Fedora & CentOS infra projects

# Fedora & CentOS infra projects ## ARA Install and configure [ARA](https://ara.recordsansible.org/) in OpenShift with its hook in our ansible repo. ## Keycloak - Deploy and configure Keycloak and IPA-tuura in staging OpenShift and configure them with our IPA servers. - Import OAuth2 configuration from Ipsilon - Configure the mapping of IPA attributes to OIDC attributes in IPA-tuura - Test with test-auth - Check how the mapping of AWS groups could be done in IPA-tuura - Follow the implementation of Kerberos auth in IPA-tuura ## Badges It's unrealistic to hope that the rewrite will be ready before RHEL7 goes EOL. We'll have to do with the current implementation for a while still. Docs: [current implementation](https://fedora-arc.readthedocs.io/en/latest/badges/current_implementation.html). ### Tarhir - Make it use OIDC, like Bodhi - Port to Fedora Messaging (should be simple, see [tahrir/tahrir/notifications.py](https://github.com/fedora-infra/tahrir/blob/develop/tahrir/notifications.py)) - Refresh Pyramid (must work on EL9) ### fedbadges - Port the consumer to Fedora Messaging ## ~~MirrorManager~~ @abompard is currently working on this - Rework the scripts - Deploy to Openshift - Sanitize the codebase - Maybe make it usable by other distributions?? ## Easyfixes It's currently a static page built in OpenShift by a cron job every hour. Rewrite with a more dynamic tech, and proper libraries. ## Poddlers The problems with the current Toddlers: - a message that crashes a toddler prevents it from getting processed by all the toddlers that come after it - if one toddler consumes a lot, other toddler pods can be added but they multiply all the toddlers, not only the one that needs scaling - it conceptually re-implements a queue system, except it's in a for loop, and topic matching is done in Python. RabbitMQ can already do all that. What we could do is migrate the toddlers to have their own queue & F-M consumer, so that they are independant from one another, can be scaled independently, only get the topics they need without the need for another topic matching, etc. - Each consumer would be a pod in a single Openshift project - The pod can have as many replica as needed - Find a way to avoid the resulting boilerplate in `deploymentconfig.yml` - All the toddlers can still live in the same repo. Decide whether it's best to create separate images or just one image with the runner name chosen in the CLI. Let's avoid code duplication. ## Webhook to Fedora Messaging We currently have multiple applications that receive a webhook from an online app and turn the content into a Fedora Messaging message. It would simplify our setup and our maintenance to regroup all that in a single app with multiple endpoints. There's been [an investigation](https://fedora-arc.readthedocs.io/en/latest/webhook2fedmsg/) on this subject already.