On Sep 5, 2013 1:09 PM, "Tim Flink" <tflink@redhat.com> wrote:
>
> A bug was filed the other day claiming that it was impossible to
> propose bugs as FE or blockers in the blockerbugs app. I have a fix
> ready that's already deployed to stg and I'd like to move it into prod.
>
> After some triage today, it turns out that there were selinux denials
> on httpd writing to a cookiefile which is required by python-bugzilla
> and used as part doing the actual proposal.
>
> The fix is in three places:
>  - the package was modified to create a directory for the cookiefile
>    that has appropriate permissions and selinux context so that the
>    proposal works.
>
>  - the code was modified to have a better default cookie location when
>    the app is in production mode
>

Note: unless python-bugzilla is broken again you should be able to disable storing the cookie on the filesystem.  Since the app needs access to a bz username and password this is probably the best thing to do.

-Toshio

>    code changes for these two changes are at:
>    https://git.fedorahosted.org/cgit/blockerbugs.git/commit/?id=be2a20b9c6868909af279bec6e0ccda53cb36b1a
>
>    These changes have been built as blockerbugs-0.3.0.3.1-1.el6 and is
>    in the infrastructure-testing repo
>
>  - the config file in puppet needs to be modified so that it is no
>    longer overriding the default cookie location
>
> diff --git a/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> b/modules/blockerbugs/t index 8c33d6f..5b58b7a 100644
> --- a/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> +++ b/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> @@ -3,7 +3,6 @@ SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://<%=
> blockerbugs_app %>:<%= bl FAS_ADMIN_GROUP = "qa-admin"
>  FAS_USER = "<%= blockerbugs_fas_user %>@fedoraproject.org"
>  FAS_PASSWORD = "<%= blockerbugs_fas_password %>"
> -BUGZILLA_COOKIE = "" # this should be blank for production
>  <% if environment == "staging" %>
>  FAS_HTTPS_REQUIRED = False
>  FAS_CHECK_CERT = False
>
> Thanks,
>
> Tim
>
> _______________________________________________
> infrastructure mailing list
> infrastructure@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure