[openstack-dev] [all] Removal of in progress console log access
Sean Dague
sean at dague.net
Mon Apr 18 10:26:14 UTC 2016
On 04/15/2016 07:23 PM, Monty Taylor wrote:
> tl;dr Effective immediately we've put firewalls in front of the Jenkins
> servers removing in-progress console log streaming access
>
> Longer version
>
>
> Recently some potential security issues have come to our attention with
> Jenkins [1] and the way we run it that are non-trivial to fix. As a
> precaution, we have put firewalls in front of the Jenkins web interfaces
> to give us time to react in a reasoned manner. Zuul will still operate
> as usual, and we'll still get log information as usual when the jobs are
> done. However, it does mean that in-progress console log streaming will
> go away for the time being.
>
> We have some plans as to how to address the situation, but they will
> take a few weeks to finalize and implement. Although we regret the
> inconvenience and temporary loss of functionality, it seems the most
> prudent step to take at the moment. As soon as we have an ETA on
> resumption of console log streaming, we'll be sure to let everyone know.
>
> Thanks,
> OpenStack Infra team
>
> [1]
> https://groups.google.com/forum/#!msg/jenkinsci-advisories/lJfvDs5s6bk/4dRqSc4pHgAJ
Bummer. This gets used a to figure out the state of things given that
zuul links to the console even after the job is complete. Changing that
to the log server link would mitigate the blind spot.
-Sean
--
Sean Dague
http://dague.net
More information about the OpenStack-dev
mailing list