Re: Freeze Break Request - Fixing Blocker Proposal in Blockerbugs App

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 5 Sep 2013 16:35:14 -0700
Toshio Kuratomi <a.badger@xxxxxxxxx> wrote:

> On Sep 5, 2013 1:09 PM, "Tim Flink" <tflink@xxxxxxxxxx> wrote:
> >
> > A bug was filed the other day claiming that it was impossible to
> > propose bugs as FE or blockers in the blockerbugs app. I have a fix
> > ready that's already deployed to stg and I'd like to move it into
> > prod.
> >
> > After some triage today, it turns out that there were selinux
> > denials on httpd writing to a cookiefile which is required by
> > python-bugzilla and used as part doing the actual proposal.
> >
> > The fix is in three places:
> >  - the package was modified to create a directory for the cookiefile
> >    that has appropriate permissions and selinux context so that the
> >    proposal works.
> >
> >  - the code was modified to have a better default cookie location
> > when the app is in production mode
> >
> 
> Note: unless python-bugzilla is broken again you should be able to
> disable storing the cookie on the filesystem.  Since the app needs
> access to a bz username and password this is probably the best thing
> to do.
> 
> -Toshio

yeah, that's a much better fix than what I was doing. Every other
python-bugzilla login in the app doesn't use a cookie, it's just the
one for proposing blockers.

I tested that fix today and it seems to work but I didn't end up doing
another release yesterday. I'll do it over the weekend or on Monday and
submit another freeze break request.

Thanks,

Tim

> >    code changes for these two changes are at:
> >
> https://git.fedorahosted.org/cgit/blockerbugs.git/commit/?id=be2a20b9c6868909af279bec6e0ccda53cb36b1a
> >
> >    These changes have been built as blockerbugs-0.3.0.3.1-1.el6 and
> > is in the infrastructure-testing repo
> >
> >  - the config file in puppet needs to be modified so that it is no
> >    longer overriding the default cookie location
> >
> > diff --git
> > a/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> > b/modules/blockerbugs/t index 8c33d6f..5b58b7a 100644 ---
> > a/modules/blockerbugs/templates/blockerbugs-settings.py.erb +++
> > b/modules/blockerbugs/templates/blockerbugs-settings.py.erb @@ -3,7
> > +3,6 @@ SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://<%=
> > blockerbugs_app %>:<%= bl FAS_ADMIN_GROUP = "qa-admin" FAS_USER =
> > "<%= blockerbugs_fas_user %>@fedoraproject.org" FAS_PASSWORD = "<%=
> > blockerbugs_fas_password %>" -BUGZILLA_COOKIE = "" # this should be
> > blank for production <% if environment == "staging" %>
> >  FAS_HTTPS_REQUIRED = False
> >  FAS_CHECK_CERT = False
> >
> > Thanks,
> >
> > Tim
> >
> > _______________________________________________
> > infrastructure mailing list
> > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/infrastructure

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux