#freedesktop on 2021-08-12 — irc logs at oftc.irclog.whitequark.org

2021-07-26 22:56 ChanServ changed the topic of #freedesktop to:

00:00 alanc has quit [Remote host closed the connection]

00:26 rektide has joined #freedesktop

00:27 veganaiZe has joined #freedesktop

00:46 eh58 has joined #freedesktop

00:52 eh5 has quit [Ping timeout: 480 seconds]

00:52 ngcortes has quit [Ping timeout: 480 seconds]

01:12 ngcortes has joined #freedesktop

01:34 ngcortes has quit [Remote host closed the connection]

01:51 shbrngdo has quit [Remote host closed the connection]

01:51 shbrngdo has joined #freedesktop

02:11 veganaiZe has quit [Remote host closed the connection]

02:12 ximion has quit []

03:09 veganaiZe has joined #freedesktop

05:54 bengal has joined #freedesktop

05:56 bengal has quit []

05:58 K`den has joined #freedesktop

05:58 Kayden has quit [Remote host closed the connection]

06:06 danvet has joined #freedesktop

06:19 rando25902 has joined #freedesktop

06:21 rando25892 has quit [Ping timeout: 480 seconds]

06:28 K`den is now known as Kayden

06:33 Kayden has quit [Quit: reboot to try and fix some rubbish]

06:34 bengal has joined #freedesktop

06:41 Seirdy has joined #freedesktop

07:04 Kayden has joined #freedesktop

07:13 agd5f_ has joined #freedesktop

07:14 jpnurmi has quit [Remote host closed the connection]

07:14 jpnurmi has joined #freedesktop

07:15 jpnurmi has quit [Remote host closed the connection]

07:15 jpnurmi has joined #freedesktop

07:20 agd5f has quit [Ping timeout: 480 seconds]

07:23 jpnurmi has quit [Remote host closed the connection]

07:24 jpnurmi has joined #freedesktop

08:09 bcarvalho has quit [Remote host closed the connection]

08:36 bcarvalho has joined #freedesktop

08:49 nroberts has joined #freedesktop

08:52 MrCooper has quit [Remote host closed the connection]

08:52 ximion has joined #freedesktop

08:56 MrCooper has joined #freedesktop

09:52 ximion has quit []

10:04 xexaxo has joined #freedesktop

10:24 pendingchaos has quit [Quit: No Ping reply in 180 seconds.]

10:25 pendingchaos has joined #freedesktop

10:29 pendingchaos has quit []

10:30 pendingchaos has joined #freedesktop

11:14 veganaiZe has quit [Ping timeout: 480 seconds]

12:51 bilboed has quit [Quit: Ping timeout (120 seconds)]

12:52 bilboed has joined #freedesktop

14:11 <kusma> Hmm, getting 504s from gitlab now

14:14 ajax has joined #freedesktop

14:21 <kusma> Aaand it's gone.

15:18 <bentiss> daniels: so I've got good and bad news for ceph + STS + OPA

15:19 <bentiss> good news: I managed to use keycloak as a JWT frontend and forward the gitlab payload in the token

15:19 <bentiss> also, the helm chart allows to add a json file of the config, so no need fo r a sidecar pod (and external postgres, the pods can be stateless)

15:20 <bentiss> bad news: ceph is crashing with OPA enabled

15:20 <bentiss> like crashing badly for every single request

15:21 <bentiss> I think I am down to 2 workaround for that crash:

15:21 <daniels> uhhhh

15:21 <bentiss> 1. use keycloak for the fine grain policies, but that means rewrite our entire policy in S3 language, which is... harder than OPA

15:22 <bentiss> 2. use "Envoy" as mentioned by the opa website, which is basically a proxy in front of the service https://www.openpolicyagent.org/docs/latest/envoy-introduction/

15:24 <daniels> oh, I've never actually worked with Envoy before

15:24 <daniels> or Traefik

15:25 <daniels> but I'm not sure if Traefik is that policy-aware in terms of auth, or if it's just routing

15:26 <bentiss> the sad part of it is that we almost could have just ceph + opa

15:27 <bentiss> but we might end up in ceph + proxy + keycloak + OPA

15:27 <bentiss> daniels: do you agree option 1 is not good?

15:27 <daniels> everything I've seen about S3 API makes me want much much much much less of it

15:27 <daniels> so yeah

15:28 <bentiss> OK

15:28 <bentiss> daniels: BTW, I'll be out for 2 weeks starting tomorrow

15:29 <bentiss> in the backlog we have: a gitlab security upgrade to do, and the ceph upgrade

15:29 <bentiss> might be good to conduct the gitlab upgrade ASAP, but it was never a good time the past week

15:31 <daniels> oh nice, hope the holiday is good!

15:31 <daniels> what's blocking the upgrade atm?

15:32 <bentiss> daniels: nothing, I just keep forgetting to do it in the mornings :)

15:33 <daniels> hehe ok, I can try to do it tomorrow morning then

15:33 <bentiss> I'll be around tomorrow, and the second week, so if anything happens shout

15:35 <daniels> awesome, thankyou!

15:51 veganaiZe has joined #freedesktop

16:37 ximion has joined #freedesktop

17:14 bengal has quit [Ping timeout: 480 seconds]

17:37 Erandir has quit [Read error: Connection reset by peer]

17:56 agd5f_ has quit []

17:57 agd5f has joined #freedesktop

18:22 ngcortes has joined #freedesktop

18:58 jstein has joined #freedesktop

20:07 ngcortes has quit [Ping timeout: 480 seconds]

20:21 ngcortes has joined #freedesktop

20:43 bengal has joined #freedesktop

20:47 danvet has quit [Ping timeout: 480 seconds]

20:48 veganaiZe has quit [Read error: Connection reset by peer]

20:48 veganaiZe has joined #freedesktop

21:06 alatiera has quit [Quit: Ping timeout (120 seconds)]

21:07 ngcortes has quit [Ping timeout: 480 seconds]

21:07 alatiera has joined #freedesktop

21:07 alatiera is now known as Guest4018

21:14 Guest4018 has quit []

21:14 thelounge92 has joined #freedesktop

21:20 ngcortes has joined #freedesktop

21:43 strugee_ has joined #freedesktop

21:48 strugee has quit [Ping timeout: 480 seconds]

21:48 strugee_ is now known as strugee

21:54 bengal has quit [Ping timeout: 480 seconds]

22:24 alanc has joined #freedesktop

22:50 karolherbst has quit [Remote host closed the connection]

22:50 karolherbst has joined #freedesktop

22:52 ximion has quit [Remote host closed the connection]

22:53 ximion has joined #freedesktop

23:14 ngcortes_ has joined #freedesktop

23:14 ximion has quit [Read error: Connection reset by peer]

23:14 ximion has joined #freedesktop

23:14 pzanoni` has joined #freedesktop

23:21 ngcortes has quit [Ping timeout: 480 seconds]

23:21 pzanoni has quit [Ping timeout: 480 seconds]

23:22 pzanoni` is now known as pzanoni

23:24 ngcortes_ has quit []

23:24 ngcortes_ has joined #freedesktop

23:38 ngcortes_ has quit []

23:38 ngcortes_ has joined #freedesktop

23:38 ngcortes_ has quit [Remote host closed the connection]

23:58 demarchi has quit [Ping timeout: 480 seconds]

23:58 ewlsh[m] has quit [Ping timeout: 480 seconds]

23:58 Sheogorath[m] has quit [Ping timeout: 480 seconds]

23:58 yasin-f[m] has quit [Ping timeout: 480 seconds]

23:58 dev[m] has quit [Ping timeout: 480 seconds]

23:58 tintou has quit [Ping timeout: 480 seconds]

23:58 gkiagia has quit [Ping timeout: 480 seconds]

23:58 Sumera[m] has quit [Ping timeout: 480 seconds]

23:58 heftig[m] has quit [Ping timeout: 480 seconds]

23:58 dcbaker has quit [Ping timeout: 480 seconds]

23:58 scorpion2185[m] has quit [Ping timeout: 480 seconds]

23:58 gnfzdz[m] has quit [Ping timeout: 480 seconds]

23:58 tinywrkb has quit [Ping timeout: 480 seconds]

23:58 nirbheek_ has quit [Ping timeout: 480 seconds]

23:58 pv has quit [Ping timeout: 480 seconds]

23:58 msmith12[m] has quit [Ping timeout: 480 seconds]

23:58 nielsdg has quit [Ping timeout: 480 seconds]

23:58 kusma has quit [Ping timeout: 480 seconds]

23:59 Guest3466 has quit [Ping timeout: 480 seconds]