Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- andreasn #startmeeting
- sub-mod i'm here
- mvollmer .hi mvo
- andreasn .hello andreasn
- mvollmer .hello mvo
- andreasn uh, did it start?
- mvollmer nope
- dperpeet_ has it really started?
- andreasn did I run the wrong command?
- mvollmer zodbot isn't here
- andreasn oh
- mvollmer let's do it manually
- stefw .hellomynameis Stef Walter
- andreasn sure, I'll try to collect the notes in a manual fashion
- stefw copy paste?
- andreasn pretty much I guess
- stefw just turn off join/leave notifiactions
- and you'll have what you need
- andreasn #topic Agenda
- mvollmer * SOS
- stefw * Continuous Delivery ... while Stef is away
- andreasn * systemd services
- mvollmer * hubbot
- let's go?
- andreasn sure
- #topic SOS-reports
- mvollmer ok, I have started hacking
- first thing was to download big files from a remote machine
- this is pretty similar to how we load packages
- so I made a cope of that and reduced it to be a simple file server
- not sure if that is overkill, but doesn't look too bad
- one open issue is that we might want to read files as superuser
- i haven't looked into that yet
- there is a 'standard' trick that might be an alternative
- data:// urls
- they can be driven by javascript
- but it's going to be ugly for big data
- stefw and there's limits on it
- isn't there?
- mvollmer somebody said 4 GiB
- stefw wow, even in IE?
- mvollmer newer versions
- stefw if it works that would be best, no?
- dperpeet_ how compatible is that across browsers and platforms?
- mvollmer i don't know
- first we need to load the 50 Mibs into the browser, turn it into a 70 Mibs base64 endoced string, and then let the user download it.
- i don't think one can feed such a data url incrementally
- but it would allow us to get away without changing the bridge
- but that's not a huge issue, or is it?
- dperpeet_ I think the ability to download stuff would be valuable to have in the bridge
- stefw yeah
- dperpeet_ are there security issues around this?
- stefw we have to carefully look at security
- mvollmer so I am using URLS like https://f22:9090/cockpit/@localhost//var/tmp/sosreport-f22.mvo.lan-20151019165830.tar.xz
- note, empty package name
- maybe too trick
- y
- stefw i don't think that'll fly security wise
- dperpeet_ downloader package?
- stefw i as an attacker can check for the existence of any file on the victim's system (at the very least)
- dperpeet_ that could be disabled
- mvollmer you need to be authenticated
- stefw yes the victim is authenticated
- and the attacker is not
- dperpeet_ if it's a separate package, an admin could choose to disable it
- stefw but can use the victim's authentication
- mvollmer but the attacker can't open a websocket?
- stefw the victim does that
- already has it open
- dperpeet_ you could hijack the browser session, right?
- stefw no
- just GET requests with the user's cookie
- dperpeet_ or just the connections therein
- what would be a better way to access the files?
- mvollmer so the fsread1 payload is safe, but the files server is not?
- stefw mvollmer, yes, because it transits the WebSocket which the attacker has no access to
- mvollmer cant you get a new one with the cookie?
- stefw GET requests are broadly accessible ... there's a hundred ways
- mvollmer, no, there's origin protection on WebSockets
- mvollmer okay
- stefw that's one of the only reasons WebSockets can be safe
- otherwise they would be a routine disaster
- we probably need to use a POST
- that reposts data received from the server
- er, from cockpit-ws
- so given all of this it may be worth examining how bad using data:// urls really are
- mvollmer right
- what about adding a "publish" method to the bridge, which gives you back a random string, and you can use that random string with a GET?
- stefw yup, or POST is better
- mvollmer okay
- stefw but that's what i'm talking about there ... i think cockpit-ws needs to be involved though
- to tighten up security properly
- if we were to do this
- dperpeet_ we could see if data:// works at all
- stefw dperpeet_, yup
- dperpeet_ if it's "only for SOS" I think we're talking about a "minor" usage path for Cockpit
- frequency-wise, not import
- dperpeet_ so it'd be safe to impose higher requirements regarding the browser
- i.e. enough memory
- petervo how big are these sos files?
- i think that max length varies quite a bit from browser to browser
- mvollmer the one I made without options is about ) Mib
- hah
- petervo though at least they pretty much support it
- mvollmer 9 Mib
- dperpeet_ I think this is more of a convenience feature anyway... if you're going to produce 100MiB of data, I think you could copy the data some other way if need be
- more important is triggering the report generation
- mvollmer i don't know
- dperpeet_ maybe we should look at the limits a bit first?
- mvollmer it would be embarassing to have a button to make the report, but no way to download it
- dperpeet_ for data:// urls
- mvollmer yeah, I can do that
- dperpeet_ we can add the download file support to the bridge later on
- as a separate issue
- mvollmer stefw, so we need to be secure even when the attacker has our cookie?
- dperpeet_ and target security concerns there
- stefw mvollmer, the attacker should never get the cookie
- but the attacker is running in a browser that has the cookie
- mvollmer i guess I don't have a good model of web security
- stefw the attacker can make the browser do a GET with the cookie, even though the attacker does not have the cookie
- the attackers access to the results of the GET may be restricted
- but there's plenty that the attacker can infer from the GET request
- and only certain mechanisms of producing a GET request are restricted to the current javascript domain
- there's a reason we don't use GET for anything important
- mvollmer could we just always return success?
- stefw for example our "/ping" handler, on purpose, does not provide any information about cockpit
- mvollmer but it also has the special cross-origin headers, no?
- anyway, I don't need to learn all this here.
- stefw mvollmer, sure, but that's to make legitimate uses easier
- i would say we need to figure out the limitations of data:// urls
- before we sit down and design a mechanism to do safe GET or POST requests
- mvollmer okay
- petervo this seems to say 2M on chrome
- https://code.google.com/p/chromium/issues/detail?id=44820#c1
- but maybe that's old
- mvollmer I'll try
- next topic?
- andreasn yep
- # topic Continuous Delivery
- stefw i'll be away at systemd.conf
- during the 0.83 release
- until now the CD container
- and cockpit credentials
- have been on my machine
- i'd like to move them somewhere else
- any suggestions?
- dperpeet_ files.cockpit.org?
- cockpit-project.org
- I mean
- stefw the downside is that's a publicly accessible server
- is that a problem?
- dperpeet_ it should be fairly secure, as such things go
- stefw yeah, i wouldn't be against that
- just figured i'd ask everyone
- dperpeet_ worst case is that someone kills the github repo, but we have local copies
- do we have another vpn protected server that we can all access?
- stefw we do
- but even more people have access to it
- so i guess it's a tradeoff that way
- mvollmer as root even, no?
- stefw yup
- so i'll use files.cockpit-project.org for now? is everyone okay with that?
- mvollmer yes
- dperpeet_ in that case I'm for files.cockpit-project.org, I think the security is sufficient for the current demand
- mvollmer (it's not your personal signing key, right?=
- stefw not mine
- cockpit users
- mvollmer ok
- stefw er
- cockpit user's
- the one that creates the releases, pushes them out, etc.
- dperpeet_ if we keep local copies and they become asynchronized, that would be bad
- stefw all done?
- andreasn #topic Systemd Services
- dperpeet_ so, I talked with andreasn last week
- basically we want to keep the design very close to what it is right now
- andreasn for now at least
- dperpeet_ yes
- we use the listing pattern
- and the expandable rows for each entity (service, timer...)
- these then have the info you could previously see by clicking on the item
- stefw do you have a screenshot?
- dperpeet_ but now it's tabbed (info, journal) and you don't lose your place in the list
- stefw i can use in my talk?
- dperpeet_ I didn't make one before I broke the stuff earlier
- I'll have one by tomorrow morning
- stefw cool
- andreasn I'm happy to try things out as soon as you have a branch that works
- dperpeet_ the one thing we decided to get rid of is the partition into enabled/disabled/static
- instead this can go into the row as a column / extra info
- the goal is that besides the current buttons we can add one for "all"
- dperpeet_ so you can see the entire list, without bothering about the type
- stefw right, we'll need filters for that shortly
- but i guess not in the first revision
- dperpeet_ exactly
- andreasn yes
- dperpeet_ the current buttons are basically hardwired filters
- andreasn next up?
- dperpeet_ on the implementation side, I've used petervo's work in https://github.com/cockpit-project/cockpit/pull/2884 as a template
- for the angular singleton pattern
- one last thing: poke me about that screenshot if you don't have one by tomorrow morning, stefw
- stefw ok
- dperpeet_ thanks!
- dperpeet_ (end of topic)
- andreasn #topic hubbot
- mvollmer yep
- so
- I have shut down hubbot
- and run the cockpit-verify container instead
- works like a charm
- super work, stefw
- stefw yay
- andreasn neat
- stefw i've been thinking of some next steps ... to be tackled later
- such as github scanning
- mvollmer yeah
- stefw and coordination between servers, etc
- so they can all target all OS's essentially
- mvollmer it's not essential, but still nice to see what the machine is up to
- stefw but lets not get ahead of ourselves
- dperpeet_ stefw, we can collaborate some on that on Wednesday
- stefw right, i imagined if we have github scanning
- mvollmer I'd just like to have the output of testinfra.py somewhere
- stefw then we can have the scanner publish a priority list somewhere
- mvollmer yes
- stefw anyway, are we okay with waiting on that for a week?
- dperpeet_ as long as the tests work, the status is just a nice addon I think
- mvollmer and the sink could give some nicer view into what it currently running, and was has finished
- stefw or we could put it in an issue
- and talk about it therte
- well, an idea is to make the sinks even less central to things ... so i hope we can avoid doing too much with the sink
- mvollmer it would also be nice to automate the deployment of the infra-verify container even more
- stefw yeah, maybe using the 'atomic' command
- dperpeet_ the scanner could very well be a separate container
- stefw dperpeet_, yes it would be
- mvollmer so I'll properly put hubbot to rest in the next days
- stefw anyway ... i think we've passed a massive milestone
- distributed testing is hard ... has been hard ... but we've made it work ... so far
- mvollmer yes, this very very nice
- heh, our challange is to test concurrently on a single system :-)
- stefw i'd like to move away from that target
- and have each check-verify --github=next pick an OS that the scanner has singled out
- mvollmer by just cranking up the jobs?
- stefw so the scanner goes through github
- and marks what needs to be tested
- there can be two scanners if we like failover
- and then the verify containers, just pick things that need to be tested, and work their way through the list
- dperpeet_ stefw, we have to keep an eye on github API calls (there are limits)
- it's better to have hooks somewhere
- stefw well that's a separate issue imo
- but we can use fedmsg
- to proxy github webhooks into messages
- as other projects do
- anyway, so i guess my point here is that we should do these things one step at a time ... i don't think this is a "stop the presses" style work anymore
- mvollmer I have one more topic: fancy logs
- stefw oh, they're nice
- andreasn sure, end of topic for hubbot?
- stefw and the fact that they can be updated by anyone
- mvollmer yes
- andreasn #topic fancy logs
- mvollmer so, there is now a simple log.html file in .../test/files
- it will be dropped into the directory with the log, right from the start
- and the "Details" links on github point to it
- the idea is that we evolve that page into something really nice
- whenever we need a break from the production code :-)
- stefw great
- dperpeet_ I very much like the separation of log + display that we now have
- stefw yes, most of the logic is there
- just needs styling, right?
- dperpeet_ yes
- andreasn I can take a look
- stefw mvollmer, can you link to an example?
- dperpeet_ https://fedorapeople.org/groups/cockpit/logs/pull-3112-8e19e155-fedora-22-x86_64/log.html
- listing pattern *cough*
- mvollmer adding colors and links to the log might be slightly more involved
- mvollmer yep, that one. :)
- andreasn it's just a big <pre id="log"> right now, right?
- mvollmer one known issue:
- the log.html file is pulled from the branch of the pull request
- that doesn't work sometimes
- and then it just reads "Not found"
- stefw pull from master?
- mvollmer then you can't see your change in action
- stefw i guess it's hard to test out changes
- right
- so why does it sometimes not work?
- mvollmer i think it's a ..... race
- stefw i would suggest that the urllib call in the sink is doing the wrong thing
- it should throw an error
- instead of output the contents of 404
- mvollmer raw.github.com might be a slightly slow
- dperpeet_ we should catch that an fallback on master... or try again / longer?
- mvollmer yep
- stefw mv,
- mvollmer, if the urllib call fails (and we should be able to detct that properly)
- leave the extras statement in
- and process it again at status end
- mvollmer yes, that'll work
- okay, eot
- andreasn # topic Open Floor
- stefw my systemd.conf talk ...
- it's short, so it'll show some screenshots of Cockpit
- but then dive right into how we remote System APIs
- and go then deeper into DBus
- talk about Introspect()
- used with making Method calls
- then about how we monitor properties
- talk about ObjectManager
- and tell them to use it
- what happens if no ObjectManager
- Introspect() salat
- talk about making sure DBus apis ar eremotable
- asking for networkd API
- Suggest splitting out sdbus
- talking amout message catalog + journal and our issues dashboard
- that's really what i'm going to cover in a nutshell
- andreasn sounds good
- andreasn how long is the talk? 20 mins? 30 mins?
- stefw 20 min
- will be tight
- andreasn yep
- dperpeet_ sounds compact
- stefw may have to cut something
- dperpeet_ I can take a look at the slides tomorrow if you want
- stefw ok, they're very basic, but i'll send them around tomorrow
- will be done with them today
- dperpeet_ great, thanks
- andreasn I can take a look to
- too
- ok, I guess that was it
- #endmeeting
Add Comment
Please, Sign In to add comment