[JIRA] (OVIRT-1231) Security: do we need HSTS for oVirt services?
by Marc Dequènes (Duck) (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1231?page=com.atlassian.jir... ]
Marc Dequènes (Duck) commented on OVIRT-1231:
---------------------------------------------
So, the only place using it is the new ML3 server, which is on production only for redirects. We're currently using the 'httpd' Ansible role to deploy the configuration, which activates it. The role also activates 'includeSubDomains'; this is a desired setting but only when all the vhosts on the domain are able to do HTTPS. This is not the case on all oVirt infra yet so it was deactivated manually at some point IIRC.
So, this solution is not perfect but avoiding protocol downgrade is already a very important protection and we should use it. We should also use 'includeSubDomains' too when all our vhosts are ready. And we must not create new vhosts without HTTPS support even for testing. Here are my recommendations.
> Security: do we need HSTS for oVirt services?
> ---------------------------------------------
>
> Key: OVIRT-1231
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1231
> Project: oVirt - virtualization made easy
> Issue Type: New Feature
> Reporter: eedri
> Assignee: infra
>
> https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
> Most of the browsers already supports it and some websites started to enforce it.
> cc [~dfediuck]
--
This message was sent by Atlassian JIRA
(v1000.1092.0#100053)
6 years, 10 months
Outage in network affecting oVirt services
by Eyal Edri
FYI,
It looks like we have an outage in the DC we're running our oVirt services,
it is currently affecting multiple services like Jenkins and Resources but
not Gerrit.
We are escalating it to the relevant teams to check what is causing it and
will report once we have an update.
--
Eyal edri
ASSOCIATE MANAGER
RHV DevOps
EMEA VIRTUALIZATION R&D
Red Hat EMEA <https://www.redhat.com/>
<https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted>
phone: +972-9-7692018
irc: eedri (on #tlv #rhev-dev #rhev-integ)
6 years, 10 months
[oVirt Jenkins] ovirt_master_hc-system-tests - Build # 154 - Failure!
by jenkins@jenkins.phx.ovirt.org
------=_Part_84_325694316.1498620535803
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Project: http://jenkins.ovirt.org/job/ovirt_master_hc-system-tests/
Build: http://jenkins.ovirt.org/job/ovirt_master_hc-system-tests/154/
Build Number: 154
Build Status: Failure
Triggered By: Started by timer
-------------------------------------
Changes Since Last Success:
-------------------------------------
Changes for Build #154
[Daniel Belenky] Exclude packages from ovirt-master.repo
[Barak Korren] Filter builds sent to change queues by version
[Barak Korren] Make change queue invoke OST basic suit
[Barak Korren] Various UX improvements in change-queue jobs
[Barak Korren] Add a job for direct deployments to 'tested'
[Barak Korren] Use new job to update 'tested' from experimental
[Barak Korren] Use new tested deploy job in timed builders
[Eyal Edri] update build retention policy for big artifacts
-----------------
Failed Tests:
-----------------
1 tests failed.
FAILED: 002_bootstrap.add_hosts
Error Message:
Host lago-hc-basic-suite-master-host2 failed to install
-------------------- >> begin captured logging << --------------------
ovirtlago.testlib: ERROR: * Unhandled exception in <function _host_is_up at 0x3f11cf8>
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ovirtlago/testlib.py", line 217, in assert_equals_within
res = func()
File "/home/jenkins/workspace/ovirt_master_hc-system-tests/ovirt-system-tests/hc-basic-suite-master/test-scenarios/002_bootstrap.py", line 151, in _host_is_up
raise RuntimeError('Host %s failed to install' % host.name())
RuntimeError: Host lago-hc-basic-suite-master-host2 failed to install
--------------------- >> end captured logging << ---------------------
Stack Trace:
File "/usr/lib64/python2.7/unittest/case.py", line 369, in run
testMethod()
File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
File "/usr/lib/python2.7/site-packages/ovirtlago/testlib.py", line 129, in wrapped_test
test()
File "/usr/lib/python2.7/site-packages/ovirtlago/testlib.py", line 59, in wrapper
return func(get_test_prefix(), *args, **kwargs)
File "/home/jenkins/workspace/ovirt_master_hc-system-tests/ovirt-system-tests/hc-basic-suite-master/test-scenarios/002_bootstrap.py", line 164, in add_hosts
testlib.assert_true_within(_host_is_up, timeout=15 * 60)
File "/usr/lib/python2.7/site-packages/ovirtlago/testlib.py", line 256, in assert_true_within
assert_equals_within(func, True, timeout, allowed_exceptions)
File "/usr/lib/python2.7/site-packages/ovirtlago/testlib.py", line 217, in assert_equals_within
res = func()
File "/home/jenkins/workspace/ovirt_master_hc-system-tests/ovirt-system-tests/hc-basic-suite-master/test-scenarios/002_bootstrap.py", line 151, in _host_is_up
raise RuntimeError('Host %s failed to install' % host.name())
Host lago-hc-basic-suite-master-host2 failed to install
-------------------- >> begin captured logging << --------------------
ovirtlago.testlib: ERROR: * Unhandled exception in <function _host_is_up at 0x3f11cf8>
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ovirtlago/testlib.py", line 217, in assert_equals_within
res = func()
File "/home/jenkins/workspace/ovirt_master_hc-system-tests/ovirt-system-tests/hc-basic-suite-master/test-scenarios/002_bootstrap.py", line 151, in _host_is_up
raise RuntimeError('Host %s failed to install' % host.name())
RuntimeError: Host lago-hc-basic-suite-master-host2 failed to install
--------------------- >> end captured logging << ---------------------
------=_Part_84_325694316.1498620535803--
6 years, 10 months
planned Gerrit maintenance
by Evgheni Dereveanchin
Hi everyone,
I will be performing updates on gerrit.ovirt.org during the next two hours.
Within this period the Gerrit UI and Git repositories may be unavailable.
I will follow up as soon as maintenance activities are over.
--
Regards,
Evgheni Dereveanchin
6 years, 10 months
[JIRA] (OVIRT-1488) gerrit is down
by Evgheni Dereveanchin (oVirt JIRA)
[ https://ovirt-jira.atlassian.net/browse/OVIRT-1488?page=com.atlassian.jir... ]
Evgheni Dereveanchin commented on OVIRT-1488:
---------------------------------------------
This was a planned maintenance window and alerts have been sent to devel and infra lists. Gerrit should be back up and running now, sorry for the inconvenience.
> gerrit is down
> --------------
>
> Key: OVIRT-1488
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1488
> Project: oVirt - virtualization made easy
> Issue Type: By-EMAIL
> Reporter: gshereme(a)redhat.com
> Assignee: Evgheni Dereveanchin
> Priority: Highest
>
> Hi,
> https://gerrit.ovirt.org/
> Service Temporarily Unavailable
> The server is temporarily unable to service your request due to maintenance
> downtime or capacity problems. Please try again later.
> Apache/2.2.15 (Red Hat) Server at gerrit.ovirt.org Port 443
> --
> Greg Sheremeta, MBA
> Sr. Software Engineer
> Red Hat, Inc.
> gshereme(a)redhat.com
--
This message was sent by Atlassian JIRA
(v1000.1092.0#100053)
6 years, 10 months
oVirt infra daily report - unstable production jobs - 367
by jenkins@jenkins.phx.ovirt.org
------=_Part_129_1942579765.1498699004655
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Good morning!
Attached is the HTML page with the jenkins status report. You can see it also here:
- http://jenkins.ovirt.org/job/system_jenkins-report/367//artifact/exported...
Cheers,
Jenkins
------=_Part_129_1942579765.1498699004655
Content-Type: text/html; charset=us-ascii; name=upstream_report.html
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename=upstream_report.html
Content-ID: <upstream_report.html>
<!DOCTYPE html><head><style type="text/css">
table.gridtable {
border-collapse: collapse;
table-layout:fixed;
width:1600px;
font-family: monospace;
font-size:13px;
}
.head {
font-size:20px;
font-family: arial;
}
.sub {
font-size:18px;
background-color:#e5e5e5;
font-family: arial;
}
pre {
font-family: monospace;
display: inline;
white-space: pre-wrap;
white-space: -moz-pre-wrap !important;
white-space: -pre-wrap;
white-space: -o-pre-wrap;
word-wrap: break-word;
}
</style>
</head>
<body>
<table class="gridtable" border=2>
<tr><th colspan=2 class=head>
RHEVM CI Jenkins Daily Report - 29/06/2017
</th></tr><tr><th colspan=2 class=sub>
<font color="blue"><a href="http://jenkins.ovirt.org/">00 Unstable Critical</a></font>
</th></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt_4.1_image-ng-system-tests/">ovirt_4.1_image-ng-system-tests</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt_4.1_system-tests_pre/">ovirt_4.1_system-tests_pre</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt_master_hc-system-tests/">ovirt_master_hc-system-tests</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt_master_he-system-tests/">ovirt_master_he-system-tests</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/ovirt_master_image-ng-system-tests/">ovirt_master_image-ng-system-tests</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/test-repo_ovirt_experimental_4.1/">test-repo_ovirt_experimental_4.1</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
<tr><td>
<a href="http://jenkins.ovirt.org/job/test-repo_ovirt_experimental_master/">test-repo_ovirt_experimental_master</a>
</td><td>
This job is automatically updated by jenkins job builder, any manual
change will be lost in the next update. If you want to make permanent
changes, check out the <a href="http://gerrit.ovirt.org/gitweb?p=jenkins.git;a=tree;h=refs/heads/master;h...">
jenkins</a> repo.
<!-- Managed by Jenkins Job Builder -->
</td></tr>
------=_Part_129_1942579765.1498699004655--
6 years, 10 months
