Wednesday, 2019-02-13

« Tuesday, 2019-02-12 Index Thursday, 2019-02-14 »
*** mrodriguez has quit IRC00:24
*** sdake has quit IRC00:26
*** sdake has joined #openstack-containers00:46
*** ricolin_ has joined #openstack-containers01:01
*** yankcrime has quit IRC01:08
*** sdake has quit IRC01:14
*** sdake has joined #openstack-containers01:17
*** sapd1 has joined #openstack-containers01:26
*** sdake has quit IRC01:29
*** sdake has joined #openstack-containers01:32
*** sdake has quit IRC01:39
*** ramishra has joined #openstack-containers01:52
*** yankcrime has joined #openstack-containers02:01
*** _fragatina has quit IRC02:02
*** hongbin has joined #openstack-containers02:21
*** openstackgerrit has joined #openstack-containers02:39
openstackgerritFeilong Wang proposed openstack/magnum master: [fedora_atomic] Support auto healing for k8s  https://review.openstack.org/63137802:39
*** sdake has joined #openstack-containers03:06
*** ricolin_ has quit IRC03:48
*** spsurya has joined #openstack-containers03:55
*** udesale has joined #openstack-containers03:55
*** ykarel|away has joined #openstack-containers04:04
*** ykarel|away is now known as ykarel04:08
*** sdake has quit IRC04:15
*** janki has joined #openstack-containers04:32
*** ArchiFleKs has quit IRC04:40
*** ArchiFleKs has joined #openstack-containers04:50
*** hongbin has quit IRC04:55
*** zul has quit IRC05:26
*** udesale has quit IRC05:36
*** udesale has joined #openstack-containers05:42
*** ricolin has joined #openstack-containers05:46
*** udesale has quit IRC05:48
*** udesale has joined #openstack-containers05:48
*** sdake has joined #openstack-containers06:28
*** sdake has quit IRC07:07
*** udesale has quit IRC07:12
*** belmoreira has joined #openstack-containers07:19
*** udesale has joined #openstack-containers07:19
*** ricolin has quit IRC07:19
*** ricolin_ has joined #openstack-containers07:19
*** udesale has quit IRC07:24
*** udesale has joined #openstack-containers07:25
*** ricolin_ has quit IRC07:45
*** ricolin has joined #openstack-containers07:46
*** ykarel is now known as ykarel|lunch08:36
*** flwang1 has joined #openstack-containers08:41
flwang1strigazi: around?08:41
strigaziflwang1: hello08:52
flwang1do you have a few mins?08:53
flwang1some random things i'd like to get your comments08:53
strigaziyes08:53
flwang11. any plan to Fedora Atomic 29 or just go for Ubuntu or whatever you named here08:54
strigazif2908:54
strigaziflwang1: we are using it here a bit08:54
flwang1ok, the reaction from Fedora Atomic about the cve 5736 make me nervous08:54
strigazi?08:54
flwang1i haven't seen any response about this08:55
flwang1from FA side08:55
flwang1that makes me feeling the community is not really active now08:55
flwang1we're lucky this time, but next time maybe not08:56
flwang1we probably still need a way to patch Fedora Atomic to build new image before we migrate to any other OS08:56
strigaziI think you are exaggerating08:56
strigaziyou can go to ubuntu08:56
flwang1ok, fair enough08:57
strigazibuilds here for moby-engine https://koji.fedoraproject.org/koji/packageinfo?packageID=2739508:57
strigazifedora atomic is a read-only fs plus with selinux it is not affected08:58
flwang1i would say we have different PoV, so we are thinking from different perspective08:58
flwang1we're not enabling selinux08:58
flwang1for k8s08:58
strigaziI just tried it because of this CVE and it works. I'm running conformance.08:59
strigaziAlso the exploit does not work on fedora atomic.08:59
strigazieven with selinux off, based on my tests.08:59
flwang1how did you test it?09:00
flwang1i haven't see a test script yet, could you share?09:00
strigazigitlab-registry.cern.ch/strigazi/containers/cve-2019-5736-poc09:00
strigazihttps://github.com/q3k/cve-2019-5736-poc09:01
strigaziwe can work on moving to kubeadm and be distro agnostic.09:01
strigazithere is also this: https://gist.github.com/singe/0ad4078848d85dc0d03f9f9013796e4509:02
flwang1and you know the coreOS/Fedora atomic strategy is still very unclear09:02
strigaziyou comment on the reaction time from the community is based on what? can you elaborate?09:02
flwang1strigazi: is there any response from fedora atomic community about this cve?09:04
flwang1i googled a lot, can't see any09:04
flwang1and i also popped up into #atomic irc channel, asked question, no response as well09:04
strigaziI asked in #fedora-coreos and they told me they want a reproducer.09:05
strigaziwhere is the response from ubuntu?09:05
flwang1don't get me wrong, i could be too concerned, but i think it's not the first time we think about this migrating09:05
flwang1i'm not saying Ubuntu doing a better job here, and i'm not arguing who is the best community09:08
strigazialso, just to note here. google container os didn't neet an upgrade, just like fedora.09:09
strigaziI think an effort to be more flexible on the distro can be made.09:10
*** ricolin has quit IRC09:19
openstackgerritSpyros Trigazis proposed openstack/magnum master: [k8s_fedora] Add heat-agent to worker nodes  https://review.openstack.org/56185809:36
*** ykarel|lunch is now known as ykarel09:49
*** adrianreza has joined #openstack-containers09:59
*** mkuf_ is now known as mkuf10:01
openstackgerritMerged openstack/magnum master: k8s_fedora: Deploy tiller  https://review.openstack.org/61233610:20
*** udesale has quit IRC11:13
*** janki has quit IRC11:40
*** janki has joined #openstack-containers11:40
*** sapd1 has quit IRC11:45
openstackgerritMerged openstack/magnum master: [k8s_fedora] Add heat-agent to worker nodes  https://review.openstack.org/56185811:48
*** sdake has joined #openstack-containers12:03
*** _fragatina has joined #openstack-containers12:11
*** _fragatina_ has joined #openstack-containers12:12
*** _fragatina has quit IRC12:16
*** sdake has quit IRC12:16
*** udesale has joined #openstack-containers12:50
*** janki has quit IRC13:00
*** sapd1 has joined #openstack-containers13:08
*** ykarel is now known as ykarel|afk13:23
*** janki has joined #openstack-containers13:28
*** jmlowe has quit IRC13:54
*** sdake has joined #openstack-containers14:07
*** sdake has quit IRC14:09
*** sdake has joined #openstack-containers14:11
*** ykarel|afk is now known as ykarel14:11
*** sdake has quit IRC14:13
*** sdake has joined #openstack-containers14:13
*** sdake has quit IRC14:23
*** dave-mccowan has joined #openstack-containers14:25
*** dave-mccowan has quit IRC14:30
*** lpetrut has joined #openstack-containers14:38
*** _fragatina_ has quit IRC14:42
*** zul has joined #openstack-containers14:43
*** mrodriguez has joined #openstack-containers14:46
*** sapd1 has quit IRC14:52
*** jmlowe has joined #openstack-containers14:59
*** sapd1 has joined #openstack-containers15:08
*** jmlowe has quit IRC15:18
*** janki has quit IRC15:21
*** jmlowe has joined #openstack-containers15:23
*** jmlowe has quit IRC15:54
*** jmlowe has joined #openstack-containers15:58
*** ykarel is now known as ykarel|away15:58
*** lpetrut has quit IRC16:00
*** sdake has joined #openstack-containers16:05
*** ianychoi has quit IRC16:08
*** ramishra has quit IRC16:29
openstackgerritDiogo Guerra proposed openstack/magnum master: [k8s] helm install metrics service  https://review.openstack.org/63239216:38
*** jmlowe has quit IRC16:38
*** jmlowe has joined #openstack-containers16:44
*** sdake has quit IRC16:46
*** sdake has joined #openstack-containers16:47
*** ykarel|away has quit IRC16:58
*** sdake has quit IRC16:58
*** _fragatina has joined #openstack-containers16:59
*** _fragatina has quit IRC17:00
*** itlinux has joined #openstack-containers17:05
*** itlinux has quit IRC17:09
*** ykarel|away has joined #openstack-containers17:09
*** itlinux_ has joined #openstack-containers17:09
*** itlinux_ has quit IRC17:14
*** itlinux has joined #openstack-containers17:15
*** sapd1 has quit IRC17:16
imdigitaljim@strigazi @flwang1 this vulnerability is *not* blocked by the default AppArmor policy, nor17:23
imdigitaljimby the default SELinux policy on Fedora[++]17:23
*** udesale has quit IRC17:23
*** jmlowe has quit IRC17:23
imdigitaljimhttps://www.openwall.com/lists/oss-security/2019/02/11/217:24
*** ricolin has joined #openstack-containers17:25
*** sapd1 has joined #openstack-containers17:29
imdigitaljimalso17:29
imdigitaljimstrigazi17:29
*** itlinux has quit IRC17:30
imdigitaljimthe ro file-system doesnt protect you if you're root, you can just mount -o remount,rw /anything17:30
*** _fragatina has joined #openstack-containers17:31
*** ykarel|away has quit IRC17:31
*** itlinux has joined #openstack-containers17:36
*** sapd1 has quit IRC17:37
*** itlinux_ has joined #openstack-containers17:40
*** itlinux has quit IRC17:41
*** ricolin has quit IRC17:58
*** jmlowe has joined #openstack-containers18:08
*** itlinux_ has quit IRC18:08
*** hongbin has joined #openstack-containers18:15
*** sdake has joined #openstack-containers18:19
*** sapd1 has joined #openstack-containers18:27
*** hongbin has quit IRC18:27
*** hongbin has joined #openstack-containers18:27
*** sdake has quit IRC18:37
openstackgerritRicardo Rocha proposed openstack/magnum master: [k8s] Add trustee as a secret in kube-system  https://review.openstack.org/63672519:10
*** ArchiFleKs has quit IRC19:13
*** ArchiFleKs has joined #openstack-containers19:14
*** _fragatina has quit IRC20:05
*** jmlowe has quit IRC20:28
*** hongbin has quit IRC20:40
*** hongbin has joined #openstack-containers20:49
*** hongbin has quit IRC20:54
*** itlinux has joined #openstack-containers21:04
*** hongbin has joined #openstack-containers21:06
*** jmlowe has joined #openstack-containers21:15
*** _fragatina has joined #openstack-containers21:45
openstackgerritRicardo Rocha proposed openstack/magnum master: [k8s] Add trustee as a secret in kube-system  https://review.openstack.org/63672521:52
*** itlinux has quit IRC21:58
brtknrstrigazi: I am using the patch you mentioned for queens and I am getting the same problem related to region_name with my heat-container-agent22:20
*** openstackgerrit has quit IRC22:22
brtknrstrigazi: the weird thing is, the problem is surfacing on one deployment and not on the other22:23
brtknri'm pretty sure that the two are using the same docker image underneath!22:23
*** eandersson has quit IRC22:33
*** sapd1 has quit IRC22:40
*** sapd1 has joined #openstack-containers22:55
brtknris there an easy way to debug heat-container-agent?22:56
*** sapd1 has quit IRC23:16
*** mrodriguez has quit IRC23:21
« Tuesday, 2019-02-12 Index Thursday, 2019-02-14 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!