From 521aa7bc19ed584f95e8f7b2776f47874f89954b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 11 Jul 2024 15:37:01 -0700 Subject: [PATCH] koji_hub: add a httpd drop in config to allow fedora-messaging plugin to work The fedora messaging plugin needs to have MemoryDenyWriteExecute=no The default is yes, and it causes it to not work at all. We should probibly investigate and fix this if we can so we can enable this protection someday. Signed-off-by: Kevin Fenzi --- roles/koji_hub/files/httpd-override.conf | 2 ++ roles/koji_hub/tasks/main.yml | 20 ++++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 roles/koji_hub/files/httpd-override.conf diff --git a/roles/koji_hub/files/httpd-override.conf b/roles/koji_hub/files/httpd-override.conf new file mode 100644 index 0000000000..f1446ce0be --- /dev/null +++ b/roles/koji_hub/files/httpd-override.conf @@ -0,0 +1,2 @@ +[Service] +MemoryDenyWriteExecute=no diff --git a/roles/koji_hub/tasks/main.yml b/roles/koji_hub/tasks/main.yml index d0abeb67f7..55c9c472f2 100644 --- a/roles/koji_hub/tasks/main.yml +++ b/roles/koji_hub/tasks/main.yml @@ -369,6 +369,26 @@ - koji_hub when: ansible_distribution == "RedHat" and ansible_distribution_major_version|int == 7 +- name: make httpd override directory + file: + state: directory + path: /etc/systemd/system/httpd.service.d + owner: root + group: root + mode: "0755" + tags: + - service + - koji_hub + +- name: set httpd service override for fedora-messaging to work + copy: src=httpd-override.conf dest=/etc/systemd/system/httpd.service.d/override.conf + notify: + - reload httpd + tags: + - service + - koji_hub + + - name: Set httpd to run on boot service: name=httpd enabled=yes ignore_errors: true