[openstack-dev] [tripleo] need help with tempest failures for Bug 1731063

Hello everyone, Bug 1731063[0] has been kicking around for almost 10 days now. We're now seeing something similar to it on scenario003 and will be switching it to non-voting[1] as soon as the v3 cut over finishes. This is removing additional test coverage and unless we start seeing some movement

[openstack-dev] [nova][placement] resource providers update 41.75

Folks are still trickling back from the summit, so things haven't ground fully back into action yet. But some progress has been made: GET /allocation_candidates == The refactor series starting at [1] has started to merge. The series has included a number of useful tests,

Re: [openstack-dev] [Openstack-sigs] [Openstack-operators] [QA] Proposal for a QA SIG

First off, let me say I think this is a tremendous idea. And, it's perfect for the SIG concept. Next, see inline: Thierry Carrez wrote: > Andrea Frittoli wrote: > > [...] > > during the last summit in Sydney we discussed the possibility of > > creating an OpenStack quality assurance special

Re: [openstack-dev] [all][release][neutron][horizon] Publishing server projects to PyPI

On 11/17/2017 10:51 AM, Andreas Jaeger wrote: On 2017-11-17 17:27, Monty Taylor wrote: Hey everybody! tl;dr - We'd like to start publishing the server projects to PyPI Background == The move to Zuul v3 has highlighted an odd situation we're in with some of our projects, most notably

Re: [openstack-dev] [all][release][neutron][horizon] Publishing server projects to PyPI

On 2017-11-17 17:51:36 +0100 (+0100), Andreas Jaeger wrote: [...] > One question on this: right now the dashboard and neutron plugins test > against current git head. Wouldn't installing from pypi mean that they > test against an older stable version? I brought this up in #openstack-release as

Re: [openstack-dev] [security] [api] Script injection issue

On 2017-11-17 15:55:33 + (+), Tristan Cacqueray wrote: [...] > We had similar issues[0][1] in the past where we already draw the line > that it is the client responsibility to filter out API response. > > Thus I agree with Jeremy, perhaps it is not ideal, but at least it > doesn't give a

[openstack-dev] [glance] priorities for the week (11/17-11/23)

Hello Glancers, Due to the Thanksgiving holidays in the USA next week, we are tentatively cancelling the meeting on November 23. However, most of our developers these days are outside the USA, so if someone has a pressing issue and puts the same on the meeting agenda before the usual deadline

Re: [openstack-dev] [all][release][neutron][horizon] Publishing server projects to PyPI

On 2017-11-17 17:27, Monty Taylor wrote: > Hey everybody! > > tl;dr - We'd like to start publishing the server projects to PyPI > > Background > == > > The move to Zuul v3 has highlighted an odd situation we're in with some > of our projects, most notably neutron and horizon plugin

[openstack-dev] [all][release][neutron][horizon] Publishing server projects to PyPI

Hey everybody! tl;dr - We'd like to start publishing the server projects to PyPI Background == The move to Zuul v3 has highlighted an odd situation we're in with some of our projects, most notably neutron and horizon plugin projects. Namely, those plugins need to depend on neutron

Re: [openstack-dev] [tripleo] Nominate akrivoka for tripleo-validations core

On 6 November 2017 at 14:32, Honza Pokorny wrote: > I would like to nominate Ana Krivokapić (akrivoka) for the core team for > tripleo-validations. She has really stepped up her game on that project > in terms of helpful reviews, and great patches. > > With Ana's help as a

Re: [openstack-dev] [security] [api] Script injection issue

On November 17, 2017 1:56 pm, Jeremy Stanley wrote: On 2017-11-17 12:47:34 + (+), Luke Hinds wrote: This will need the VMT's attention, so please raise as an issue on launchpad and we can tag it as for the vmt members as a possible OSSA. [...] Ugh, looks like someone split this

Re: [openstack-dev] [Openstack-sigs] [Openstack-operators] [QA] Proposal for a QA SIG

On Fri, Nov 17, 2017 at 12:33 PM Thierry Carrez wrote: > Andrea Frittoli wrote: > > [...] > > during the last summit in Sydney we discussed the possibility of > creating an > > OpenStack quality assurance special interest group (OpenStack QA SIG). > > The proposal was

Re: [openstack-dev] [TripleO] IPSEC integration

On Fri, Nov 17, 2017 at 10:27 AM, Bogdan Dobrelya wrote: > On 11/16/17 8:01 AM, Juan Antonio Osorio wrote: >> >> Hello folks! >> >> A few months ago Dan Sneddon and me worked in an ansible role that would >> enable IPSEC for the overcloud [1]. Currently, one would run it as

Re: [openstack-dev] [TripleO] IPSEC integration

On 11/16/17 8:01 AM, Juan Antonio Osorio wrote: Hello folks! A few months ago Dan Sneddon and me worked in an ansible role that would enable IPSEC for the overcloud [1]. Currently, one would run it as an extra step after the overcloud deployment. But, I would like to start integrating it to

Re: [openstack-dev] [tripleo] Migrating TripleO CI in-tree tomorrow - please README

On Thu, Nov 16, 2017 at 11:20 AM, Emilien Macchi wrote: > TL;DR: don't approve or recheck any tripleo patch from now, until > further notice on this thread. > > Some good progress has been made on migrating legacy tripleo CI jobs > to be in-tree: >

Re: [openstack-dev] [QA] Proposal for a QA SIG

Just going to keep it short, I think this is a great idea and would like to participate/chair. From: Andrea Frittoli [mailto:andrea.fritt...@gmail.com] Sent: Friday, November 17, 2017 5:54 AM To: OpenStack Development Mailing List (not for usage questions) ;

Re: [openstack-dev] [security] [api] Script injection issue

On 2017-11-17 12:47:34 + (+), Luke Hinds wrote: > This will need the VMT's attention, so please raise as an issue on > launchpad and we can tag it as for the vmt members as a possible OSSA. [...] Ugh, looks like someone split this thread, and I already replied to the original thread. In

Re: [openstack-dev] [tripleo] Updates on the TripleO on Kubernetes work

On Fri, Nov 17, 2017 at 4:43 AM, Steven Hardy wrote: > On Thu, Nov 16, 2017 at 4:56 PM, James Slagle wrote: >> On Thu, Nov 16, 2017 at 8:44 AM, Flavio Percoco wrote: >> What I'm trying to propose is a path towards deprecating the

Re: [openstack-dev] [security] Script injection issue

On 2017-11-17 08:22:31 + (+), TommyLike Hu wrote: > Recently when we integrating and testing OpenStack services. We > found there is a potential script injection issue that some of our > services accept the input with special character [1] [2], for > instance we can create an instance or a

Re: [openstack-dev] [security] [api] Script injection issue

This will need the VMT's attention, so please raise as an issue on launchpad and we can tag it as for the vmt members as a possible OSSA. Apologies for top post, replying from phone. On 17 Nov 2017 12:34 pm, "Adam Heczko" wrote: > Thanks TommyLike for this bug report.

Re: [openstack-dev] [Openstack-operators] [QA] Proposal for a QA SIG

Andrea Frittoli wrote: > [...] > during the last summit in Sydney we discussed the possibility of creating an > OpenStack quality assurance special interest group (OpenStack QA SIG).  > The proposal was discussed during the QA feedback session [0] and it > received > positive feedback there; I

Re: [openstack-dev] [security] [api] Script injection issue

Thanks TommyLike for this bug report. Sounds like Stored XSS [1]. Could you please share more details, e.g. branch / release, APIs tested etc.? [1] https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting On Fri, Nov 17, 2017 at 12:36 PM, Davanum Srinivas wrote: >

[openstack-dev] [QA] Proposal for a QA SIG

Dear all, during the last summit in Sydney we discussed the possibility of creating an OpenStack quality assurance special interest group (OpenStack QA SIG). The proposal was discussed during the QA feedback session [0] and it received positive feedback there; I would like to bring now the

Re: [openstack-dev] [security] [api] Script injection issue

Adding [api] to make sure the API (SIG?) sees this too On Fri, Nov 17, 2017 at 3:22 AM, TommyLike Hu wrote: > Hey all, > Recently when we integrating and testing OpenStack services. We found > there is a potential script injection issue that some of our services

[openstack-dev] Developer Mailing List Digest November 11-17

Contribute to the Dev Digest by summarizing OpenStack Dev List thread: * https://etherpad.openstack.org/p/devdigest * http://lists.openstack.org/pipermail/openstack-dev/ HTML version: https://www.openstack.org/blog/2017/11/developer-mailing-list-digest-november-11-17 Summaries = * POST

[openstack-dev] [tc] Technical Committee Status update, November 17th

Hi! This is the weekly summary of Technical Committee initiatives. You can find the full list of all open topics (updated twice a week) at: https://wiki.openstack.org/wiki/Technical_Committee_Tracker If you are working on something (or plan to work on something) that is not on the tracker, feel

Re: [openstack-dev] [tripleo] Updates on the TripleO on Kubernetes work

On Thu, Nov 16, 2017 at 4:56 PM, James Slagle wrote: > On Thu, Nov 16, 2017 at 8:44 AM, Flavio Percoco wrote: >> Integration with TripleO Heat Templates >> === >> >> This work is on-going and you should eventually see

Re: [openstack-dev] [tripleo] Migrating TripleO CI in-tree tomorrow - please README

On 11/16/17 7:20 PM, Emilien Macchi wrote: TL;DR: don't approve or recheck any tripleo patch from now, until further notice on this thread. Some good progress has been made on migrating legacy tripleo CI jobs to be in-tree: https://review.openstack.org/#/q/topic:tripleo/migrate-to-zuulv3 The

[openstack-dev] [security] Script injection issue

Hey all, Recently when we integrating and testing OpenStack services. We found there is a potential script injection issue that some of our services accept the input with special character [1] [2], for instance we can create an instance or a volume with the name of 'script inside'. One of the