[Gluster-devel] updatedb and gluster volumes
Would it be wise to prevent updatedb from crawling ALL Gluster volumes ? i.e. at the brick for servers as well as on the mount point for clients The implementation would be to add glusterfs as a file system type to updatedb.conf against the PRUNEFS variable setting. -- Milind ___ Gluster-devel mailing list Gluster-devel@gluster.org http://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] [Fwd: [Gluster-infra] Reboot of infra this week end to fix CVE-2017-6074]
Le samedi 25 février 2017 à 16:21 +0100, Michael Scherer a écrit :
> Le samedi 25 février 2017 à 15:45 +0100, Michael Scherer a écrit :
> > Le samedi 25 février 2017 à 14:38 +0100, Michael Scherer a écrit :
> > > Le samedi 25 février 2017 à 14:21 +0100, Michael Scherer a écrit :
> > > > Le vendredi 24 février 2017 à 19:58 +0100, Michael Scherer a écrit :
> > > >
> > > > so the great upgrade has started, and while almost everything went well,
> > > > the host running gerrit/jenkins/etc (myrmicinae.rht.gluster.org) is
> > > > again taking ages, because "firmware is loading" .
> > > >
> > > > So just to let you know that situation is under control, we just have to
> > > > wait.
> > >
> > > It turn out that I was slightly too optimist, as the server where
> > > builders and fstat are running (haplometrosis.rht) have been
> > > misconfigured since it was starting a interface both as part of a bridge
> > > and outside of a bridge. Of course, this did create a race condition and
> > > sometme it work, sometime it don't.
> > >
> > > And this time, it didn't. So this is now fixed (as I tested to reboot)
> > >
> > > Of course, things wouldn't be fun if something didn't broke, and fstat
> > > is not coming back on the new kernel. As the old kernel is fine, I
> > > suspect something broke during the upgrade of the kernel and it did
> > > create a invalid initrd. I will investigate and report.
> > >
> > >
> > > And if you wonder, yes we are still waiting on myrmicinae to boot.
> >
> > So myrmicinae finally came back.
> >
> > And unsurprisingly, it didn't work as planned.
> >
> > First, it suffered from the same problem with network than haplometrosis
> > (cause I configured the same, using nmcli, who created the same wrong
> > file). The trick was how to restart network for VM without a full
> > restart of the server.
> >
> > Then, gerrit didn't start automatically. This is gonna be fixed once we
> > move it to ansible.
> >
> > Third, after I started manually gerrit, it took a long time to log me
> > (which mean I started to freak out and plan how to debug it), but now, I
> > can connect to the web interface, etc.
> >
> > If anything is broken, please sent emails and/or ping me on internal irc
> > and/or ping nigel
>
> So since I had free time and since we still have 890 coverity defects, I
> decided to continue the cleaning I started, and ... found out that
> selinux is in the way and it broke unauthenticated git clone.
>
> I am fixing it.
# grep 1488035935.129:282 /var/log/audit/audit.log |audit2why
type=AVC msg=audit(1488035935.129:282): avc: denied { getattr } for
pid=3662 comm="git-daemon" path="/review/review.gluster.org/git"
dev="vdb1" ino=8388690
scontext=system_u:system_r:git_system_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:git_user_content_t:s0 tclass=dir
Was caused by:
The boolean git_system_enable_homedirs was set incorrectly.
Description:
Allow git to system enable homedirs
Allow access by executing:
# setsebool -P git_system_enable_homedirs 1
So I just enabled the right boolean, I will defer the proper fix for
later (ie, use a different label for the git repository)
--
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS
signature.asc
Description: This is a digitally signed message part
___
Gluster-devel mailing list
Gluster-devel@gluster.org
http://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] [Fwd: [Gluster-infra] Reboot of infra this week end to fix CVE-2017-6074]
Le samedi 25 février 2017 à 15:45 +0100, Michael Scherer a écrit : > Le samedi 25 février 2017 à 14:38 +0100, Michael Scherer a écrit : > > Le samedi 25 février 2017 à 14:21 +0100, Michael Scherer a écrit : > > > Le vendredi 24 février 2017 à 19:58 +0100, Michael Scherer a écrit : > > > > > > so the great upgrade has started, and while almost everything went well, > > > the host running gerrit/jenkins/etc (myrmicinae.rht.gluster.org) is > > > again taking ages, because "firmware is loading" . > > > > > > So just to let you know that situation is under control, we just have to > > > wait. > > > > It turn out that I was slightly too optimist, as the server where > > builders and fstat are running (haplometrosis.rht) have been > > misconfigured since it was starting a interface both as part of a bridge > > and outside of a bridge. Of course, this did create a race condition and > > sometme it work, sometime it don't. > > > > And this time, it didn't. So this is now fixed (as I tested to reboot) > > > > Of course, things wouldn't be fun if something didn't broke, and fstat > > is not coming back on the new kernel. As the old kernel is fine, I > > suspect something broke during the upgrade of the kernel and it did > > create a invalid initrd. I will investigate and report. > > > > > > And if you wonder, yes we are still waiting on myrmicinae to boot. > > So myrmicinae finally came back. > > And unsurprisingly, it didn't work as planned. > > First, it suffered from the same problem with network than haplometrosis > (cause I configured the same, using nmcli, who created the same wrong > file). The trick was how to restart network for VM without a full > restart of the server. > > Then, gerrit didn't start automatically. This is gonna be fixed once we > move it to ansible. > > Third, after I started manually gerrit, it took a long time to log me > (which mean I started to freak out and plan how to debug it), but now, I > can connect to the web interface, etc. > > If anything is broken, please sent emails and/or ping me on internal irc > and/or ping nigel So since I had free time and since we still have 890 coverity defects, I decided to continue the cleaning I started, and ... found out that selinux is in the way and it broke unauthenticated git clone. I am fixing it. -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS signature.asc Description: This is a digitally signed message part ___ Gluster-devel mailing list Gluster-devel@gluster.org http://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] [Fwd: [Gluster-infra] Reboot of infra this week end to fix CVE-2017-6074]
Le samedi 25 février 2017 à 14:38 +0100, Michael Scherer a écrit : > Le samedi 25 février 2017 à 14:21 +0100, Michael Scherer a écrit : > > Le vendredi 24 février 2017 à 19:58 +0100, Michael Scherer a écrit : > > > > so the great upgrade has started, and while almost everything went well, > > the host running gerrit/jenkins/etc (myrmicinae.rht.gluster.org) is > > again taking ages, because "firmware is loading" . > > > > So just to let you know that situation is under control, we just have to > > wait. > > It turn out that I was slightly too optimist, as the server where > builders and fstat are running (haplometrosis.rht) have been > misconfigured since it was starting a interface both as part of a bridge > and outside of a bridge. Of course, this did create a race condition and > sometme it work, sometime it don't. > > And this time, it didn't. So this is now fixed (as I tested to reboot) > > Of course, things wouldn't be fun if something didn't broke, and fstat > is not coming back on the new kernel. As the old kernel is fine, I > suspect something broke during the upgrade of the kernel and it did > create a invalid initrd. I will investigate and report. > > > And if you wonder, yes we are still waiting on myrmicinae to boot. So myrmicinae finally came back. And unsurprisingly, it didn't work as planned. First, it suffered from the same problem with network than haplometrosis (cause I configured the same, using nmcli, who created the same wrong file). The trick was how to restart network for VM without a full restart of the server. Then, gerrit didn't start automatically. This is gonna be fixed once we move it to ansible. Third, after I started manually gerrit, it took a long time to log me (which mean I started to freak out and plan how to debug it), but now, I can connect to the web interface, etc. If anything is broken, please sent emails and/or ping me on internal irc and/or ping nigel -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS signature.asc Description: This is a digitally signed message part ___ Gluster-devel mailing list Gluster-devel@gluster.org http://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] [Fwd: [Gluster-infra] Reboot of infra this week end to fix CVE-2017-6074]
Le samedi 25 février 2017 à 14:21 +0100, Michael Scherer a écrit : > Le vendredi 24 février 2017 à 19:58 +0100, Michael Scherer a écrit : > > so the great upgrade has started, and while almost everything went well, > the host running gerrit/jenkins/etc (myrmicinae.rht.gluster.org) is > again taking ages, because "firmware is loading" . > > So just to let you know that situation is under control, we just have to > wait. It turn out that I was slightly too optimist, as the server where builders and fstat are running (haplometrosis.rht) have been misconfigured since it was starting a interface both as part of a bridge and outside of a bridge. Of course, this did create a race condition and sometme it work, sometime it don't. And this time, it didn't. So this is now fixed (as I tested to reboot) Of course, things wouldn't be fun if something didn't broke, and fstat is not coming back on the new kernel. As the old kernel is fine, I suspect something broke during the upgrade of the kernel and it did create a invalid initrd. I will investigate and report. And if you wonder, yes we are still waiting on myrmicinae to boot. > (also, I am not on external irc until I manage to see why my own server > is not rebooting properly, a task that requires me to physically move > and may wait after I finish my duty of fixing all the stuff) > > ___ > Gluster-devel mailing list > Gluster-devel@gluster.org > http://lists.gluster.org/mailman/listinfo/gluster-devel -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS signature.asc Description: This is a digitally signed message part ___ Gluster-devel mailing list Gluster-devel@gluster.org http://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] [Fwd: [Gluster-infra] Reboot of infra this week end to fix CVE-2017-6074]
Le vendredi 24 février 2017 à 19:58 +0100, Michael Scherer a écrit : so the great upgrade has started, and while almost everything went well, the host running gerrit/jenkins/etc (myrmicinae.rht.gluster.org) is again taking ages, because "firmware is loading" . So just to let you know that situation is under control, we just have to wait. (also, I am not on external irc until I manage to see why my own server is not rebooting properly, a task that requires me to physically move and may wait after I finish my duty of fixing all the stuff) -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS signature.asc Description: This is a digitally signed message part ___ Gluster-devel mailing list Gluster-devel@gluster.org http://lists.gluster.org/mailman/listinfo/gluster-devel
