Metadata
- Source
- INFRA-165
- Type
- Bug
- Priority
- Major
- Status
- Closed
- Resolution
- Fixed
- Assignee
- Giovanni Tirloni
- Reporter
- Giovanni Tirloni
- Created
2018-04-23T10:25:34.414-0400 - Updated
2018-04-24T14:03:43.885-0400 - Versions
- N/A
- Fixed Versions
- N/A
- Component
- N/A
Description
Automatic update fails. Update page asks for FTP credentials.
Comments
-
Giovanni Tirloni commented
2018-04-24T13:55:10.135-0400 - Moved all websites from /srv/www to /var/www (this is more aligned with CentOS/RHEL SELinux defaults)
- Reset all SELinux settings back to factory defaults
- Switch from permissive to enforcing mode
- Enabled the `httpd_can_network_connect_db` boolean so php-fpm can connect to MySQL/PostgreSQL
- Configured the following file contexts for Wordpress/Drupal/Joomla:
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www(/.*)?/tmp(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www(/.*)?/wp-content(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/var/www(/.*)?/cache(/.*)?'Due to these changes, updating website code through their UI will not work anymore because php-fpm doesn't have permission to write to anything besides the 3 directories listed above (even if traditional Unix permissions allow it).
Affected servers: i-0013 and i-0018
-
Giovanni Tirloni commented
2018-04-24T13:56:12.588-0400 Relevant commits:
https://github.com/inclusive-design/ops/commit/64e032c2bfd99d7e0dbb32f66a983e2eb0ecc106
https://github.com/inclusive-design/ops/commit/6ca94ed661f85dbfc58d4ec89fe1351ae1bd0473
https://github.com/inclusive-design/ops/commit/b5f4be118e9575104425107f8b7e0be5211b70cb
https://github.com/inclusive-design/ops/commit/93f655719f57cadf354183275af5edc5ff0f28f0