Friday, 2021-12-10

-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 821347: debug build failures https://review.opendev.org/c/zuul/zuul/+/82134701:16
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 821347: Debug build https://review.opendev.org/c/zuul/zuul/+/82134702:00
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 819557: Report overall duration when a build set is finished https://review.opendev.org/c/zuul/zuul/+/81955703:30
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 819557: Report overall duration when a build set is finished https://review.opendev.org/c/zuul/zuul/+/81955703:41
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 819557: Report overall duration when a build set is finished https://review.opendev.org/c/zuul/zuul/+/81955705:25
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 819557: Report overall duration when a build set is finished https://review.opendev.org/c/zuul/zuul/+/81955706:30
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 819557: Report overall duration when a build set is finished https://review.opendev.org/c/zuul/zuul/+/81955707:51
@avass:vassast.orgDoes anyone have any idea if it's possible to pass secret information from a trusted context to the current jobs playbooks? Sort of how secrets work in zuul by only making them accessible to the job that has the secret configured, but the secret is not a zuul secret and is made available in the trusted context?13:00
@avass:vassast.org * Does anyone have any idea if it's possible to pass secret information from a trusted context to the current jobs playbooks? Sort of how secrets work in zuul by only making them accessible to the job that has the secret configured, but the secret is not a zuul secret and is made available from something running in a trusted context?13:04
@avass:vassast.orgI'm guessing that would require a new feature in zuul. sort of how zuul_return.secret_data works but that is also made available to playbooks in the same job13:19
@tristanc_:matrix.orgdo we know if zuul or zookeeper is affected by the log4j vulnerability?13:53
@avass:vassast.orgzuul isn't using log4j right? so it's only zookeeper and I want to say that I don't think so but obviously there could be some obscure vulnerability in how zookeeper logs connections/messages from zuul13:58
-@gerrit:opendev.org- Zuul merged on behalf of Andre Aranha: [zuul/zuul-jobs] 816385: Add fips version of jobs needed for OpenStack https://review.opendev.org/c/zuul/zuul-jobs/+/81638515:40
@tristanc_:matrix.orgSo it seems like gerrit and zookeeper are not affected, and for elasticsearch here are the mitigations we are using: https://www.softwarefactory-project.io/mitigate-cve-2021-44228.html16:00
@clarkb:matrix.orgZuulians https://review.opendev.org/c/zuul/zuul-client/+/821337 and https://review.opendev.org/c/zuul/zuul-registry/+/821336 are updates to the dockerfiles for those two repos to switch them to bullseye from buster when you haev time21:28
@clarkb:matrix.orgI don't think it is urgent but I was doing an audit of all the base imges opendev is running and trying to get things updated for hygiene reasons21:29
@mordred:inaugust.comClark: ^^ in the zuul-registry one - there is a requires on python-builder-3.8-bullseye-container-image - isn't that a construct from the opendev (or possibly openstack) tenant?23:03
@mordred:inaugust.comhonestly, same question for zuul-client - but that is editing a previously existing one ... so I suppose it's fine. it's just jumping out at my eyeball holes23:04
@jim:acmegating.comyeah... we have those in other places as well; they may be no-ops for us...23:05
@mordred:inaugust.comkk.23:05
@jim:acmegating.com(we should probably get rid of them since they only look like they do something, but my ocd is okay with adding them to make it consistent everywhere and then deleting them to keep it consistent everywhere :)23:06
@clarkb:matrix.orgI'm happy to update these changes if you prefer too.23:27
-@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [zuul/zuul-client] 821337: Update the zuul client docker image to bullseye https://review.opendev.org/c/zuul/zuul-client/+/82133723:30
-@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [zuul/zuul-registry] 821336: Update the registry docker image to bullseye https://review.opendev.org/c/zuul/zuul-registry/+/82133623:34

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!