Wednesday, 2020-10-21

*** benfelin has quit IRC00:02
*** spatel has quit IRC00:20
*** penick has joined #openstack-cinder00:26
*** penick has quit IRC00:30
*** ChanServ changes topic to "The Block Storage Project | |"00:36
-openstackstatus- NOTICE: The Gerrit service at is back up and running; for outage details see analysis here:
*** whoami-rajat__ has joined #openstack-cinder00:44
*** adrianc has quit IRC00:45
*** adrianc has joined #openstack-cinder00:47
*** senrique_ has quit IRC00:50
*** andrebeltrami has quit IRC01:03
*** sapd1 has joined #openstack-cinder01:23
*** psachin has joined #openstack-cinder03:30
*** psachin has quit IRC03:30
*** dsariel has quit IRC03:31
*** psachin has joined #openstack-cinder03:31
*** dsariel has joined #openstack-cinder03:39
*** hamalq has quit IRC03:46
*** udesale has joined #openstack-cinder03:53
*** manoj_kumar_kata has joined #openstack-cinder04:24
*** abdysn has joined #openstack-cinder05:23
*** m75abrams has joined #openstack-cinder05:25
*** sharathkacham has joined #openstack-cinder06:05
*** manoj_kumar_kata has quit IRC06:11
*** manoj_kumar_kata has joined #openstack-cinder06:11
*** manoj_kumar_kata has quit IRC06:17
*** manoj_kumar_kata has joined #openstack-cinder06:17
*** dsariel has quit IRC06:17
*** dsariel has joined #openstack-cinder06:18
*** manoj_kumar_kata has quit IRC06:18
*** manoj_kumar_kata has joined #openstack-cinder06:19
*** rpittau|afk is now known as rpittau06:42
*** vishalmanchanda has joined #openstack-cinder06:47
*** hoonetorg has joined #openstack-cinder06:51
*** sapd1 has quit IRC06:56
*** sapd1 has joined #openstack-cinder06:56
*** mvorwerk has joined #openstack-cinder07:00
*** manoj_kumar_kata has quit IRC07:02
*** manoj_kumar_kata has joined #openstack-cinder07:04
*** manoj_kumar_kata has quit IRC07:09
*** manoj_kumar_kata has joined #openstack-cinder07:10
*** pcaruana has quit IRC07:25
*** manoj_kumar_kata has quit IRC07:31
*** manoj_kumar_kata has joined #openstack-cinder07:33
*** pcaruana has joined #openstack-cinder07:36
*** openstackgerrit has quit IRC07:38
*** rcernin has quit IRC07:39
*** e0ne has joined #openstack-cinder07:41
*** tosky has joined #openstack-cinder07:42
*** priteau has joined #openstack-cinder07:54
*** rcernin has joined #openstack-cinder08:08
*** rcernin has quit IRC08:14
*** rcernin has joined #openstack-cinder08:28
*** martinkennelly has joined #openstack-cinder08:31
*** ociuhandu has joined #openstack-cinder08:51
*** rcernin has quit IRC08:56
*** user_19173783170 has joined #openstack-cinder09:00
user_19173783170I'm building a third-part-ci system, and using devstack to be the nodepool's provide´╝îShould I use the latest openstack environment to build the devstack? Or just to keep the jenkins slave is the latest openstack environment?09:08
user_19173783170I'm building a third-part-ci system, and using devstack to be the nodepool's provider. Should I use the latest openstack environment to build the devstack? Or just to keep the jenkins slave is the latest openstack environment?09:09
*** manoj_kumar_kata has quit IRC09:11
*** manoj_kumar_kata has joined #openstack-cinder09:13
*** manoj_kumar_kata has quit IRC09:20
*** sharathkacham has quit IRC09:36
*** abdysn has quit IRC09:45
*** raghavendrat has joined #openstack-cinder10:06
raghavendrathi geguileo: this is regarding
geguileoraghavendrat: yes, sorry, I started working on the UTs, but got sidetracked with customer cases, the summit, etc10:07
raghavendrati know why UT are failing. Let me know if i can submit patchset to fix UT10:07
geguileoraghavendrat: If you have the time, I would appreciate it  :-)10:08
geguileoraghavendrat: remember to add yourself in a footer with Co-Authored-By:10:09
lsekiuser_19173783170: it's required to deploy a brand new devstack environment for each patch you test10:14
lsekiyou might want to join the forum session later, we'll talk about cinder 3rd part CI10:15
lsekiit will be happening 15:00-15:45 UTC10:19
*** abdysn has joined #openstack-cinder10:27
*** laurent\ has quit IRC10:37
*** priteau has quit IRC10:39
*** manoj_kumar_kata has joined #openstack-cinder10:51
*** abdysn has quit IRC11:02
*** raghavendrat has quit IRC11:02
*** pcaruana has quit IRC11:08
*** priteau has joined #openstack-cinder11:15
*** pcaruana has joined #openstack-cinder11:22
*** sapd1 has quit IRC11:25
*** priteau has quit IRC11:26
*** manoj_kumar_kata has quit IRC11:31
*** manoj_kumar_kata has joined #openstack-cinder11:31
*** raghavendrat has joined #openstack-cinder11:42
*** udesale_ has joined #openstack-cinder11:55
*** udesale has quit IRC11:57
*** udesale__ has joined #openstack-cinder11:59
*** priteau has joined #openstack-cinder12:00
*** udesale_ has quit IRC12:01
*** raghavendrat has quit IRC12:05
*** abdysn has joined #openstack-cinder12:17
*** raghavendrat has joined #openstack-cinder12:18
*** dsariel has quit IRC12:30
*** raghavendrat has quit IRC12:37
*** enriquetaso has joined #openstack-cinder12:53
*** thgcorrea has joined #openstack-cinder13:08
*** udesale_ has joined #openstack-cinder13:14
*** KurtB has joined #openstack-cinder13:16
*** udesale__ has quit IRC13:17
*** psachin has quit IRC13:19
*** GirishChilukuri has joined #openstack-cinder13:34
*** openstackgerrit has joined #openstack-cinder13:37
openstackgerritMikhail Sharkov proposed openstack/cinder master: fix issues preventing cinder with s3 driver to operate
*** abdysn has quit IRC13:39
GirishChilukuriHi Team,13:43
GirishChilukurigetting this error " E902 FileNotFoundError" while running pep813:44
GirishChilukuriany suggestions on this ?13:45
openstackgerritRajat Dhasmana proposed openstack/cinder stable/ussuri: Fix: listing volumes with filters
*** sapd1 has joined #openstack-cinder13:51
jungleboyjrosmaita:  I am thinking that we should probably do an audit of our recent merges like other projects are doing.13:53
rosmaitajungleboyj: i am looking at that now13:53
jungleboyjOk.  Let me know what I can do to help.13:54
rosmaitai will!!!13:54
rosmaitajungleboyj: let me know if I am reading this correctly:13:56
rosmaita"We have no evidence that any account had its ssh keys compromised, thus we can rule out any unauthorized changes being uploaded via SSH. However we can not conclusively rule out that compromised HTTP API passwords were used to push a change through Gerrit. For example, a change could be uploaded that looks like it came from a user, or the API key of a core team member may have been used to approve a change without authorizatio13:56
rosmaitamy reading is13:56
rosmaitawhat we need to check is the approvals?13:57
rosmaitafor people who have API keys defined?13:57
*** enriquetaso has quit IRC13:57
jungleboyjrosmaita:  That is how I read that.13:58
rosmaitai guess there would be an approval with only that same person doing the review?13:58
jungleboyjWhich makes the audit a bit easier.13:58
jungleboyjSo we are looking for ninja merges?13:59
openstackgerritMikhail Sharkov proposed openstack/cinder master: run without encryption and init check fix
rosmaitajungleboyj: that's what i think13:59
rosmaitalet me check with fungi13:59
rosmaitabecause i don't think i have a http password defined for gerrit14:00
rosmaitaif no one else does either, then i don't think we'd have something to worry about14:00
fungithey could have added an http password or an ssh key for your account14:00
fungiif they did, those were cleaned up/cleared out prior to restart14:01
fungiwe didn't see any clear evidence of it happening, but can't be certain that the logs tell the complete story14:01
rosmaitaok, so the fact that i have not HTTP password for gerrit right now tells me nothing about whether i had one earlier14:02
fungiright, nobody has one now, because the attacker had access to see all of them, as well as set new ones14:02
fungiwe cleared them before starting it back up14:03
fungiwe also removed any ssh keys which were added during the time the attacker had administrative access to the system, in case they had added one of them14:03
rosmaitaso, at the risk of being stupid, what exactly do we need to look for?  a ninja-merge, or could someone have compromised multiple cores, added the proper +2s and then done a +W ?14:03
fungiso we recommend, so for thoroughness, at least skimming the changes which merged for the past few weeks to make sure you remember reviewing/approving14:03
jungleboyjDon't suppose we have a list of those people?14:04
fungithe list is everyone who has an account in gerrit14:04
fungibecause it could have been done via ssh or http14:04
rosmaitaok, so there is no easy was to do this other than by looking14:05
fungiyes, in theory, while we think it's quite unlikely, they could have proposed a change as one regular member of your project, +2's it as one of your core reviewer accounts, and approved it as another core reviewer account without raising suspicion14:05
rosmaitawill anyone be insulted if i say "motherfuckers" ?14:05
fungii'll join you ;)14:05
rosmaitafungi: thanks for the clarifications14:06
fungiwe went through the gerrit and apache logs with a fine-toothed comb and are fairly certain we know the addresses that motherfucker was coming from, we can't rule out the possibility that they had even more internet connections or a vpn tunnel to another part of the world14:06
smcginnisGlad it was caught!14:07
fungiso we haven't *seen* evidence of them doing that degree of subterfuge, it can't be ruled out14:07
jungleboyjWhy the hell would someone do this?  Are we really that board during lockdown?14:07
fungii think they just didn't want us getting any sleep14:07
jungleboyjfungi:  Thank you for all you guys have done.14:08
jungleboyjIs there any action that can be taken against 'motherfucker' ?14:08
fungiin the primary public communications we tried to avoid explaining the ways they could have better impersonated community members to insert backdoors in our software, so walking a fine line with more targeted responses about what to look out for14:09
rosmaitaok, i have audited cinder-specs ... only 1 commit, we are ok there14:09
fungiwe don't want to basically write up "the next time you decide to hack an open source community, here are the ways you can better avoid going unnoticed..."14:09
smcginnisI'm not seeing anything suspect in openstack/cinder either. At least on master.14:10
fungii will say that it's apparent they had limited understanding of the interconneced systems we run, and of the workflows for our communities, which is how their activity ultimately stood out14:11
smcginnisThat's good. Then it wasn't a targeted attack. Just someone for the lolz.14:11
jungleboyjYeah, that is good.14:11
fungilike the prowler who finds the back door unlocked but doesn't realize the kids have left toys scattered in the hallway before going off to bed14:11
*** enriquetaso has joined #openstack-cinder14:12
rosmaitaok, cinder stable branches look fine14:14
rosmaitaalthough i think someone snuck a typo into my release notes :P14:14
jungleboyjBwah ha ha!14:14
*** venkatakrishnath has joined #openstack-cinder14:15
openstackgerritRajat Dhasmana proposed openstack/cinder stable/train: Fix: show volume transfer by name for non-admins
rosmaitaall i can say is thank goodness for having the library freeze early -- only 1 brick commit!14:15
rosmaitapython cinderclient are all doc changes14:16
rosmaitasomebody added a bunch of tests to cinder-tempest-plugin14:18
rosmaita(just kidding)14:18
rosmaitaok, i think we are good14:19
rosmaitai will send something to the ML14:20
rosmaitathanks smcginnis and jungleboyj14:20
jungleboyjHey, if they want to hack in tests, that is fine.  ;-)14:21
smcginnisHah, that would be great if someone hacked in more tests.14:22
jungleboyjrosmaita:  Thank you for checking everything out.14:22
jungleboyjsmcginnis:  Can we make that a honeypot?  Trick people into helping us?14:22
smcginnisYou figure out a way to make that happen. ;)14:22
*** sharathkacham has joined #openstack-cinder14:32
*** laurent\ has joined #openstack-cinder14:32
venkatakrishnath got +1 from Zuul and got reviewed along with successful IBM storage CI run.14:34
venkatakrishnathbackend performance and applies to mirror replication types such as14:34
venkatakrishnathPlease review.14:34
*** jawad_axd has joined #openstack-cinder14:42
lsekiGirishChilukuri: is that the whole message you get? It doesn't tell which file it tried to find...14:43
lsekiare you getting this on upstream CI, or when running pep8 locally?14:44
GirishChilukuripep8 run-test: commands[0] | flake8 E902 FileNotFoundError: [Errno 2] No such file or directory: ''ERROR: InvocationError for command /opt/stack/cinder/.tox/pep8/bin/flake814:45 . (exited with code 1)_______________________________________________________________________________________ summary ________________________________________________________________________________________  py36: commands succeededERROR:   pep8: commands failed14:45
GirishChilukurilseki this is the error i got , i got this when i run pep8 locally14:45
*** sharathkacham has quit IRC14:48
lsekirosmaita: I should check my activities in gerrit since Oct 1st, right?14:50
lsekiseems legit.14:50
rosmaitalseki: yes, wouldn't hurt14:51
whoami-rajat__rosmaita: it's not possible that they created a random user having core privileges right? the code must be approved by existing cores?14:52
rosmaitawhoami-rajat__: correct, there were no new cores created during that time frame, so it would have to have been done by using existing core credentials14:53
lsekiGirishChilukuri: what's the commandline you're using?14:54
whoami-rajat__ok, then just the cores have to check their last reviewed patches for suspicion14:55
*** udesale_ has quit IRC14:55
GirishChilukurilseki I ran this "tox -epy36,pep8 --" command14:56
smcginnisGirishChilukuri: A couple ideas - you could recreate your virtual environment just in case something changed that is missing there. That is done with "tox -re pep8".14:56
smcginnisOtherwise, to maybe get a little more details that could help pinpoint what file is missing, you can do "tox -e pep8 -- -v"14:57
lsekinot sure if pep8 accepts parameters in dot-separated format14:57
smcginnisOh, right. You can pass that argument to py36, but not pep8.14:58
smcginnislseki: Good call, I confirmed I get that FielNotFoundError if I try to pass the module path to pep8.14:59
smcginnisGirishChilukuri: So you just need to drop that for the pep8 job when running locally.14:59
lsekilet's join Cinder 3rd party CI Forum!15:00
smcginnisGirishChilukuri: You can also check out tools/fast8.sh15:00
GirishChilukuri@lseki I am running command in dot separated format from long it worked fine.15:01
GirishChilukurismcginnis I will checkout the tools/ file15:02
smcginnisrosmaita: Do that thing you do. :)15:02
GirishChilukuriThank you lseki and smcginnis15:05
*** GirishChilukuri has quit IRC15:06
*** GirishChilukuri has joined #openstack-cinder15:07
*** michael-mc-aleer has joined #openstack-cinder15:08
*** abishop_ is now known as abishop15:33
*** mvorwerk has quit IRC15:50
*** m75abrams has quit IRC15:51
*** noonedeadpunk has quit IRC15:51
*** kaisers2 has quit IRC15:58
*** lyarwood has quit IRC16:01
openstackgerritEric Harney proposed openstack/cinder master: mypy: annotate
*** rosmaita has left #openstack-cinder16:03
openstackgerritEric Harney proposed openstack/cinder master: zuul: add mypy experimental job
*** rpittau is now known as rpittau|afk16:04
*** rosmaita has joined #openstack-cinder16:08
*** noonedeadpunk_ has joined #openstack-cinder16:13
*** tosky has quit IRC16:16
*** michael-mc-aleer has quit IRC16:18
*** hamalq has joined #openstack-cinder16:27
jungleboyjsmcginnis:  I have the new version of the Cinder Logo you created in PNG if you want to add it to your blog.16:29
*** hamalq has quit IRC16:29
*** hamalq has joined #openstack-cinder16:30
*** noonedeadpunk_ has quit IRC16:33
*** GirishChilukuri has quit IRC16:36
*** ociuhandu_ has joined #openstack-cinder16:39
*** noonedeadpunk has joined #openstack-cinder16:39
*** ociuhandu has quit IRC16:42
*** ociuhandu_ has quit IRC16:44
openstackgerritMerged openstack/cinder master: Refactor some unit tests
*** venkatakrishnath has quit IRC17:18
*** sapd1 has quit IRC17:23
*** e0ne has quit IRC17:33
*** Luzi has joined #openstack-cinder17:35
*** rosmaita has quit IRC17:39
*** rosmaita has joined #openstack-cinder17:42
jungleboyjI feel like we have been more nostalgic during this summit, which has brought up some good memories and things we had forgotten about.17:46
openstackgerritVictoria Martinez de la Cruz proposed openstack/devstack-plugin-ceph master: Bump NFS Ganesha version
*** priteau has quit IRC18:01
*** Luzi has quit IRC18:09
*** manoj_kumar_kata has quit IRC18:26
*** lyarwood has joined #openstack-cinder18:29
*** jawad_axd has quit IRC18:49
*** tosky has joined #openstack-cinder19:12
openstackgerritSofia Enriquez proposed openstack/cinder stable/ussuri: Fix service_get_log tests
*** vishalmanchanda has quit IRC19:57
*** mvorwerk has joined #openstack-cinder19:59
openstackgerritMikhail Sharkov proposed openstack/cinder master: s3 init and no-sse mode fixes
*** priteau has joined #openstack-cinder20:02
*** whoami-rajat__ has quit IRC20:06
*** mvorwerk_ has joined #openstack-cinder20:21
*** mvorwerk has quit IRC20:22
*** e0ne has joined #openstack-cinder21:05
*** e0ne has quit IRC21:11
*** e0ne has joined #openstack-cinder21:12
*** martinkennelly has quit IRC21:21
*** tosky has quit IRC22:10
*** tosky has joined #openstack-cinder22:11
*** mvorwerk_ has quit IRC22:30
*** e0ne has quit IRC22:33
*** ociuhandu has joined #openstack-cinder22:34
*** ociuhandu has quit IRC22:39
*** enriquetaso has quit IRC22:42
*** thgcorrea has quit IRC22:47
*** rcernin has joined #openstack-cinder22:51
*** tosky has quit IRC22:51
*** hamalq has quit IRC22:57
*** mvorwerk has joined #openstack-cinder23:01
*** hamalq has joined #openstack-cinder23:01
*** mvorwerk_ has joined #openstack-cinder23:27
*** mvorwerk has quit IRC23:30
*** spatel has joined #openstack-cinder23:44
*** spatel has quit IRC23:50

Generated by 2.17.2 by Marius Gedminas - find it at!