Right now, podman on el9 isn't reading the policy correctly.
This is because the env for the unit isn't getting picked up
by podman, so instead pass --env-file to read it from a file.
Also, we want to setup a private key for the download servers
so they all have the same challenge creation (so if you hit 01
you want your challenge to be good on 02, etc).
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
I mistakenly changed the port in the fedora/non el one, that was
correct.
Need to add the port in the el one for selinux to allow httpd to work.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Fixed up a few things missed and caught in testing on dl01:
* need to setup subuid/subgid files for podman
* need to allow the right port for httpd to listen in selinux
* need httpd network connect to allow it to connect to anubis
* adjust worker values, we were not using prefork for a long time
so the values were just default up them a bunch.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Looks like the scrapers are hitting the download servers now.
So, look at setting up an anubis pod there like we did for pagure.
anubis package isn't available for epel9, so we just use the container.
Will test this with dl01 and tweak until it's working.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
