On Sep 5, 2013 1:09 PM, "Tim Flink" <tflink@xxxxxxxxxx> wrote:
>
> A bug was filed the other day claiming that it was impossible to
> propose bugs as FE or blockers in the blockerbugs app. I have a fix
> ready that's already deployed to stg and I'd like to move it into prod.
>
> After some triage today, it turns out that there were selinux denials
> on httpd writing to a cookiefile which is required by python-bugzilla
> and used as part doing the actual proposal.
>
> The fix is in three places:
> - the package was modified to create a directory for the cookiefile
> that has appropriate permissions and selinux context so that the
> proposal works.
>
> - the code was modified to have a better default cookie location when
> the app is in production mode
>
Note: unless python-bugzilla is broken again you should be able to disable storing the cookie on the filesystem. Since the app needs access to a bz username and password this is probably the best thing to do.
-Toshio
> code changes for these two changes are at:
> https://git.fedorahosted.org/cgit/blockerbugs.git/commit/?id=be2a20b9c6868909af279bec6e0ccda53cb36b1a
>
> These changes have been built as blockerbugs-0.3.0.3.1-1.el6 and is
> in the infrastructure-testing repo
>
> - the config file in puppet needs to be modified so that it is no
> longer overriding the default cookie location
>
> diff --git a/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> b/modules/blockerbugs/t index 8c33d6f..5b58b7a 100644
> --- a/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> +++ b/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> @@ -3,7 +3,6 @@ SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://<%=
> blockerbugs_app %>:<%= bl FAS_ADMIN_GROUP = "qa-admin"
> FAS_USER = "<%= blockerbugs_fas_user %>@fedoraproject.org"
> FAS_PASSWORD = "<%= blockerbugs_fas_password %>"
> -BUGZILLA_COOKIE = "" # this should be blank for production
> <% if environment == "staging" %>
> FAS_HTTPS_REQUIRED = False
> FAS_CHECK_CERT = False
>
> Thanks,
>
> Tim
>
> _______________________________________________
> infrastructure mailing list
> infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure