May 2021 - Devel - Ovirt List Archives

Re: Security question: rh-postgresql10-postgresql-10.6-1

by Sandro Bonazzola

Il giorno dom 23 mag 2021 alle ore 09:25 Greg King <greg.king(a)oracle.com> ha scritto: > *Situation:* > > > > We have a couple customer bugs where the current version of > rh-postgresql10 is getting flagged in security scans: > > > > rh-postgresql10-postgresql-10.6-1.el7.x86_64 > > > > We noticed from this Red Hat security advisory that the security problem > is resolved with this version of the package: > > > > · Advisory: *https://access.redhat.com/errata/RHSA-2020:5316 > <https://access.redhat.com/errata/RHSA-2020:5316>* > > · Package: rh-postgresql10-postgresql-10.15-1.el7.x86_64 > > > > However, oVirt 4.4 still includes 10.6-1 and not 10.15-1 > Please note oVirt 4.4 is not using PostgreSQL 10, it's using 12. For instance, 4.4.6 appliance uses: postgresql-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 postgresql-contrib-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 postgresql-server-12.5-1.module_el8.4.0+597+7b8b5722.x86_64 > > > *Question:* > > > > We need to let customers know why > rh-postgresql10-postgresql-10.15-1.el7.x86_64 is not included with the > latest errata release of oVirt 4.4 > > > > Is there an written policy or communication from the community one way or > the other regarding the security vulnerability resolved with > rh-postgresql10-postgresql-10.15-1.el7.x86_64? (IE: it was reviewed and > found not to be applicable, it will be in the next errata release, etc – > something along those lines) > > > > > > [image: oracle-email-sig-198324-355094] > > Gregory King | Software Development Manager | +1.303.272.2427 > > Oracle Virtualization Sustaining Engineering > > 500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021 > > Mobile: +1.303.968.8169 | Fax: +1.303.272.2427 > > > _______________________________________________ > Devel mailing list -- devel(a)ovirt.org > To unsubscribe send an email to devel-leave(a)ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ND2737GQUTM... > -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> sbonazzo(a)redhat.com <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours. <https://mojo.redhat.com/docs/DOC-1199578>*

4 years

2
1
0 / 0

CI whitelist exception

by Vojtech Juranek

Hi, do we have a way how to run CI build for a patch from someone who is not on CI whitelist? CI doesn't care who triggered the build and check only the commiter. Or is adding commiter to whitelist the only way? I'd like to me some progress with gerrit #114723 [1]. I tired to run it on Travis build seems to be broken, failing on nmstate [2]. Could someone from network team please take a look? Thanks Vojta [1] https://gerrit.ovirt.org/c/vdsm/+/114723 [2] https://travis-ci.org/github/vjuranek/vdsm/builds/771874636

4 years

3
2
0 / 0

Failure to run engine-setup for existing development environment

by Eyal Shenitzky

Hi, When trying to run engine-setup for existing development environment the following exception thrown - [engine@dhcp-0-123 ~]$ ovirt-engine/bin/engine-setup ***L:ERROR Internal error: No module named 'distro' Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/otopi/main.py", line 141, in execute self.context.loadPlugins() File "/usr/lib/python3.6/site-packages/otopi/context.py", line 803, in loadPlugins self._loadPluginGroups(plugindir, needgroups, loadedgroups) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 112, in _loadPluginGroups self._loadPlugins(path, path, groupname) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 69, in _loadPlugins self._loadPlugins(base, d, groupname) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 69, in _loadPlugins self._loadPlugins(base, d, groupname) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 100, in _loadPlugins os.path.basename(path), File "/usr/lib/python3.6/site-packages/otopi/util.py", line 109, in loadModule spec.loader.exec_module(module) File "<frozen importlib._bootstrap_external>", line 678, in exec_module File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "/home/engine/ovirt-engine/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-checks/ovirt-engine/db/__init__.py", line 15, in <module> from . import versions File "/home/engine/ovirt-engine/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-checks/ovirt-engine/db/versions.py", line 21, in <module> from ovirt_engine_setup.engine_common import database File "/home/engine/ovirt-engine/share/ovirt-engine/setup/ovirt_engine_setup/engine_common/database.py", line 27, in <module> from ovirt_engine_setup import util as osetuputil File "/home/engine/ovirt-engine/share/ovirt-engine/setup/ovirt_engine_setup/util.py", line 18, in <module> import distro ModuleNotFoundError: No module named 'distro' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/otopi/__main__.py", line 88, in main installer.execute() File "/usr/lib/python3.6/site-packages/otopi/main.py", line 147, in execute sys.exc_info()[2], File "/usr/lib/python3.6/site-packages/otopi/util.py", line 84, in raiseExceptionInformation raise info[1].with_traceback(info[2]) File "/usr/lib/python3.6/site-packages/otopi/main.py", line 141, in execute self.context.loadPlugins() File "/usr/lib/python3.6/site-packages/otopi/context.py", line 803, in loadPlugins self._loadPluginGroups(plugindir, needgroups, loadedgroups) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 112, in _loadPluginGroups self._loadPlugins(path, path, groupname) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 69, in _loadPlugins self._loadPlugins(base, d, groupname) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 69, in _loadPlugins self._loadPlugins(base, d, groupname) File "/usr/lib/python3.6/site-packages/otopi/context.py", line 100, in _loadPlugins os.path.basename(path), File "/usr/lib/python3.6/site-packages/otopi/util.py", line 109, in loadModule spec.loader.exec_module(module) File "<frozen importlib._bootstrap_external>", line 678, in exec_module File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "/home/engine/ovirt-engine/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-checks/ovirt-engine/db/__init__.py", line 15, in <module> from . import versions File "/home/engine/ovirt-engine/share/ovirt-engine/setup/bin/../plugins/ovirt-engine-checks/ovirt-engine/db/versions.py", line 21, in <module> from ovirt_engine_setup.engine_common import database File "/home/engine/ovirt-engine/share/ovirt-engine/setup/ovirt_engine_setup/engine_common/database.py", line 27, in <module> from ovirt_engine_setup import util as osetuputil File "/home/engine/ovirt-engine/share/ovirt-engine/setup/ovirt_engine_setup/util.py", line 18, in <module> import distro otopi.main.PluginLoadException: No module named 'distro' Is this a known issue? -- Regards, Eyal Shenitzky

4 years

2
3
0 / 0

Security question: rh-postgresql10-postgresql-10.6-1

by Greg King

Situation: We have a couple customer bugs where the current version of rh-postgresql10 is getting flagged in security scans: rh-postgresql10-postgresql-10.6-1.el7.x86_64 We noticed from this Red Hat security advisory that the security problem is resolved with this version of the package: * Advisory: https://access.redhat.com/errata/RHSA-2020:5316 * Package: rh-postgresql10-postgresql-10.15-1.el7.x86_64 However, oVirt 4.4 still includes 10.6-1 and not 10.15-1 Question: We need to let customers know why rh-postgresql10-postgresql-10.15-1.el7.x86_64 is not included with the latest errata release of oVirt 4.4 Is there an written policy or communication from the community one way or the other regarding the security vulnerability resolved with rh-postgresql10-postgresql-10.15-1.el7.x86_64? (IE: it was reviewed and found not to be applicable, it will be in the next errata release, etc - something along those lines) [oracle-email-sig-198324-355094] Gregory King | Software Development Manager | +1.303.272.2427 Oracle Virtualization Sustaining Engineering 500 Eldorado Boulevard Build 5 | Broomfield Colorado 80021 Mobile: +1.303.968.8169 | Fax: +1.303.272.2427

4 years

1
0
0 / 0

CI whitelist exception

by Vojtech Juranek

Hi, do we have a way how to run CI build for a patch from someone who is not on CI whitelist? CI doesn't care who triggered the build and check only the commiter. Or is adding commiter to whitelist the only way? I'd like to me some progress with gerrit #114723 [1]. I tired to run it on Travis build seems to be broken, failing on nmstate [2]. Could someone from network team please take a look? Thanks Vojta [1] https://gerrit.ovirt.org/c/vdsm/+/114723 [2] https://travis-ci.org/github/vjuranek/vdsm/builds/771874636

4 years

1
0
0 / 0

hc-basic-suite-master failing on missing glusterfs service not listed among firewalld known services

by Sandro Bonazzola

Hi, just noticed: failed: [lago-hc-basic-suite-master-host-0] (item=glusterfs) => {"ansible_loop_var": "item", "changed": false, "item": "glusterfs", "msg": "ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_SERVICE: 'glusterfs' not among existing services on https://jenkins.ovirt.org/blue/organizations/jenkins/ovirt-system-tests_h... Ales, Gobinda, can you please have a look why firewall configuration for gluster is failing here? Thanks, -- Sandro Bonazzola MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV Red Hat EMEA <https://www.redhat.com/> sbonazzo(a)redhat.com <https://www.redhat.com/> *Red Hat respects your work life balance. Therefore there is no need to answer this email out of your office hours.*

4 years

3
4
0 / 0

ovirt-engine has been tagged (ovirt-engine-4.4.6.7)

by Tal Nisan

4 years

1
0
0 / 0

ovirt-engine has been tagged (ovirt-engine-4.4.6.8)

by Tal Nisan

4 years

1
0
0 / 0

el8-stream is available in CI

by Ehud Yonasi

Hey everyone, I wanted to let you know that you can run your patches now on el8-stream. In order to do that simply add to the stdci yaml file the following section: distro: el8stream runtime-requirements: host-distro: newer You can also see the example on the patch [1]. The runtime requirements part is due to lack compatibility issues with el7 hosts. If you see any problems, or have any questions please let me know. Thanks, Ehud. [1]: https://gerrit.ovirt.org/#/c/jenkins/+/114174/6/stdci.yaml

4 years, 1 month

3
3
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Devel May 2021