Manually set global Git configuration in proc to sync templates with an existing repo #3243
Conversation
Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied
asteflova
changed the title
|
@adamruzicka Can you please review? |
asteflova
added
Needs tech review
|
The PR preview for dfb37a2 is available at theforeman-foreman-documentation-preview-pr-3243.surge.sh The following output files are affected by this PR: |
There was a problem hiding this comment.
I wonder if it makes sense to ship an empty config file with the correct permissions by default so I opened theforeman/foreman-packaging#11180. There's some room for discussion of that implementation and we don't have it available everywhere immediately so it doesn't block merging this.
guides/common/modules/proc_synchronizing-templates-with-an-existing-repository.adoc
Outdated
Show resolved
Hide resolved
guides/common/modules/proc_synchronizing-templates-with-an-existing-repository.adoc
Show resolved
Hide resolved
|
A little bit of context: we're planning some changes to foreman_templates so that the http proxy configured in foreman's settings would be implicitly used, without the user having to go faff around with git config so the whole procedure along with the changes proposed here may become irrelevant.
We considered that option but decided against it, considering this is only temporary solution until the changes in f-templates land. But since you already went the extra mile, thank you |
The HTTP proxy configuration still doesn't set the trusted CA certificates. If you have a self signed certificate for your private gitlab then that doesn't help you, right? Or should we recommend setting up the trusted certificate system wide and avoid the specific git configuration? |
|
Agreed, fixing the code would be preferable to making users do the legwork of manual configuration, but considering the context (explained in the PR description and by Adam above), my recommendation was to fix this in the docs. @ekohl Since you opened the foreman-packaging PR (thanks for that, by the way!), can you please help me figure out which branches should the doc fix go to? Should I cherry-pick only to 3.12 and below because for 3.13 and above, the file will be shipped by default? |
I wanted to keep this brief, but since you're asking about it, I'll elaborate. The full plan is to offer an option to pick a proxy from a list of available proxies in the template sync form. The list will be populated with the default proxy as set in settings and all the currently visible proxies configured in infrastructure > http proxies, but will default to the one in settings. For the ones in infrastructure > http proxies, you can paste in a CA cert in case you need it. |
I'd suggest to merge it first to master, pick it down to all branches you want. Once the packaging change becomes available we'll submit a docs update and then pick it to the same branches where the packaging update was picked to. We should also keep downstream in mind for that, so I probably wouldn't pick it back further than 3.10. |
|
I'm going to assume there are no technical issues with the current state of this PR so I'm setting |
asteflova
added
tech review done
Another assumption I'm going to make: "We'll submit a docs update" means that you intend to track this on your side. If that's not the case, let me know and I'll file a Jira for the docs team and/or myself. |
guides/common/modules/proc_synchronizing-templates-with-an-existing-repository.adoc
Outdated
Show resolved
Hide resolved
Co-authored-by: Maximilian Kolb <[email protected]>
asteflova
added
style review done
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
* Manually add Git config for template sync Without these steps, `sudo -u foreman git config --global` fails with this error: error: could not lock config file /usr/share/foreman/.gitconfig: Permission denied * Minor edits and clarifications --------- Co-authored-by: Maximilian Kolb <[email protected]> (cherry picked from commit 9db6c8b)
I added a reminder on the packaging PR. |
What changes are you introducing?
Attempting to update the Git global config for the
foremanuser fails due to insufficient permissions. Adding steps to manually create the config file as well as set the appropriate permissions on the file ensures that it gets updated as expected.Why are you introducing these changes? (Explanation, links to references, issues, etc.)
https://issues.redhat.com/browse/SAT-27104
Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)
The proposed solution might be considered hacky by some but it looks like SAT-27349 should make the whole section obsolete in a future version.
Checklists
Please cherry-pick my commits into: