Monday, 2020-05-18

« Sunday, 2020-05-17 Index Tuesday, 2020-05-19 »
*** avass has quit IRC00:12
ianwok, resolves correctly for me now00:14
ianwwith citycloud out of system-config i've removed those entries from emergency00:26
openstackgerritYang JianFeng proposed openstack/diskimage-builder master: Centos image support specify minor version  https://review.opendev.org/72873401:21
openstackgerritIan Wienand proposed opendev/system-config master: Add tool to export Rackspace DNS domains to bind format  https://review.opendev.org/72873902:54
*** ykarel|away is now known as ykarel03:58
openstackgerritIan Wienand proposed opendev/system-config master: [wip] generate ssl check list directly from letsencrypt variables  https://review.opendev.org/72874304:45
AJaegerianw: can we merge https://review.opendev.org/#/c/728345/ now? Then I'll +2A ("site-variables: remove opendev.org mirror switch")04:45
ianwAJaeger: yes I think so, all mirrors should be opendev.org now!04:59
openstackgerritIan Wienand proposed opendev/system-config master: [wip] generate ssl check list directly from letsencrypt variables  https://review.opendev.org/72874305:07
openstackgerritIan Wienand proposed opendev/system-config master: [wip] generate ssl check list directly from letsencrypt variables  https://review.opendev.org/72874305:33
*** dpawlik has joined #opendev05:53
openstackgerritIan Wienand proposed opendev/system-config master: [wip] generate ssl check list directly from letsencrypt variables  https://review.opendev.org/72874305:56
*** dpawlik has quit IRC05:57
*** dpawlik has joined #opendev06:13
AJaegerianw: approved now - and thanks for getting this done!06:16
openstackgerritMerged openstack/project-config master: site-variables: remove opendev.org mirror switch  https://review.opendev.org/72834506:28
*** DSpider has joined #opendev06:36
*** hashar has joined #opendev06:50
*** slaweq has joined #opendev06:53
*** larainema has joined #opendev07:01
openstackgerritMerged zuul/zuul-jobs master: tox: update lint regex to not require column  https://review.opendev.org/72503007:12
*** iurygregory has joined #opendev07:17
*** tosky has joined #opendev07:22
*** rpittau|afk is now known as rpittau07:29
fricklerinfra-root: please have a look at https://review.opendev.org/615197 in order to bring docs and reality into sync regarding cloud access on bridge07:40
*** moppy has quit IRC08:01
openstackgerritMerged opendev/system-config master: Remove vexxhost openstack.org mirrors  https://review.opendev.org/72831108:01
openstackgerritMerged opendev/system-config master: Remove limestone openstack.org mirror  https://review.opendev.org/72831908:01
*** moppy has joined #opendev08:01
openstackgerritYang JianFeng proposed openstack/diskimage-builder master: Centos element support specify minor version  https://review.opendev.org/72873408:18
*** sshnaidm|off has joined #opendev08:47
*** sshnaidm|off is now known as sshnaidm08:47
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682908:54
*** ykarel is now known as ykarel|lunch08:54
*** ysandeep is now known as ysandeep|lunch08:56
openstackgerritYang JianFeng proposed openstack/diskimage-builder master: Centos element support specify minor version  https://review.opendev.org/72873409:09
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682909:17
*** ysandeep|lunch is now known as ysandeep09:51
*** hashar is now known as hasharAway09:54
*** rpittau is now known as rpittau|bbl10:06
*** tkajinam has quit IRC10:15
*** ykarel|lunch is now known as ykarel10:43
*** hrw has joined #opendev11:01
hrwmorning11:01
*** jaicaa has quit IRC11:01
hrwcan someone tell me what I should change in https://review.opendev.org/#/c/728798/ (openstack/requirements) to have 'debian-buster-arm64' nodeset available? 'ubuntu-bionic-arm64' was present without changes11:02
*** jaicaa has joined #opendev11:02
AJaegerhrw, nodes != nodesets, we have predefined ones at https://opendev.org/opendev/base-jobs/src/branch/master/zuul.d/nodesets.yaml#L14 . So, adding the desired one is one option11:05
hrwAJaeger: ok. so I should go to base-jobs and adds all aarch64 ones there.11:08
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682911:09
openstackgerritMarcin Juszkiewicz proposed opendev/base-jobs master: add arm64 nodesets for CentOS 8 and Debian  https://review.opendev.org/72881011:11
hrwthx AJaeger11:12
hrwarhg. I hate moments when all tests are py3 but zuul uses py2 to run ansible11:21
hrw2020-05-18 11:19:35.092068 | debian-buster-arm64 |   "msg": "Failed to import the required Python library (setuptools) on debian-buster-arm64-linaro-us-0016633853's Python /usr/bin/python. Please read module documentation and install in the appropriate location"11:21
*** jaicaa has quit IRC11:22
*** jaicaa has joined #opendev11:22
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682911:23
hrwrequirements uses zuul-jobs directly11:24
hrwok, time to check how we solved that shit in kolla ;(11:24
hrwheh. we do not use tox anymore.11:25
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682911:36
*** ysandeep is now known as ysandeep|afk11:53
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682912:00
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682912:11
*** rpittau|bbl is now known as rpittau12:12
openstackgerritThierry Carrez proposed openstack/project-config master: Add base replication jobs for oslo-metrics  https://review.opendev.org/72882012:16
*** hasharAway is now known as hashar12:17
openstackgerritAndreas Jaeger proposed zuul/zuul-jobs master: Revert "tox: update lint regex to not require column"  https://review.opendev.org/72882212:23
openstackgerritSimon Westphahl proposed openstack/diskimage-builder master: Wait for blockdev to exist before calling mkfs  https://review.opendev.org/72882312:32
openstackgerritSimon Westphahl proposed openstack/diskimage-builder master: Use kpartx option to update partition mappings  https://review.opendev.org/72882412:32
*** ysandeep|afk is now known as ysandeep12:36
openstackgerritMerged zuul/zuul-jobs master: Revert "tox: update lint regex to not require column"  https://review.opendev.org/72882212:52
hrwianw: I think that it is time when ubuntu-focal-arm64 will be needed ;(12:53
hrwianw: checking how d-i-b goes with it12:54
mordredfrickler: responded to that patch13:06
*** ykarel is now known as ykarel|afk13:06
*** jhesketh has quit IRC13:15
openstackgerritSimon Westphahl proposed openstack/diskimage-builder master: Wait for blockdev to exist before calling mkfs  https://review.opendev.org/72882313:16
openstackgerritSimon Westphahl proposed openstack/diskimage-builder master: Use kpartx option to update partition mappings  https://review.opendev.org/72882413:16
*** jhesketh has joined #opendev13:22
*** hashar is now known as hasharAway13:24
openstackgerritMonty Taylor proposed openstack/diskimage-builder master: Drop support for python2  https://review.opendev.org/72888913:27
openstackgerritJens Harbott (frickler) proposed opendev/system-config master: Add users to the docker group  https://review.opendev.org/72889313:31
fricklermordred: ah, thx. ^^13:31
mordredfrickler: I'm curious what happens if we add a user to a non-existent group with the ansible user: module13:32
mordredfrickler: but I think we should find out with that patch13:32
fricklermordred: well, we could also make this logic very complicated. or maybe have docker use the "sudo" group on bridge instead of "docker"?13:34
mordredfrickler: I'd _personally_ prefer if we had admins in the docker group - I think being able to run docker commands is nice, but maybe someone disagrees13:35
mordredfrickler: we could also potentially just add a docker group unconditionally - or also could just install docker everywhere13:36
* mordred isn't sure what the right answer is - but agrees with frickler's desire13:36
*** jhesketh has quit IRC13:41
openstackgerritSimon Westphahl proposed openstack/diskimage-builder master: Wait for blockdev to exist before calling mkfs  https://review.opendev.org/72882313:41
openstackgerritSimon Westphahl proposed openstack/diskimage-builder master: Use kpartx option to update partition mappings  https://review.opendev.org/72882413:41
corvusmordred: istr clarkb has a 'sudo for docker' preference.  mostly because docker==root13:41
mordredcorvus: nod13:42
*** hasharAway is now known as hashar13:54
openstackgerritMonty Taylor proposed opendev/system-config master: Stop cloning a bunch of puppet modules we don't use  https://review.opendev.org/72089213:58
fungii miss the old "wheel" group14:04
fungilost to the annals of history now i suppose (except on *bsd systems)14:04
mordredfungi: I never really understood the wheel group - but I never really bsd'd14:05
openstackgerritGhanshyam Mann proposed openstack/project-config master: Retire Tricircle projects: finish infra todo  https://review.opendev.org/72890214:06
openstackgerritGhanshyam Mann proposed openstack/project-config master: Retire Tricircle project: end project gating  https://review.opendev.org/72890314:12
fungimordred: it was traditionally the group used to limit who could run `su`14:14
fungiand similar command restrictions14:15
mordredfungi: yah - it just never made sense to me as name14:17
mordredfungi: but I always figured I just wasn't in the bsd in-crowd so I never really worried about it too much14:17
fungiahh, the jargon file entry says it was a reference to a sysadmin as a "big wheel" on the system14:18
*** ykarel|afk is now known as ykarel14:18
fungihttp://www.catb.org/jargon/html/W/wheel.html14:19
hrwwhat do I have to do to have ubuntu-focal-arm64 node? dib can build focal for x86 as such node exists but I am unable to build whatever arm64 image with dib locally14:24
clarkbhrw: I imagine the first step is debugging why arm64 focal builds fail?14:25
clarkbhrw: and re python versions I believe ansible is supposed to figure that out, but you can also override it at a job level14:26
hrwclarkb: sure, just focal/buster/bionic fail for me ;(14:26
fricklermordred: so adding the user to a nonexisting group fails as expected. a) create the docker group in the users role like we do for sudo, b) move the logic into service-bridge.yaml after the install-docker role, what do you think?14:26
hrwlong time since I used dib14:26
*** mlavalle has joined #opendev14:26
clarkbhrw: you can set ansible_python_interpreter as a job hostvar to control that on a per node basis14:26
hrwk14:26
clarkbI think if your workload is sensitive to the ansible python version then setting it directly is the most correct thing to do14:27
clarkbhrw: how are you running dib and how does it fail?14:27
clarkbif I had to guess you need to set the gpt partitioning stuff14:28
clarkbhttps://opendev.org/openstack/project-config/src/branch/master/nodepool/nb03.openstack.org.yaml#L63 is the element to include to do that14:28
mordredfrickler: well - we should probably get consensus with clarkb first - corvus mentioned that clarkb has opinions about not doing this14:28
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Revert "Revert "tox: update lint regex to not require column""  https://review.opendev.org/72891214:28
hrwclarkb: thanks14:28
clarkbmordred: frickler: fwiw we had to use sudo before for openstack cli commands due to file permissions on clouds.yaml14:29
clarkbI don't think that is a regression14:29
hrwretrying now14:29
clarkbmordred: frickler: but also this is my major gripe with docker14:30
clarkbusing it implies every user is root, then when you replace non root tools with it you get into weird spots14:30
clarkbdox was a really early example of this14:30
clarkbI personally prefer forcing people to sudo as it serves as a reminder that every tiem I run these commands I'm doing so with much power14:30
fricklerclarkb: the idea is to be able to run things without sudo, see https://review.opendev.org/#/c/615197/4 . maybe your argumentation implies running OSC in a container is the wrong solution. or maybe we need podman or some other root-less container solution?14:33
clarkbfrickler: I think OSC is a bad example beacuse we've always needed root to run it due to permissions on the clouds.yaml configs14:33
clarkbI guess your other change is modifying that too14:34
mordredclarkb: yeah - but this started with frickler fixing that14:34
fricklerclarkb: our docs claim differently, so I don't think that this is the guiding principle behind that14:34
mordredso - we COULD just put a sudo in the /usr/local/bin script14:34
mordredfor the openstack command14:34
clarkbno I don't think its a guiding principle but I read the earlier discussion that using docker for osc is a regression re sudo14:34
fricklersee the changed doc file in the first change14:34
mordredto make running osc commands easy14:34
clarkbI was responding to the impression people felt it was a regression (and as far as I can tell it isn't), but I think I misinterpreted the motivation here14:35
mordredyeah - I think the whole thing here is "how can we make it possible to run osc commands as not-root" - and there are a few different things to juggle to make that possible14:36
mordredwhat do we think about putting sudo in the wrapper script?14:36
openstackgerritMonty Taylor proposed opendev/system-config master: Stop cloning a bunch of puppet modules we don't use  https://review.opendev.org/72089214:36
clarkbmordred: I'd be more comfortable with that. Though I think what it gives us isn't a whole lot (logging is the bgi thing probably)14:37
openstackgerritMonty Taylor proposed opendev/system-config master: Put sudo into openstack wrapper script  https://review.opendev.org/72891614:37
mordredclarkb: what do you mean re: logging?14:37
clarkbmordred: sudo logs14:38
mordrednod14:38
hrwhttps://review.opendev.org/#/c/728810/ - can someone check and vote? adding debian and centos8 arm64 nodesets14:40
clarkbI "grew up" in an admin group that expected root activity to be very intentional. Whether using sudo or su'ing the point was that you knew you were acting with more privs. In general I like that approach and that is why I worry about making docker easy mode root14:40
clarkbosc remains a special case tehre because talking to cloud apis directly like that is itself another type of escalation14:41
clarkb(eg people know to be careful when talking to the apis using osc)14:41
hrwclarkb: "DIB_ELEMENTS=block-device-efi disk-image-create -a arm64 -o test-dib.img -u vm debian" ends with https://pastebin.com/0akw00Zu (2>&1|tee)14:41
clarkbhrw: you shouldn't prefix the command with your elements, they are a list on the command itself14:42
hrwclarkb: ok14:42
hrwspeaking of sudo/docker... imho on system with multiple admins sudo should be the only way. at least there are logs who sudoed...14:42
clarkbhrw: from your paste I Think configuring the target disk failed beacuse DIB_ELEMENTS may haev overridden the debian which creates the initial disk state? in any case try it with them all listed -u vm debian block-device-efi and see where that gets you14:45
openstackgerritGhanshyam Mann proposed openstack/project-config master: Retire Tricircle projects: finish infra todo  https://review.opendev.org/72890214:45
hrwclarkb: ok14:45
hrwclarkb: I thought that block-device-efi was default for aarch64 ;d14:46
openstackgerritGhanshyam Mann proposed openstack/project-config master: Retire Tricircle projects: finish infra todo  https://review.opendev.org/72890214:46
clarkbhrw: quick grep doesn't show it auto selecting though there are warnings if you potentially choose the wrong one for the platform (also my grep may just be missing whatever selection mechanism is actually used)14:47
hrwsure14:47
clarkbhrw: we explicitly list it in our elements lists so I figure start there14:47
hrwclarkb: will dig.14:47
clarkbinfra-root (and particularly fungi) https://review.opendev.org/#/c/728650/ is a change to remove the jitsi watermark logo from our meetpad server. fungi noticed that rendering of tehtperad text can get weird when that watermark shows up14:48
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Add python3-devel to bindep  https://review.opendev.org/72870814:49
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-coverage-output: do not synchronize owner  https://review.opendev.org/72771715:05
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-javascript-content-tarball: do not synchronize owner  https://review.opendev.org/72771815:05
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-javascript-output: do not synchronize owner  https://review.opendev.org/72771915:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-javascript-tarball: do not synchronize owner  https://review.opendev.org/72772015:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-markdownlint: do not synchronize owner  https://review.opendev.org/72772115:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-phoronix-results: do not synchronize owner  https://review.opendev.org/72772215:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-puppet-module-output: do not synchronize owner  https://review.opendev.org/72772315:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-python-sdist-output: do not synchronize owner  https://review.opendev.org/72772415:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-sphinx-output: do not synchronize owner  https://review.opendev.org/72772515:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-sphinx-tarball: do not synchronize owner  https://review.opendev.org/72772615:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-tox-output: do not synchronize owner  https://review.opendev.org/72772715:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-translation-output: do not synchronize owner  https://review.opendev.org/72772815:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: fetch-subunit-output: do not synchronize owner  https://review.opendev.org/72772915:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: prepare-workspace: do not synchronize owner  https://review.opendev.org/72773015:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: publish-artifacts-to-fileserver: do not synchronize owner  https://review.opendev.org/72773115:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: upload-logs: do not synchronize owner  https://review.opendev.org/72773215:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: tarball-post.yaml: do not synchronize owner  https://review.opendev.org/72773515:06
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Add linting rule to enforce no-same-owner policy  https://review.opendev.org/72764215:06
openstackgerritGhanshyam Mann proposed opendev/irc-meetings master: Remove the Tricircle team meeting  https://review.opendev.org/72892215:11
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Deprecate default tox_envlist: venv  https://review.opendev.org/72683015:12
*** ysandeep is now known as ysandeep|afk15:26
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682915:27
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Deprecate default tox_envlist: venv  https://review.opendev.org/72683015:27
clarkbAJaeger: looks like logstash queues are holding up since the last round of cleaning15:30
AJaeger\o/15:31
*** dpawlik has quit IRC15:31
openstackgerritMerged zuul/zuul-jobs master: fetch-coverage-output: do not synchronize owner  https://review.opendev.org/72771715:32
openstackgerritMerged zuul/zuul-jobs master: fetch-javascript-content-tarball: do not synchronize owner  https://review.opendev.org/72771815:47
*** ykarel is now known as ykarel|away15:49
openstackgerritJames E. Blair proposed opendev/system-config master: Run Zuul, Nodepool, and Zookeeper as the "container" user  https://review.opendev.org/72695815:57
corvusmordred: our openstack.yaml inventory file has public_v4 and public_v6 set; i'm guessing that's an opendev-local convention?16:00
hrwclarkb: 2020-05-18 16:00:36.505 | Build completed successfully16:00
hrwclarkb: turned out that I had some system issue... solved by rebooting16:00
openstackgerritMonty Taylor proposed zuul/zuul-jobs master: Remove --verbose from js_build_command  https://review.opendev.org/72893016:01
clarkbcorvus: I think that was carried over from the script generated inventory16:01
mordredcorvus, AJaeger: ^^ see https://zuul.opendev.org/t/zuul/build/822327bc250345da80b1574d2919871816:02
mordredclarkb, corvus: yes - those are values that sdk provided in the dynamic inventory16:02
mordredso are opendev convention16:02
corvusmordred: ok; that's a difference from the zuul-provided inventory, so we'll have to mutate it a bit to match16:03
corvusmordred: what am i looking at with AJaeger?16:03
corvusmordred: oh, i see, nm16:03
*** rpittau is now known as rpittau|afk16:06
openstackgerritClark Boylan proposed openstack/project-config master: Use infra-root-keys-2020-05-13 in nodepool  https://review.opendev.org/72786716:06
clarkbinfra-root ^ that needed a rebase due to merge conflicts. I'16:06
clarkb*I've since checked the key is present in all of the clouds so should be good to go now16:07
clarkbthat will complete the test node ssh key rotation16:07
openstackgerritMarcin Juszkiewicz proposed openstack/project-config master: Add Ubuntu Focal for AArch64  https://review.opendev.org/72893316:09
openstackgerritMarcin Juszkiewicz proposed openstack/project-config master: grafana: add CentOS 8 and missing AArch64 entries  https://review.opendev.org/72893416:11
hrwI hope that first one is properly done. ubuntu-focal-arm64 image builds fine locally.16:12
hrwsecond patch is kind of 'I had file opened, noticed some missing entries so added them'16:12
hrwopenstack/requirements will use ubuntu-focal-arm64 nodes ones they will be available16:13
openstackgerritMerged zuul/zuul-jobs master: Ensure output dirs are empty  https://review.opendev.org/72713516:13
openstackgerritMerged zuul/zuul-jobs master: fetch-javascript-output: do not synchronize owner  https://review.opendev.org/72771916:13
openstackgerritMerged zuul/zuul-jobs master: fetch-javascript-tarball: do not synchronize owner  https://review.opendev.org/72772016:13
clarkbhrw: that first one is close. I think you are meant to run the script you updated (create-nodepool-dib.sh) as well to update teh grafana configs (there will eb at least one additional file to git add)16:13
hrwas it is the only way to be sure that their CI job can pass on arm6416:14
openstackgerritMarcin Juszkiewicz proposed openstack/project-config master: grafana: add CentOS 8 and missing AArch64 entries  https://review.opendev.org/72893416:15
hrwso I ran it16:15
hrwclarkb: never played with those graphs16:16
hrwok, will be back in ~2h16:17
hrwit was another day of firefighting ;D16:18
openstackgerritMerged zuul/zuul-jobs master: Remove --verbose from js_build_command  https://review.opendev.org/72893016:21
*** redrobot has joined #opendev16:23
*** cmorpheus is now known as cmurphy16:28
clarkbfungi: have a quick moment for https://review.opendev.org/#/c/727867/ ?16:30
fungiyeah, saw it scroll by very quickly. busy mornnig16:31
fungimorning16:31
*** ysandeep|afk is now known as ysandeep16:33
openstackgerritMerged opendev/system-config master: Disable jitsi watermark in jitsi conferences  https://review.opendev.org/72865016:34
openstackgerritMerged zuul/zuul-jobs master: fetch-markdownlint: do not synchronize owner  https://review.opendev.org/72772116:34
openstackgerritMerged zuul/zuul-jobs master: fetch-phoronix-results: do not synchronize owner  https://review.opendev.org/72772216:34
openstackgerritMerged openstack/project-config master: Use infra-root-keys-2020-05-13 in nodepool  https://review.opendev.org/72786716:47
*** ysandeep is now known as ysandeep|away17:02
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Allow mapping additional hostvars in write-inventory  https://review.opendev.org/72895217:03
openstackgerritJames E. Blair proposed opendev/system-config master: Add iptables_extra_allowed_groups  https://review.opendev.org/72647517:04
*** mlavalle has quit IRC17:08
*** mlavalle has joined #opendev17:09
clarkbinfra-root I've started to draft an advisory board volunteering thread here https://etherpad.opendev.org/p/XRyf4UliAKI9nRGstsP4 I'd like to make sure that the plan there makes sense before sending it more broadly. cc mnaser as you initially suggested the advisory board17:12
fungiwell, he suggested including resource donating providers on the advisory council, we had previously already planned to include project representatives17:15
openstackgerritMerged zuul/zuul-jobs master: fetch-puppet-module-output: do not synchronize owner  https://review.opendev.org/72772317:28
clarkbmeetpad continues to be happy after that config update and the logo is gone now17:28
openstackgerritMerged zuul/zuul-jobs master: fetch-python-sdist-output: do not synchronize owner  https://review.opendev.org/72772417:29
clarkband I've just confirmed being able to ssh into a nodepool test node with the new ssh keys17:30
*** hashar has quit IRC17:44
openstackgerritMerged zuul/zuul-jobs master: fetch-sphinx-output: do not synchronize owner  https://review.opendev.org/72772517:46
openstackgerritMerged zuul/zuul-jobs master: fetch-sphinx-tarball: do not synchronize owner  https://review.opendev.org/72772618:00
openstackgerritMerged zuul/zuul-jobs master: fetch-tox-output: do not synchronize owner  https://review.opendev.org/72772718:00
openstackgerritMerged zuul/zuul-jobs master: fetch-translation-output: do not synchronize owner  https://review.opendev.org/72772818:00
openstackgerritMerged zuul/zuul-jobs master: fetch-subunit-output: do not synchronize owner  https://review.opendev.org/72772918:00
openstackgerritMerged zuul/zuul-jobs master: prepare-workspace: do not synchronize owner  https://review.opendev.org/72773018:00
openstackgerritMerged zuul/zuul-jobs master: publish-artifacts-to-fileserver: do not synchronize owner  https://review.opendev.org/72773118:00
openstackgerritMerged zuul/zuul-jobs master: upload-logs: do not synchronize owner  https://review.opendev.org/72773218:00
openstackgerritMerged zuul/zuul-jobs master: tarball-post.yaml: do not synchronize owner  https://review.opendev.org/72773518:00
*** hashar has joined #opendev18:04
*** hashar is now known as hasharAway18:09
clarkbinfra-root I've approved https://review.opendev.org/#/c/728350/4 which cleans up puppetized mirrors as ianw has managed to go through and swap out our mirrors to the ansibled versions as well as under opendev.org domain18:15
clarkbI'll keep an eye on it, but if you notice mirror weirdness let me know and I'm able to debug18:15
clarkbsemi related to ^ is https://review.opendev.org/#/c/727873/ which will rotate apache workers on ansibled mirrors18:16
clarkbif anyone has a moement to review that second change that would be great (thank you corvus for the initial review)18:16
clarkbthen as a followon to all that I think we can start to consider what using https on our mirrors should look like18:16
clarkbon bionic and newer I believe apt can just use https but not on xenial. Can yum/dnf happily https? we'll also want to update our proxies for docker and pypi and stuff18:17
clarkbanyway one step at a time :)18:17
fungialso debian-buster and newer, i believe18:18
hrwmorning18:19
hrwfungi: exactly.18:19
hrwapt-transport-https package is transitional since buster18:19
openstackgerritMarcin Juszkiewicz proposed openstack/project-config master: Add Ubuntu Focal for AArch64  https://review.opendev.org/72893318:35
openstackgerritMarcin Juszkiewicz proposed openstack/project-config master: grafana: add CentOS 8 and missing AArch64 entries  https://review.opendev.org/72893418:35
hrwmerge conflicts sorted out18:35
*** panda is now known as panda|off18:40
openstackgerritClark Boylan proposed opendev/system-config master: Enable ssl on all mirror vhosts  https://review.opendev.org/72898618:46
clarkbstarted on the vhost updates to do more ssl on mirrors there ^18:46
fungilooking at the git notes display support in gitea, it seems to still be hard-coded to only look at refs/notes/commits while gerrit uses refs/notes/review instead for including review metadata with commits... i wonder if it would make sense for us to replicate refs/notes/review in gerrit to refs/notes/commits in gitea rather than trying to make gitea's notes handler more configurable18:47
fungithoughts?18:47
mordredfungi: hrm. interesting idea18:48
mordredfungi: no reason we couldn't do that18:48
clarkbthat wouldn't help people trying to fetch the gerrit notes locally unless we replicated to both locations18:48
mordredclarkb: good point18:48
mordredfungi: fwiw - modules/git/notes.go in the go-gitea/gitea repo is what's reading refs/notes/commits. I'm guessing turning that string into a per-repo config value wouldn't be the most impossible task18:50
fungithey could fetch refs/notes/commits from gitea if that's their origin18:50
openstackgerritMerged opendev/system-config master: Remove puppet mirror support  https://review.opendev.org/72835018:50
clarkbfungi: right but how would they know to do that since the other ref is documented for gerrit repos18:51
fungimordred: yeah, i was mulling back over the old pull request for that, which got me thinking about alternative solutions to get back the review notes display we had in cgit18:51
mordred(in a world of infinite time, I think it would be super cool to teach gitea about nodedb and to be able to show the in-repo code review info in their pull request view)18:51
fungithough cgit simply displayed all notes from the refs/notes tree18:51
mordredI'd be fine replicating to refs/notes/commits and adding a piece of documentation18:51
clarkbfungi: I actually think something like what cgit did would be best18:51
clarkbfungi: maybe with an expandable block in the commit ui18:52
clarkb(because other tools can write to other notes locations too)18:52
clarkbbut that is also likely the most amount of gitea hacking18:52
fungii mean, a simpler hack on our side would be to just patch the NotesRef const to refs/notes/review but that seems... unclean18:54
fungiand assumes gerrit's notes are the only ones we'd only ever want displayed (but maybe that's true)18:55
clarkbits likely true today :)18:56
fungias for the reverse, were we ever able to work out a solution for doing something like 654034 (is that waiting for us to upgrade maybe)>18:59
fungi?18:59
clarkbfungi: I expect it likely needs testing. iirc the gitweb -> cgit transition was super fun19:00
clarkbthat said I bet if we pointed to git.openstack.org it would mostly just work since we already have the rewrites there19:01
openstackgerritMerged opendev/system-config master: Set connection limits on mirror apache workers  https://review.opendev.org/72787319:18
openstackgerritClark Boylan proposed opendev/system-config master: WIP add support for multiple jvbs behind meetpad  https://review.opendev.org/72900819:30
clarkbI'm sure ^ is nowhere close to functioanl but gives the rough shape of what is necessary to scale up jvbs I think19:31
clarkbI'm hoping the test job there will give more clues as to what all is broken (firewall is for sure I think)19:32
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Allow mapping additional hostvars in write-inventory  https://review.opendev.org/72895219:34
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Update flake8 ignore rules to match Zuul  https://review.opendev.org/72901019:34
*** hasharAway is now known as hashar19:39
openstackgerritJames E. Blair proposed opendev/system-config master: Add iptables_extra_allowed_groups  https://review.opendev.org/72647519:41
openstackgerritGage Hugo proposed opendev/irc-meetings master: Update OSH meeting chair and agenda link  https://review.opendev.org/72901719:52
*** avass has joined #opendev19:54
fungietherpad is up to 1.8.4 now, and includes this workaround for one known source of "hung" pads: https://github.com/ether/etherpad-lite/commit/51e40dd20:12
fungiand fixes some regressions from 1.8.3, which in turn has a few niceties of its own:20:14
fungihttps://github.com/ether/etherpad-lite/releases/tag/1.8.320:15
fungiimproved stability of import/export functionality20:15
fungibetter database support (especially MySQL)20:15
fungibut also:20:16
fungithe visuals and CSS structure of the page was updated. Plugins may need a CSS rehaul20:16
fungiwe should probably make sure the headings/style plugin still works20:16
clarkbfungi: if you push up a change to bump the etherpad version in docker-compose as well as make the test fail somehow we can hold the node and test with it that way20:23
clarkband based on that we can decide if this is a pre or post ptg activity?20:23
openstackgerritJeremy Stanley proposed opendev/system-config master: Upgrade Etherpad to 1.8.4  https://review.opendev.org/72902920:24
fungilike that? ^20:24
clarkbya though unless etherpad completely breaks in that scenario we won't be able to hold the node20:24
fungiahh, make the test fail... let's see if i can make a failure as a child patch of that20:24
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682920:25
clarkb(also a fresh deploy from 1.8.4 doesn't test the upgrade path but we can do that in a followon)20:25
clarkbbasically if our plugins work then next step would be testing the upgrade I think20:25
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Don't require tox_envlist  https://review.opendev.org/72682920:26
openstackgerritJames E. Blair proposed opendev/system-config master: Run Zuul as the zuuld user  https://review.opendev.org/72695820:42
*** yuri has quit IRC20:46
mordredcorvus: re: manual help rolling out there ^^ - it _should_ be less bad given the nummeric user exists already so we won't have to chown everything right?20:55
corvusmordred: yeah, though the name is different so i don't know if it will succeed...20:56
corvusmordred: also, i accidentially overwrote it with a new version....20:56
corvusi meant to make a new change with 'zuuld' as an alternative20:57
mordredcorvus: I was wondering about that20:57
corvusmostly because the more i worked on it, the more i didn't like the 'container' name...20:57
mordredyeah. I also didn't like the container name20:57
mordredbut I didn't have any better suggestions20:57
mordredI think zuuld is potentially better20:57
corvusswitching zuul->zuuld or similar was something we talked about, but our main concern was whether the executor would get confused...  i looked, and i think we'd be okay20:58
corvusand also, fwiw, if we want to colocate these in the future, i think we can using subuid -- the max uid limit in linux is quite high, so even if we eat 65k uids for each container, i think we'd still be fine.20:59
corvusbut still, i don't think we have to care about that today20:59
corvusmordred: this change in zuul-jobs is needed for the iptables work related to this:  https://review.opendev.org/72895221:01
corvusi'm pretty sure https://review.opendev.org/726475 shows it working -- it just failed installing docker-ce  (??)21:02
corvusimagine it's just a consequence of not using the mirrors in the system-config-run jobs21:02
*** slaweq has quit IRC21:05
openstackgerritMerged openstack/project-config master: Retire Tricircle project: end project gating  https://review.opendev.org/72890321:15
*** slaweq has joined #opendev21:28
*** hashar has quit IRC21:30
openstackgerritClark Boylan proposed opendev/system-config master: WIP add support for multiple jvbs behind meetpad  https://review.opendev.org/72900821:30
*** sshnaidm is now known as sshnaidm|afk22:00
openstackgerritClark Boylan proposed opendev/system-config master: WIP add support for multiple jvbs behind meetpad  https://review.opendev.org/72900822:16
ianwclarkb: thanks for reviews; couple of cleanup items i'll go through in https://etherpad.opendev.org/p/openstack.org-mirror-be-gone22:32
clarkbianw: https://review.opendev.org/#/c/728986/ is sort of related too if you want to take a look (turn on more ssl on our mirror vhosts)22:32
clarkbianw: I think we can start to update our mirror configs written by base job stuff to prefer https where https is valid for the clients22:35
clarkbbut before we do that having all the ssl vhosts set up would be a good idea22:35
clarkbianw: feel free to point me at more things I can do to help22:38
ianwit took me quite a while to figure out why "openstack" on bridge couldn't find a file on the disk that was clearly there; until i realised it was a docker wrapper :)22:49
*** slaweq has quit IRC22:51
*** tkajinam has joined #opendev22:53
openstackgerritClark Boylan proposed opendev/system-config master: WIP add support for multiple jvbs behind meetpad  https://review.opendev.org/72900822:56
clarkbheh I somehow missed adding the server I actually wanted to test on :/22:56
*** slaweq has joined #opendev22:58
openstackgerritMerged openstack/project-config master: Add Ubuntu Focal for AArch64  https://review.opendev.org/72893323:05
*** DSpider has quit IRC23:08
openstackgerritMerged openstack/project-config master: grafana: add CentOS 8 and missing AArch64 entries  https://review.opendev.org/72893423:10
*** tosky has quit IRC23:39
*** amotoki has quit IRC23:53
*** amotoki has joined #opendev23:53
« Sunday, 2020-05-17 Index Tuesday, 2020-05-19 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!