From 234625903a1abb30513c57e2580e9ef8efe57898 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kalu=C5=BEa?= Date: Tue, 6 Nov 2018 05:54:48 +0000 Subject: [PATCH] Disable PrivateTmp=True in httpd.service for ODCS frontend. The NFS share with /mnt/koji is automounted and can expired after some time. System then refreshes the expired NFS share, but this does not work correctly with private filesystem namespace which is enabled by httpd using PrivateTmp=True. This leads to httpd using expired NFS storage and httpd therefore cannot serve files from this storage. --- roles/odcs/frontend/tasks/main.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/odcs/frontend/tasks/main.yml b/roles/odcs/frontend/tasks/main.yml index 7d8b673881..77e6bde42c 100644 --- a/roles/odcs/frontend/tasks/main.yml +++ b/roles/odcs/frontend/tasks/main.yml @@ -41,6 +41,18 @@ - odcs - odcs/frontend +- name: Disable PrivateTmp=true in httpd.service. + lineinfile: + path: /usr/lib/systemd/system/httpd.service + regexp: '^PrivateTmp' + line: 'PrivateTmp=false' + notify: + - systemctl daemon-reload + - restart httpd service + tags: + - odcs + - odcs/frontend + - name: ensure selinux lets httpd talk to postgres seboolean: name={{item}} state=yes persistent=yes with_items: