On 04/20/2016 07:39 AM, John Trowbridge wrote:
On 04/19/2016 10:56 PM, Brian Stinson wrote:
Hi All,
This is finally finished up. We had a long quiet period while a few jobs finished up and it looks like everything got queued up for re-execution once we restarted.
We'll be checking in with the JJB folks and others using the Jenkins REST API to see how they're affected by the new CSRF settings.
Cheers! --Brian
I tested a JJB push for RDO, and it worked fine. However, I have a very odd issue that correlates timing wise with this restart.
The image building jobs in the RDO promotion pipelines[1] are all failing the first time they try to get an image via a 'file://' URL. The first occurrence of this was in the middle of the night last night[2], and there have been no code or CI changes in that time frame. I dont have a good explanation of how this could be related to the jenkins restart, as that image building is happening on a duffy node. On the other hand, it seems suspicious timing given that no code or CI changes happened.
Sorry for the noise. correlation!=causation. Looks like ansible released 2.0.2 last night as well, which makes much more sense as a root cause.
[1] https://ci.centos.org/view/rdo/view/promotion-pipeline/ [2] https://ci.centos.org/job/tripleo-quickstart-promote-master-delorean-build-i...
On Apr 19 10:03, Brian Stinson wrote:
The first part of this maintenance has been done. We will need to schedule a full restart for tonight (00h UTC). We'll be monitoring running jobs throughout the day.
Cheers --Brian
On Apr 19 08:54, Brian Stinson wrote:
Hi Folks,
In response to news of directed attacks against public Jenkins instances[0], we are enabling some of the CSRF protections in ci.centos.org
To do this we will issue a SafeRestart at 14:30 UTC Today! Running jobs will be given a chance to clear and new jobs should be queued up and will execute as soon as the restart finishes.
Potential Impact:
If you are using the Jenkins REST interface you may need to modify your scripts to send the appropriate headers[1]
Jenkins Job Builder is tracking an issue to enable CSRF support[2]. Some basic tests were performed on our side, and simple jobs were configured correctly, but you may notice strange behavior if you are using JJB.
If you have any questions or comments, let us know here or find one of us in #centos-devel on Freenode.
Cheers!
Brian Stinson CentOS CI Infrastructure Team _______________________________________________ Ci-users mailing list Ci-users@centos.org https://lists.centos.org/mailman/listinfo/ci-users
Ci-users mailing list Ci-users@centos.org https://lists.centos.org/mailman/listinfo/ci-users
Ci-users mailing list Ci-users@centos.org https://lists.centos.org/mailman/listinfo/ci-users
Ci-users mailing list Ci-users@centos.org https://lists.centos.org/mailman/listinfo/ci-users