for
  91. security reasons that this URL lives on a different domain than the main
  92. application (an entirely different domain, not just a sub-domain).
  93. Defaults to: ``/releases/``, unsafe for production!
  94. .. warning:: both `UPLOAD_FOLDER_PATH` and `UPLOAD_FOLDER_URL` must be
  95. specified for the upload release feature to work
  96. SESSION_COOKIE_SECURE
  97. ~~~~~~~~~~~~~~~~~~~~~
  98. When this is set to True, the session cookie will only be returned to the
  99. server via ssl (https). If you connect to the server via plain http, the
  100. cookie will not be sent. This prevents sniffing of the cookie contents.
  101. This may be set to False when testing your application but should always
  102. be set to True in production.
  103. Defaults to: ``False`` for development, must be ``True`` in production with
  104. https.
  105. FROM_EMAIL
  106. ~~~~~~~~~~
  107. This configuration key specifies the email address used by this pagure instance
  108. when sending emails (notifications).
  109. Defaults to: ``pagure@pagure.org``
  110. DOMAIN_EMAIL_NOTIFICATIONS
  111. ~~~~~~~~~~~~~~~~~~~~~~~~~~
  112. This configuration key specifies the domain used by this pagure instance
  113. when sending emails (notifications). More precisely, it is used
  114. when building the ``msg-id`` header of the emails sent.
  115. Defaults to: ``pagure.org``
  116. VIRUS_SCAN_ATTACHMENTS
  117. ~~~~~~~~~~~~~~~~~~~~~~
  118. This configuration key configures whether attachments are scanned for viruses on
  119. upload. For more information, see the install.rst guide.
  120. Defaults to: ``False``
  121. Configure Gitolite
  122. ------------------
  123. Pagure uses `gitolite <http://gitolite.com/>`_ as an authorization layer.
  124. Gitolite relies on `SSH <https://en.wikipedia.org/wiki/Secure_Shell>`_ for
  125. the authentication. In other words, SSH lets you in and gitolite checks if you
  126. are allowed to do what you are trying to do once you are inside.
  127. GITOLITE_HOME
  128. ~~~~~~~~~~~~~
  129. This configuration key points to the home directory of the user under which
  130. gitolite is ran.
  131. GITOLITE_VERSION
  132. ~~~~~~~~~~~~~~~~
  133. This configuration key specifies which version of gitolite you are
  134. using, it can be either ``2`` or ``3``.
  135. Defaults to: ``3``.
  136. GITOLITE_KEYDIR
  137. ~~~~~~~~~~~~~~~
  138. This configuration key points to the folder where gitolite stores and accesses
  139. the public SSH keys of all the user have access to the server.
  140. Since pagure is the user interface, it is pagure that writes down the files
  141. in this directory, effectively setting up the users to be able to use gitolite.
  142. GITOLITE_CONFIG
  143. ~~~~~~~~~~~~~~~
  144. This configuration key points to the gitolite.conf file where pagure writes
  145. the gitolite repository access configuration.
  146. GL_RC
  147. ~~~~~
  148. This configuration key points to the file ``gitolite.rc`` used by gitolite
  149. to record who has access to what (ie: who has access to which repo/branch).
  150. GL_BINDIR
  151. ~~~~~~~~~
  152. This configuration key indicates the folder in which the gitolite tools can
  153. be found. It can be as simple as ``/usr/bin/`` if the tools have been installed
  154. using a package manager or something like ``/opt/bin/`` for a more custom
  155. install.
  156. EventSource options
  157. -------------------
  158. EVENTSOURCE_SOURCE
  159. ~~~~~~~~~~~~~~~~~~
  160. This configuration key indicates the URL at which the EventSource server is
  161. available. If not defined, pagure will behave as if there are no EventSource
  162. server running.
  163. EVENTSOURCE_PORT
  164. ~~~~~~~~~~~~~~~~
  165. This configuration key indicates the port at which the EventSource server is
  166. running.
  167. .. note:: The EventSource server requires a redis server (see ``Redis options``
  168. below)
  169. Web-hooks notifications
  170. -----------------------
  171. WEBHOOK
  172. ~~~~~~~
  173. This configuration key allows turning on or off web-hooks notifications for
  174. this pagure instance.
  175. Defaults to: ``False``.
  176. .. note:: The Web-hooks server requires a redis server (see ``Redis options``
  177. below)
  178. Redis options
  179. -------------
  180. REDIS_HOST
  181. ~~~~~~~~~~
  182. This configuration key indicates the host at which the `redis <http://redis.io/>`_
  183. server is running.
  184. Defaults to: ``0.0.0.0``.
  185. REDIS_PORT
  186. ~~~~~~~~~~
  187. This configuration key indicates the port at which the redis server can be
  188. contacted.
  189. Defaults to: ``6379``.
  190. REDIS_DB
  191. ~~~~~~~~
  192. This configuration key indicates the name of the redis database to use for
  193. communicating with the EventSource server.
  194. Defaults to: ``0``.
  195. Authentication options
  196. ----------------------
  197. ADMIN_GROUP
  198. ~~~~~~~~~~~
  199. List of groups, either local or remote (if the openid server used supports the
  200. group extension), that are the site admins. These admins can regenerate the
  201. gitolite configuration, the ssh key files, and the hook-token for every project
  202. as well as manage users and groups.
  203. PAGURE_ADMIN_USERS
  204. ~~~~~~~~~~~~~~~~~~
  205. List of local users that are the site admins. These admins have the same rights as
  206. the users in the admin groups listed above as well as admin rights to
  207. all projects hosted on this pagure instance.
  208. Optional options
  209. ----------------
  210. SSH_KEYS
  211. ~~~~~~~~
  212. It is a good practice to publish the fingerprint and public SSH key of a
  213. server you provide access to.
  214. Pagure offers the possibility to expose this information based on the values
  215. set in the configuration file, in the ``SSH_KEYS`` configuration key.
  216. See the `SSH hostkeys/Fingerprints page on pagure.io <https://pagure.io/ssh_info>`_.
  217. .. warning: The format is important
  218. SSH_KEYS = {'RSA': {'fingerprint': '<foo>', 'pubkey': '<bar>'}}
  219. Where `<foo>` and `<bar>` must be replaced by your values.
  220. ITEM_PER_PAGE
  221. ~~~~~~~~~~~~~
  222. This configuration key allows you to configure the length of a page by
  223. setting the number of items on the page. Items can be commits, users, groups,
  224. or projects for example.
  225. Defaults to: ``50``.
  226. SMTP_SERVER
  227. ~~~~~~~~~~~
  228. This configuration key specifies the SMTP server to use when
  229. sending emails.
  230. Defaults to: ``localhost``.
  231. SMTP_PORT
  232. ~~~~~~~~~
  233. This configuration key specifies the SMTP server port.
  234. SMTP by default uses TCP port 25. The protocol for mail submission is
  235. the same, but uses port 587.
  236. SMTP connections secured by SSL, known as SMTPS, default to port 465
  237. (nonstandard, but sometimes used for legacy reasons).
  238. Defaults to: ``25``
  239. SMTP_SSL
  240. ~~~~~~~~
  241. This configuration key specifies whether the SMTP connections
  242. should be secured over SSL.
  243. Defaults to: ``False``
  244. SMTP_USERNAME
  245. ~~~~~~~~~~~~~
  246. This configuration key allows usage of SMTP with auth.
  247. Note: Specify SMTP_USERNAME and SMTP_PASSWORD for using SMTP auth
  248. Defaults to: ``None``
  249. SMTP_PASSWORD
  250. ~~~~~~~~~~~~~
  251. This configuration key allows usage of SMTP with auth.
  252. Note: Specify SMTP_USERNAME and SMTP_PASSWORD for using SMTP auth
  253. Defaults to: ``None``
  254. SHORT_LENGTH
  255. ~~~~~~~~~~~~
  256. This configuration key specifies the length of the commit ids or
  257. file hex displayed in the user interface.
  258. Defaults to: ``6``.
  259. BLACKLISTED_PROJECTS
  260. ~~~~~~~~~~~~~~~~~~~~
  261. This configuration key specifies a list of project names that are forbidden.
  262. This list is used for example to avoid conflicts at the URL level between the
  263. static files located under ``/static/`` and a project that would be named
  264. ``static`` and thus be located at ``/static``.
  265. Defaults to:
  266. ::
  267. [
  268. 'static', 'pv', 'releases', 'new', 'api', 'settings',
  269. 'logout', 'login', 'users', 'groups'
  270. ]
  271. CHECK_SESSION_IP
  272. ~~~~~~~~~~~~~~~~
  273. This configuration key specifies whether to check the user's IP
  274. address when retrieving its session. This makes things more secure but
  275. under certain setups it might not work (for example if there
  276. are proxies in front of the application).
  277. Defaults to: ``True``.
  278. PAGURE_AUTH
  279. ~~~~~~~~~~~~
  280. This configuration key specifies which authentication method to use.
  281. Pagure currently supports two authentication methods: one relying on the
  282. Fedora Account System `FAS <https://admin.fedoraproject.org/accounts>`_,
  283. and the other using only the local database.
  284. It can therefore be either ``fas`` or ``local``.
  285. Defaults to: ``fas``.
  286. IP_ALLOWED_INTERNAL
  287. ~~~~~~~~~~~~~~~~~~~
  288. This configuration key specifies which IP addresses are allowed
  289. to access the internal API endpoint. These endpoints are accessed by the
  290. milters for example and allow performing actions in the name of someone else
  291. which is sensitive, thus the origin of the request using
  292. these endpoints is validated.
  293. Defaults to: ``['127.0.0.1', 'localhost', '::1']``.
  294. MAX_CONTENT_LENGTH
  295. ~~~~~~~~~~~~~~~~~~
  296. This configuration key specifies the maximum file size allowed when
  297. uploading content to pagure (for example, screenshots to a ticket).
  298. Defaults to: ``4 * 1024 * 1024`` which corresponds to 4 megabytes.
  299. ENABLE_TICKETS
  300. ~~~~~~~~~~~~~~
  301. This configuration key activates or deactivates the ticketing system
  302. for all the projects hosted on this pagure instance.
  303. Defaults to: ``True``
  304. ENABLE_NEW_PROJECTS
  305. ~~~~~~~~~~~~~~~~~~~
  306. This configuration key permits or forbids creation of new projects via
  307. the user interface of this pagure instance.
  308. Defaults to: ``True``
  309. ENABLE_DEL_PROJECTS
  310. ~~~~~~~~~~~~~~~~~~~
  311. This configuration key permits or forbids deletion of projects via
  312. the user interface of this pagure instance.
  313. Defaults to: ``True``
  314. EMAIL_SEND
  315. ~~~~~~~~~~
  316. This configuration key enables or disables all email notifications for
  317. this pagure instance. This can be useful to turn off when developing on
  318. pagure, or for test or pre-production instances.
  319. Defaults to: ``False``.
  320. .. note::
  321. This does not disable emails to the email address set in ``EMAIL_ERROR``.
  322. OLD_VIEW_COMMIT_ENABLED
  323. ~~~~~~~~~~~~~~~~~~~~~~~
  324. In version 1.3, pagure changed its URL scheme to view the commit of a
  325. project in order to add support for pseudo-namespaced projects.
  326. For pagure instances older than 1.3, who care about backward compatibility,
  327. we added an endpoint ``view_commit_old`` that brings URL backward
  328. compatibility for URLs using the complete git hash (the 40 characters).
  329. For URLs using a shorter hash, the URLs will remain broken.
  330. This configuration key enables or disables this backward compatibility
  331. which is useful for pagure instances running since before 1.3 but is not
  332. for newer instances.
  333. Defaults to: ``False``.
  334. PAGURE_CI_SERVICES
  335. ~~~~~~~~~~~~~~~~~~
  336. Pagure can be configure to integrate results of a Continuous Integration (CI)
  337. service to pull-requests open against a project.
  338. To enable this integration, follow the documentation on how to install
  339. pagure-ci and set this configuration key to ``['jenkins']`` (Jenkins being
  340. the only CI service supported at the moment).
  341. Defaults to: ``None``.
  342. .. warning:: Requires `Redis` to be configured and running.
  343. INSTANCE_NAME
  344. ~~~~~~~~~~~~~
  345. This allows giving a name to this running instance of pagure. The name is
  346. then used in the welcome screen shown upon first login.
  347. Defaults to: ``Pagure``
  348. .. note: the welcome screen currently does not work with the `local`
  349. authentication.
  350. USER_NAMESPACE
  351. ~~~~~~~~~~~~~~
  352. This configuration key allows to enforce that project are namespaced under
  353. the user's username, behaving in this way in a similar fashion as github.com
  354. or gitlab.com.
  355. Defaults to: ``False``
  356. DOC_APP_URL
  357. ~~~~~~~~~~~
  358. This configuration key allows you to specify where the documentation server
  359. is running (preferably in a different domain name entirely).
  360. If not set, the documentation page will show an error message saying that
  361. this pagure instance does not have a documentation server.
  362. Defaults to: ``None``
  363. PRIVATE_PROJECTS
  364. ~~~~~~~~~~~~~~~~
  365. This configuration key allows you to host private repositories. These
  366. repositories are visible only to the creator of the repository and to the
  367. users who are given access to the repository. No information is leaked about the
  368. private repository which means redis doesn't have the access to the repository
  369. and even fedmsg doesn't get any notifications.
  370. Defaults to: ``False``
  371. EXCLUDE_GROUP_INDEX
  372. ~~~~~~~~~~~~~~~~~~~
  373. This configuration key can be used to hide project an user has access to via
  374. one of the groups listed in this key.
  375. The use-case is the following: the Fedora project is deploying pagure has a
  376. front-end for the git repos of the packages in the distribution, that means
  377. about 17,000 git repositories in pagure. The project has a group of people
  378. that have access to all of these repositories, so when viewing the user's
  379. page of one member of that group, instead of seeing all the project that
  380. this user works on, you can see all the projects hosted in that pagure
  381. instance. Using this configuration key, pagure will hide all the projects
  382. that this user has access to via the specified groups and thus return only
  383. the groups of forks of that users.
  384. Defaults to: ``[]``
  385. TRIGGER_CI
  386. ~~~~~~~~~~
  387. A run of pagure-ci can be manually triggered if some key sentences are added
  388. as comment to a pull-request. This allows to re-run a test that failed due
  389. to some network outage or other unexpected issues unrelated to the test
  390. suite.
  391. This configuration key allows to define all the sentences that can be used
  392. to trigger this pagure-ci run.
  393. Defaults to: ``['pretty please pagure-ci rebuild']``
  394. .. note:: The sentences defined in this configuration key should be lower
  395. case only!
  396. Deprecated configuration keys
  397. -----------------------------
  398. FORK_FOLDER
  399. ~~~~~~~~~~~
  400. This configuration key used to be use to specify the folder where the forks
  401. are placed. Since the release 2.0 of pagure, it has been deprecated, forks
  402. are now automatically placed in a sub-folder of the folder containing the
  403. mains git repositories (ie ``GIT_FOLDER``).
  404. See the ``UPGRADING.rst`` file for more information about this change and
  405. how to handle it.
  406. UPLOAD_FOLDER
  407. ~~~~~~~~~~~~~
  408. This configuration key used to be use to specify where the uploaded releases
  409. are available. It has been replaced by `UPLOAD_FOLDER_PATH` in the release
  410. 2.10 of pagure.