Today I created a https://pagure.io/fedora-infra/ansible/pull-request/1027 for the ansible change, there are plenty of secrets that would be needed:

• {{ fedoraStagingDummyUser }} - FAS username for https://fasjson.stg.fedoraproject.org
• {{ fedoraStagingDummyUserPassword }} - Password for the above user
• {{ toddlers_stg_bz_api_key }} - Bugzilla token for https://bugzilla.stage.redhat.com (This token will need the same permissions as the production one)
• {{ toddlers_stg_flag_ci_seed }} - Flag CI seed for https://src.stg.fedoraproject.org
• {{ toddlers_stg_dist_git_token }} - Dist Git token for https://src.stg.fedoraproject.org (Toddler user needs to be able to create branches/repositories in dist git, set monitoring status and assign administrator to project)
• {{ toddlers_stg_pagure_scm_request_processor_token }} - Token for https://stg.pagure.io (This token needs following ACLs: issue_comment, issue_change_status, issue_update)
• {{ toddlers_pagure_scm_request_processor_token }} - Same as above, but for https://pagure.io

I have created the dummy user in staging and added the fedoraStagingDummyUser & fedoraStagingDummyUserPassword vars

We need a user in pagure to create the tokens for the scm requests. I'm not sure what user to use for this or if I should create a new user?

I think we need a new 'releng-bot' user or the like here.

@mobrien did you want to do this? or want me to?

I have created all the secrets except for toddlers_stg_flag_ci_seed because I don't know how and toddlers_stg_bz_api_key because login keeps erroring out on login.

@kevin the releng-bot user creds are saved in vars in ansible-private if you want to try to see if I did something wrong or are missing something.

I can't seem to login to bugzilla.stage with that user/pass (assuming it's releng-bot@fedoraproject.org?)

bugzilla accounts are the full email address...

I have finally created {{toddlers_stg_bz_api_key}} so hopefully everything here should be good to go

@mobrien Thanks, I will try it tomorrow.

Toddlers are running now, but I encountered some issue with one of them on staging.
It seems that the bugzilla user is missing some permissions:

2022-06-29 14:57:31,021 - [ERROR toddlers.runner] Toddler 'packager_bugzilla_sync' failed to process message id: 945cde9e-caeb-4df1-8197-cd3404e67773 -- putting it back in the queue
Traceback (most recent call last):
File "/code/toddlers/runner.py", line 96, in __call__
toddler.process(self.toddler_config[toddler.name], message)
File "/code/toddlers/plugins/packager_bugzilla_sync.py", line 94, in process
bz_packagers = bugzilla_system.get_group_member(config["bugzilla_group"])
File "/code/toddlers/utils/bugzilla_system.py", line 68, in get_group_member
group = server.getgroup(group_name, membership=True)
File "/usr/lib/python3.10/site-packages/bugzilla/base.py", line 1950, in getgroup
ret = self.getgroups(name, membership=membership)
File "/usr/lib/python3.10/site-packages/bugzilla/base.py", line 1963, in getgroups
for rawgroup in self._getgroups(
File "/usr/lib/python3.10/site-packages/bugzilla/base.py", line 1938, in _getgroups
return self._backend.group_get(params)
File "/usr/lib/python3.10/site-packages/bugzilla/_backendxmlrpc.py", line 208, in group_get
return self._xmlrpc_proxy.Group.get(paramdict)
File "/usr/lib64/python3.10/xmlrpc/client.py", line 1122, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.10/site-packages/bugzilla/_backendxmlrpc.py", line 125, in _ServerProxy__request
ret = ServerProxy._ServerProxy__request(
File "/usr/lib64/python3.10/xmlrpc/client.py", line 1464, in __request
response = self.__transport.request(
File "/usr/lib/python3.10/site-packages/bugzilla/_backendxmlrpc.py", line 100, in request
return self.__request_helper(url, request_body)
File "/usr/lib/python3.10/site-packages/bugzilla/_backendxmlrpc.py", line 47, in __request_helper
return self.parse_response(response)
File "/usr/lib/python3.10/site-packages/bugzilla/_backendxmlrpc.py", line 84, in parse_response
return unmarshaller.close()
File "/usr/lib64/python3.10/xmlrpc/client.py", line 668, in close
raise Fault(**self._stack[0])
xmlrpc.client.Fault: <Fault 805: "In order to view groups, you need to be a member of the 'editusers' or 'creategroups' group, or have bless privileges to at least one group.">

It is a different toddler than the one, I want to try, but it's blocking processing of other messages.

ok. I looked and I confused things here. ;(

Turns out toddlers needs to run as the fedora-admin-xmlrpc@fedoraproject.org user. Thats the one we have used that has bugzilla permissions to do the things it needs to do.
The login / password for that account is in private in vars.
I logged in as it to bugzilla.stage.redhat.com and got a new api key and pushed it to staging toddlers.

and I think it's running, but I am not 100% sure, so please check it.

I also added some comments in the private vars files to make this more clear.

The issue is gone, thanks @kevin

I know there's an issue with pagure stg not sending messages, but this issue now seems fixed (we do have a staging toddlers).

So, I am gonna close this one...