| opendevreview | Merged openstack/diskimage-builder master: Not duplicate grub defaults https://review.opendev.org/c/openstack/diskimage-builder/+/925451 | 06:01 |
|---|---|---|
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add ensure-dib role https://review.opendev.org/c/zuul/zuul-jobs/+/922910 | 06:23 |
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add build-diskimage role https://review.opendev.org/c/zuul/zuul-jobs/+/922911 | 06:23 |
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add build_diskimage_environment role variable https://review.opendev.org/c/zuul/zuul-jobs/+/926224 | 06:23 |
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add a diskimage-builder job https://review.opendev.org/c/zuul/zuul-jobs/+/926225 | 06:23 |
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add ensure-dib role https://review.opendev.org/c/zuul/zuul-jobs/+/922910 | 07:13 |
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add build-diskimage role https://review.opendev.org/c/zuul/zuul-jobs/+/922911 | 07:13 |
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add build_diskimage_environment role variable https://review.opendev.org/c/zuul/zuul-jobs/+/926224 | 07:13 |
| opendevreview | Benjamin Schanzel proposed zuul/zuul-jobs master: Add a diskimage-builder job https://review.opendev.org/c/zuul/zuul-jobs/+/926225 | 07:13 |
| opendevreview | Jens Harbott proposed openstack/project-config master: gerritbot: Add missing docs repos to tc channel https://review.opendev.org/c/openstack/project-config/+/926512 | 09:35 |
| opendevreview | Merged openstack/project-config master: gerritbot: Add missing docs repos to tc channel https://review.opendev.org/c/openstack/project-config/+/926512 | 11:29 |
| *** elodilles is now known as elodilles_ooo | 12:31 | |
| clarkb | Friendly reminder to add your meeting agenda items today. I'll get that sent out towards the end of my day so that tonyb and everyone else have a change to edit it. Or also let me know what should be added. | 18:01 |
| clarkb | I will be adding a note about etherpad upgrades myself. | 18:01 |
| clarkb | oh and the default nodeset update I announced | 18:02 |
| clarkb | and the service coordinate election | 18:02 |
| fungi | thanks! | 18:10 |
| fungi | not sure if it needs a dedicated topic on the agenda, but looks like the openstack.org domain hosting switch from rackspace dns to cloudflare dns is occurring in the next hour or so | 18:13 |
| fungi | i've gone through the zone import and switched anything we're hosting from the default "proxied" setting to "dns only" | 18:14 |
| clarkb | probably worth following up tomorrow just in case there is anything that happens as well as ensuring we all know how to pester you for domain updates (I don't have access but suspect I can get it too) | 18:14 |
| fungi | so it should only be openinfra foundation/tipit managed systems that get cdn proxies served up | 18:14 |
| fungi | also worth noting, "we" (opendev collaboratory and openstack tact sig) account for 70% (104 out of 149) a/aaaa/cname rrs in that domain at the moment | 18:16 |
| fungi | that's after i cleaned up everything that's not still valid, but is almost entirely backward-compat subdomains we're managing for redirects | 18:16 |
| fungi | well, a majority of it is at least | 18:17 |
| fungi | and the next biggest chunk is openstack sites on static.opendev.org, followed by afs/kerberos servers | 18:18 |
| clarkb | I know familiarity has more to do with this than anything else, that said I'm impressed that firewalld seems somehow much harder to use than iptables | 20:03 |
| JayF | Just wait until you try to learn `nft`, it's close enough to iptables to fool you into thinking you know it, but it's not quite there (yes, I know you can still use iptables-nft) | 20:05 |
| clarkb | figuring out if port 22 is open for ssh is turning out to be an educational task. Like some zones have it listed and others don't. But what is a zone? | 20:06 |
| clarkb | ok `firewall-cmd --get-active-zones` tells you which zones are in use. Then you can use firewall-cmd --list-all-zones to see what services are enabled for the active zones. I have no confirmed that ssh port 22 is not open | 20:09 |
| clarkb | now to figure out the proper way to open that | 20:09 |
| clarkb | and the config files are xml | 20:11 |
| clarkb | `firewall-cmd --permanent --add-service=ssh` is the incantation I think | 20:15 |
| clarkb | if the ssh service isn't defined then you can --add-port=22/tcp or something like that | 20:16 |
| clarkb | I've discovered firewalld has a "panic mode" which when enabled drops all network communication in and out | 20:18 |
| JayF | that's what `service iptables panic` did on RHELs for a long time (maybe still?) | 20:19 |
| clarkb | I think if I was trying to achive that I would've disabled the network interfaces instead as a more logical (to my mind anyway) method of achieving that | 20:20 |
| fungi | when debian switched from iptables to nft, i basically just sat down and read through the documentation and reconstructed my configs from scratch | 20:20 |
| clarkb | ok my first pass of meeting agenda edits are in | 20:36 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!