Bug 1458719

Summary: download.gluster.org occasionally has the wrong permissions causing problems for users
Product: [Community] GlusterFS Reporter: Nigel Babu <nigelb>
Component: project-infrastructureAssignee: bugs <bugs>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: mainlineCC: atumball, bugs, gluster-infra, mscherer
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-10 13:10:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nigel Babu 2017-06-05 10:10:56 UTC 
This bug is meant to be a placeholder to plan and discuss a good interim solution so that we do not make a mistake again.

Most often, there's an selinux context error which requires a restorecon for the entire folder.

1) We could make a periodic sweep of the pub/ folder with restorecon so everything inside this folder has the default SELinux permissions.

2) We could automate the package copying into the server from where it's generated so that process is not manual.

3) I really think we should test the package downloads after putting them on download.gluster.org. Just as far as "making sure they can be downloaded with curl" is reasonably good enough to start with.
Comment 1 M. Scherer 2017-06-09 10:16:18 UTC 
the -Z option of cp is supposed to take care of that. But someone has to remember to use it.

I am in favor of 2. 1 is just a bandaid, and while this would be easy to do, it will just give a excuse to push option 2 for later.

And I would also add 4: "we should watchout for AVC message in the log, and send a alert". Which would requires to get a monitoring solution, but that's lower priority than others stuff.
Comment 2 Amar Tumballi 2019-05-10 13:10:06 UTC 
Not seen in a long time now.