devel November 2020

devel@lists.centos.org

25 participants
28 discussions

Reminder: CentOS 6 EOL on 30 November 2020
by Johnny Hughes 03 Dec '20

03 Dec '20

All, This is a friendly reminder. CentOS 6.10 will EOL at the end of November 2020. During the first week in December 2020, the 6.10 directory will move to vault.centos.org Packages will still be available at: http://vault.centos.org/centos/6.10/ However, once moved, there will be no more updates pushed to vault.centos.org. Therefore, security issues will no longer be fixed, etc. You should take the rest of the month to either move to a newer versoin of CentOS Linux ... or to procure Extended el6 support from Red Hat (EUS RHEL 6). Thanks, Johnny Hughes

13 27

Reminder: CFP for FOSDEM Dojo
by Rich Bowen 25 Nov '20

25 Nov '20

Reminder: The CFP for the FOSDEM CentOS Dojo is now open - https://wiki.centos.org/Events/Dojo/FOSDEM2021 - and closes on December 20th. We are tentatively planning for February 4th and 5th, but will scale back to just the 5th if we don't get sufficient submissions. We are looking for talks about: CentOS Linux CentOS Stream and the RHEL contribution workflow Anything that you are doing in the CentOS ecosystem (including, but not limited to: SIG activity, CentOS infra, governance, community, etc) Anything you're doing *on* CentOS - stuff you're running on CentOS, interesting research projects, useful CentOS tools/utilities/techniques. Larger ecosystem topics - Linux, Cloud, Open Source, etc. I encourage you to look at previous event schedules for further inspiration: https://wiki.centos.org/Events/Dojo/Brussels2020 https://wiki.centos.org/Events/Dojo/ORNL2019 https://wiki.centos.org/Events/Dojo/Brussels2019 Thanks! --Rich

1 0

Re: [CentOS-devel] NFS Ganesha (Storage SIG) node fails to boot after fencing
by Strahil Nikolov 24 Nov '20

24 Nov '20

Hi Vit, the generated policy fixes the issue. I've opened an issue at https://github.com/ClusterLabs/fence-agents/issues/368 @Kaleb Keithley , It's already in the previous e-mail and in the issue I just created. Best Regards, Strahil Nikolov В понеделник, 23 ноември 2020 г., 16:28:01 Гринуич+2, Vit Mojzis <vmojzis(a)redhat.com> написа: Hi, based on the policy module generated by audit2allow it seems that this is an issue in the base policy (selinux-policy package). Init_t is only allowed to access files and directories labeled var_lib_nfs_t (and not link_files). But I believe "getattr" permission was added in rhel-8.3. Does the generated policy module (my-systemd) resolve the issue? Vit On 11/23/20 2:54 PM, Kaleb Keithley wrote: > Can you collect any AVC messages from /var/log/audit/audit.log or /var/log/messsages, or dmesg on the host that would only boot after setting enforcing=0? Thanks On Mon, Nov 23, 2020 at 7:55 AM Kaleb Keithley <kkeithle(a)redhat.com> wrote: > > > > > > > > On Sat, Nov 21, 2020 at 4:48 PM Strahil Nikolov <hunter86_bg(a)yahoo.com> wrote: > > >> Hi All, >> >> I have been testing EL8 + NFS Ganesha 3 (from CentOS Storage SIG) and Gluster v8 (tested both Storage SIG rpms and built from source ) and I have noticed a bug in the SELINUX policy causing the system to fail to boot after the node is fenced until a kernel parameter 'enforcing=0' is passed. >> >> The reason seems to be the link "/var/lib/nfs" pointing to the shared storage.When the cluster software is stopped gracefully, no issues are observed,as the nfs_setup resource restores /var/lib/nfs . >> >> Should I open a bug to bugzilla.redhat.com or it's specific to CentOS only ? >> > > > > > Off hand I don't think that's a bug in the nfs-ganesha-selinux package. I've asked the cluster (pacemaker, etc.) devs and the selinux devs what they think. You asked about opening a BZ in bugzilla.redhat.com; but https://github.com/gluster/glusterfs/issues is the correct place to report gluster issues. > > > > > For this though I suggest opening an issue in https://github.com/ClusterLabs/ somewhere, maybe https://github.com/ClusterLabs/fence-agents/issues?? So it doesn't get lost. > > > >> >> More details: >> [root@glustere ~]# rpm -qa | grep ganesha | sort >> centos-release-nfs-ganesha30-1.0-2.el8.noarch >> glusterfs-ganesha-8.2-0.5.git77eb5e838.el8.x86_64 >> nfs-ganesha-3.3-2.el8.x86_64 >> nfs-ganesha-gluster-3.3-2.el8.x86_64 >> nfs-ganesha-selinux-3.3-2.el8.noarch >> >> [root@glustere ~]# dmesg | grep -e type=1300 -e type=1400 >> [ 14.414782] audit: type=1400 audit(1605994499.985:3): avc: denied { getattr } for pid=1 comm="systemd" path="/var/lib/nfs" dev="dm-0" ino=33596932 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=lnk_file permissive=1 >> >> [root@glustere ~]# dmesg | grep -e type=1300 -e type=1400 | audit2allow -M my-systemd >> ******************** IMPORTANT *********************** >> To make this policy package active, execute: >> >> >> semodule -i my-systemd.pp >> >> >> [root@glustere ~]# cat my-systemd.te >> >> >> module my-systemd 1.0; >> >> >> require { >> type var_lib_nfs_t; >> type init_t; >> class lnk_file getattr; >> } >> >> >> #============= init_t ============== >> allow init_t var_lib_nfs_t:lnk_file getattr; >> >> >> Best Regards, >> Strahil Nikolov >> >> > > >

1 0

NFS Ganesha (Storage SIG) node fails to boot after fencing
by Strahil Nikolov 23 Nov '20

23 Nov '20

Hi All, I have been testing EL8 + NFS Ganesha 3 (from CentOS Storage SIG) and Gluster v8 (tested both Storage SIG rpms and built from source ) and I have noticed a bug in the SELINUX policy causing the system to fail to boot after the node is fenced until a kernel parameter 'enforcing=0' is passed. The reason seems to be the link "/var/lib/nfs" pointing to the shared storage.When the cluster software is stopped gracefully, no issues are observed,as the nfs_setup resource restores /var/lib/nfs . Should I open a bug to bugzilla.redhat.com or it's specific to CentOS only ? More details: [root@glustere ~]# rpm -qa | grep ganesha | sort centos-release-nfs-ganesha30-1.0-2.el8.noarch glusterfs-ganesha-8.2-0.5.git77eb5e838.el8.x86_64 nfs-ganesha-3.3-2.el8.x86_64 nfs-ganesha-gluster-3.3-2.el8.x86_64 nfs-ganesha-selinux-3.3-2.el8.noarch [root@glustere ~]# dmesg | grep -e type=1300 -e type=1400 [ 14.414782] audit: type=1400 audit(1605994499.985:3): avc: denied { getattr } for pid=1 comm="systemd" path="/var/lib/nfs" dev="dm-0" ino=33596932 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=lnk_file permissive=1 [root@glustere ~]# dmesg | grep -e type=1300 -e type=1400 | audit2allow -M my-systemd ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i my-systemd.pp [root@glustere ~]# cat my-systemd.te module my-systemd 1.0; require { type var_lib_nfs_t; type init_t; class lnk_file getattr; } #============= init_t ============== allow init_t var_lib_nfs_t:lnk_file getattr; Best Regards, Strahil Nikolov

2 4

CPE Weekly: 2020-11-22
by Aoife Moloney 23 Nov '20

23 Nov '20

Hi Everyone, Below is this week's CPE weekly for week ending 2020-11-22 for both Fedora & CentOS, and if you want to visit the hackmd link https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view you can then use the header bar on your left to skip to Fedora or CentOS updates that interest you. ## General Project Updates Final project submission date for consideration in Q1 is Friday 27th November. If you have an initiative that may take weeks/months and multiple people to work on and want to request it to CPE, please follow the steps outlined in our initiatives repo and create your issue before 27th November https://pagure.io/cpe/initiatives-proposal Our updated initative timetable can be viewed here for 2021 https://docs.fedoraproject.org/en-US/cpe/time_tables/ Below are the projects the CPE team are currently working on for the months of October, November & December: * CentOS Stream Phase 4 - Build system services * Noggin Phase 4 - Data Migration of Fedora & CentOS Accounts, Community testing * OSBS for aarch64 - this will begin in November * Fedora Messaging Schemas - this work is continuing from Q3 and is being worked on part-time ### Misc #### GitLab New GitLab topic sent to devel-announce(a)lists.fedoraproject.org & centos-devel(a)centos.org on Message Bus is out. See email in hackmd here https://hackmd.io/oZrDwbSeSWO-l_X65A1ndg?view ## Project Updates *The below updates are pulled directly from our CPE team call we have every week.* ## CentOS Updates ### CentOS * CentOS 6 is EOL 30th November * CFP for FOSDEM Dojo - https://wiki.centos.org/Events/Dojo/FOSDEM2021 * Updated CentOS CI Openshift staging cluster to latest 4.6.4, Waiting for stable release in the 4.6 branch before rolling out to production. * CentOS 7.9.2009 is released! (for x86_64, i386, ppc64, ppc64le, armhfp and aarch64 architectures) * Lot of work done for Noggin/AAA ### CentOS Stream * Use centos-stream-release package to convert from CentOS 6 to CentOS Stream before 30th November * Working on integrating ODCS in Stream * Curating out t_functional suite https://github.com/centos/sig-core-t_functional * Refining our testing for finding issues at distro-level ### Fedora ### Staging Environment * Completed - any issues you find please report them in fedora infra https://pagure.io/fedora-infrastructure/issues ### Noggin/AAA * Testing team owned apps in staging with Noggin * We will be requesting community member testing before December so keep an eye out for an announcement! * The teams kanban board where they track their work can be found here https://github.com/orgs/fedora-infra/projects/6 * And we have a project tracker available to be viewed here https://github.com/fedora-infra/aaa-tracker ### OSBS for aarch64 * Basic OKD 3.11 working on aarm64 with F31 * Working on repeating that install with F33 * Next step will be to ### Fedora Messaging Schemas * This project is worked on on a part time basis as we are prioritizing completing Noggin first before fully committing to its completion * There is a list of applications that require messaging schemas can be found here https://hackmd.io/@nilsph/H1i8CAbkP/edit * There is a readme which contains documentation on messaging schemas, a cookie-cutter template to create the schema and a definition of Done for writing a schemas https://github.com/fedora-infra/fedora-messaging-schemas-issues * The board they are working from can be viewed here https://github.com/orgs/fedora-infra/projects/7 ## Team Info ### CPE Product Owner Office Hours IRC office hours are now once per month.Below are the logs from the most recent meetings and dates for the next ones. #### #fedora-meeting-1 * Next Meeting: 2020-12-17 @ 1300 UTC on #fedora-meeting-1 #### #centos-meeting * Next Meeting: 2020-12-15 @ 1500 UTC on #centos-meeting ## Background: The Community Platform Engineering group, or CPE for short, is the Red Hat team combining IT and release engineering from Fedora and CentOS. Our goal is to keep core servers and services running and maintained, build releases, and other strategic tasks that need more dedicated time than volunteers can give. See our wiki page here for more information:https://docs.fedoraproject.org/en-US/cpe/ As always, feedback is welcome, and we will continue to look at ways to improve the delivery and readability of this weekly report. Have a great week! Aoife Source: https://hackmd.io/8iV7PilARSG68Tqv8CzKOQ?view -- Aoife Moloney Product Owner Community Platform Engineering Team Red Hat EMEA Communications House Cork Road Waterford ReplyForward

1 0

GitLab AMA Topic Follow Up: Namespace & Issue Tracking
by Aoife Moloney 23 Nov '20

23 Nov '20

Hi everyone, I've posted this to devel-announce(a)lists.fedoraproject.org but I will always post this over here too in case there are interested people on this mailing list that may not see it on the Fedora one. Thanks again for your involvement in the GitLab AMA session on IRC in September. This email discussion thread is on Namespace & Issue Tracking. I have pulled the relevant questions and answers from the original hackmd doc into one email and if you would like to discuss this topic specifically, here might be a good place to do so so your conversations don't go down a 'rabbit hole' :) Here are some links to resources as well: * Questions and Answers hackmd link https://hackmd.io/RW8HahOeR7OJPON1dwuo3w * Chat log from session https://meetbot.fedoraproject.org/fedora-meeting-1/2020-09-10/ama_session_w… * AMA Blog post https://communityblog.fedoraproject.org/gitlab-ama-follow-up/#more-9346 * Here is this email in hackmd if you wish to view it there: https://hackmd.io/oZrDwbSeSWO-l_X65A1ndg?view ## Namespace & Issue Tracking - Question: Currently dist-git in Fedora has several namespaces: rpms, modules, containers, tests... All namespaces but the ``tests`` namespace have their issue tracker in bugzilla. Would this work in gitlab? Can we selectively enable/disable issue tracking per namespace for the entire instance? (ie: w/o giving the possibility to ``owner`` or ``maintainer`` to toggle that setting.) - Answer: It may need to be checked again, but it appears you can turn on/off the issue tracker at the project level. - Question: Currently dist-git in Fedora has several namespaces: rpms, modules, containers, tests... All namespaces but the ``tests`` namespace have their issue tracker in bugzilla. Would this work in gitlab? Can we selectively enable/disable issue tracking per namespace for the entire instance? (ie: w/o giving the possibility to ``owner`` or ``maintainer`` to toggle that setting.) - Answer: You can turn the GitLab issue tracker on and off by project. See https://docs.gitlab.com/ee/user/project/settings/#sharing-and-permissions Namespaces map to “group” in GitLab. Here’s more info about them: https://docs.gitlab.com/ee/api/namespaces.html - Question: Fedora, as far as I understand, still plan on using bugzilla as issue tracker. Currently default assignee and the CC are gathered using the ``main admin`` (ie: the ``owner`` for GitLab iiuc), the other maintainers (who did not ``unwatch issues`` in the project - mechanism for them to opt-out of being in the CC list) and the people having enabled ``Issue watching`` for the project (mechanism for them to opt-in into being in the CC list). Would this work in a GitLab world? - Answer: There are a number of options related to that. For one, users can control their notifications globally and by name space in a fine grained way (see GitLab Notification Emails). - Question: Fedora is part of GitLab’s Open Source program and we have a migration tracker issue that we are using to keep track of feature requests, bugs, etc that are important to Fedora. The Fedora migration team has been working with us at GitLab to maintain that and community members can add relevant issues there so we can track them. It’s also helpful for our product managers to hear about why particular issues are important for the Fedora use case, and to have upvotes, so doing that will help! Where can you submit requests/bugs/report issues? - Answer: Fedora Migration Tracker: https://gitlab.com/gitlab-org/gitlab/-/issues/217350 Feature template: https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature… Bug template: https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Bug Please do review the original questions doc in case I have missed any that relate to namespace and issue tracking and thank you again for your engagement with these emails! The next email topic will be on 'Branches'. Have a good week! Aoife -- Aoife Moloney Product Owner Community Platform Engineering Team Red Hat EMEA Communications House Cork Road Waterford

1 0

mirror.centos.org/centos-7/7.9.2009 missing?
by Giedrius Rekašius 19 Nov '20

19 Nov '20

Hello, I don't see the 7.9.2009 release directory in http://mirror.centos.org/centos-7/. Up until now each minor release used to have it's own directory with the latest minor having same contents as the major release. Did something change recently and those minor release directories won't be provided going forward? Regards, Giedrius

3 2

SIGs Building Against CentOS Stream
by Johnny Hughes 18 Nov '20

18 Nov '20

All, Currently, here is a list of tags in the CBS who can build against CentOS Stream. https://cbs.centos.org/koji/search?match=glob&type=tag&terms=*8s-* If your SIG is interested in building against CentOS Stream, you can ask on this list to get a new tag created. The CentOS Project would be happy to enable building against CentOS Stream, so just let us know. Thanks, Johnny Hughes

1 0

[NFVSIG] NFV SIG meeting minutes - 2020-11-18
by Alfredo Moralejo Alonso 18 Nov '20

18 Nov '20

============================================= #centos-meeting: NFV SIG meeting - 2020-11-18 ============================================= Meeting started by amoralej at 15:08:57 UTC. The full logs are available athttps://www.centos.org/minutes/2020/November/centos-meeting.2020-11-18-15… . Meeting summary --------------- * ovs/ovn update to FDP 20.H (amoralej, 15:12:02) * ovs and ovn 2.13 from FDP 20.H have been tested and pushed to official mirrors (amoralej, 15:12:29) * ovs and ovn 2.11 from FDP 20.H have been tested and pushed to official mirrors (dholler, 15:12:45) * RDO Ussuri is also moving to OVS/OVN 2.13 from NFV SIG builds (amoralej, 15:18:54) * New centos-release-nfv pushed to mirror (amoralej, 15:20:56) * now the network-extras repo can be enabled by installing centos-release-nfv-extras (amoralej, 15:21:44) * LINK: https://pagure.io/centos-infra/issue/50 (ykarel, 15:31:55) Meeting ended at 15:34:36 UTC. Action Items ------------ Action Items, by person ----------------------- * **UNASSIGNED** * (none) People Present (lines said) --------------------------- * amoralej (32) * dholler (10) * ykarel (6) * centbot (4) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot

1 0

7.9.2009 Live ISOs
by Ladar Levison 18 Nov '20

18 Nov '20

I noticed there is no live media in the new 7.9 ISO directory. Is that an oversight, a task that is pending, or will there be no live media for the 7.9.2009 release? The missing files are CentOS-7-x86_64-LiveGNOME-2009.iso and CentOS-7-x86_64-LiveKDE-2009.iso ... L~

3 2

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

devel November 2020