Re: [foreman-dev] Redmine running slowly
On Tue, 2017-10-10 at 10:50 -0400, Andrew Kofink wrote: > Me as well. It's quite difficult to work this way. Yeah, I know :( Openshift aren't saying much other than that this is mainly due to the number of people that decided to upgrade to Silver Tier to avoid the sunset of v2. That's putting a lot of load on the v2 cluster, which obviously is hitting us. As Ewoud said, we've made a change today in how we process the underlying cron jobs that should reduce the amount of IO we were doing - if there's any kind of quota-ing going on, that should help. We're seeing that bring the time taken to run the cron down to about 10mins (starting at the top of the hour). That should improve things during that period. Sadly I did make a mistake during a manual part of the changes that impacted the DB, but that should be resolved now. Base load now seems to be down to around 7-9 which is better but still too high. Sadly the v3 resources are unlikely to be available before November, which is a limiter. If things are not better in the next day or two, then on Thu or Fri I may migrate it to our Scaleway account anyway, as we have capacity there, although I'd rather not migrate twice... Greg -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Redmine running slowly
We deployed a new version but that took longer than expected. Now we use bare git clones rather than doing full checkouts. This should save a lot of IO which is generally a limiting factor. Hopefully this helps enough until we can migrate to the new platform. https://github.com/theforeman/redmine/commit/cb4ccf049e0c892fcbba98861c904492e9833a67 On Tue, Oct 10, 2017 at 10:50:24AM -0400, Andrew Kofink wrote: Me as well. It's quite difficult to work this way. On Tue, Oct 10, 2017 at 10:40 AM, Dirk Götz wrote: Now Redmine seems to be down completely. Only getting 404 or 502 errors since an half hour. -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Adding npm dependencies to foreman plugins (katello)
Hi, I have put together [1], which could be a way. O. [1] https://github.com/theforeman/foreman/pull/4888 On Tue, Oct 10, 2017 at 5:09 PM, wrote: > Hey everyone! > > We're ready to begin adding React pages to Katello. One of the challenges > we face is adding the dependencies listed in Katello's package.json into > the Foreman webpack build. We're experimenting with having Webpack look for > a package.json in the registered plugins or possibly copying the > node_modules folder from the plugin to be made available during the build. > > I'd love to hear some feedback or ideas on how to make this happen. Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[foreman-dev] Adding npm dependencies to foreman plugins (katello)
Hey everyone! We're ready to begin adding React pages to Katello. One of the challenges we face is adding the dependencies listed in Katello's package.json into the Foreman webpack build. We're experimenting with having Webpack look for a package.json in the registered plugins or possibly copying the node_modules folder from the plugin to be made available during the build. I'd love to hear some feedback or ideas on how to make this happen. Thanks! -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Redmine running slowly
Me as well. It's quite difficult to work this way. On Tue, Oct 10, 2017 at 10:40 AM, Dirk Götz wrote: > Now Redmine seems to be down completely. Only getting 404 or 502 errors > since an half hour. > > Regards, > Dirk > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Andrew Kofink akof...@redhat.com IRC: akofink Associate Software Engineer Red Hat Satellite -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Redmine running slowly
Now Redmine seems to be down completely. Only getting 404 or 502 errors since an half hour. Regards, Dirk -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Proposed drop of supporting ruby 2.0 in hammer
+1 out with the old On Tue, Oct 10, 2017 at 8:00 AM, Michael Moll wrote: > On Tue, Oct 10, 2017 at 01:45:42PM +0200, Ewoud Kohl van Wijngaarden wrote: > > On Tue, Oct 10, 2017 at 01:21:36PM +0200, Tomas Strachota wrote: > > >we recently encountered a compatibility issue with older version of > > >Clamp that we use on ruby 2.0 installations. Latest Clamp releases > > >require ruby 2.1+. See [1] for some more details. > > > > > >The easiest solution seems to be dropping ruby 2.0 support, which was > > >eol 2016-02-24 anyway. We use scl with ruby 2.2 on rpm based distros, > > >so we should be safe there. > > Support for Trusty has been dropped in 1.16 and 1.17 will drop Jessie. > > Focussing on 2.1+ or 2.2+ should be no problem. > > exactly. > -- > Michael Moll > > -- > You received this message because you are subscribed to the Google Groups > "foreman-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to foreman-dev+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Andrew Kofink akof...@redhat.com IRC: akofink Associate Software Engineer Red Hat Satellite -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Proposed drop of supporting ruby 2.0 in hammer
On Tue, Oct 10, 2017 at 01:45:42PM +0200, Ewoud Kohl van Wijngaarden wrote: > On Tue, Oct 10, 2017 at 01:21:36PM +0200, Tomas Strachota wrote: > >we recently encountered a compatibility issue with older version of > >Clamp that we use on ruby 2.0 installations. Latest Clamp releases > >require ruby 2.1+. See [1] for some more details. > > > >The easiest solution seems to be dropping ruby 2.0 support, which was > >eol 2016-02-24 anyway. We use scl with ruby 2.2 on rpm based distros, > >so we should be safe there. > Support for Trusty has been dropped in 1.16 and 1.17 will drop Jessie. > Focussing on 2.1+ or 2.2+ should be no problem. exactly. -- Michael Moll -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [foreman-dev] Proposed drop of supporting ruby 2.0 in hammer
On Tue, Oct 10, 2017 at 01:21:36PM +0200, Tomas Strachota wrote: Hi all, we recently encountered a compatibility issue with older version of Clamp that we use on ruby 2.0 installations. Latest Clamp releases require ruby 2.1+. See [1] for some more details. The easiest solution seems to be dropping ruby 2.0 support, which was eol 2016-02-24 anyway. We use scl with ruby 2.2 on rpm based distros, so we should be safe there. The question is how big deal it would be for Debian based distros. I checked ruby versions on what we currently support: - Debian Jessie - ruby 2.1 (https://packages.debian.org/jessie/ruby) - Debian Stretch - ruby 2.3 (https://packages.debian.org/stretch/ruby) - Ubuntu Trusty - ruby 1.9 (https://packages.ubuntu.com/trusty/ruby) but we depend on a package ruby2.0 - Ubuntu Xenial - ruby 2.3 (https://packages.ubuntu.com/xenial/ruby) So the only issue seems to be with Trusty, where we could bump the dependency to ruby2.3. What do you think, are there any objections against dropping it? Support for Trusty has been dropped in 1.16 and 1.17 will drop Jessie. Focussing on 2.1+ or 2.2+ should be no problem. -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[foreman-dev] Foreman develop brakeman report
Hello, I performed security audit report via brakeman gem and reviewed all warnings found. None of these look like exploitable security issue to me, so I am sending it here for further analysis. The first two warnings really smell tho therefore I created a refactor ticket - we should get rid of this style for the future: http://projects.theforeman.org/issues/21267 Full report follows: == Brakeman Report == Application Path: /home/lzap/work/foreman Rails Version: 4.2.9 Brakeman Version: 4.0.1 Scan Date: 2017-10-10 13:29:23 +0200 Duration: 24.950139702 seconds Checks Run: BasicAuth, BasicAuthTimingAttack, ContentTag, CreateWith, CrossSiteScripting, DefaultRoutes, Deserialize, DetailedExceptions, DigestDoS, DynamicFinders, EscapeFunction, Evaluation, Execute, FileAccess, FileDisclosure, FilterSkipping, ForgerySetting, HeaderDoS, I18nXSS, JRubyXML, JSONEncoding, JSONParsing, LinkTo, LinkToHref, MailTo, MassAssignment, MimeTypeDoS, ModelAttrAccessible, ModelAttributes, ModelSerialize, NestedAttributes, NestedAttributesBypass, NumberToCurrency, QuoteTableName, Redirect, RegexDoS, Render, RenderDoS, RenderInline, ResponseSplitting, RouteDoS, SQL, SQLCVEs, SSLVerify, SafeBufferManipulation, SanitizeMethods, SelectTag, SelectVulnerability, Send, SendFile, SessionManipulation, SessionSettings, SimpleFormat, SingleQuotes, SkipBeforeFilter, StripTags, SymbolDoSCVE, TranslateBug, UnsafeReflection, ValidationRegex, WithoutProtection, XMLDoS, YAMLParsing == Overview == Controllers: 145 Models: 132 Templates: 492 Errors: 0 Security Warnings: 39 == Warning Types == Cross-Site Request Forgery: 2 Cross-Site Scripting: 2 Dangerous Send: 2 Dynamic Render Path: 3 File Access: 2 Mass Assignment: 1 Redirect: 1 Remote Code Execution: 4 SQL Injection: 21 SSL Verification Bypass: 1 == Warnings == Confidence: High Category: Dangerous Send Check: Send Message: User controlled method execution Code: host.power.send(params[:power][:action].to_sym) File: app/controllers/hosts_controller.rb Line: 475 Confidence: High Category: Dangerous Send Check: Send Message: User controlled method execution Code: (resource_base.friendly.find(params[:id]) or resource_base.find_by_mac(params[:host][:mac].to_s)).power.send(params[:power_action].to_sym) File: app/controllers/hosts_controller.rb Line: 266 Confidence: High Category: Remote Code Execution Check: UnsafeReflection Message: Unsafe reflection method constantize called with parameter value Code: params[:host].delete(:type).constantize File: app/controllers/hosts_controller.rb Line: 709 Confidence: High Category: Remote Code Execution Check: UnsafeReflection Message: Unsafe reflection method constantize called with parameter value Code: params[:host].delete(:type).constantize File: app/controllers/hosts_controller.rb Line: 710 Confidence: High Category: Remote Code Execution Check: UnsafeReflection Message: Unsafe reflection method constantize called with parameter value Code: params[:type].constantize File: app/controllers/api/v2/hosts_controller.rb Line: 378 Confidence: High Category: Remote Code Execution Check: UnsafeReflection Message: Unsafe reflection method constantize called with parameter value Code: params[:type].constantize File: app/controllers/api/v2/hosts_controller.rb Line: 380 Confidence: High Category: SSL Verification Bypass Check: SSLVerify Message: SSL certificate verification was bypassed Code: Net::HTTP.new(URI.parse(url).host, URI.parse(url).port).verify_mode = OpenSSL::SSL::VERIFY_NONE File: app/models/compute_resources/foreman/model/ovirt.rb Line: 382 Confidence: Medium Category: Cross-Site Request Forgery Check: ForgerySetting Message: protect_from_forgery should be configured with 'with: :exception' File: app/controllers/api/base_controller.rb Confidence: Medium Category: Cross-Site Request Forgery Check: ForgerySetting Message: protect_from_forgery should be configured with 'with: :exception' File: app/controllers/application_controller.rb Confidence: Medium Category: File Access Check: FileAccess Message: Model attribute used in file name Code: File.read(Setting[:ssl_priv_key]) File: lib/proxy_api/resource.rb Line: 111 Confidence: Medium Category: File Access Check: FileAccess Message: Model attribute used in file name Code: File.read(Setting[:ssl_certificate]) File: lib/proxy_api/resource.rb Line: 110 Confidence: Medium Category: Mass Assignment Check: MassAssignment Message: Parameters should be whitelisted for mass assignment Code: params[:vm].permit! File: app/controllers/compute_resources_vms_controller.rb Line: 39 Confidence: Medium Category: SQL Injection Check: SQL Message: Possible SQL injection Code: Host::Managed.reorder("").unscoped.authorized.group("#{resource_name}_id") File: app/helpers/application_helper.rb Line: 508 Confidence: Medium Category: SQL Injection Check: SQL Message: Possible SQL injection Code: User.current.widgets.where("id = #{id}") File: app/controllers/dashboard_controller.rb Line: 59 Confidence: Medium Catego
[foreman-dev] Proposed drop of supporting ruby 2.0 in hammer
Hi all, we recently encountered a compatibility issue with older version of Clamp that we use on ruby 2.0 installations. Latest Clamp releases require ruby 2.1+. See [1] for some more details. The easiest solution seems to be dropping ruby 2.0 support, which was eol 2016-02-24 anyway. We use scl with ruby 2.2 on rpm based distros, so we should be safe there. The question is how big deal it would be for Debian based distros. I checked ruby versions on what we currently support: - Debian Jessie - ruby 2.1 (https://packages.debian.org/jessie/ruby) - Debian Stretch - ruby 2.3 (https://packages.debian.org/stretch/ruby) - Ubuntu Trusty - ruby 1.9 (https://packages.ubuntu.com/trusty/ruby) but we depend on a package ruby2.0 - Ubuntu Xenial - ruby 2.3 (https://packages.ubuntu.com/xenial/ruby) So the only issue seems to be with Trusty, where we could bump the dependency to ruby2.3. What do you think, are there any objections against dropping it? T. [1] https://github.com/theforeman/hammer-cli/pull/251 -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to foreman-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.