by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 17:10
    ovh-cds commented #5073
  • 16:53
    ovh-cds commented #5190
  • 16:48
    richardlt commented #5190
  • 16:44
    sonarcloud[bot] commented #5073
  • 16:42
    richardlt synchronize #5073
  • 16:42

    richardlt on refact-application-dao

    fix(api): rename worker model (… fix(api): ignore error if wkf h… fix(api): more info about LoadN… and 40 more (compare)

  • 16:14
    ovh-cds commented #5229
  • 16:12
    sonarcloud[bot] commented #5229
  • 16:02
    richardlt commented #5073
  • 16:02
    richardlt commented #5073
  • 16:02
    richardlt commented #5073
  • 16:02
    richardlt commented #5073
  • 16:02
    richardlt commented #5073
  • 16:00
    richardlt review_requested #5229
  • 16:00
    richardlt opened #5229
  • 16:00
    richardlt review_requested #5229
  • 16:00
    richardlt review_requested #5229
  • 15:55

    richardlt on test-update-report

    wip (compare)

  • 15:51

    richardlt on test-update-report

    test: print human readable test… (compare)

  • 15:21
    ovh-cds commented #5223
Smithx10
@Smithx10
Ill send a link to a branch tho
I hard coded insecure verify
Piotr Orzechowski
@0rzech
@Smithx10 Thanks! After a second thought, I think we better make separate PRs to fix each issue independently. Both PRs may have different side-effects.
Smithx10
@Smithx10
yeah, im just using this internally
Id suggest you look at the refactor/authentication branch
Piotr Orzechowski
@0rzech
Ok, thanks.
Mats
@matspitz1
hello
i am using ruby so i don't have artifacts
is there a way that i can SSH into a host, and then kick off some deployment commands
Yvonnick Esnault
@yesnault
@matspitz1 Hi! "is there a way that i can SSH into a host, and then kick off some deployment commands" -> of course, you can do that with a simple test script, using worker install key (https://ovh.github.io/cds/docs/components/worker/key/install/) to install ssh key needed. You can use the ssh plugin too (https://ovh.github.io/cds/docs/actions/plugin-ssh-cmd/)
@matspitz1 "i am using ruby so i don't have artifacts" -> I did not understand this sentence, I do not understand the link with ruby :)
Mats
@matspitz1
@yesnault Thank you!
Mats
@matspitz1
Hello can i ask a quick question
do the commands like eval and worker go into the deployment script or do they need to get run on a machine?
Yvonnick Esnault
@yesnault
@matspitz1 the worker binary is available on each step of type 'script'
so that eval $(worker key install --env proj-mykey) will export variable for current step script only
Smithx10
@Smithx10
How do you apply SSL to CDS API?
I'm trying to configure https
Smithx10
@Smithx10
Do workers need to have access to the REDIS instance that the Engine is using ?
Smithx10
@Smithx10
Is there any documentation about how I should configure elasticsearch>?
I see it all over the conf.toml
Smithx10
@Smithx10
figured it out
Smithx10
@Smithx10
I noticed the timeline doesn't persist
is that on purpose:
?
Smithx10
@Smithx10
Do I have to init these indexes?
Smithx10
@Smithx10
Im getting back errors like 2019-09-11 23:28:07 [WARN] pprofLabel>recoverWrap>Handle>getApplicationOverviewHandler>GetMetrics>DoJSONRequest>doJSONRequest>ErrorWithFallback>NewErrorWithStack: wrong request (from: Unable to perform request on service elastic (elasticsearch)) (caused by: getApplicationOverviewHandler> Cannot list vulnerability met
rics: Unable to get metrics: internal server error) error_uuid=cf756d68-d4eb-11e9-b83a-90b8d004466a method=GET request_uri=/ui/project/TEST/application/test/overview stack_trace=internal server error
after creating a index on ES
Anywhere to read how to configure ES ?
Smithx10
@Smithx10
Anyway to configure the API services to only listen on a certain address?
also I would like to TLS them but it seems that the API services don't support TLS ?
Smithx10
@Smithx10
For some reason, a User can Create a Project but they can't click the create workflow button etc
Yvonnick Esnault
@yesnault
@Smithx10 Hi! Sorry for delay, I'll try to answer all questions now :)
"How do you apply SSL to CDS API?" -> we configure a LB (haproxy, what you want) with ssl
it's not configured directly on CDS Api for now
Yvonnick Esnault
@yesnault
"Do workers need to have access to the REDIS instance that the Engine is using ?" -> no, workers need only to access to CDS API
About ES: you need to create index yes. It's used to stored two things: timeline (to persist) and vulnerabilities computed on CDS Application. There is some documentation about what is it on this PR: https://github.com/ovh/cds/pull/4562/files, it will be merged after release 0.42
issue created to add some doc about it: ovh/cds#4601
TLS on engine is planned on the refactor branch about authentication here: ovh/cds#4556 If you want TLS today between service, you have to use LB in front of them
Yvonnick Esnault
@yesnault
"Anyway to configure the API services to only listen on a certain address?" -> you already configure that, example:
[api.http]

    # Listen HTTP address without port, example: 127.0.0.1
    addr = "127.0.0.1"
    port = 8081
you can configure that on all services
@Smithx10 "For some reason, a User can Create a Project but they can't click the create workflow button etc" -> yes, today, everybody can create a project. About the restriction with creating workflow, the user has write access to the project?
Smithx10
@Smithx10
Do they need to create keys
the create thingie was greyed out
Smithx10
@Smithx10
Thanks :)
@yesnault Is there a git issue or a branch about doing TLS to the API servers?
I can probably handle that