Re: [ceph-users] Important security noticed regarding release signing key

2015-09-22 Thread Songbo Wang 
Hi, all,
Since the last week‘s attack, “ceph.com/packages/ceph-extras” can
be opened never, but where can I get the releases of ceph-extra now?

Thanks and Regards,
WangSongbo

2015-09-18 0:29 GMT+08:00 Sage Weil :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Last week, Red Hat investigated an intrusion on the sites of both the Ceph
> community project (ceph.com) and Inktank (download.inktank.com), which
> were hosted on a computer system outside of Red Hat infrastructure.
>
> Ceph.com provided Ceph community versions downloads signed with a Ceph
> signing key (id 7EBFDD5D17ED316D). Download.inktank.comprovided releases
> of the Red Hat Ceph product for Ubuntu and CentOS operating systems signed
> with an Inktank signing key (id 5438C7019DCEEEAD). While the investigation
> into the intrusion is ongoing, our initial focus was on the integrity of
> the software and distribution channel for both sites.
>
> To date, our investigation has not discovered any compromised code or
> binaries available for download on these sites. However, we cannot fully
> rule out the possibility that some compromised code or binaries were
> available for download at some point in the past. Further, we can no
> longer trust the integrity of the Ceph signing key, and therefore have
> created a new signing key (id E84AC2C0460F3994) for verifying downloads.
> This new key is committed to the ceph.git repository and is
> also available from
>
> https://git.ceph.com/release.asc
>
> The new key should look like:
>
> pub   4096R/460F3994 2015-09-15
> uid  Ceph.com (release key) 
>
> All future release git tags will be signed with this new key.
>
> This intrusion did not affect other Ceph sites such as download.ceph.com
> (which contained some older Ceph downloads) or git.ceph.com (which mirrors
> various source repositories), and is not known to have affected any other
> Ceph community infrastructure.  There is no evidence that build system or
> the Ceph github source repository were compromised.
>
> New hosts for ceph.com and download.ceph.com have been created and the
> sites have been rebuilt.  All content available on download.ceph.com as
> been verified, and all ceph.com URLs for package locations now redirect
> there.  There is still some content missing from download.ceph.com that
> will appear later today: source tarballs will be regenerated from git, and
> older release packages are being resigned with the new release key DNS
> changes are still propogating so you may not see the new versions of the
> ceph.com and download.ceph.com sites for another hour or so.
>
> The download.inktank.com host has been retired and affected Red Hat
> customers have been notified, further information is available at
> https://securityblog.redhat.com/2015/09/17/.
>
> Users of Ceph packages should take action as a precautionary measure to
> download the newly-signed versions.  Please see the instructions below.
>
> The Ceph community would like to thank Kai Fabian for initially alerting
> us to this issue.
>
> Any questions can be directed to the email discussion lists or the #ceph
> IRC channel on irc.oftc.net.
>
> Thank you!
> sage
>
> - -
>
> The following steps should be performed on all nodes with Ceph software
> installed.
>
> Replace APT keys (Debian, Ubuntu)
>
> sudo apt-key del 17ED316D
> curl https://git.ceph.com/release.asc | sudo apt-key add -
>
> Replace RPM keys (Fedora, CentOS, SUSE, etc.)
>
> sudo rpm -e --allmatches gpg-pubkey-17ed316d-4fb96ee8
> sudo rpm --import 'https://git.ceph.com/release.asc'
>
> Reinstalling packages (Fedora, CentOS, SUSE, etc.)
>
> sudo yum clean metadata
> sudo yum reinstall -y $(repoquery --disablerepo= --enablerepo=ceph
> \
> --queryformat='%{NAME}' list '*')
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAlX66k0ACgkQ2kQg7SiJlcg0wQCfVy+/2BfoNqtCfAcbuNABczFx
> bpIAoLf8RTHisIn5wFvEb4Akym/UNn5l
> =SEws
> -END PGP SIGNATURE-
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

[ceph-users] teuthology: running create_nodes.py will be hanged

2015-08-13 Thread Songbo Wang 
Hi,

When setting up teuthology in my own environment ,  I found a problem as
follows:
In the file teuthology/__init__.py,  when importing class
gevent.monkey, It will conflict  with paramiko.  and if
 create_nodes.py is used to connect to paddles/pulpito node, it will be
hanged.

 root@ubunut4:~/src/teuthology_master# git diff
teuthology/__init__.py
 diff --git a/teuthology/__init__.py b/teuthology/__init__.py
 index d0bcfc0..b34cf4e 100644
 --- a/teuthology/__init__.py
 +++ b/teuthology/__init__.py
 @@ -1,5 +1,5 @@
 -from gevent import monkey
 -monkey.patch_all(dns=False)
 +#from gevent import monkey
 +#monkey.patch_all(dns=False)
 from .orchestra import monkey
 monkey.patch_all()

After modification, everything looks fine. So l  am wondering if this is a bug?
Any reply will be highly appreciated.
___
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com