| *** jpena|off is now known as jpena | 08:33 | |
| *** thelounge555 is now known as thelounge55 | 09:07 | |
| jamespage | fungi: yep - although I am talking to the security team that does the FIP's certifications for Ubuntu to see if this might be fixable in focal | 09:08 |
|---|---|---|
| ade_lee | fungi, jamespage thanks for the clarification. I still have a question regarding "fips" vs. "fips-updates". I am able to activate "fips" on focal , but not "fips-updates" which is supposed to have updated fixes | 09:21 |
| jamespage | ade_lee: fips-updates is FIP's plus selected security fixes which have not actually gone through FIP's certification is my understanding | 09:21 |
| ade_lee | is it possible that the kernel/iscsi packages in "fips-updates" support something other than md5. and if so, how can we activate it? | 09:21 |
| jamespage | ade_lee: it won't because that's just security fixes to the same versions of the kernel and open-iscsi as shipped in focal | 10:57 |
| jamespage | as they lack the ability to configure and support for an extended set of digest algs I don't think thats going to help | 10:58 |
| ade_lee | jamespage, thanks for confirming. do we know when jammy will be available for fips? | 10:59 |
| jamespage | ade_lee: the answer I got back was 2024 for jammy certification - FIP's seems to be a somewhat extended process to complete | 11:09 |
| fungi | so for now we'll need to test on focal and find a workaround for iscsi not being fips-able there | 11:13 |
| ade_lee | fungi, yeah -- not sure if that will be possible. asking some cinder folks now. | 12:03 |
| ade_lee | fungi, we may have to consider trying rocky/alma linux | 12:04 |
| ade_lee | fungi, do we have those distros available? | 12:04 |
| fungi | we have rocky nodes, yes | 12:04 |
| fungi | NeilHanlon in #opendev is probably the person to talk to if you have fips-related questions about rocky | 12:05 |
| ade_lee | fungi, ok - I may try kick off a rocky build - but given that its essentially rhel - I'm assuming we can do what we did for centos | 12:05 |
| fungi | probably almost identical to what you did on centos, yes | 12:07 |
| opendevreview | Merged openstack/project-config master: Revert "Temporarily remove release docs semaphores" https://review.opendev.org/c/openstack/project-config/+/877553 | 13:29 |
| opendevreview | Riccardo Pittau proposed openstack/project-config master: Add metal3-io/metal3-dev-env to openstack tenant https://review.opendev.org/c/openstack/project-config/+/878223 | 13:54 |
| tkajinam | hi. I've seen "YADRO TATLIN CI" posting comment in multiple patches in multiple repos and I'm wondering what this is | 15:07 |
| tkajinam | example: | 15:07 |
| tkajinam | https://review.opendev.org/c/openstack/puppet-sahara/+/877952 | 15:07 |
| tkajinam | https://review.opendev.org/c/openstack/oslo.db/+/874239 | 15:08 |
| fungi | probably someone with a misconfigured ci system. we can disable the account and wait for them to reach out to us | 15:08 |
| tkajinam | it seems it has been posting comments in cinder so I guess that's 3rd party CI for volume drivers | 15:10 |
| tkajinam | https://review.opendev.org/q/cc:tatlin_ci%2540yadro.com | 15:10 |
| clarkb | looks like they use jenkins | 15:10 |
| tkajinam | let me check it with cinder folks as they might know who maintains the system | 15:11 |
| tkajinam | in the worst case we can send an email to that account which looks like one for system, not person. | 15:11 |
| fungi | #status log Switched Gerrit account for "YADRO TATLIN CI" (33746) to inactive because it seems to be misconfigured and leaving noise comments on many projects' changes | 15:13 |
| opendevstatus | fungi: finished logging | 15:13 |
| fungi | in the meantime it's no longer able to comment | 15:14 |
| fungi | we can switch it back to active once they correct their configuration | 15:14 |
| tkajinam | I've left some comments in #openstack-cinder hoping someone would know it | 15:14 |
| tkajinam | yeah. so far it's not very noisy but as it's clearly misbehaving we better guard the system from it. | 15:15 |
| tkajinam | clarkb fungi, thank you ! | 15:17 |
| fungi | of course, thanks for reporting it! | 15:18 |
| *** atmark is now known as Guest8553 | 15:49 | |
| *** jpena is now known as jpena|off | 16:00 | |
| lajoskatona | Hi, a question regarding pypi maintainers (see: https://lists.openstack.org/pipermail/openstack-discuss/2023-March/032780.html ) | 17:24 |
| lajoskatona | for tap-as-a-service there is still a guy who is owner of the project (https://pypi.org/project/tap-as-a-service/ ) | 17:24 |
| lajoskatona | And he wrote me that he can't remove himself from maintainer/owner list | 17:25 |
| clarkb | lajoskatona: if the openstackci account is an owner and not merely a maintainer then we'll be able to clean that up using the openstackci account once the dust settles | 17:26 |
| lajoskatona | Do you know perhaps a way to handle such problems? Is there some super power user who can remove him (I suppose there are others with similar issue) from the project maintainer list< | 17:26 |
| lajoskatona | ? | 17:26 |
| clarkb | but if openstackci is only a maintainer then openstack will need to ask pypi admins for help | 17:27 |
| clarkb | cc JayF | 17:27 |
| clarkb | lajoskatona: do we know why this person cannot remove themselves? | 17:27 |
| lajoskatona | ok, this sounds good, he said that he changed openstackci to be owner | 17:27 |
| fungi | i think pypi won't allow an owner to remove their owner role if there's not another owner | 17:27 |
| JayF | I will take a look at the docs, and enhance them to cover this case. | 17:27 |
| JayF | thanks for taking action on this lajoskatona, I really do appreciate it \o/ | 17:28 |
| lajoskatona | ok, thanks anyway good to hear that it can be solved :-) | 17:28 |
| fungi | so they need to switch openstackci from maintainer to owner first, then remove their owner | 17:28 |
| lajoskatona | fungi: thanks, I will ask him if after changing openstackci to be owner what's the situation | 17:29 |
| fungi | yeah, occam's razor says that he tried to remove his owner account before switching openstackci to an owner | 17:29 |
| JayF | lajoskatona: fungi: clarkb: https://review.opendev.org/c/opendev/infra-manual/+/878240 please review that and see if you think that doc update would help someone in a similar situation. | 17:39 |
| fungi | lgtm, though we probably ought to wait until lajoskatona hears back in case there's more to it | 17:39 |
| clarkb | JayF: looks good. I just haven't confirmed this behavior myself. I trust fungi though :) | 17:39 |
| clarkb | ++ on waiting for feedback | 17:40 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!