| *** Bhujay has joined #openstack-sahara | 04:40 | |
| *** pgadiya has joined #openstack-sahara | 04:46 | |
| *** pgadiya has quit IRC | 04:46 | |
| *** masber has joined #openstack-sahara | 05:57 | |
| *** samueldmq has quit IRC | 06:28 | |
| *** samueldmq has joined #openstack-sahara | 06:28 | |
| *** pcaruana has joined #openstack-sahara | 06:30 | |
| *** rcernin has quit IRC | 07:08 | |
| *** whooligan_md has joined #openstack-sahara | 07:10 | |
| *** tesseract has joined #openstack-sahara | 07:11 | |
| *** whooliganface has quit IRC | 07:13 | |
| *** tosky has joined #openstack-sahara | 07:18 | |
| Bhujay | jeremyfreudberg, tosky, tellesnobrega , hdp image keeps some of the files in /tmp directory . For many organization , there will be need for OS hardening , /tmp have several restriction including automatic deletion of files after each reboot and noexec . should we consider changing this path to soemwhere else.. | 07:57 |
|---|---|---|
| tosky | Bhujay: uhm, probably, yes; are those images generated with sahara-image-pack or sahara-image-elements? | 07:58 |
| Bhujay | image-pack | 07:58 |
| Bhujay | as per cis standard /tmp shd be mounted with noexec and mask to /var/tmp with autocleanup and after hardedning my images are not working , we can advise users to seek exemption but when time permits it may be good to change the location if possible | 08:01 |
| tosky | the point is: are those files still really needed, or just a by-product of the image generation? | 08:02 |
| tosky | checking the images that I have around, it seems that those files can be wiped anytime | 08:04 |
| Bhujay | looks like .sh files are generated but there is download in UnlimitedPolicy | 08:04 |
| *** rcernin has joined #openstack-sahara | 08:05 | |
| tosky | I see, that's only for HDP in order to support kerberos integration | 08:05 |
| tosky | it's probably better to move it somewhere else, I concur | 08:06 |
| Bhujay | the symptom is absense of some these file ( not sure which one ) tries to download the jar files in UnlimitedPolicy forcing me to have an internet connectivity from my cluster vm | 08:06 |
| tosky | local_policy.jar, US_export_policy.jar; they are installed in the lib/security directory of the jdk | 08:07 |
| tosky | yes, they could be moved elsewhere, or we could even install them directly during the image building process | 08:08 |
| Bhujay | ok | 08:09 |
| Bhujay | one more thing ... | 08:09 |
| Bhujay | is there any way the image build can be done behind a proxy ? | 08:10 |
| tosky | can you please open a story for those files? We need also to keep some code for compatibility | 08:10 |
| Bhujay | sure ,I will do that | 08:11 |
| tosky | a proxy for image build with sahara-image-pack? I don't know out of my mind | 08:12 |
| tosky | it may be possible to simply make sure that the proxy variable set globally is passed to the internal steps which executes the validation | 08:14 |
| tosky | but it's something to investigate | 08:15 |
| Bhujay | sounds logical , and tried that through the image.yml env_var but could not succeed due to my limited knowledge .. | 08:15 |
| Bhujay | while running scripts there is a env_var passed but for package there no such env_var , need to understand how to do that | 08:16 |
| tosky | because it's a "built-in" feature of the image building, so we probably need to consider something like http_proxy as special and always set it | 08:17 |
| tosky | or something like that | 08:17 |
| tosky | I guess we need another story, or we will forget :) | 08:17 |
| Bhujay | sure , I will do that too | 08:17 |
| tosky | thanks | 08:18 |
| *** Bhujay has quit IRC | 08:25 | |
| *** Bhujay has joined #openstack-sahara | 08:38 | |
| *** rcernin has quit IRC | 08:41 | |
| *** jeremyfreudberg has joined #openstack-sahara | 13:04 | |
| *** brad[] has quit IRC | 14:02 | |
| openstackgerrit | Merged openstack/sahara master: Use register_error_handler to register make_json_error https://review.openstack.org/576617 | 14:58 |
| openstackgerrit | Merged openstack/sahara-tests master: Fix lintstack.py with Python3 https://review.openstack.org/575707 | 14:58 |
| *** afazekas has quit IRC | 15:00 | |
| *** afazekas has joined #openstack-sahara | 15:00 | |
| tosky | gates are unlocked \o/ | 15:00 |
| tosky | thanks again jeremyfreudberg | 15:00 |
| openstackgerrit | Jeremy Freudberg proposed openstack/sahara-extra master: Host some patched jars in common artifacts https://review.openstack.org/577449 | 15:20 |
| *** Bhujay has quit IRC | 15:20 | |
| *** jeremyfreudberg has quit IRC | 15:50 | |
| *** tesseract has quit IRC | 16:02 | |
| *** pcaruana has quit IRC | 16:04 | |
| *** Bhujay has joined #openstack-sahara | 16:10 | |
| *** Bhujay has quit IRC | 16:14 | |
| *** Bhujay has joined #openstack-sahara | 16:14 | |
| *** Bhujay has quit IRC | 17:57 | |
| tellesnobrega | thanks jeremy for work on the gate | 18:57 |
| openstackgerrit | Heba Naser proposed openstack/openstack-ansible-os_sahara master: Switch to using project-templates https://review.openstack.org/577523 | 19:30 |
| *** tosky has quit IRC | 23:41 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!