Re: New Freeze break request: re-enable git:// on pkgs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+1


On Tue, Sep 26, 2017 at 11:26 AM, Stephen John Smoogen <smooge@xxxxxxxxx> wrote:
> +1.
>
> On 26 September 2017 at 11:22, Kevin Fenzi <kevin@xxxxxxxxx> wrote:
>> On 09/25/2017 10:58 PM, Till Maas wrote:
>>> On Mon, Sep 25, 2017 at 01:54:49PM -0700, Kevin Fenzi wrote:
>>>
>>>> This morning pkgs02 stopped answering to git:// clone urls from koji,
>>>> breaking builds.
>>>
>>> Could we make koji also use https:// nowadays? I remember that there was
>>> a ticket about this.
>>
>> That should be all done. koji should always use https now with a valid
>> cert.
>>
>>>> systemd was happy after that, but load was still very very high. Looking
>>>> I found a number of git clones from external ip's. Since there's no
>>>> reason for this (external people should use https:// clone urls or
>>>> ssh://) I blocked those except from 10.0.0.0/8.
>>>>
>>>> Since this was outage causing for builds I went ahead and did all this,
>>>> but would like to get retroactive +1s or any adjustments I might have
>>>> missed.
>>>
>>> +1 (for no unencrypted services)
>>
>> Agreed, unfortunately, things don't seem to be ready for git:// to go
>> away on pkgs yet. ;(
>>
>> * fedpkg -a still uses it. The issue there is that it needs to not only
>> using https://src but it needs to pass a url to koji that works for
>> official builds. See:
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1188634
>>
>> So, we may need to adjust kojid config on our side or something more
>> intrusive.
>>
>> * chain builds don't work:
>>
>> Could not execute chainbuild: Got an error finding master head for
>> <foo>: fatal: unable to connect to pkgs.fedoraproject.org:
>>
>> So, I'd like to revert this until after the freeze when we can actually
>> have fedpkg fixed and ready for it.
>>
>> Note that if we start getting hammered from any specific IP's, we could
>> specifically block them for now.
>>
>> +1s to apply this and monitor?
>>
>> diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs
>> index c0435a0..7552654 100644
>> --- a/inventory/group_vars/pkgs
>> +++ b/inventory/group_vars/pkgs
>> @@ -8,7 +8,7 @@ tcp_ports: [80, 443,
>>      3000, 3001, 3002, 3003, 3004, 3005, 3006, 3007,
>>      3008, 3009, 3010, 3011, 3012, 3013, 3014, 3015]
>>
>> -custom_rules: [ '-A INPUT -s 10.0.0.0/8 -p tcp -m tcp --dport 9418 -j
>> ACCEPT']
>> +custom_rules: [ '-A INPUT -p tcp -m tcp --dport 9418 -j ACCEPT']
>>
>>  # Definining these vars has a number of effects
>>  # 1) mod_wsgi is configured to use the vars for its own setup
>>
>> kevin
>>
>>
>> _______________________________________________
>> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>
>
>
>
> --
> Stephen J Smoogen.
> _______________________________________________
> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux