[Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT) - Full Restart 00h UTC (20h EDT)
John Trowbridge
trown at redhat.comWed Apr 20 11:39:46 UTC 2016
- Previous message: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT) - Full Restart 00h UTC (20h EDT)
- Next message: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT) - Full Restart 00h UTC (20h EDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 04/19/2016 10:56 PM, Brian Stinson wrote: > Hi All, > > This is finally finished up. We had a long quiet period while a few jobs > finished up and it looks like everything got queued up for re-execution > once we restarted. > > We'll be checking in with the JJB folks and others using the Jenkins > REST API to see how they're affected by the new CSRF settings. > > Cheers! > --Brian > I tested a JJB push for RDO, and it worked fine. However, I have a very odd issue that correlates timing wise with this restart. The image building jobs in the RDO promotion pipelines[1] are all failing the first time they try to get an image via a 'file://' URL. The first occurrence of this was in the middle of the night last night[2], and there have been no code or CI changes in that time frame. I dont have a good explanation of how this could be related to the jenkins restart, as that image building is happening on a duffy node. On the other hand, it seems suspicious timing given that no code or CI changes happened. [1] https://ci.centos.org/view/rdo/view/promotion-pipeline/ [2] https://ci.centos.org/job/tripleo-quickstart-promote-master-delorean-build-images/ > On Apr 19 10:03, Brian Stinson wrote: >> The first part of this maintenance has been done. We will need to >> schedule a full restart for tonight (00h UTC). We'll be monitoring >> running jobs throughout the day. >> >> Cheers >> --Brian >> >> On Apr 19 08:54, Brian Stinson wrote: >>> Hi Folks, >>> >>> In response to news of directed attacks against public Jenkins >>> instances[0], we are enabling some of the CSRF protections in ci.centos.org >>> >>> To do this we will issue a SafeRestart at 14:30 UTC Today! Running jobs >>> will be given a chance to clear and new jobs should be queued up and >>> will execute as soon as the restart finishes. >>> >>> Potential Impact: >>> - If you are using the Jenkins REST interface you may need to modify >>> your scripts to send the appropriate headers[1] >>> >>> - Jenkins Job Builder is tracking an issue to enable CSRF support[2]. >>> Some basic tests were performed on our side, and simple jobs were >>> configured correctly, but you may notice strange behavior if you are >>> using JJB. >>> >>> >>> [0]: https://groups.google.com/d/topic/jenkinsci-advisories/lJfvDs5s6bk >>> [1]: https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API#RemoteaccessAPI-CSRFProtection >>> [2]: https://storyboard.openstack.org/#!/story/2000556 >>> >>> If you have any questions or comments, let us know here or find one of >>> us in #centos-devel on Freenode. >>> >>> Cheers! >>> -- >>> Brian Stinson >>> CentOS CI Infrastructure Team >>> _______________________________________________ >>> Ci-users mailing list >>> Ci-users at centos.org >>> https://lists.centos.org/mailman/listinfo/ci-users >> _______________________________________________ >> Ci-users mailing list >> Ci-users at centos.org >> https://lists.centos.org/mailman/listinfo/ci-users > _______________________________________________ > Ci-users mailing list > Ci-users at centos.org > https://lists.centos.org/mailman/listinfo/ci-users >
- Previous message: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT) - Full Restart 00h UTC (20h EDT)
- Next message: [Ci-users] Jenkins SafeRestart to add extra CSRF Protection 19-Apr-2016 14h30 UTC (09h30 EDT) - Full Restart 00h UTC (20h EDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CI-users mailing list