Freeze Break Request - Fixing Blocker Proposal in Blockerbugs App
Tim Flink
tflink at redhat.com
Sat Sep 7 20:11:13 UTC 2013
On Thu, 5 Sep 2013 16:35:14 -0700
Toshio Kuratomi <a.badger at gmail.com> wrote:
> On Sep 5, 2013 1:09 PM, "Tim Flink" <tflink at redhat.com> wrote:
> >
> > A bug was filed the other day claiming that it was impossible to
> > propose bugs as FE or blockers in the blockerbugs app. I have a fix
> > ready that's already deployed to stg and I'd like to move it into
> > prod.
> >
> > After some triage today, it turns out that there were selinux
> > denials on httpd writing to a cookiefile which is required by
> > python-bugzilla and used as part doing the actual proposal.
> >
> > The fix is in three places:
> > - the package was modified to create a directory for the cookiefile
> > that has appropriate permissions and selinux context so that the
> > proposal works.
> >
> > - the code was modified to have a better default cookie location
> > when the app is in production mode
> >
>
> Note: unless python-bugzilla is broken again you should be able to
> disable storing the cookie on the filesystem. Since the app needs
> access to a bz username and password this is probably the best thing
> to do.
>
> -Toshio
yeah, that's a much better fix than what I was doing. Every other
python-bugzilla login in the app doesn't use a cookie, it's just the
one for proposing blockers.
I tested that fix today and it seems to work but I didn't end up doing
another release yesterday. I'll do it over the weekend or on Monday and
submit another freeze break request.
Thanks,
Tim
> > code changes for these two changes are at:
> >
> https://git.fedorahosted.org/cgit/blockerbugs.git/commit/?id=be2a20b9c6868909af279bec6e0ccda53cb36b1a
> >
> > These changes have been built as blockerbugs-0.3.0.3.1-1.el6 and
> > is in the infrastructure-testing repo
> >
> > - the config file in puppet needs to be modified so that it is no
> > longer overriding the default cookie location
> >
> > diff --git
> > a/modules/blockerbugs/templates/blockerbugs-settings.py.erb
> > b/modules/blockerbugs/t index 8c33d6f..5b58b7a 100644 ---
> > a/modules/blockerbugs/templates/blockerbugs-settings.py.erb +++
> > b/modules/blockerbugs/templates/blockerbugs-settings.py.erb @@ -3,7
> > +3,6 @@ SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://<%=
> > blockerbugs_app %>:<%= bl FAS_ADMIN_GROUP = "qa-admin" FAS_USER =
> > "<%= blockerbugs_fas_user %>@fedoraproject.org" FAS_PASSWORD = "<%=
> > blockerbugs_fas_password %>" -BUGZILLA_COOKIE = "" # this should be
> > blank for production <% if environment == "staging" %>
> > FAS_HTTPS_REQUIRED = False
> > FAS_CHECK_CERT = False
> >
> > Thanks,
> >
> > Tim
> >
> > _______________________________________________
> > infrastructure mailing list
> > infrastructure at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/infrastructure
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130907/82b1e6dd/attachment.sig>
More information about the infrastructure
mailing list