Safer client config for admins

ba6f3a60 · Steve Traylen · Alex Iribarren · 81d89dd6 · ba6f3a60 · ba6f3a60
Commit ba6f3a60 authored 3 months ago by Steve Traylen Committed by Alex Iribarren 3 months ago
--- a/docs/koji/safeclient.md
+++ b/docs/koji/safeclient.md
+# Avoid using production as default
+
+For koji admins who are frequently running commands such as `koji add-tag` on test koji instances it can be dangerous to have the client use the default koji service in `/etc/koji.conf` as the production service.
+
+To override the default configuration file create a file `~/.config/koji/prod.conf` containing:
+
+```ini
+[koji]
+server = https://useprodprofile.cern.ch/kojihub
+weburl = https://useprodprofile.cern.ch
+topurl = https://useprodprofile.cern.ch/kojifiles
+topdir = https://useprodprofile.cern.ch/kojifiles
+authtype = kerberos
+
+[prod]
+server = https://kojihub.cern.ch/kojihub
+weburl = https://koji.cern.ch
+topurl = https://koji.cern.ch/kojifiles
+topdir = https://koji.cern.ch/kojifiles
+authtype = kerberos
+```
+
+Once done the production profile must be explicitly specified with `koji -p prod`. All koji commands will fail unless a profile is specified.
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -57,6 +57,7 @@ nav:
    - 'Red Hat support': support/redhat.md
    - 'Koji':
        - 'Introduction': koji/introduction.md
+        - 'Safe admin client config': koji/safeclient.md
        - 'Building RPMs': koji/building.md
        - 'Adding users to koji': koji/addingusers.md
        - 'Untagging policy': koji/untagging.md