October 2016 - Infra - Ovirt List Archives

Jenkins build became unstable: ovirt_4.0_he-system-tests #378

by jenkins＠jenkins.phx.ovirt.org

See <http://jenkins.ovirt.org/job/ovirt_4.0_he-system-tests/378/changes>

8 years, 1 month

1
0
0 / 0

Infra Password Hashes are Moved to Internal Hiera

by Anton Marchukov

Hello All. As part of an effort to make Jenkins slaves easy to create I have moved infra users' password variables from Foreman to our internal infra-hiera repo. The values are removed from Foreman and placed to common.yaml there as is. So you won't note any changes unless you need to change your hash. And if you do need to do that feel free to submit changes via gerrit as usual. Please note the additional things uncovered as part of this: 1. Puppet did not unset the password if it was removed. This is because "user" class won't set any password if the value is "undef" and hence it will just leave it as it was before. The following change is merged to address it https://gerrit.ovirt.org/#/c/65348/ It also polices the value to make sure we accept the values with proper hashes that we consider secure enough and disable anything else. 2. Some old users still use MD5 for hashing. We need to ask all of them to rehash and then drop MD5 support in puppet. I opened https://ovirt-jira.atlassian.net/browse/OVIRT-768 for that. 3. As I said infra-hiera is already used and basically it deploys along with puppet code by existing jenkins job. We just need to enable hooks in gerrit and I think we can just use the same that we use for infra-puppet. Another ticket opened https://ovirt-jira.atlassian.net/browse/OVIRT-769 Anton. -- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat

8 years, 1 month

1
0
0 / 0

[JIRA] (OVIRT-769) infra-hiera Autodeploy via Gerrit Hooks

by Anton Marchukov (oVirt JIRA)

Anton Marchukov created OVIRT-769: ------------------------------------- Summary: infra-hiera Autodeploy via Gerrit Hooks Key: OVIRT-769 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-769 Project: oVirt - virtualization made easy Issue Type: By-EMAIL Reporter: Anton Marchukov Assignee: infra infra-hiera repo is already used and configured in r10k to deploy from git. However in gerrit there is not hooks that run CI on it and that trigger publish when it is merged to git. Looks like it is easy to fix and we can reuse most of the hooks we have for infra-puppet. Basically the deploy should be done using the same jenkins job and it already does that just not triggered. As for CI check than we need to check if puppetlint we use is sufficient. But it might be a good start. -- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat -- This message was sent by Atlassian JIRA (v1000.383.2#100014)

8 years, 1 month

1
0
0 / 0

[JIRA] (OVIRT-768) Decomission of MD5 Password Hashes for Infra Users

by Anton Marchukov (oVirt JIRA)

Anton Marchukov created OVIRT-768: ------------------------------------- Summary: Decomission of MD5 Password Hashes for Infra Users Key: OVIRT-768 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-768 Project: oVirt - virtualization made easy Issue Type: By-EMAIL Reporter: Anton Marchukov Assignee: infra During the work of moving password parameters from foreman to internal hiera I noted that there are some users that still have their passwords hashed by MD5 algorithm. MD5 has known crypto research that make it no longer suitable for storing passwords securely: https://en.wikipedia.org/wiki/MD5#Security (and corresponding links). While the hashes are stored in internal repo it is still shared and prone to information leaks. We should ask all users to rehash their passwords with SHA-512 and when it is done we can remove MD5 exception in site/ovirt_infra/manifests/user.pp so MD5 hashed passwords are no longer accepted. The current list of users left is available in infra-hiera repo. -- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat -- This message was sent by Atlassian JIRA (v1000.383.2#100014)

8 years, 1 month

1
0
0 / 0

Gerrit infra-ansible Repo is Updated with Mailman Code

by Anton Marchukov

Hello All. I have pushed the ansible code by Duck mantained in his gitlab repo to our infra-ansible repo in gerrit. So now it is ready to use and all feature ansible code should be maintained there. I did a review of it and its history and it looked ok for me. I might have some concerns about Ansible Vault solution in general related to its lack of forward secrecy, but it is a global discussion to have anyway. However. To be safe as I do not know if all team members concerns has been addressed (I checked all that I were aware off to makes sure they are) I made this repo available to infra-ansible group only for now. We should be able to make it public later though and it is ok for me. Anton. -- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat

8 years, 1 month

1
0
0 / 0

[JIRA] (OVIRT-767) can't rebase patches anymore unless setting forge committer / author on the single project

by Evgheni Dereveanchin (oVirt JIRA)

[ https://ovirt-jira.atlassian.net/browse/OVIRT-767?page=com.atlassian.jira... ] Evgheni Dereveanchin reassigned OVIRT-767: ------------------------------------------ Assignee: Evgheni Dereveanchin (was: infra) > can't rebase patches anymore unless setting forge committer / author on the single project > ------------------------------------------------------------------------------------------ > > Key: OVIRT-767 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-767 > Project: oVirt - virtualization made easy > Issue Type: By-EMAIL > Reporter: sbonazzo > Assignee: Evgheni Dereveanchin > > Rebasing using git: > remote: Processing changes: refs: 1, done > remote: > remote: ERROR: In commit 8625e0fb6d5b432a065492b52a5d2028f827e861 > remote: ERROR: author email address rbarry(a)redhat.com > remote: ERROR: does not match your user account. > remote: ERROR: > remote: ERROR: The following addresses are currently registered: > remote: ERROR: sandro.bonazzola(a)gmail.com > remote: ERROR: sbonazzo(a)redhat.com > remote: ERROR: > remote: ERROR: To register an email address, please visit: > remote: ERROR: https://gerrit.ovirt.org/#/settings/contact > Rebasing using gerrit: > Code Review - Error invalid author > -- > Sandro Bonazzola > Better technology. Faster innovation. Powered by community collaboration. > See how it works at redhat.com > <https://www.redhat.com/it/about/events/red-hat-open-source-day-2016> -- This message was sent by Atlassian JIRA (v1000.383.2#100014)

8 years, 1 month

1
0
0 / 0

[JIRA] (OVIRT-761) Re: Do we or can we have Mac OS slaves in Jenkins?

by danken (oVirt JIRA)

[ https://ovirt-jira.atlassian.net/browse/OVIRT-761?page=com.atlassian.jira... ] danken commented on OVIRT-761: ------------------------------ Note to infra team: there's a very similar request (OVIRT-757) to enable Travis build from the github mirror of Vdsm. Please solve them together; for Vdsm as well, triggering a build in check-patch would be interesting. > Re: Do we or can we have Mac OS slaves in Jenkins? > -------------------------------------------------- > > Key: OVIRT-761 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-761 > Project: oVirt - virtualization made easy > Issue Type: By-EMAIL > Reporter: sbonazzo > Assignee: infra > > Opening a ticket. > On Mon, Oct 10, 2016 at 11:44 AM, Juan Hernández <jhernand(a)redhat.com> > wrote: > > Hello, > > > > Part of the Ruby SDK uses native code that needs to be compiled during > > installation of the gem. The Ruby SDK is a requirement of ManageIQ, and > > many ManageIQ developers/users use Mac OS. In the past I had some issues > > with this environment, as the C compiler there behaves in an slightly > > different way than GCC. Those issues were discovered only when the SDK > > was already released. To avoid that I would like to have Jenkins jobs > > building/testing the SDK for Mac OS. Is that possible? Do we have Mac OS > > slaves? If not, can we have them? > > > > Regards, > > Juan Hernandez > > > > -- > > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta > > 3ºD, 28016 Madrid, Spain > > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. > > _______________________________________________ > > Infra mailing list > > Infra(a)ovirt.org > > http://lists.ovirt.org/mailman/listinfo/infra > > > -- > Sandro Bonazzola > Better technology. Faster innovation. Powered by community collaboration. > See how it works at redhat.com > <https://www.redhat.com/it/about/events/red-hat-open-source-day-2016> -- This message was sent by Atlassian JIRA (v1000.383.2#100014)

8 years, 1 month

1
0
0 / 0

[JIRA] (OVIRT-761) Re: Do we or can we have Mac OS slaves in Jenkins?

by Juan Hernández (oVirt JIRA)

[ https://ovirt-jira.atlassian.net/browse/OVIRT-761?page=com.atlassian.jira... ] Juan Hernández edited comment on OVIRT-761 at 10/11/16 11:28 AM: ----------------------------------------------------------------- Thanks for the suggestion to use "clang" Evgheni, that can certainly help, I will explore it. I also see that Travis CI (https://travis-ci.com) supports building in Mac OS. I added a .travis.yml file to the Ruby SDK, and tested the build my personal github fork. It worked correctly. Is there any way to activate Travis builds for the oVirt mirror of the SDK that we have in github? That way at least the build will run after merging patches (before releasing). Do you know if there is any way to make Travis CI work directly from gerrit.ovirt.org, before merging patches? was (Author: jhernand(a)redhat.com): Thanks for the suggestion to use "clang" Evgheni, that can certainly help, I will explore it. I also see that Travi CI (https://travis-ci.com) supports building in Mac OS. I added a .travis.yml file to the Ruby SDK, and tested the build my personal github fork. It worked correctly. Is there any way to activate Travis builds for toe oVirt mirror of the SDK that we have in github? That way at least the build will run after merging patches (before releasing). Do you know if there is any way to make Travis CI work directly from gerrit.ovirt.org, before merging patches? > Re: Do we or can we have Mac OS slaves in Jenkins? > -------------------------------------------------- > > Key: OVIRT-761 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-761 > Project: oVirt - virtualization made easy > Issue Type: By-EMAIL > Reporter: sbonazzo > Assignee: infra > > Opening a ticket. > On Mon, Oct 10, 2016 at 11:44 AM, Juan Hernández <jhernand(a)redhat.com> > wrote: > > Hello, > > > > Part of the Ruby SDK uses native code that needs to be compiled during > > installation of the gem. The Ruby SDK is a requirement of ManageIQ, and > > many ManageIQ developers/users use Mac OS. In the past I had some issues > > with this environment, as the C compiler there behaves in an slightly > > different way than GCC. Those issues were discovered only when the SDK > > was already released. To avoid that I would like to have Jenkins jobs > > building/testing the SDK for Mac OS. Is that possible? Do we have Mac OS > > slaves? If not, can we have them? > > > > Regards, > > Juan Hernandez > > > > -- > > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta > > 3ºD, 28016 Madrid, Spain > > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. > > _______________________________________________ > > Infra mailing list > > Infra(a)ovirt.org > > http://lists.ovirt.org/mailman/listinfo/infra > > > -- > Sandro Bonazzola > Better technology. Faster innovation. Powered by community collaboration. > See how it works at redhat.com > <https://www.redhat.com/it/about/events/red-hat-open-source-day-2016> -- This message was sent by Atlassian JIRA (v1000.383.2#100014)

8 years, 1 month

2
1
0 / 0

[JIRA] (OVIRT-761) Re: Do we or can we have Mac OS slaves in Jenkins?

by Juan Hernández (oVirt JIRA)

[ https://ovirt-jira.atlassian.net/browse/OVIRT-761?page=com.atlassian.jira... ] Juan Hernández commented on OVIRT-761: -------------------------------------- Thanks for the suggestion to use "clang" Evgheni, that can certainly help, I will explore it. I also see that Travi CI (https://travis-ci.com) supports building in Mac OS. I added a .travis.yml file to the Ruby SDK, and tested the build my personal github fork. It worked correctly. Is there any way to activate Travis builds for toe oVirt mirror of the SDK that we have in github? That way at least the build will run after merging patches (before releasing). Do you know if there is any way to make Travis CI work directly from gerrit.ovirt.org, before merging patches? > Re: Do we or can we have Mac OS slaves in Jenkins? > -------------------------------------------------- > > Key: OVIRT-761 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-761 > Project: oVirt - virtualization made easy > Issue Type: By-EMAIL > Reporter: sbonazzo > Assignee: infra > > Opening a ticket. > On Mon, Oct 10, 2016 at 11:44 AM, Juan Hernández <jhernand(a)redhat.com> > wrote: > > Hello, > > > > Part of the Ruby SDK uses native code that needs to be compiled during > > installation of the gem. The Ruby SDK is a requirement of ManageIQ, and > > many ManageIQ developers/users use Mac OS. In the past I had some issues > > with this environment, as the C compiler there behaves in an slightly > > different way than GCC. Those issues were discovered only when the SDK > > was already released. To avoid that I would like to have Jenkins jobs > > building/testing the SDK for Mac OS. Is that possible? Do we have Mac OS > > slaves? If not, can we have them? > > > > Regards, > > Juan Hernandez > > > > -- > > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta > > 3ºD, 28016 Madrid, Spain > > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. > > _______________________________________________ > > Infra mailing list > > Infra(a)ovirt.org > > http://lists.ovirt.org/mailman/listinfo/infra > > > -- > Sandro Bonazzola > Better technology. Faster innovation. Powered by community collaboration. > See how it works at redhat.com > <https://www.redhat.com/it/about/events/red-hat-open-source-day-2016> -- This message was sent by Atlassian JIRA (v1000.383.2#100014)

8 years, 1 month

1
0
0 / 0

[JIRA] (OVIRT-767) can't rebase patches anymore unless setting forge committer / author on the single project

by sbonazzo (oVirt JIRA)

[ https://ovirt-jira.atlassian.net/browse/OVIRT-767?page=com.atlassian.jira... ] sbonazzo commented on OVIRT-767: -------------------------------- Added the forge rights on the project I needed it solved the issue for me, but this affects all projects. > can't rebase patches anymore unless setting forge committer / author on the single project > ------------------------------------------------------------------------------------------ > > Key: OVIRT-767 > URL: https://ovirt-jira.atlassian.net/browse/OVIRT-767 > Project: oVirt - virtualization made easy > Issue Type: By-EMAIL > Reporter: sbonazzo > Assignee: infra > > Rebasing using git: > remote: Processing changes: refs: 1, done > remote: > remote: ERROR: In commit 8625e0fb6d5b432a065492b52a5d2028f827e861 > remote: ERROR: author email address rbarry(a)redhat.com > remote: ERROR: does not match your user account. > remote: ERROR: > remote: ERROR: The following addresses are currently registered: > remote: ERROR: sandro.bonazzola(a)gmail.com > remote: ERROR: sbonazzo(a)redhat.com > remote: ERROR: > remote: ERROR: To register an email address, please visit: > remote: ERROR: https://gerrit.ovirt.org/#/settings/contact > Rebasing using gerrit: > Code Review - Error invalid author > -- > Sandro Bonazzola > Better technology. Faster innovation. Powered by community collaboration. > See how it works at redhat.com > <https://www.redhat.com/it/about/events/red-hat-open-source-day-2016> -- This message was sent by Atlassian JIRA (v1000.383.2#100014)

8 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Infra October 2016