Make the Server HowTo SELinux instructions simpler and easier to read.
Describe each step for users to copy-and-paste.
Use semanage and restorecon instead of chcon in order to make the
changes persist across relabling operations.
Only recommend httpd_can_network_connect_db=1 if the user is using a
TCP/IP connection to PostgreSQL. If koji-hub is using a local Unix
socket connection, Apache does not need this setting.
Rewrite the PostgreSQL authorization instructions in the Server HowTo
guide.
Provide two complete examples: the "all-in-one localhost" option, and
the "separate postgres over the network" option. This reduces the
decision trees and makes it easier to copy and paste the entire
pg_hba.conf file. Explain what each mystery setting does and link to the
PostgreSQL documentation.
Only set listen_addresses to "*" if we need it, and turn it off if we
don't.
Simplify the instructions so that the user only restarts the postgresql
daemon once.
Clarify that koji-web does not need DB access, and the hub is the only
service that requires direct DB access.
Remove the example of authorizing the apache system user, because that
implies that the admin must run a series of complicated GRANT
instructions to allow both koji and apache to write to the DB. Just
grant the koji user full trust access for simplicity.
Prior to this change, Google Chrome's SVG renderer did not display "Hub"
centered in the Koji structure diagram.
Re-do the "Hub" text in the diagram so that it is centered in Inkscape,
Firefox, and Chrome.
Fedora and RHEL 8 use a newer syntax for postgresql-setup's initdb
command. Provide the older command and the newer command in the Server
Howto documentation.
(We can remove the RHEL 7 version when we drop RHEL 7 support.)
Prior to this change, Sphinx rendered the SQL query outside of the
"Note" box.
Indent the query further so that Sphinx renders it inside the "Note"
border.
The Server Howto documentation describes how to configure Kerberos
authentication in kojira.conf.
Prior to this change, the Server Howto documentation's boilerplate
configuration copied the older stale format.
eea730300a added a dedicated section for
Kerberos authentication to kojira.conf. Copy this newer format into the
Server Howto documentation.
This also updates our Server Howto document to use the default
/etc/kojira/kojira.keytab file path, which we added in
f232e49194.
