seagate / cortx-manager Goto Github PK

I note there is a top-level images folder which hosts images used in our documents. I think this folder should be moved to be a subfolder in docs as it is a bit confusing right now.

1. Created a new issue in Seagate/cortx-manager.

When user access s3_account screen (to create a new s3 account), exception (in red) is popped up, csm_agent log here:

Oct 24 10:38:38 2020-10-24 10: 38:38 csm_agent INFO [send] Message Publish to Xchange: sspl-in,Key: actuator-req-key_nodef6eba51e-99dd-4a2c-8357-10da50591c27, Msg Details: {'username': 'sspl-ll', 'expires': 3600, 'description': 'Seagate Storage Platform Library - Low Level - Actuator Request', 'title': 'SSPL-LL Actuator Request', 'signature': 'None', 'time': '2020-10-24 10:38:38.878993', 'message': {'sspl_ll_debug': {'debug_component': 'sensor', 'debug_enabled': True}, 'sspl_ll_msg_header': {'msg_version': '1.0.0', 'uuid': '13cc7216-15e5-11eb-8fc9-005056b3e16d', 'schema_version': '1.0.0', 'sspl_version': '1.0.0'}, 'actuator_request_type': {'storage_enclosure': {'enclosure_request': 'ENCL:enclosure:fru:sideplane', 'resource': ''}}}}
Oct 24 10:38:39 2020-10-24 10: 38:38 csm_agent ERROR [get_minion_id] Node server id not found for
Oct 24 10:38:39 2020-10-24 10: 38:39 csm_agent INFO [send] Message Publish to Xchange: sspl-in,Key: actuator-req-key_nodef6eba51e-99dd-4a2c-8357-10da50591c27, Msg Details: {'username': 'sspl-ll', 'expires': 3600, 'description': 'Seagate Storage Platform Library - Low Level - Actuator Request', 'title': 'SSPL-LL Actuator Request', 'signature': 'None', 'time': '2020-10-24 10:38:38.878993', 'message': {'sspl_ll_debug': {'debug_component': 'sensor', 'debug_enabled': True}, 'sspl_ll_msg_header': {'msg_version': '1.0.0', 'uuid': '13dee090-15e5-11eb-8fc9-005056b3e16d', 'schema_version': '1.0.0', 'sspl_version': '1.0.0'}, 'actuator_request_type': {'storage_enclosure': {'enclosure_request': 'ENCL:enclosure:fru:disk', 'resource': ''}}}}
Oct 24 10:38:39 2020-10-24 10: 38:39 csm_agent INFO [send] Message Publish to Xchange: sspl-in,Key: actuator-req-key_nodef6eba51e-99dd-4a2c-8357-10da50591c27, Msg Details: {'username': 'sspl-ll', 'expires': 3600, 'description': 'Seagate Storage Platform Library - Low Level - Actuator Request', 'title': 'SSPL-LL Actuator Request', 'signature': 'None', 'time': '2020-10-24 10:38:38.878993', 'message': {'sspl_ll_debug': {'debug_component': 'sensor', 'debug_enabled': True}, 'sspl_ll_msg_header': {'msg_version': '1.0.0', 'uuid': '13e83c44-15e5-11eb-8fc9-005056b3e16d', 'schema_version': '1.0.0', 'sspl_version': '1.0.0'}, 'actuator_request_type': {'storage_enclosure': {'enclosure_request': 'ENCL:enclosure:fru:psu', 'resource': '*'}}}}
Oct 24 10:38:39 2020-10-24 10: 38:39 csm_agent ERROR [init] Node server id not found.:Operation Successful:None:None

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

• Check this box to trigger a request for Renovate to run again on this repository

while cortx-GUI used to https://VM-IP:28100 , the registration process is trying (and failing ofc) to connect to 127.0.0.1:5000 for creating the new S3 account, suggest it should get the same $VM-IP from the browser

On https://github.com/Seagate/cortx-manager/blob/main/CORTXManagerQuickstartGuide.md#12-Install-Cortx-Manager page
at Install OVA and these prerequisites to skip manual installation. section Contributing to CORTX Manager link is not working.

It redirecting to https://github.com/Seagate/cortx-manager/blob/main/ContributingToCortxManager.md which is not accessible.

per https://github.com/Seagate/cortx/blob/main/doc/Preboarding_and_Onboarding.rst
if someone is coming back to GUI after preboarding but before onboarding, using 'Settings' 'manually' does not work :(error - '..did not perform onboarding' and any change applied is not accepted,

This issue provides visibility into Renovate updates and their statuses. Learn more

This repository currently has no open or pending branches.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update dependency requests to v2.27.0

Detected dependencies

CVE-2022-23491 - Medium Severity Vulnerability

Vulnerable Library - certifi-2022.6.15-py3-none-any.whl

Python package for providing Mozilla's CA Bundle.

Library home page: https://files.pythonhosted.org/packages/e9/06/d3d367b7af6305b16f0d28ae2aaeb86154fa91f144f036c2d5002a5a202b/certifi-2022.6.15-py3-none-any.whl

Path to dependency file: /experiments/stats-timelion/requirements.txt

Path to vulnerable library: /experiments/stats-timelion/requirements.txt

Dependency Hierarchy:

• requests-2.26.0-py2.py3-none-any.whl (Root Library)
  • ❌ certifi-2022.6.15-py3-none-any.whl (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Publish Date: 2022-12-07

URL: CVE-2022-23491

CVSS 3 Score Details (6.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Changed
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: High
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-23491

Release Date: 2022-12-07

Fix Resolution: certifi - 2022.12.07

Miniprovisioning templates currently populates csm/conf directory.
https://github.com/Seagate/cortx-manager/tree/main/csm/conf

Make a provision to put it in another directory and copy it to csm/conf directory at the time of build generation

In the Onboarding Guide number 2, an image is shown to enter "opensource ova" as System Name. However, it seems that any name with spaces are considered invalid.

Is there any reason for such validations? If so, perhaps the image should be changed?

If failed to get setup info from provisioner, raise an exception.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

None detected

"CSM (CORTX Management) Swagger is available at https://<management_IP>:28100/api-docs"

This needs to be added to documentation somewhere in this repo. Also should be added to documentation in the parent repo.