ansible

History

Tim Flink 8c96b12e65 resultsdb: set sebool httpd_execmem=true for fedora-messaging After the upgrade to fedora-messaging-2.0.1, we started seeing a bunch of 500s coming out of resultsdb. Turns out that selinux was blocking part of the code that was emitting messages on rabbitmq. This is apparently a known issue in python-cryptography [1] and their docs say that the sebool deny_execmem needs to be off. Since this is executed by apache, this leads to httpd_execmem needing to be true. I still don't understand why this started suddenly - the underlying issue in python-cryptography has been there for a while. Either way, I'm changing the sebool for resultsdb machines to make sure it doesn't continue to cause problems for things that are submitting results to resultsdb.	2020-04-24 21:34:21 +02:00
..
main.yml	resultsdb: set sebool httpd_execmem=true for fedora-messaging	2020-04-24 21:34:21 +02:00

Tim Flink 8c96b12e65 resultsdb: set sebool httpd_execmem=true for fedora-messaging

After the upgrade to fedora-messaging-2.0.1, we started seeing a bunch of 500s
coming out of resultsdb. Turns out that selinux was blocking part of the code
that was emitting messages on rabbitmq. This is apparently a known issue in
python-cryptography [1] and their docs say that the sebool deny_execmem needs
to be off.

Since this is executed by apache, this leads to httpd_execmem needing to be true.
I still don't understand why this started suddenly - the underlying issue in
python-cryptography has been there for a while. Either way, I'm changing the
sebool for resultsdb machines to make sure it doesn't continue to cause problems
for things that are submitting results to resultsdb.

2020-04-24 21:34:21 +02:00

main.yml

resultsdb: set sebool httpd_execmem=true for fedora-messaging

2020-04-24 21:34:21 +02:00