From c3a8ada7645a911a2d1220ce54264053f9ddf2df Mon Sep 17 00:00:00 2001 From: Steve Traylen <steve.traylen@cern.ch> Date: Fri, 11 Apr 2025 12:23:33 +0200 Subject: [PATCH 1/2] Safer client config for admins While I did not break production I was intending till until I read the script. Suggest that admins make their client configuration prod safe. --- docs/koji/safeclient.md | 23 +++++++++++++++++++++++ mkdocs.yml | 1 + 2 files changed, 24 insertions(+) create mode 100644 docs/koji/safeclient.md diff --git a/docs/koji/safeclient.md b/docs/koji/safeclient.md new file mode 100644 index 0000000..cb37bdf --- /dev/null +++ b/docs/koji/safeclient.md @@ -0,0 +1,23 @@ +# Avoid using production as default + +For koji admins who are frequently running commands such as `koji add-tag` on test koji instances it can be dangerous to have the client use the default koji service in `/etc/koji.conf` as the production service. + +To override the default configuration file create a file `~/.config/koji/prod.conf` containing: + +```ini +[koji] +server = https://useprodprofile.cern.ch/kojihub +weburl = https://useprodprofile.cern.ch +topurl = https://useprodprofile.cern.ch/kojifiles +topdir = https://useprodprofile.cern.ch/kojifiles +authtype = kerberos + +[prod] +server = https://kojihub.cern.ch/kojihub +weburl = https://koji.cern.ch +topurl = https://koji.cern.ch/kojifiles +topdir = https://koji.cern.ch/kojifiles +authtype = kerberos +``` + +Once done the production profile must be explicitly specified with `koji -p profile`. All koji commands will fail unless a profile is specified. diff --git a/mkdocs.yml b/mkdocs.yml index 71aa6bf..7d59def 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -57,6 +57,7 @@ nav: - 'Red Hat support': support/redhat.md - 'Koji': - 'Introduction': koji/introduction.md + - 'Safe admin client config': koji/safeclient.md - 'Building RPMs': koji/building.md - 'Adding users to koji': koji/addingusers.md - 'Untagging policy': koji/untagging.md -- GitLab From 506ab804710a7a6ff7a2c7ac8dbc6236b8145218 Mon Sep 17 00:00:00 2001 From: Steve Traylen <steve.traylen@cern.ch> Date: Fri, 11 Apr 2025 10:26:48 +0000 Subject: [PATCH 2/2] Apply 1 suggestion(s) to 1 file(s) --- docs/koji/safeclient.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/koji/safeclient.md b/docs/koji/safeclient.md index cb37bdf..fcf5099 100644 --- a/docs/koji/safeclient.md +++ b/docs/koji/safeclient.md @@ -20,4 +20,4 @@ topdir = https://koji.cern.ch/kojifiles authtype = kerberos ``` -Once done the production profile must be explicitly specified with `koji -p profile`. All koji commands will fail unless a profile is specified. +Once done the production profile must be explicitly specified with `koji -p prod`. All koji commands will fail unless a profile is specified. -- GitLab