This is in something we're never going to deploy again anyway so
it feels kind of absurd, but hey. The variable isn't actually
defined anywhere any more (tflink wiped the vars files that set
it) so this was actually technically broken. This technically
makes it less broken so I am okay with it!
Signed-off-by: Adam Williamson <awilliam@redhat.com>
After the upgrade to fedora-messaging-2.0.1, we started seeing a bunch of 500s
coming out of resultsdb. Turns out that selinux was blocking part of the code
that was emitting messages on rabbitmq. This is apparently a known issue in
python-cryptography [1] and their docs say that the sebool deny_execmem needs
to be off.
Since this is executed by apache, this leads to httpd_execmem needing to be true.
I still don't understand why this started suddenly - the underlying issue in
python-cryptography has been there for a while. Either way, I'm changing the
sebool for resultsdb machines to make sure it doesn't continue to cause problems
for things that are submitting results to resultsdb.
Turns out that there are firewall changes needed for the Taskotron
instance of resultsdb to use the new rabbitmq uri.
Undoing that update until that change can be done
There was one remaining case when duplicate jobs could crash the job -
when the tasks were not run simmultanously at all. I added another guard
at the final location of the artifacts, which should hopefully solve it.
For unclear reason ansible seems to have issues with mode expressed
in integer while it seems to work much more nicely if they are
provided as string.
So moving to this for now.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
The certificates are in pki/issued while the keys are in pki/private.
The location to the CA cert is correct though.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
The certificates are resultsdb.crt in prod while they are resultsdb.stg.crt in
staging so by using the ansible variable {{ env_suffix }} we're able to support
both files in one line.
Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>
