#12246 Please add perm pkglist to toddlers
Closed: Fixed a month ago by kevin. Opened a month ago by lenkaseg.

  • Describe the issue
    For toddler koji_block_retired, that blocks retired packages in koji, we need permissions to do so.
    Please give pkglist permission to toddlers/os-control01.stg.iad2.fedoraproject.org

  • When do you need this? (YYYY/MM/DD)
    Preferably sooner than later, retired packages now have to be blocked in koji manually as described in this ticket:
    https://pagure.io/releng/issue/12192

  • If we cannot complete your request, what is the impact?
    No retired packages automatically blocked in koji.


Is this only in stg to test? Or both stg and prod?

Both stg and prod. We tested it on staging manually with @abompard and the toddler was working.
So toddlers/os-control01.stg.iad2.fedoraproject.org and toddlers/os-control01.iad2.fedoraproject.org

Metadata Update from @jnsamyak:
- Issue tagged with: medium-gain, medium-trouble, ops

a month ago

I did stg... but prod the user doesn't seem to exist. ;(

I think you need to login once with it in order for it to start existing...

Hey @kevin

Whenever you get time, can you mention what you did there to add perms? Just curious!

Yeah, sorry... it was just 'stg-koji grant-permission pkglist toddlers/os-control01.stg.iad2.fedoraproject.org'

I did stg... but prod the user doesn't seem to exist. ;(

I think you need to login once with it in order for it to start existing...

Not sure I have permissions to do that.

well, normally you would just use the keytab, but in this case yeah, thats anoying.

So, I manually added it:

koji add-user toddlers --principal toddlers/os-control01.iad2.fedoraproject.org

koji grant-permission pkglist toddlers

Did that get it working? ;)

Thanks Kevin!
To see that working I would need someone to merge this PR on ansible: https://pagure.io/fedora-infra/ansible/pull-request/2198 and these two PRs on toddlers: https://pagure.io/fedora-infra/toddlers/pull-request/241 for main and https://pagure.io/fedora-infra/toddlers/pull-request/242 for staging, and eventually on production as well.

All those should be merged and deployed.

Can you check on things?

Checking on staging one more time and I get koji.ActionNotAllowed: policy violation (package_list) again, which is the error it was throwing when the toddlers didn't have the perms.

@abompard

@lenkaseg Could this be related to mass branching that happened recently?

@lenkaseg Could this be related to mass branching that happened recently?

No idea to be honest, but I'm not aware of all stuff that is happening during mass branching. If you mean the koji outage, that should be long gone, no?

Metadata Update from @lenkaseg:
- Issue untagged with: medium-gain, medium-trouble, ops

a month ago

oops, what did I do with the tags?

Metadata Update from @lenkaseg:
- Issue tagged with: medium-gain, medium-trouble, ops

a month ago

Ok, confirmed that it works, thanks @abompard to have a look!

Opening PR for production branch: https://pagure.io/fedora-infra/toddlers/pull-request/245#

This issue can be closed.

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a month ago

Correction, this PR is meant for toddlers production: https://pagure.io/fedora-infra/toddlers/pull-request/247#
(the previous one included non-koji_block_retired-related changes)

Log in to comment on this ticket.

Metadata
Boards 1
Ops Status: Backlog