| -@gerrit:opendev.org- Riccardo Pittau proposed: [opendev/glean] 979471: Fix systemd ordering cycle in glean service units https://review.opendev.org/c/opendev/glean/+/979471 | 09:18 | |
| -@gerrit:opendev.org- yatin proposed: [zuul/zuul-jobs] 961208: Make fips setup compatible to 10-stream https://review.opendev.org/c/zuul/zuul-jobs/+/961208 | 12:02 | |
| -@gerrit:opendev.org- yatin proposed: [zuul/zuul-jobs] 961208: Make fips setup compatible to 10-stream https://review.opendev.org/c/zuul/zuul-jobs/+/961208 | 12:04 | |
| @clarkb:matrix.org | infra-root: is anyone else interested in doing the gerrit account surgery for sehun.jeong ? It has been a while since I did one but I'm happy to walk through the process if someone else is interested in doing it (I'm not sure if anyone else has done this since we switched to notedb) | 14:25 |
|---|---|---|
| @fungicide:matrix.org | i can try to look into it later today, but am about to disappear for lunch errands | 14:53 |
| @fungicide:matrix.org | the process is 1. look up the old account id(s) by e-mail address, mark the account(s) inactive, push a change to All-Users cleaning up external ids? | 14:55 |
| @clarkb:matrix.org | fungi: close, the mark accounts inactive step goes last and is the git push because we remove the preferred email id from the all users record. Before we do that we clean up the external ids via the API since we can't update the external ids with a git push due to the inconsistencies that persists in that dataset | 14:56 |
| @clarkb:matrix.org | so basically find the old account, use api to remove the conflictingexternal ids, then push a change to all users to disable the account and remove the conflicting preferred email address and that should do it | 14:56 |
| @fungicide:matrix.org | okay, so don't set them inactive via the api? | 15:01 |
| @fungicide:matrix.org | but delete the addresses via api | 15:03 |
| @clarkb:matrix.org | yes that is what I was doing in the past iirc | 15:04 |
| @fungicide:matrix.org | cool | 15:04 |
| @clarkb:matrix.org | when you do the git push you can set them disabled and remove their preferred email address record at the same time since those are both in the user record. The external ids are all in one flat db space so updating one via git push requires the whole set to check out cleanly. Using the api works around this problem | 15:05 |
| @fungicide:matrix.org | okay, heading out now, back in a while | 15:06 |
| -@gerrit:opendev.org- Zuul merged on behalf of yatin: [zuul/zuul-jobs] 961208: Make fips setup compatible to 10-stream https://review.opendev.org/c/zuul/zuul-jobs/+/961208 | 15:12 | |
| -@gerrit:opendev.org- Clark Boylan proposed: [opendev/system-config] 976282: Start testing Ansible 9 on bridge https://review.opendev.org/c/opendev/system-config/+/976282 | 15:46 | |
| @clarkb:matrix.org | This is the promised Ansible 9 instaed of 10 test change | 15:46 |
| @clarkb:matrix.org | Ansible 9 has better python support range for our current systems so if that fixes the pkg_resources problem I think it is a better upgrade candidate than 10 for now | 15:46 |
| @clarkb:matrix.org | Couple of other items to call out. First is mnasiadka's change to add a user and ssh key to our list: https://review.opendev.org/c/opendev/system-config/+/978980 if others can weigh in on that it would be great just to capture the general consensus. And second now is a good time to call out meeting agenda items that need to be added/removed/edited. If you let me know I can make the edits or feel free to make them yourself cc infra-root | 16:46 |
| -@gerrit:opendev.org- Clark Boylan proposed: [opendev/system-config] 976282: Start testing Ansible 9 on bridge https://review.opendev.org/c/opendev/system-config/+/976282 | 17:07 | |
| @fungicide:matrix.org | nf_conntrack_count on static02 fell to 7694 after a week, presumably just had to wait out a few hundred thousand tcp sockets that never got closed properly when it was in severe distress | 17:26 |
| @clarkb:matrix.org | nice | 17:29 |
| @fungicide:matrix.org | server-status indicates apache is quite busy, but has a good balance of states and plenaty of available headroom still | 17:33 |
| @fungicide:matrix.org | plenty | 17:33 |
| @fungicide:matrix.org | hits on the mod_security waf rules are coming in less often too, last new block was added a little over an hour ago | 17:35 |
| @clarkb:matrix.org | fungi: I'm looking at https://review.opendev.org/q/hashtag:%22apache-waf%22+status:open as part of meeting agenda prep and notice some of them are fialing in ci | 18:18 |
| @clarkb:matrix.org | not sure if you'd seen that yet | 18:18 |
| @fungicide:matrix.org | i have, just need to switch gears and look into logs | 18:18 |
| @fungicide:matrix.org | at least some of those failures are the `tox --show-config` removal | 18:25 |
| @fungicide:matrix.org | Clark: but you were right, mod_security rule ids need to be unique: https://zuul.opendev.org/t/openstack/build/6f15219d3d594140bc6c8f15c3c33cf6/log/static99.opendev.org/syslog.txt#1697 | 18:28 |
| @fungicide:matrix.org | i half expected that to error | 18:28 |
| @fungicide:matrix.org | main problem is, i don't know whether it's okay to renumber rules during restarts, or if that throws off the persistent database | 18:28 |
| @fungicide:matrix.org | i would guess not? | 18:29 |
| @fungicide:matrix.org | that is, probably it's fine to renumber rules and restart | 18:29 |
| @fungicide:matrix.org | maybe i'll make that block rule into 9999 so it doesn't have to be renumbered in the future when we add more before it | 18:30 |
| @clarkb:matrix.org | I think its fine to renumber them since corvus' db data doesn't include a rule id in the rows | 18:31 |
| @fungicide:matrix.org | great point | 18:31 |
| @clarkb:matrix.org | My first pass of meeting agenda edits is in | 18:33 |
| -@gerrit:opendev.org- Jeremy Stanley https://matrix.to/#/@fungicide:matrix.org proposed: | 18:39 | |
| - [opendev/system-config] 979089: Add WAF rules for docs.openstack.org https://review.opendev.org/c/opendev/system-config/+/979089 | ||
| - [opendev/system-config] 979090: Add our tripwire SecRule to docs.openstack.org https://review.opendev.org/c/opendev/system-config/+/979090 | ||
| @clarkb:matrix.org | fungi: the security alert for a new login to infra-root is me | 21:06 |
| @clarkb:matrix.org | also when I logged it forced me to choose between turning on and off smart features. I elected to turn them off since this account is primarily for email through imap we shouldn't need any smart magic | 21:06 |
| @fungicide:matrix.org | sgtm | 22:15 |
| @clarkb:matrix.org | ok last call on the meeting agenda. Also friendly reminder that some of us experiences the DST time change over the weekend and the 1900 UTC meeting time will haev shifted an hour later on your local clock in North America | 22:41 |
| @clarkb:matrix.org | Apparently my neighbors to the north have just done this for the last time and they will not be shifting back to standard time in the fall. I'm a bit jealous actually | 22:42 |
| @fungicide:matrix.org | i heard, that's awesome news for bc | 22:42 |
| @clarkb:matrix.org | the meeting agenda should be in inboxes now | 22:53 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!