| *** fzzf2 is now known as fzzf | 01:45 | |
| *** ysandeep|out is now known as ysandeep | 04:37 | |
| *** ysandeep is now known as ysandeep|brb | 04:46 | |
| *** ykarel|away is now known as ykarel | 04:54 | |
| *** ysandeep|brb is now known as ysandeep | 05:35 | |
| *** ysandeep is now known as ysandeep|lunch | 07:40 | |
| *** sshnaidm is now known as sshnaidm|afk | 07:45 | |
| *** ykarel is now known as ykarel|lunch | 08:06 | |
| *** ysandeep|lunch is now known as ysandeep | 09:06 | |
| *** sshnaidm|afk is now known as sshnaidm | 09:40 | |
| *** ykarel|lunch is now known as ykarel | 09:54 | |
| slaweq | frickler: hi, would it be possible to put me one node on hold for some time? I need to debug why all LB related fullstack tests are failing int the job and all of them are passing locally for me, in the same (similar at least) Centos node :/ | 10:45 |
|---|---|---|
| slaweq | I would recheck it and then You could put node on hold for me for few hours, would that be ok? | 10:45 |
| frickler | slaweq: sure, let me know the patch and job in question. I'll be back in an hour or so | 10:46 |
| slaweq | frickler: thx, patch https://review.opendev.org/c/openstack/neutron/+/817006 | 10:47 |
| slaweq | job neutron-fullstack-with-uwsgi-fips from experimental queue | 10:47 |
| slaweq | I rechecked it so it should be running now | 10:53 |
| *** dviroel|out is now known as dviroel | 11:07 | |
| *** rlandy is now known as rlandy|ruck | 11:10 | |
| *** ysandeep is now known as ysandeep|afk | 11:12 | |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Initial project commit https://review.opendev.org/c/openstack/ci-log-processing/+/815604 | 11:13 |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Initial project commit https://review.opendev.org/c/openstack/ci-log-processing/+/815604 | 11:17 |
| *** jcapitao is now known as jcapitao_lunch | 11:52 | |
| frickler | slaweq: root@173.231.255.246, added your key from 2019, take your time | 11:59 |
| *** ysandeep|afk is now known as ysandeep | 12:05 | |
| slaweq | frickler: thanks a lot | 12:08 |
| slaweq | frickler: can You add this key https://paste.opendev.org/show/810869/ ? I'm not sure what it was then but I can't login into that node now | 12:10 |
| slaweq | frickler: also I see in the job's console log something like: | 12:12 |
| slaweq | Interface IP: 173.231.255.167 | 12:12 |
| slaweq | are You sure IP which You gave me is correct? | 12:12 |
| frickler | slaweq: oops, you are right, I mixed that up with the functional job. the bad news is, I cannot log into that node myself. possibly the fips setup breaks/disables our root logins? | 12:20 |
| frickler | infra-root: ^^ can anyone doublecheck? | 12:20 |
| fungi | frickler: i'm able to ssh into 173.231.255.167 | 12:23 |
| slaweq | frickler: that would be strange because functional-fips and fullstac-fips jobs are doing exactly the same setup | 12:23 |
| fungi | i'm also able to ssh into 173.231.255.246 | 12:24 |
| fungi | not sure which one you were referring to | 12:24 |
| slaweq | fungi: I would like to be able to ssh to 173.231.255.167, my ssh key is https://paste.opendev.org/show/810869/ | 12:25 |
| slaweq | can You put that node on hold for me for 2-3 hours and add my key there? | 12:26 |
| slaweq | thx in advance | 12:26 |
| fungi | slaweq: is there already an autohold in place for that job? i'm still just waking up and probably didn't follow along closely enough | 12:27 |
| fungi | only jumped in here because the highlight made me worried there was an emergency | 12:27 |
| slaweq | fungi: I don't know, maybe frickler already set autohold for that node | 12:27 |
| slaweq | fungi: it's not urgent at all :) | 12:27 |
| slaweq | sorry for bothering You with that | 12:28 |
| fungi | no, not a bother, i'll take a look in a moment | 12:28 |
| frickler | fungi: autohold is set, but the job is still running https://zuul.opendev.org/t/openstack/stream/f068f881e7844f8dab54f03753aef65d?logfile=console.log | 12:40 |
| fungi | frickler: thanks for confirming | 12:47 |
| fungi | slaweq: you should be able to ssh into the root account on that node now | 12:50 |
| frickler | fungi: oh, maybe fips disables ed25519 keys? then only me and ianw would be affected | 12:53 |
| slaweq | thx frickler and fungi it works now | 13:05 |
| *** jcapitao_lunch is now known as jcapitao | 13:32 | |
| frickler | slaweq: fungi: could you please add my rsa keys from https://github.com/osfrickler.keys to the node so I can confirm my guess? | 13:38 |
| fungi | frickler: done | 14:27 |
| *** ysandeep is now known as ysandeep|dinner | 14:27 | |
| *** ykarel_ is now known as ykarel|away | 14:57 | |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Initial project commit https://review.opendev.org/c/openstack/ci-log-processing/+/815604 | 15:02 |
| slaweq | fungi: frickler thank You very much, You can now delete the node which You hold for me earlier today | 15:05 |
| fungi | slaweq: were you able to determine what's going wrong in that job? | 15:05 |
| slaweq | fungi: yes | 15:05 |
| slaweq | it seems like missing iptables rule there | 15:06 |
| slaweq | strange thing is that similar job is running fine on Ubuntu (without FIPS enabled) | 15:06 |
| slaweq | but at least I know what's missing there and how to fix it | 15:06 |
| clarkb | frickler: yes you have to use ecdsa (note the conflict of interest between who sets fips standards and who created ecdsa but not ed25519 :) ) | 15:11 |
| fungi | slaweq: could it be the iptables rules were added in a non-persistent manner and got cleared by the reboot into fips mode? | 15:22 |
| *** ysandeep|dinner is now known as ysandeep | 15:22 | |
| slaweq | fungi: yes, that is very likely | 15:22 |
| slaweq | thx | 15:22 |
| slaweq | :) | 15:22 |
| fungi | we'll need to double check that the fips mode setup is happening before any direct calls to ip(6)tables or ebtables | 15:23 |
| fungi | slaweq: frickler: i've cleaned up the autohold now | 15:36 |
| slaweq | fungi: thank You :) | 15:36 |
| fungi | though it just dawned on me frickler may not have gotten an opportunity to test his ssh connection after i added his keys. sorry! | 15:37 |
| dpawlik | fungi, clarkb: hey, sorry for disturb, did you check the logscraper tool review? https://review.opendev.org/c/openstack/ci-log-processing/+/815604 | 16:02 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/project-config master: Create repo for ProxySQL Ansible role https://review.opendev.org/c/openstack/project-config/+/817271 | 16:06 |
| opendevreview | Dmitriy Rabotyagov proposed openstack/project-config master: And ansible-role-proxysql repo to zuul jobs https://review.opendev.org/c/openstack/project-config/+/817272 | 16:08 |
| clarkb | dpawlik: I haven't yet, is there something specific you want me to review for? I probably don't have time to review the whole thing (this is why we aren't able to keep maintainnig the existing code base) | 16:15 |
| *** ysandeep is now known as ysandeep|out | 16:21 | |
| dpawlik | clarkb: aha, understand | 16:21 |
| dpawlik | clarkb: so let me do a simply version of what is now and port some features to next PS. It should be more safe and easier to review :) | 16:21 |
| clarkb | dpawlik: I'm happy to look at specific things but I wouldn't wait on me for general review. Like if you have questions about behavior or existing assumptions please ask :) | 16:22 |
| dpawlik | clarkb: okey | 16:23 |
| fungi | similarly, i'm pretty certain i don't have time to be a core reviewer for that project, but am happy to answer questions or look at specific bits when you need | 16:24 |
| dpawlik | ack fungi | 16:32 |
| frickler | fungi: yeah, I got sidetracked, but IIUC clarkb confirmed my assumption. not whether whether I'd consider that to be sufficient reasoning to change my key, though | 16:52 |
| clarkb | frickler: I feel like this is a good reason to specifically not change your key :) | 16:53 |
| fungi | yes | 16:56 |
| *** elenalindq_ is now known as elenalindq | 18:11 | |
| *** dviroel is now known as dviroel|out | 20:51 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!