ansible/roles/taskotron/resultsdb-backend/tasks
Tim Flink 8c96b12e65 resultsdb: set sebool httpd_execmem=true for fedora-messaging
After the upgrade to fedora-messaging-2.0.1, we started seeing a bunch of 500s
coming out of resultsdb. Turns out that selinux was blocking part of the code
that was emitting messages on rabbitmq. This is apparently a known issue in
python-cryptography [1] and their docs say that the sebool deny_execmem needs
to be off.

Since this is executed by apache, this leads to httpd_execmem needing to be true.
I still don't understand why this started suddenly - the underlying issue in
python-cryptography has been there for a while. Either way, I'm changing the
sebool for resultsdb machines to make sure it doesn't continue to cause problems
for things that are submitting results to resultsdb.
2020-04-24 21:34:21 +02:00
..
main.yml resultsdb: set sebool httpd_execmem=true for fedora-messaging 2020-04-24 21:34:21 +02:00