#cockpit log

13:00:27 <mvollmer> #startmeeting meeting
13:00:27 <zodbot> Meeting started Mon Aug  1 13:00:27 2016 UTC.  The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:27 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
13:00:27 <zodbot> The meeting name has been set to 'meeting'
13:00:36 <mvollmer> .hello mvo
13:00:37 <zodbot> mvollmer: mvo 'Marius Vollmer' <marius.vollmer@gmail.com>
13:00:44 <andreasn1> .hello andreasn
13:00:45 <zodbot> andreasn1: andreasn 'Andreas Nilsson' <anilsson@redhat.com>
13:01:05 <harish> .hello harishanand
13:01:06 <zodbot> harish: harishanand 'Harish Anand' <harishanand95@gmail.com>
13:01:39 <mvollmer> #topic Agenda
13:01:44 <larsu> .hello larsu
13:01:45 <zodbot> larsu: larsu 'Lars Uebernickel' <lars@uebernic.de>
13:01:55 <larsu> ah! Another place to change my name :)
13:02:37 <harish> * timers
13:03:20 <andreasn1> larsu: this will haunt you for years
13:03:28 <mvollmer> larsu, congratulations!
13:03:30 <larsu> uh oh :)
13:03:33 <larsu> thanks!
13:03:42 <mvollmer> larsu, I forgot your new name already again! :)
13:03:43 <andreasn1> I imagine it's like chaning address x100
13:03:49 <andreasn1> yes, contratulations!
13:04:21 <larsu> thanks!
13:04:26 <harish> congrats larsu!!
13:04:27 <larsu> mvollmer: Lars Karlitski
13:04:33 <larsu> thanks harish!
13:05:07 <mvollmer> larsu, thanks!  I am sure I will have to ask a couple of times more...
13:05:14 <andreasn1> * atomic scan
13:05:34 <mvollmer> * network teams
13:06:30 <cockpitbot> 6 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-atomic/log.html
13:07:29 <mvollmer> alright
13:07:36 <mvollmer> #topic timers
13:07:47 <harish> andreasn i have added the warning message shown when a user selects 31st of every month.
13:08:06 <harish> Is "better avoid end of month days like 31st" okay?
13:08:20 <harish> #link https://github.com/cockpit-project/cockpit/pull/4645
13:08:35 <andreasn1> ah yes, I just saw
13:08:46 <andreasn1> I think the sentence needs to be tweaked slightly
13:08:51 <andreasn1> but in general looks good
13:09:05 <harish> yeah i though so, i was waiting on dperpeet's input on that
13:09:09 <harish> thought*
13:09:51 <harish> dperpeet andreasn I have avoided the usage of ServerTime from host.js because it uses dbus while petervo suggested on getting time by spawning.
13:09:57 <harish> I have done that and  added the tests.
13:10:14 <andreasn1> nice
13:10:15 <harish> the test doesn't check for a boot timer and no-repeat timer. I will add those tomorrow
13:10:22 <harish> rest like repeat hourly, daily, weekly, monthly and yearly and error inputs are checked.
13:10:24 <achakrab> @andreasn1
13:10:26 <achakrab> hi
13:10:37 <achakrab> i've started looking into the design model
13:10:53 <cockpitbot> 2 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-23/log.html
13:10:55 <andreasn1> hi! nice! it's further down in the meeting agenda
13:10:58 <andreasn1> so lets take it when it comes
13:11:06 <achakrab> okay sure
13:11:18 <achakrab> please just let me know when it comes up
13:11:27 <harish> and here is my blog. https://medium.com/@harishanand95/gsoc-week-8-different-dates-issue-testing-41a582ce2aa6#.43jjmtwuv
13:12:48 <harish> mvollmer larsu if you have other ideas you could think of on the issue i talked in the blog, just tell me.
13:14:12 <larsu> hm? why is the time of the test machine considered at all?
13:14:42 <larsu> (this can probably wait until after the meeting)
13:15:04 <petervo_> larsu, where phantomjs runs matters for browser date
13:15:46 <harish> oh for testing we have to select a future time and then check for all cases from there, so i have to set test machine's time.
13:17:05 <harish> larsu petervo_ we can have it discussed after meeting?
13:17:11 <larsu> yes
13:17:46 <harish> okay end of topic mvollmer
13:17:52 <mvollmer> thanks!
13:17:56 <mvollmer> #topic atomic scan
13:18:34 <andreasn1> so me, achakrab and dwalsh met on friday and went over the designs
13:19:14 <andreasn1> https://raw.githubusercontent.com/cockpit-project/cockpit-design/master/containers/container-security-scanning.png
13:19:29 <achakrab> yeah based on what i understood from the meeting, cockpit is still undergoing changes so it's better to wait before some of the design model is implemented
13:19:29 <andreasn1> and we indentified some smaller things that needs to be fixed
13:19:34 <andreasn1> like working and such
13:20:04 <andreasn1> working/wording
13:20:27 <larsu> that's a lot of red! :)
13:21:20 <andreasn1> since the listing view is not on the containers page yet, that part will be harder to implement
13:21:34 <andreasn1> but the box with the scan action and the settings can be implemented today
13:21:43 <andreasn1> today/right away
13:21:46 <mvollmer> andreasn1, so I was thinking...
13:21:57 <achakrab> @andreasn1, so i can implement the box with scan action
13:22:00 <achakrab> ?
13:22:15 <github> [cockpit] stefwalter opened pull request #4809: test: Make --sit argument on test/containers/run-tests work (master...containers-run-tests-sit) https://git.io/v6vpn
13:22:15 <mvollmer> whether or not a image or container is vulnerable is a static property
13:22:22 <mvollmer> no?
13:22:37 <andreasn1> achakrab: yes
13:22:47 <andreasn1> mvollmer: how do you mean?
13:22:49 <mvollmer> i mean, once you scan an image, scanning it again will just give the same answer, no?
13:23:11 <mvollmer> so you would want to scan images that have never been scanned
13:23:16 <andreasn1> mvollmer: no, because since you did the scan, another vunerability might have happened
13:23:24 <mvollmer> discovered?
13:23:45 <mvollmer> so the scanner might have changed, or the image?
13:23:57 <andreasn1> like if I did a scan last week, and heartbleed came up, it won't show that shellshock came up yesterday
13:24:01 <andreasn1> until I scan again
13:24:04 <mvollmer> right
13:24:09 <andreasn1> if I understood things correctly at least
13:24:20 <andreasn1> but I might have gotten something backwards
13:24:21 <mvollmer> but cockpit can know when scanning is necessary, right?
13:24:29 <mvollmer> when the scanner database has been updates
13:24:32 <mvollmer> *updated
13:24:38 <cockpitbot> 3 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-testing/log.html
13:24:48 <mvollmer> or in other words, how does the user know when to hit "scan again"?
13:25:31 <achakrab> yeah because right now the information will be based on a previous scan
13:25:41 <achakrab> so if a new vulnerability is present in a container or image
13:25:54 <achakrab> then it wouldn't show up until you scan again
13:25:59 <larsu> is scanning an expensive process?
13:26:34 <andreasn1> not super expensive I think, ideally it would happen ASAP and automated
13:26:40 <larsu> right
13:27:01 <mvollmer> can we give a hint that scanning is now a useful thing to do?
13:27:05 <andreasn1> right now it's possible to set it up so it scans say, once a day, once a week, or maybe once an hour
13:27:11 <mvollmer> like: new image or container: scan it!
13:27:21 <mvollmer> and: vuln db updated, scan again!
13:27:33 <mvollmer> where is the vuln db?
13:27:49 <andreasn1> it's this massive tar.gz
13:28:01 <mvollmer> that comes in a rpm or ostree, right?
13:28:09 <andreasn1> not sure
13:28:31 <mvollmer> anyway, maybe we should not go on here.
13:28:55 <andreasn1> but yeah, if there was a way for everything to be scanned again once the db got updated somehow, that would be a superior model I think
13:28:57 <andreasn1> it
13:29:07 <andreasn1> it's an interesting idea, but not sure if it's possible or not
13:29:38 <achakrab> you could then call scan --all
13:29:45 <andreasn1> yeah
13:29:46 <achakrab> once the db ever gets updated right?
13:29:59 <achakrab> by db you mean if any images are added to the repo
13:30:02 <achakrab> ?
13:30:20 <andreasn1> no, the csv database
13:30:36 <achakrab> okay
13:31:14 <achakrab> also @andreasn1, we are also looking at highlighting vulnerable images and containers red right?
13:31:21 <andreasn1> yes, that is key
13:31:26 <achakrab> right okay
13:31:39 <achakrab> i'm working on getting the list of containers from the dbus api
13:31:48 <andreasn1> cool
13:33:23 <andreasn1> next topic?
13:34:39 <mvollmer> #topic network teaming
13:35:11 <mvollmer> so, couple of weeks ago we decided to attack this properly, with use cases and mockups, and black jack
13:35:52 <mvollmer> andreasn1, how shall we start this?  I can try to get you into contact with the (few) contacts I have.
13:36:06 <andreasn1> is there a trello card for it already?
13:36:13 <mvollmer> kind of
13:36:23 <mvollmer> https://trello.com/c/Be49zuYD/327-throw-everything-but-the-kitchen-sink-at-network-teams
13:36:37 <mvollmer> that's one option
13:36:52 <mvollmer> I just go and bring teams to the same level as bonds
13:36:54 <andreasn1> but yes, if we can get info from folks who know this stuff, that would be great
13:37:07 <mvollmer> and at the same time we try to make a better UI
13:37:10 <andreasn1> just send me the list of names
13:37:17 <mvollmer> alright
13:37:25 <andreasn1> I mean, you can send the list of names over e-mail
13:37:30 <mvollmer> yep
13:37:39 <andreasn1> nice!
13:38:12 <mvollmer> i am afraid that a really good and useful UI will need changes down in NetworkManager
13:38:26 <mvollmer> it doesn't really report any state of a team, for example
13:38:47 <andreasn1> lets see if we can push for that, but if not, we can do the best we can
13:38:58 <mvollmer> so you don't really know whether your active backup team is in backup mode right now
13:39:16 <mvollmer> (h, you can see the traffic...)
13:39:52 <mvollmer> so, we have a deadline for teams, since we promised this so that GNOME can take it out.
13:40:28 <mvollmer> because of that, I propose to work on the risk-free option as well: just put all those controls into the UI
13:40:43 <andreasn1> right
13:40:52 <mvollmer> and concurrently take the time to figure this out correctly
13:41:23 <andreasn1> yup
13:41:37 <mvollmer> it could even be as simple as asking a couple of people "look at what we have now, how can we improve this?"
13:41:40 <andreasn1> is the deadline for the GNOME 3.22 release?
13:41:52 <andreasn1> yeah
13:41:54 <mvollmer> Fedora 25, I guess
13:43:38 <andreasn1> code freeze for 3.22 is Sep 12: https://wiki.gnome.org/Schedule
13:44:00 <mvollmer> oho
13:44:26 <mvollmer> I'll hopefully be changing diapers then
13:44:39 <andreasn1> oh yes
13:44:41 <andreasn1> :)
13:45:16 <mvollmer> I'll prioritize teams over more docker storage stuff then.
13:45:47 <andreasn1> sounds good
13:46:20 <cockpitbot> 8 tests failed - http://fedorapeople.org/groups/cockpit/logs/master-3b9c547b-verify-fedora-24/log.html
13:46:28 <achakrab> @mvollmer
13:46:33 <andreasn1> I'll start looking into the design
13:46:35 <achakrab> is there any chance i can speak with you today
13:46:40 <achakrab> on bluejeans?
13:46:53 <andreasn1> but in worst case, lets just make a separate "Team" button
13:47:06 <andreasn1> and have a bunch of extra nobs in there
13:47:13 <mvollmer> andreasn1, right
13:47:33 <mvollmer> achakrab, unfortunately not...
13:47:47 <achakrab> hmm okay
13:47:52 <achakrab> any time this week?
13:48:34 <mvollmer> yeah, I hope tomorrow...
13:48:39 <mvollmer> achakrab, do you have a PR open?
13:48:58 <achakrab> i do have a POC on
13:49:01 <achakrab> one*
13:49:06 <mvollmer> yep, #4774
13:49:32 <mvollmer> #topic AOB
13:49:45 <achakrab> yes
13:53:45 <andreasn1> AOB?
13:54:46 <mvollmer> any othe rbusiness
13:54:56 <mvollmer> none, I guess. :)
13:55:00 <mvollmer> #endmeeting