On Thu, 5 Sep 2013 16:35:14 -0700 Toshio Kuratomi <a.badger@xxxxxxxxx> wrote: > On Sep 5, 2013 1:09 PM, "Tim Flink" <tflink@xxxxxxxxxx> wrote: > > > > A bug was filed the other day claiming that it was impossible to > > propose bugs as FE or blockers in the blockerbugs app. I have a fix > > ready that's already deployed to stg and I'd like to move it into > > prod. > > > > After some triage today, it turns out that there were selinux > > denials on httpd writing to a cookiefile which is required by > > python-bugzilla and used as part doing the actual proposal. > > > > The fix is in three places: > > - the package was modified to create a directory for the cookiefile > > that has appropriate permissions and selinux context so that the > > proposal works. > > > > - the code was modified to have a better default cookie location > > when the app is in production mode > > > > Note: unless python-bugzilla is broken again you should be able to > disable storing the cookie on the filesystem. Since the app needs > access to a bz username and password this is probably the best thing > to do. > > -Toshio yeah, that's a much better fix than what I was doing. Every other python-bugzilla login in the app doesn't use a cookie, it's just the one for proposing blockers. I tested that fix today and it seems to work but I didn't end up doing another release yesterday. I'll do it over the weekend or on Monday and submit another freeze break request. Thanks, Tim > > code changes for these two changes are at: > > > https://git.fedorahosted.org/cgit/blockerbugs.git/commit/?id=be2a20b9c6868909af279bec6e0ccda53cb36b1a > > > > These changes have been built as blockerbugs-0.3.0.3.1-1.el6 and > > is in the infrastructure-testing repo > > > > - the config file in puppet needs to be modified so that it is no > > longer overriding the default cookie location > > > > diff --git > > a/modules/blockerbugs/templates/blockerbugs-settings.py.erb > > b/modules/blockerbugs/t index 8c33d6f..5b58b7a 100644 --- > > a/modules/blockerbugs/templates/blockerbugs-settings.py.erb +++ > > b/modules/blockerbugs/templates/blockerbugs-settings.py.erb @@ -3,7 > > +3,6 @@ SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://<%= > > blockerbugs_app %>:<%= bl FAS_ADMIN_GROUP = "qa-admin" FAS_USER = > > "<%= blockerbugs_fas_user %>@fedoraproject.org" FAS_PASSWORD = "<%= > > blockerbugs_fas_password %>" -BUGZILLA_COOKIE = "" # this should be > > blank for production <% if environment == "staging" %> > > FAS_HTTPS_REQUIRED = False > > FAS_CHECK_CERT = False > > > > Thanks, > > > > Tim > > > > _______________________________________________ > > infrastructure mailing list > > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
