Monday, 2021-06-21

« Sunday, 2021-06-20 Index Tuesday, 2021-06-22 »
*** ianw is now known as Guest5201:07
Guest52test01:15
fungi/usr/bin/test01:19
Guest52i identified as ianw in matrix but now i can't figure out how to unidentify01:26
*** Guest52 is now known as ianw01:29
ianwtest01:29
opendevreviewFlorian Haas proposed opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672706:18
*** ysandeep|away is now known as ysandeep06:26
opendevreviewFlorian Haas proposed opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672706:33
opendevreviewMerged zuul/zuul-jobs master: Fix buildset-registry test on focal  https://review.opendev.org/c/zuul/zuul-jobs/+/79234906:44
opendevreviewFlorian Haas proposed opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672707:03
*** jpena|off is now known as jpena07:34
opendevreviewFlorian Haas proposed opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672707:36
*** zbr is now known as Guest7607:40
*** rpittau|afk is now known as rpittau07:41
*** ykarel is now known as ykarel|lunch08:44
*** ykarel|lunch is now known as ykarel09:48
*** jpena is now known as jpena|lunch11:30
opendevreviewFlorian Haas proposed opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672711:33
*** guillaumec_ is now known as guilllaumec12:18
*** jpena|lunch is now known as jpena12:30
yoctozeptomorning13:52
yoctozeptoany idea why reconfigure file in https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_f40/797267/1/check/kolla-ansible-ubuntu-source-cephadm/f403d80/primary/logs/ansible/index.html cannot be downloaded13:52
fungiyoctozepto: i'm able to download it with wget, can you be more specific?13:56
fungiahh, if i try to download it with a web browser it seems to get confused on what the content encoding should be13:57
yoctozeptoah, I tried two browsers and 'save as' but yeah, it is something about encoding13:58
fungilooks like we upload everything to swift as text/plain so files which aren't actual text are probably going to make browsers unhappy13:58
yoctozeptoalthough it should not care, should it?13:58
yoctozeptomeh, modern browsers13:58
yoctozeptoit should be a text file btw13:58
yoctozeptoascii only13:58
yoctozeptoah, I downloaded it with curl and it's gibberish13:59
fungiyes, `file reconfigure` reports "reconfigure: data"14:00
fungiwhat generates that file?14:00
yoctozeptoit's ansible output redirected to a file14:01
yoctozeptoit normally works14:01
fungiinteresting14:01
yoctozeptoan unrelated job failed and I decided to peek14:02
yoctozeptoand this is what I found14:02
fungiis reconfigure-prechecks created the same way, i guess? because yes it has text content14:02
yoctozeptoso it probably broke in some weird way14:02
yoctozeptoyeah14:02
rosmaitanot sure who to direct this to, but the summary urls at the end of a meeting (for example, https://eavesdrop.opendev.org/meetings/image_encryption/2021/image_encryption.2021-06-21-13.00.html ) aren't redirecting to https://meetings.opendev.org/meetings/image_encryption/2021/image_encryption.2021-06-21-13.00.html14:02
rosmaitajust a FYI14:02
fungirosmaita: thanks for spotting that, i'll try to get a fix up later today if nobody beats me to it14:03
rosmaitafungi: thanks ... and actually i don't know if it's for all meetings or just that particular one14:03
*** gthiemon1e is now known as gthiemonge14:04
fungii expect the problem is that we redirected from eavesdrop.openstack.org but the new servername where the bot is running now is causing it to put eavesdrop.opendev.org im urls14:04
fungiwe should 1. correct that to echo the new canonical urls, but also 2. probably add a redirect from eavesdrop.opendev.org so it's solved for any meetings which mentioned urls in this in-between state14:05
fungianyway i have to leave momentarily to run some errands, but will try to tackle both those tasks when i get back in a couple hours14:08
fungiyoctozepto: maybe it's compressed? but doesn't seem to be gzip at least since zcat doesn't like it either14:08
fungialso running strings on it returns nothing recognizable, which is why i suspect some sort of encapsulation/compression14:09
yoctozeptofungi: I think it looks more like something tried to uncompress uncompressed14:09
yoctozeptoyeah14:09
fungimaybe it was compressed with deflate14:09
yoctozeptonot on our side14:09
fungicould perhaps happen on the fly when uploading to swift, or be done by the serving end14:10
fungianyway, i'll be around later14:10
opendevreviewFlorian Haas proposed opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672714:12
yoctozeptotake care14:15
opendevreviewFlorian Haas proposed opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672714:24
*** ykarel is now known as ykarel|away14:30
*** odyssey4me is now known as Guest10914:46
gthiemongeHi Folks, a security fix was proposed for Octavia (https://review.opendev.org/c/openstack/octavia/+/797322), there's storyboard id in the commit message, but we cannot access it, how can we fix that?15:19
JayFTypically that indicates a embargoed security bug. There should be someone working with your project who knows the details... do you have a VMT liason? 15:22
gthiemongeJayF: we don't have a VMT liaison15:25
JayFThen IDK what to tell you :) I don't have special knowledge/access, just have helped with those kinda bugs in Ironic before15:26
johnsomThere is supposed to be a "group" in storyboard that allows the PTL (maybe core) view the security tagged story, but it appears that is not working.15:26
*** ysandeep is now known as ysandeep|out15:36
fungigthiemonge: anyone who has access to that story can switch it to public, but the fix should never have been pushed to public code review without first making the story public15:49
fungioctavia isn't overseen by the openstack vmt though, so are free to do things however they wish15:49
*** gthiemon1e is now known as gthiemonge15:51
fungijohnsom: gthiemonge: by default private stories are only accessible to the people who submit them, unless there is a group configured in storyboard and associated as a security team for that project. deliverables overseen by the openstack vmt are associated with the openstack-security team, but for deliverables with no vmt oversight they'd need a group of their own created and added to the15:53
fungiproject15:53
fungiotherwise the person who creates the story needs to manually add someone to it15:53
johnsomfungi Yeah, we worked on the group for the Octavia team, many months ago (I think we were working with you actually). But that seems to no longer be working.15:54
johnsomIs that group missing now? Is there a way we can check or does it require a storyboard admin?15:56
fungicreating the group can be done by an admin, i'll look and see what's set. i also don't have access to story 2008994, fwiw15:57
fungipossible there's some other reason, like the only task on it is for a different project entirely, or something15:58
*** rpittau is now known as rpittau|afk16:00
johnsomAh, interesting16:02
fungijohnsom: i've used sysadmin access to the backend db to insert permission for myself to view that story, and can confirm it's for openstack/octavia but the only people who were added access for it before now were  Paul Axe16:04
fungiAnton Zhabolenko and Mikhail Ushanov16:04
fungithe first of the three being automatically added since they created the story16:04
johnsomMust be the reporting team/company. Is the "Octavia security" group still there?16:05
fungithe openstack-octavia-security group exists, includes you and list showing related to the octavia team deliverables including openstack/octavia16:06
fungioh! i see why it didn't get added16:07
johnsomHmm, ok, so a bug. Should I open a Story for Storyboard?16:07
funginope, working as designed. my fault, almost certainly, i didn't set it as a "security team"16:08
fungii'm double-checking the others i created to see if i made the same mistake elsewhere16:08
gthiemongeperhaps "private" is true16:08
johnsomOk, and if we can't manage that group, can you add Greg (current PTL)?16:08
fungiconfirmed, i forgot to set openstack-trove-security as a security team too16:09
fungiand yeah, i'll add greg, just a sec16:09
johnsomThank you!16:09
gthiemongefungi: thanks ;-)16:11
fungigthiemonge: i've added you to the openstack-octavia-security team in storyboard.openstack.org now16:11
johnsomSo if I log out and back in I should be able to see that bug now?16:11
fungii'll work on adding openstack-octavia-security access to any still private stories next16:11
johnsomAh, ok, thanks16:11
rm_workHmm yeah I was surprised since I have definitely viewed Octavia security bugs before16:12
gthiemongeI still have 404 errors on 200899416:12
rm_workNeed to relog?16:12
fungiwell, the group could still be manually added to a story, just wouldn't have been auto-added16:13
fungigthiemonge: rm_work: i'm working on adding the team to the existing stories it doesn't have access to now, give me a moment16:13
gthiemongefungi: ok, thanks16:13
rm_workSorry for impatience 😅16:13
* johnsom guesses the Octavia team takes security stories seriously.... grin16:14
fungias well they should!16:14
fungigthiemonge: rm_work: johnsom: i've manually added the team to that story while working on identifying any others16:17
johnsomHmm, I still get a 404 after logging out and back in.16:18
fungiyou're logged into storyboard, have no api error pop-ups in the top-right corner, and then attempt to load https://storyboard.openstack.org/#!/story/2008994 ?16:19
fungioh, i didn't actually save, hold on16:20
fungijohnsom: reload now, sorry16:21
gthiemongeI can see it ;-)16:21
gthiemongefungi: thank you16:22
fungigthiemonge: you're welcome, i've also added the team to story 2008853 which was already marked invalid but should probably be switched to public16:26
*** jpena is now known as jpena|off16:46
fungigthiemonge: also 2004606 which looks like it should have been switched to public years ago17:24
fungigthiemonge: and 200151517:28
fungigthiemonge: and 200139817:29
fungigthiemonge: and 200138017:30
fungigthiemonge: and 200137617:31
fungimany of those i had added rm_work to years ago in a prior audit of private stories, before an openstack-octavia-security team had been added for those projects17:33
gthiemongefungi: wow, thanks, I'll review those stories17:39
fungigthiemonge: i expect most are invalid or long since fixed17:40
fungiplease switch any which aren't sensitive to public17:40
fungidoing my best to keep the private stories in sb limited to those which actually need to be private until they're fixed17:41
opendevreviewMerged opendev/git-review master: Support the Git "core.hooksPath" option when dealing with hook scripts  https://review.opendev.org/c/opendev/git-review/+/79672719:49
*** dviroel is now known as dviroel|out21:39
opendevreviewIan Wienand proposed opendev/system-config master: centos-mirror: add dry run mode  https://review.opendev.org/c/opendev/system-config/+/79736423:38
opendevreviewIan Wienand proposed opendev/system-config master: centos-mirror: exclude ppc64le  https://review.opendev.org/c/opendev/system-config/+/79736523:38
« Sunday, 2021-06-20 Index Tuesday, 2021-06-22 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!