From c3a8ada7645a911a2d1220ce54264053f9ddf2df Mon Sep 17 00:00:00 2001
From: Steve Traylen <steve.traylen@cern.ch>
Date: Fri, 11 Apr 2025 12:23:33 +0200
Subject: [PATCH 1/2] Safer client config for admins

While I did not break production I was intending till until I read
the script.

Suggest that admins make their client configuration prod safe.
---
 docs/koji/safeclient.md | 23 +++++++++++++++++++++++
 mkdocs.yml              |  1 +
 2 files changed, 24 insertions(+)
 create mode 100644 docs/koji/safeclient.md

diff --git a/docs/koji/safeclient.md b/docs/koji/safeclient.md
new file mode 100644
index 0000000..cb37bdf
--- /dev/null
+++ b/docs/koji/safeclient.md
@@ -0,0 +1,23 @@
+# Avoid using production as default
+
+For koji admins who are frequently running commands such as `koji add-tag` on test koji instances it can be dangerous to have the client use the default koji service in `/etc/koji.conf` as the production service.
+
+To override the default configuration file create a file `~/.config/koji/prod.conf` containing:
+
+```ini
+[koji]
+server = https://useprodprofile.cern.ch/kojihub
+weburl = https://useprodprofile.cern.ch
+topurl = https://useprodprofile.cern.ch/kojifiles
+topdir = https://useprodprofile.cern.ch/kojifiles
+authtype = kerberos
+
+[prod]
+server = https://kojihub.cern.ch/kojihub
+weburl = https://koji.cern.ch
+topurl = https://koji.cern.ch/kojifiles
+topdir = https://koji.cern.ch/kojifiles
+authtype = kerberos
+```
+
+Once done the production profile must be explicitly specified with `koji -p profile`. All koji commands will fail unless a profile is specified.
diff --git a/mkdocs.yml b/mkdocs.yml
index 71aa6bf..7d59def 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -57,6 +57,7 @@ nav:
     - 'Red Hat support': support/redhat.md
     - 'Koji':
         - 'Introduction': koji/introduction.md
+        - 'Safe admin client config': koji/safeclient.md
         - 'Building RPMs': koji/building.md
         - 'Adding users to koji': koji/addingusers.md
         - 'Untagging policy': koji/untagging.md
-- 
GitLab


From 506ab804710a7a6ff7a2c7ac8dbc6236b8145218 Mon Sep 17 00:00:00 2001
From: Steve Traylen <steve.traylen@cern.ch>
Date: Fri, 11 Apr 2025 10:26:48 +0000
Subject: [PATCH 2/2] Apply 1 suggestion(s) to 1 file(s)

---
 docs/koji/safeclient.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/koji/safeclient.md b/docs/koji/safeclient.md
index cb37bdf..fcf5099 100644
--- a/docs/koji/safeclient.md
+++ b/docs/koji/safeclient.md
@@ -20,4 +20,4 @@ topdir = https://koji.cern.ch/kojifiles
 authtype = kerberos
 ```
 
-Once done the production profile must be explicitly specified with `koji -p profile`. All koji commands will fail unless a profile is specified.
+Once done the production profile must be explicitly specified with `koji -p prod`. All koji commands will fail unless a profile is specified.
-- 
GitLab