| opendevreview | Ghanshyam proposed openstack/project-config master: Update retiring uc-recognition repo ACL to openstack/retired.config https://review.opendev.org/c/openstack/project-config/+/796971 | 00:32 |
|---|---|---|
| opendevreview | Ghanshyam proposed openstack/project-config master: Update retiring ops-tags-team repo ACL to openstack/retired.config https://review.opendev.org/c/openstack/project-config/+/796972 | 00:35 |
| opendevreview | Ghanshyam proposed openstack/project-config master: Update retiring workload-ref-archs repo ACL to openstack/retired.config https://review.opendev.org/c/openstack/project-config/+/796973 | 00:39 |
| opendevreview | Ghanshyam proposed openstack/project-config master: End project gating for retiring arch-wg repo https://review.opendev.org/c/openstack/project-config/+/796962 | 00:42 |
| opendevreview | Ghanshyam proposed openstack/project-config master: Update retiring enterprise-wg repo ACL to openstack/retired.config https://review.opendev.org/c/openstack/project-config/+/796974 | 00:46 |
| opendevreview | Ghanshyam proposed openstack/project-config master: Update project gating for retiring project-navigator-data repo https://review.opendev.org/c/openstack/project-config/+/796975 | 00:51 |
| opendevreview | Ghanshyam proposed openstack/project-config master: Update project gating for retiring governance-uc repo https://review.opendev.org/c/openstack/project-config/+/796976 | 00:57 |
| opendevreview | Ghanshyam proposed openstack/project-config master: Update project gating for retiring workload-ref-archs repo https://review.opendev.org/c/openstack/project-config/+/796978 | 01:05 |
| opendevreview | Ghanshyam proposed openstack/project-config master: Update project gating for retiring openstack-specs repo https://review.opendev.org/c/openstack/project-config/+/796980 | 01:12 |
| gmann | fungi: mnaser ^^ can you please review these, it will help me to retire these repos. | 01:19 |
| *** aluria is now known as Guest2591 | 03:27 | |
| *** ykarel|away is now known as ykarel | 05:23 | |
| *** abhishekk is now known as akekane|away | 05:37 | |
| *** akekane|away is now known as abhishekk | 05:37 | |
| *** Guest2591 is now known as aluria | 05:57 | |
| *** jpena|off is now known as jpena | 07:18 | |
| *** rpittau|afk is now known as rpittau | 08:17 | |
| *** ykarel is now known as ykarel|lunch | 09:00 | |
| *** raukadah is now known as chandankumar | 09:26 | |
| *** ykarel|lunch is now known as ykarel | 10:13 | |
| opendevreview | chandan kumar proposed openstack/project-config master: Enable publish-openstack-python-tarball job https://review.opendev.org/c/openstack/project-config/+/797049 | 10:22 |
| *** jpena is now known as jpena|lunch | 11:41 | |
| *** bhagyashris_ is now known as bhagyashris | 11:50 | |
| *** ysandeep is now known as ysandeep|brb | 11:58 | |
| *** whayutin is now known as weshay | 12:07 | |
| *** jpena|lunch is now known as jpena | 12:38 | |
| *** ysandeep|brb is now known as ysandeep | 12:54 | |
| opendevreview | Merged openstack/project-config master: Update retiring uc-recognition repo ACL to openstack/retired.config https://review.opendev.org/c/openstack/project-config/+/796971 | 13:00 |
| opendevreview | Merged openstack/project-config master: Update retiring ops-tags-team repo ACL to openstack/retired.config https://review.opendev.org/c/openstack/project-config/+/796972 | 13:03 |
| opendevreview | Merged openstack/project-config master: End project gating for retiring arch-wg repo https://review.opendev.org/c/openstack/project-config/+/796962 | 13:07 |
| opendevreview | Merged openstack/project-config master: Update retiring enterprise-wg repo ACL to openstack/retired.config https://review.opendev.org/c/openstack/project-config/+/796974 | 13:08 |
| opendevreview | Merged openstack/project-config master: Update project gating for retiring project-navigator-data repo https://review.opendev.org/c/openstack/project-config/+/796975 | 13:09 |
| opendevreview | Merged openstack/project-config master: Update project gating for retiring governance-uc repo https://review.opendev.org/c/openstack/project-config/+/796976 | 13:09 |
| opendevreview | Merged openstack/project-config master: Update project gating for retiring workload-ref-archs repo https://review.opendev.org/c/openstack/project-config/+/796978 | 13:09 |
| opendevreview | Merged openstack/project-config master: Update project gating for retiring openstack-specs repo https://review.opendev.org/c/openstack/project-config/+/796980 | 13:09 |
| *** raukadah is now known as chandankumar | 13:13 | |
| *** ysandeep is now known as ysandeep|away | 13:37 | |
| *** rpittau is now known as rpittau|afk | 14:09 | |
| *** jpena is now known as jpena|out | 14:48 | |
| *** jpena|out is now known as jpena | 16:22 | |
| gmann | clarkb: can you check this d-g job cleanup one https://review.opendev.org/c/openstack/devstack-gate/+/795426 | 16:34 |
| clarkb | gmann: yup | 16:34 |
| gmann | thanks | 16:34 |
| *** jpena is now known as jpena|off | 16:48 | |
| ade_lee | clarkb, fungi hey guys - I think https://review.opendev.org/c/zuul/zuul-jobs/+/788778 is ready for a +2/merge when you get a chance | 18:19 |
| ade_lee | ditto for https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/790534 | 18:20 |
| fungi | lookin' | 18:20 |
| fungi | ade_lee: i've approved both. out of curiosity, do you think they'd work on fedora as well? opensuse? what's the limiting factor for fips enablement in rhel/centos? | 18:38 |
| ade_lee | fungi, I haven't really investigated how to enable in opensuse as I'm not really suse-savvy. There is also the issue that python needs to have the fix for md5 annotation | 18:40 |
| ade_lee | which is in rhel/centos in 3.6+, but only 3.9+ otherwise as far as I know | 18:41 |
| fungi | yeah, just wondering if it was generally doable on all rpm-based distros, or only red hat derivatives, or... | 18:41 |
| ade_lee | fedora likely will work - but I just haven't tested it | 18:41 |
| fungi | so for python anyway, needs fips mode detection backported from 3.9 | 18:41 |
| ade_lee | yup | 18:42 |
| fungi | so in theory might be doable more generally on platforms with python 3.9 as long as we knew how to set it for openssl et al on them | 18:42 |
| fungi | and the kernel i guess? hence the need for a reboot | 18:42 |
| ade_lee | yup | 18:43 |
| ade_lee | ideally, fips really ought to be enabled from the start in the image -- that way any keys etc that are generated beforehand are done under fips | 18:44 |
| ade_lee | that way you'd be completely fips compliant | 18:44 |
| ade_lee | this is good for now to test fips compatibility -- ie. just making sure stuff works | 18:45 |
| fungi | sure | 18:48 |
| ade_lee | fungi, clarkb thanks for reviews! | 18:49 |
| clarkb | iirc fips enablement ensures the keys that aren't compliant aren't used. That is why I had to update nodepool host key scanning to grab all the keys (it was defaulting to ed25519 but that isn't fips compliant) | 18:50 |
| ade_lee | clarkb, ack thats true | 18:50 |
| fungi | right, also it does things like turn on predictable prng in the kernel (hence the reboot) so that things can be audited without getting confused by real entropy | 18:54 |
| fungi | or that may be one of the fips testing modes i'm confusing it with | 18:54 |
| *** rlandy is now known as rlandy|brb | 20:42 | |
| *** rlandy|brb is now known as rlandy | 20:57 | |
| opendevreview | Merged openstack/devstack-gate master: Keep only legacy jobs which actually test the d-g code path https://review.opendev.org/c/openstack/devstack-gate/+/795426 | 22:45 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!