| clarkb | tonyb: so chrome updates frequently and if you look at https://www.cve.org/CVERecord/SearchResults?query=chromium there is basically no reason to run an old chrome | 00:32 |
|---|---|---|
| clarkb | while I can understand that people may not have updated I kinda feel like that is a bad thing and maybe if we're additional signal that they really should update then we're providing a helpful service in a round about way | 00:32 |
| clarkb | https://www.cve.org/CVERecord?id=CVE-2025-6554 this one in particular jumped out to me | 00:33 |
| clarkb | but if we think its better to eat the bad crawler noise for User Agents that no one should be running (but in practice are) I don't mind updating the ruleset | 00:34 |
| fungi | might be woth first checking what the volume of rejects is like for the versions we're considering unwinding | 00:51 |
| tonyb | another approach might be to specify a 403 page that has a little more detail. something that humans can choose to action but hopefully not detailed enough that it encourages the same behaviour from the bots we're trying to slow down | 01:16 |
| tonyb | I'll see if I can come up with something today | 01:17 |
| tonyb | infra-root: Any objections to me taking a dump of the wiki, and importing it into the held node? | 02:02 |
| clarkb | have we done it before? Just wondering if we know what if any impact there may be. But no, no objection | 02:05 |
| tonyb | Yup I've done it once before, with no known issues. I guess maybe a small bump in I/O and CPU ? | 02:06 |
| opendevreview | OpenStack Proposal Bot proposed openstack/project-config master: Normalize projects.yaml https://review.opendev.org/c/openstack/project-config/+/962557 | 02:22 |
| *** mrunge_ is now known as mrunge | 06:25 | |
| opendevreview | Gregory Thiemonge proposed openstack/diskimage-builder master: Fix RPM DB path for Centos 10 Stream https://review.opendev.org/c/openstack/diskimage-builder/+/963939 | 10:17 |
| fungi | tonyb: clarkb: there's not really any sensitive data in that database, it's fine. we rely on an idp to authenticate the users for us so there's no passwords. probably the extent of sensitivity is personal data that some users may have authorized the idp to supply to the software such as their names and e-mail addresses | 12:28 |
| fungi | so do try to keep it safe, of course, but you're not risking the server getting copromised or anything by copying that around | 12:29 |
| *** gmaan_pto is now known as gmaan | 16:00 | |
| corvus | i think i'd like to disable the weekly zuul restart for this next weekend. do you agree? if so, should i use the emergency file or make a change to disable the cron? | 16:11 |
| clarkb | corvus: I think the weekly reboot may ignore the emergency file? Its probably best to make a change to disable the cron | 16:13 |
| clarkb | I'm happy to review and approve that today | 16:13 |
| fungi | that sounds prudent as i doubt most of us will be in a good position to troubleshoot any issues that might result | 16:14 |
| opendevreview | James E. Blair proposed opendev/system-config master: Temporarily disable the weekly Zuul reboot https://review.opendev.org/c/opendev/system-config/+/963983 | 16:16 |
| corvus | that seemed like the easiest way to disable it without thinking too hard about the mechanics. :) | 16:16 |
| opendevreview | James E. Blair proposed opendev/system-config master: Revert "Temporarily disable the weekly Zuul reboot" https://review.opendev.org/c/opendev/system-config/+/963984 | 16:17 |
| clarkb | curiously both /usr/bin/true and /bin/true exist on that server | 16:18 |
| corvus | heh even if that failed it would be an acceptable outcome | 16:18 |
| clarkb | +2 from me. We can probably go ahead and approve it once CI comes back clean | 16:18 |
| clarkb | or now I guess, not sure if fungi has time today to review it | 16:19 |
| fungi | already approved | 16:20 |
| clarkb | thanks! | 16:21 |
| opendevreview | Merged opendev/system-config master: Temporarily disable the weekly Zuul reboot https://review.opendev.org/c/opendev/system-config/+/963983 | 17:02 |
| clarkb | corvus: that change deployed successfully according to zuul and sudo crontab -l shows a /bin/true entry now | 17:13 |
| corvus | \o/ | 17:13 |
| fungi | fungi@bridge01:~$ sudo crontab -l | 17:15 |
| fungi | #Ansible: Backup Rackspace DNS | 17:15 |
| fungi | 0 2 * * * /usr/local/bin/rax-dns-backup >> /var/log/rax-dns-backup.log 2>&1 | 17:15 |
| fungi | #Ansible: Zuul cluster restart | 17:15 |
| fungi | 1 0 * * 6 /bin/true | 17:15 |
| fungi | yep, just checked | 17:15 |
| fungi | lgtm | 17:15 |
| slittle1_ | trying to understand why zuul is unhappy with https://review.opendev.org/c/starlingx/zuul-jobs/+/964049 ... I can seem to find any logs | 18:52 |
| clarkb | slittle1_: https://opendev.org/starlingx/zuul-jobs/src/branch/master/zuul.d/legacy-jobs.yaml#L16 is the reason. The default ansible version in opendev's zuul is now Ansible 11. Ansible 11 requires python3.8 or newer but bionic only has 3.6 by default. Unfortunately the failure occurs early enough in the process that we dont' get logs generated | 18:56 |
| clarkb | slittle1_: the solution is to either override the ansible version to ansible 9 in jobs that need to run on older platforms or update the platform that is running this job | 18:57 |
| clarkb | slittle1_: I would warn that ubuntu-bionic nodes will be going away in the near ish future when zuul drops support for ansible 9 entirely as we won't be able to function on that node type any more | 18:57 |
| clarkb | so ist better to update the platform that runs your job | 18:57 |
| slittle1_ | thanks | 19:22 |
| clarkb | I'm going to pop out now to run a pre travel errand. I should be back in a bit | 19:40 |
| tonyb | Is it expected that https://review.opendev.org/admin/repos/openstack/openstack,access should essentially be empty of content? | 23:37 |
| tonyb | I'm trying to figure out who has +2 there. I can "cheat" and use my admin account but I don't think that I shoudl have to do that. | 23:38 |
| fungi | tonyb: look in the project-config repos | 23:39 |
| fungi | gerrit's display helpfully filters out all permissions your current user lacks | 23:39 |
| fungi | tonyb: https://opendev.org/openstack/project-config/src/commit/503e6d2735ae681c783fb8a1bddefbf487797430/gerrit/acls/openstack/openstack.config | 23:40 |
| fungi | that's the most recent version we pushed into gerrit | 23:41 |
| fungi | if you're looking for the primary core reviewers, it's the openstack release team | 23:41 |
| tonyb | Okay, I'll push a change to add the TC, I'm just working on a complete audit (of the 10ish tc repos) | 23:42 |
| fungi | probably at least worth giving the kind folks in #openstack-release a heads up that the tc is taking it over | 23:44 |
| tonyb | Oh course | 23:46 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!