We want to move to mock-core-configs-36.4 (pushing to infra 34 repos)
because the version contains multiple config fixes.
That version though dropped epel-8 configs as they go soon EOL. We plan
to move to rhel+epel, but thad needs more work and testing - so for now
default to centos+epel again (CentOS 8 goes EOL in Jan 2022).
We've been using the httpd_can_network_connect boolean for years
to allow httpd to connect to the openQA server processes. This
is an unnecessarily large hammer when we only need it to be
able to connect to exactly the two openQA ports. This uses a
custom SELinux policy to allow connecting to those ports only,
and ensures the boolean is set back to off.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Several of these requirements are old ones that were only needed
for createhdds, when we ran createhdds on the servers. All of
those can go. Also make the list line-by-line for easier git
blame tracking in future (and add comments for the remaining
entries so we know why they're there).
Signed-off-by: Adam Williamson <awilliam@redhat.com>
The current static path referenced python3.8 in path, which is no longer
true on newer Fedora, so we need to have special rule for staging till
the production will be updated.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
Turns out there was a z/vm and a kvm version of this host with both of
them using the same ip address. ;( Lets kill off the kvm one for now and
use just the z/vm one.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Seems like with lighttpd v1.4.61 we finally can match the index file
request against the rewritten url, so it is secure! This allows us to
prettily restrict the configuration to load the php script from only one
possible location.
This caused a bit of trouble since I disabled nosync in the kojibuilder
role. I think applied that with -t site-defaults, which updated
everything, _including_ bkernel machines. Sadly, bkernel machines have
additional config in site-defaults to allow for secure boot signing and
this was lost. So, make sure only the bkernel role changes site-defaults
on bkernel machines and also drop nosync from it's private config.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Originally added as: d03a23530d
Though that commit was probably related to OpenStack networking we had
those days. The traffic from Copr builders will have to be filtered-out
based on a specific UserAgent (or something alike), once we are on
the issue https://pagure.io/copr/copr/issue/1263
Currently gmail is throttling emails from fedoraproject.org, so the new
user tokens time out before they reach the new user. Bump this up to an
hour for now until the gmail issue is over.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
There were plenty of changes till the last release and this commit is
updating the current production configuration to reflect changes made
for staging.
Release of the-new-hotness 1.0.0.
Signed-off-by: Michal Konečný <mkonecny@redhat.com>
