Great Infrastructure projects status roundup

[Pierre-Yves Chibon]

On Thu, Jan 29, 2015 at 11:46:03AM +0100, Pierre-Yves Chibon wrote:
> On Wed, Jan 28, 2015 at 06:01:59PM +0100, Pierre-Yves Chibon wrote:
> > On Mon, Jan 26, 2015 at 04:12:31PM +0100, Mathieu Bridon wrote:
> > > On Fri, 2015-01-23 at 14:10 +0100, Pierre-Yves Chibon wrote:
> > > > Since it seems to us that all is now fixed and ready, we are re-building the
> > > > host from scratch and then all that is left is: testing :)
> > > 
> > > So Pierre-Yves finished rebuilding the host and syncing some git data on
> > > it from prod.
> > > 
> > > And things just work. :)
> > > 
> > > So far, I've tested:
> > > 
> > > * shell access for admins (works for Pierre-Yves from sysadmin-main,
> > >   works for me from sysadmin-noc)
> > > 
> > > * fedpkg clone/push, verifying that push fails for packages I don't
> > >   have acls on
> > > 
> > > * git push of branches starting with "origin/", which is supposed to
> > >   fail (https://fedorahosted.org/rel-eng/ticket/4071)
> > > 
> > > Still needs to be tested:
> > > 
> > > * cgit seems to not see any package
> > > 
> > > * fedpkg sources / new-sources fail (looking into this right now)
> > 
> > After some more fighting:
> > is working:
> > - shell access for admins
> > - fedpkg clone, pull, push
> >   - Fails on package on which user does not have the ACLs
> >   - Fails on branches not allowed
> >   - Fails on branches named origin/...
> > - cgit: http://pkgs.stg.fedoraproject.org/cgit/
> > - fedpkg new-sources / sources
> > 
> > All this with SELinux enabled.
> > 
> > Fails:
> > - fedmsg-genacls.sh
> 
> This is now fixed.
> It was basically two permission issues, one for running genacls.sh which now
> needs to be run as root as it as to chown and chmod some files and the second
> was adjust the permissions to allow fedmsg to sudo as root to run genacls.sh

Note: this is likely related to the fact that we pretty much dropped using the
gen-acls user.

Pierre