*** reddy1 has quit IRC | 00:08 | |
openstackgerrit | Merged openstack/openstack-helm-infra master: fix(post): fixes publish job https://review.opendev.org/758835 | 01:57 |
---|---|---|
-openstackstatus- NOTICE: We are investigating an issue with our hosted Gerrit services. We will provide an update as soon as we can. If you want to follow the latest, feel free to join #opendev | 03:24 | |
-openstackstatus- NOTICE: We identified a possible vulnerability in Gerrit and are investigating the potential impact on our services. Out of an abundance of caution we have taken our OpenDev hosted Gerrit system offline. We will update with more information once we are able. | 04:29 | |
*** evrardjp has quit IRC | 04:33 | |
*** evrardjp has joined #openstack-helm | 04:33 | |
*** suryasingh has joined #openstack-helm | 04:46 | |
*** jamesgu has quit IRC | 05:16 | |
*** ianychoi_ has joined #openstack-helm | 06:23 | |
*** ianychoi has quit IRC | 06:27 | |
*** vsaienk0 has joined #openstack-helm | 06:48 | |
*** belmoreira has joined #openstack-helm | 06:55 | |
*** sugaar has joined #openstack-helm | 07:27 | |
*** vsaienk0 has quit IRC | 07:53 | |
*** vsaienk0 has joined #openstack-helm | 08:05 | |
*** vsaienk0 has quit IRC | 08:15 | |
-openstackstatus- NOTICE: We identified a possible vulnerability in Gerrit and are investigating the potential impact on our services. Out of an abundance of caution we have taken our OpenDev hosted Gerrit system offline. We will update with more information once we are able. | 08:36 | |
*** ChanServ changes topic to "We identified a possible vulnerability in Gerrit and are investigating the potential impact on our services. Out of an abundance of caution we have taken our OpenDev hosted Gerrit system offline. We will update with more information once we are able." | 08:36 | |
*** vsaienk0 has joined #openstack-helm | 08:41 | |
*** vsaienk0 has quit IRC | 08:52 | |
*** vsaienk0 has joined #openstack-helm | 09:22 | |
*** vsaienk0 has quit IRC | 10:09 | |
*** vsaienk0 has joined #openstack-helm | 10:11 | |
*** vsaienk0 has quit IRC | 10:27 | |
*** vsaienk0 has joined #openstack-helm | 10:29 | |
*** vsaienk0 has quit IRC | 10:40 | |
*** vsaienk0 has joined #openstack-helm | 10:52 | |
-openstackstatus- NOTICE: Update on gerrit downtime: After investigation, we believe the incident is related to a compromised Gerrit user account rather than a vulnerability in Gerrit software. We are continuing to review activity to verify the integrity of git data and expect to have an additional update with possible service restoration in approximately 2 hours. | 11:05 | |
*** ChanServ changes topic to "Update on gerrit downtime: After investigation, we believe the incident is related to a compromised Gerrit user account rather than a vulnerability in Gerrit software. We are continuing to review activity to verify the integrity of git data and expect to have an additional update with possible service restoration in approximately 2 hours." | 11:05 | |
*** vsaienk0 has quit IRC | 11:13 | |
*** vsaienk0 has joined #openstack-helm | 12:12 | |
*** vsaienk0 has quit IRC | 12:32 | |
*** vsaienk0 has joined #openstack-helm | 12:37 | |
*** mfixtex has joined #openstack-helm | 13:16 | |
-openstackstatus- NOTICE: We've confirmed that known compromised identities have been reset or had their accounts disabled, and we are auditing other service accounts for signs of compromise before we prepare to restore Gerrit to working order. We will update again in roughly 2 hours. | 13:33 | |
*** ChanServ changes topic to "We've confirmed that known compromised identities have been reset or had their accounts disabled, and we are auditing other service accounts for signs of compromise before we prepare to restore Gerrit to working order. We will update again in roughly 2 hours." | 13:33 | |
*** jamesgu has joined #openstack-helm | 13:34 | |
*** Reddy has joined #openstack-helm | 13:56 | |
*** reddy1 has joined #openstack-helm | 13:57 | |
*** Reddy has quit IRC | 14:01 | |
*** belmoreira has quit IRC | 14:11 | |
*** mfixtex has quit IRC | 14:22 | |
*** miniroy has joined #openstack-helm | 14:35 | |
*** belmoreira has joined #openstack-helm | 14:44 | |
*** miniroy has quit IRC | 14:46 | |
*** miniroy has joined #openstack-helm | 14:53 | |
portdirect | @lamt why was neutron split into http and rpc servers if tls is enabled? https://github.com/openstack/openstack-helm/commit/918a307427ee9bfaf4ecdb758905de59831f15b5 | 14:57 |
*** portdirect has quit IRC | 15:05 | |
*** portdirect has joined #openstack-helm | 15:06 | |
*** ChanServ sets mode: +o portdirect | 15:06 | |
*** sreejithp has joined #openstack-helm | 15:25 | |
lamt | portdirect: gimme a sec, trying to find the documentation | 15:27 |
portdirect | you can only have one actuve rpc worker | 15:27 |
portdirect | so this as done, wont work | 15:27 |
portdirect | you'll either need to split out rpc and run only one copy of it | 15:27 |
lamt | I see | 15:28 |
portdirect | or go back to how it was, and just put a tiny reverse proxy to terminate tls in the pod (assuming neutrons ability to serve https is borked) | 15:28 |
*** Anticom has joined #openstack-helm | 15:29 | |
*** miniroy has quit IRC | 15:29 | |
lamt | lemme sync with sangeet - it was done via a reverse proxy first initially, don't recall why it was changed to use apache | 15:29 |
*** sangeet has joined #openstack-helm | 15:30 | |
lamt | I will change that to use a rev proxy once gerrit is up | 15:35 |
-openstackstatus- NOTICE: Auditing is progressing but not particularly quickly. We'll keep updating every 2 hours or so. | 15:40 | |
*** ChanServ changes topic to "Auditing is progressing but not particularly quickly. We'll keep updating every 2 hours or so." | 15:41 | |
gagehugo | that might not be for a while :/ | 15:42 |
*** mfixtex has joined #openstack-helm | 15:47 | |
*** vsaienk0 has quit IRC | 15:59 | |
mnaser | portdirect: on context though, neutron has ci jobs these days to actually test a split-server! | 16:08 |
mnaser | so you should be able to safely run api and server split | 16:08 |
portdirect | you still can only run a single rpc worker though cant you? | 16:09 |
portdirect | or has that chnaged? | 16:09 |
mnaser | portdirect: that has changed and now the ci job runs multiple of each | 16:12 |
portdirect | nice | 16:13 |
mnaser | `neutron-tempest-with-uwsgi` job | 16:13 |
portdirect | should def still split them out from running in the same pod | 16:13 |
mnaser | +1 | 16:14 |
*** ianychoi_ is now known as ianychoi | 16:16 | |
*** vsaienk0 has joined #openstack-helm | 16:29 | |
*** Anticom has quit IRC | 16:36 | |
*** vsaienk0 has quit IRC | 16:48 | |
sangeet | portdirect mnaser .. if we split them then how do we stop from 2 sets of consumners being created in rabbitmq? | 16:53 |
*** vsaienk0 has joined #openstack-helm | 17:00 | |
mnaser | portdirect, sangeet: i have only historically used uwsgi as the api server instead | 17:05 |
mnaser | probably would be a nice thing to implement uwsgi into htk :) | 17:10 |
mnaser | and swap over all projects to use it | 17:10 |
*** McFloss has joined #openstack-helm | 17:10 | |
*** vsaienk0 has quit IRC | 17:23 | |
lamt | mnaser: does that work for glance? | 17:32 |
mnaser | lamt: that is a topic of contention, the image import doesn't work but dansmith did a ton of work to fix it in later releases. the image import won't work in osh case anyways because it requires a shared fs across all api endpoints to work :\ | 17:33 |
mnaser | so it works if you don't use image import, and i think works with image import in victoria possibly | 17:33 |
lamt | that's what I ran into, why tls for glance is done via a reverse proxy | 17:34 |
mnaser | lamt: see https://opendev.org/openstack/glance/commit/b49c0424672ac8191adda5018957a7317fae9de1 but yeah you'll still need a shared fs across all pods in our case which tbh makes it a very stateful app | 17:37 |
mnaser | oh and https://opendev.org/openstack/glance/commits/branch/master?page=2 | 17:38 |
*** mfixtex has quit IRC | 17:50 | |
-openstackstatus- NOTICE: Gerrit is offline due to a security compromise. Please refer to https://review.opendev.org/maintenance.html or #opendev for the latest updates. | 18:01 | |
*** ChanServ changes topic to "Gerrit is offline due to a security compromise. Please refer to https://review.opendev.org/maintenance.html or #opendev for the latest updates." | 18:01 | |
*** belmoreira has quit IRC | 18:11 | |
*** vsaienk0 has joined #openstack-helm | 18:56 | |
*** vsaienk0 has quit IRC | 19:12 | |
*** vsaienk0 has joined #openstack-helm | 19:12 | |
*** vsaienk0 has quit IRC | 19:25 | |
*** vsaienk0 has joined #openstack-helm | 19:26 | |
*** vsaienk0 has quit IRC | 19:36 | |
*** vsaienk0 has joined #openstack-helm | 19:44 | |
*** vsaienk0 has quit IRC | 19:55 | |
portdirect | sangeet: run 1 copy | 20:32 |
*** reddy1 has quit IRC | 22:32 | |
*** sreejithp has quit IRC | 22:56 | |
*** rchurch has joined #openstack-helm | 22:58 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!