Wednesday, 2020-05-20

ianwclarkb: ^ i think that's what i'm thinking.  so you'd just add an argument "zuul_data" to tests and zuul_data['inventory'] will be the inventory, and zuul_data['extra'] can be arbitrary things we might want to pass from run-base.yaml (specific test variables was mentioned by corvus)00:00
*** tosky has quit IRC00:01
clarkbianw: why do you assert it is none in test_bridge00:03
clarkbare you just forcing that to fail to debug the contents?00:03
openstackgerritDouglas Mendizábal proposed openstack/project-config master: Configure ansible-role-lunasa-hsm for release
ianwclarkb: yeah, just for wip to see if things are making it through00:07
*** mlavalle has quit IRC00:15
openstackgerritIan Wienand proposed opendev/system-config master: [wip] testinfra: create a fixture of data from zuul
openstackgerritIan Wienand proposed opendev/system-config master: [wip] testinfra: create a fixture of data from zuul
openstackgerritIan Wienand proposed opendev/system-config master: [wip] testinfra: create a fixture of data from zuul
openstackgerritIan Wienand proposed opendev/system-config master: [wip] testinfra: create a fixture of data from zuul
openstackgerritIan Wienand proposed openstack/diskimage-builder master: Drop support for python2
ianwmordred: ^ yeah ... so because we use openstack requirements the master branch really has to be compatible with victoria, ergo 3.602:35
openstackgerritIan Wienand proposed opendev/system-config master: testinfra: pass inventory and zuul data
openstackgerritIan Wienand proposed opendev/system-config master: [wip] generate ssl check list directly from letsencrypt variables
openstackgerritIan Wienand proposed opendev/system-config master: testinfra: pass inventory and zuul data
openstackgerritIan Wienand proposed opendev/system-config master: [wip] generate ssl check list directly from letsencrypt variables
openstackgerritIan Wienand proposed openstack/diskimage-builder master: Drop support for python2
openstackgerritIan Wienand proposed opendev/system-config master: testinfra: pass inventory and zuul data
openstackgerritIan Wienand proposed opendev/system-config master: [wip] generate ssl check list directly from letsencrypt variables
ianwhrw: ok, you can call it frankenstein's monster but i fiddled with the dib on the nb03 host and got a focal image out
ianwbasically forced an apt fix and manually incoprorated
ianwthis is probably enough until we get the containerised builder04:10
*** ykarel|away is now known as ykarel04:24
openstackgerritIan Wienand proposed opendev/system-config master: Generate ssl check list directly from letsencrypt variables
ianwclarkb / fungi : ^ that should be ready for review.  clarkb you might be interested in 729418 stacked under it for the fixture stuff.04:29
*** diablo_rojo has quit IRC04:30
*** raukadah is now known as chandankumar04:36
openstackgerritIan Wienand proposed openstack/diskimage-builder master: Drop support for python2
*** hashar has joined #opendev05:09
*** calcmandan has quit IRC05:16
*** calcmandan has joined #opendev05:17
*** dpawlik has joined #opendev05:57
*** hashar has quit IRC05:59
openstackgerritfuzihao proposed opendev/ansible-role-cloud-launcher master: Fix pygments style
*** ysandeep|away is now known as ysandeep06:39
*** slaweq has joined #opendev06:46
openstackgerritfuzihao proposed opendev/ansible-role-cloud-launcher master: Fix pygments style
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Do not interpolate values from tox --showconfig
*** tosky has joined #opendev07:30
ianw... Timeout on
ianwseems ok to me, but one to keep an eye on07:46
ianwactually : [Thu May  7 18:00:29 2020] INFO: task apache2:29677 blocked for more than 120 seconds.07:48
ianwthat's obviously a while ago07:48
ianwit might be worth a reboot, just in case something old is hanging around07:49
ianwA start job is running for OpenAFS client (10s / 1min 35s)07:57
ianwthis host is not happy07:57
ianwalright, maybe i was hasty.  it's back, it seems to be serving.  one to keep an eye on08:00
ianw#status log rebooted ; it was refusing a few connection and had some old hung processes lying around08:00
openstackstatusianw: finished logging08:00
*** moppy has quit IRC08:01
*** moppy has joined #opendev08:01
hrwianw: whatever works08:16
hrwianw: recheck of started08:17
*** tkajinam has quit IRC08:23
*** DSpider has joined #opendev08:27
hrwianw: and failed: - unable to install packages due to hold packages08:39
hrwfailed: E: Unable to correct problems, you have held broken packages.\n"08:40
hrwianw: and python3-wheel needs to be installed: error: invalid command 'bdist_wheel'08:44
openstackgerritSorin Sbarnea (zbr) proposed zuul/zuul-jobs master: tox: allow tox to be upgraded
hrwianw: are all needed components to reproduce build from nb03 included in dib repo? I would look later into it08:45
*** ykarel is now known as ykarel|lunch08:57
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: Switch prep-apply to use python3
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Experiment newer ubuntu with puppet
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Experiment newer ubuntu with puppet
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Experiment newer ubuntu with puppet
*** ysandeep is now known as ysandeep|lunch09:29
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Switch prep-apply to use python3
*** ysandeep|lunch is now known as ysandeep10:09
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Do not interpolate values from tox --showconfig
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: Do not interpolate values from tox --showconfig
donnydjohnsom: If there is anything I can help do to make it easier please lmk. If IPv6 was busted, well pretty much all of OE wouldn't really work10:40
*** ykarel|lunch is now known as ykarel10:46
*** ysandeep is now known as ysandeep|brb11:00
*** ysandeep|brb is now known as ysandeep11:13
*** sshnaidm is now known as sshnaidm|afk11:42
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Switch prep-apply to use python3
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Switch prep-apply to use python3
*** hashar has joined #opendev12:26
*** lpetrut has joined #opendev12:32
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: Switch to use python3
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Experiment newer ubuntu with puppet
zbrany chance to get ubuntu-focal images?12:36
AJaegerzbr: we should have them already...12:40
zbrAJaeger: right, my mistake. I am already seeing them.12:41
zbrbut install-puppet role does not support it, i wonder if puppet-5 is compatible with 4, or not really.12:41
AJaegerno idea about puppet ;(12:42
*** sshnaidm|afk is now known as sshnaidm12:53
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Add focal support to install-puppet
hrwhm. focal...12:54
hrwhave to check backlog to see was there something about arm image builder upgrades12:54
openstackgerritSorin Sbarnea (zbr) proposed opendev/system-config master: WIP: Experiment newer ubuntu with puppet
mordredzbr: oh - I wouldn't bother with that - if we need a focal image, we should transition to ansible rather tahn to puppet 512:56
zbrmordred: yeah.... i was starting to learn that the hard way.12:57
zbror puppet6 !12:57
zbrbut maybe switching from xenial with py27 to focal with py38 is a too big leap.12:58
mordredmight not be - which thing are you looking in to?12:58
mordredzbr: py3.5 is also on xenial12:58
zbryep but py35 is going away very soon12:58
zbrand many projects already dropped support for it12:59
zbri also did the same with molecule, ansible-lint, and few other projects. minimal viable python is 3.612:59
mordredyeah - zuul's min is 3.5 at the moment though - and that's the python xenial - so we still support it in opendev13:00
hrwzbr: 3.6 == bionic ;D13:00
mordredthat said ...13:00
hrwzbr: so you can be in a middle13:00
zbryep, that is the logic move.13:00
mordredzbr: I also want to make prep-apply go away13:00
zbrsweet/safe range is 36-3813:00
hrwmordred: is there a way to download raw image used by zuul node?13:01
zbrhrw++ i asked the same in the past.13:01
mordredzbr: we have better jobs we can run now in system-config that actually run the production ansible->puppet and don't need to do the job that does prep-apply - but that's also a long tail to pull on :)13:02
zbrbeing able to download them could prove very useful for development purposes.13:02
mordredhrw: there are links to the images from the nodepool builder nodes13:02
hrwmordred: thanks13:02
mordredoh - wait13:02
mordredno, that's just the logs13:02
mordredno, I don't think we have the images themselves published - although they are VERY LARGE so it would be unpleasant to download them13:03
zbrwe should publish them, as a developer I would find it very useful. curl has good resume support.13:04
hrwELEMENTS_PATH is: /usr/local/lib/python3.5/dist-packages/diskimage_builder/elements:/etc/nodepool/elements - where can I get /etc/nodepool/elements?13:04
hrwso I can rebuild exactly same image13:04
hrw'docker run --rm -it -u root ubuntu:xenial bash' should still work to even have xenial13:05
hrwmordred: thanks13:05
mordredhrw: yes - you'll want to add --privileged to your docker run - dib needs to mount things13:06
zbrmordred: clarkb: please.13:06
openstackgerritSorin Sbarnea (zbr) proposed opendev/puppet-elastic_recheck master: Use py3 with elastic-recheck
mordredzbr: ah - I now know what you're chasing :)13:10
zbryep, reviving er.13:10
zbravass: you want a new release of tox with the fix? gabor was asking me if he should tag one.13:15
fricklerinfra-root: seems we missed changing the mirror config for dib from openstack ro opendev somewhere, see e.g.
avasszbr: I think that would be good13:21
hrwlooks like it is time for xenial VM. container is not enough ;D13:32
zbrwhat do I need to do to assure that uploaded .sh files are viable in browsera instead of downloaded?13:39
*** rosmaita has joined #opendev13:39
rosmaitahello opendevvers -- the tag indexing on the web git browser interface seems to be out of date -- compare to --ours is showing only tags/ whereas theirs is showing all the RCs plus 16.0.013:40
*** ykarel is now known as ykarel|afk13:46
*** olaph has quit IRC13:49
zbrmordred: i am trying to find why failed but fail to spot it,
zbrthe output is far from friendly, so much spam from cloning part13:50
mordredzbr: yeah - that's one of the reasons I want to make that whole thing go away13:50
zbri only spotted that "puppet run" task failed, but not idea why or with what output.13:50
mordredzbr: check the applytest dir in the logs and look for one with FAILED in the name13:51
mordredis going to be your issue13:51
zbrok thanks. i wonder how hard it would to reimplement er deployment in ansible.13:52
mordredzbr: not super hard. the general pattern we'd be looking at would be first to add a Dockefile to the e-r repo using the python-builder/python-base images to make an e-r image - then make ansible in system-config to deploy it using docker-compose - we have several examples of this now13:53
mordredwe'd use ansible instead of puppet to write the config files onto disk, and then set up appropriate mounts in the compose file13:54
zbrok, show me one example and I will go this path as I am confident with these, opposed to puppet.13:55
zbrthis should also make easy to run er locally for testing.13:55
cloudnullTo build upon what zbr asked, re: .sh files are browse-able instead of automatically downloaded --
cloudnullIt looks like we're letting swift set the content-type based on file extensions, is there a way we can control that without appending something like ".txt" to every file?13:58
mordredzbr: zuul-registry is actually a good example. look at to see what the Dockefile should look like. the gerritbot dockerfile is actually a good example of a dockerfile with the right opendev zuul jobs for the container publication:
mordred(but I haven't finished deploying gerritbot, so it's not a good example to follow end to end)13:59
mordredzbr: then in system-config, see playbooks/roles/registry, the system-config-run-docker-registry job (for testing) - and infra-prod-service-registry for deployment:
mordredzbr: as well as
corvusmordred: do we have a focal node running anywhere?14:03
*** ykarel|afk is now known as ykarel14:03
corvusthe apt_key module isn't working on focal; it's reporting14:04
corvusmv: cannot stat '/etc/apt/trusted.gpg.d/openafs.asc': No such file or directory14:04
mordredcorvus: "awesome"14:04
mordredcorvus: well - fwiw, on focal you can just put an .asc file into /etc/apt/trusted.gpg.d without using apt_key14:04
corvusmordred: yeah, but if the directory doesn't exist... :/14:04
mordredcorvus: other thing to try - create the directory14:04
corvusthat's why i wanted to poke at a focal node14:04
mordredyea - I don't think we have one yet14:05
zbrapparently install-from-bindep does install all reqs from bindep, so I endup with both. python versions, which I do not want.14:07
*** hashar has quit IRC14:10
openstackgerritJames E. Blair proposed opendev/system-config master: Vendor the apt repo gpg keys used for Zuul
corvusmordred: enjoy the patchset diff on that ^14:20
mordredcorvus: I ... uhm14:23
mordredcorvus: no, I will choose to not enjoy that patchset diff14:23
openstackgerritJens Harbott (frickler) proposed openstack/project-config master: Fix outdated mirror references
fricklerinfra-root: ^^ this should fix the build failure I quoted earlier14:25
frickleralso, tomorrow is a bank holiday here, so I'll be mostly offline14:26
openstackgerritJames E. Blair proposed opendev/system-config master: Save zuul and nodepool logs from gate test jobs
corvusmordred: i think is ready for +3 and for +2 -- neither get everything working yet, but they're steps.14:30
openstackgerritSorin Sbarnea (zbr) proposed opendev/elastic-recheck master: WIP: Create elastic-recheck docker image
*** lpetrut has quit IRC14:46
*** mlavalle has joined #opendev14:49
openstackgerritMerged openstack/project-config master: Fix outdated mirror references
*** priteau has joined #opendev14:51
*** sgw has joined #opendev14:52
clarkbhrw mordred zbr we do publish images (and have for years now) and
clarkbhrw is probably interested in those on which uses the same url path15:02
clarkband yes they are large and not always pleasant to deal w ith15:02
hrwclarkb: thanks15:03
fungirosmaita: that's intriguing... i've not paid close attention to the found in tags display on commits in gitea, but it seems to only display the earliest tag which incorporated the commit, as opposed to github which shows a tag range (which could be misleading as not all tags are guaranteed sequential)15:16
rosmaitafungi: yeah, i had not really paid attention either until i needed to look at a particular commit today15:16
hrwfetched. will play with it15:17
clarkbfungi: ya I think they are showing two different pieces of info15:17
clarkbWith gitea I think it is showing the oldest tag reachable15:19
clarkb illustrates that a bit better as it shows^0 as the tag there15:20
clarkbbut 16.0.0 is also tagged on that commit15:20
clarkbrc3 is older so gets displayed15:20
fungiout of curiosity, do you happen to know what the ^0 on the end of that tag signifies?15:21
clarkbfungi: its a git delta.15:21
clarkbI think15:21
clarkbeg HEAD^015:22
clarkbeg HEAD^1 is more useful15:22
clarkbbasically thats them saying the tag is on this commit not simply included by the tag?15:22
fungiis ^0 just a self-reference then?15:22
fungigot it15:22
fungiso saying this is the actual tagged commit15:22
clarkbya I think so15:22
fungimakes sense then15:23
rosmaitaclarkb: fungi: ok, thanks, that's good to know -- they are supposed to be displaying different information, so everything is fine15:23
clarkb and both fail to show the tag data too which is fun15:23
fungialso has the ^015:24
fungiso i think that confirms it15:24
fungirosmaita: yes, what gitea is displaying there should be the earliest reachable tag in which that commit appears15:24
fungiwhich is usually fine so long as you know which release tag came after it15:25
clarkbfungi: have a quick moment for once that lands I can restart apache on mirrors and we'll have working https for all the mirror things15:26
clarkbfungi: the child would be good to get in too so quay fix can be caught up in the same restart15:28
clarkbrosmaita: fwiw my hunch is that gitea is actaully trying to mimic github behavior there, but hasn't quite gotten it right. Chances are gitea would treat that as a bug if you filed it with them, though I can't say that with absolute certainty15:31
clarkbinfra-root gitea v1.12.0-rc1 has been tagged. That will include the performance boost to scanning git repos for last updated info15:31
clarkbreading I expect it will be a straightforward upgrade for us to 1.1215:32
*** priteau has quit IRC15:33
clarkbseparately I've realized there is a flaw with our /etc/hosts munging in jobs. We're wanting things in containers to use those host /etc/hosts values and that isn't working15:35
clarkbmordred: ^ fyi. I'll have to have a think on that15:35
mordredclarkb: oh - poo15:41
mordredclarkb: the internet tells me that net: host should cause the host's network stack, including /etc/hosts to be used15:42
clarkbhrm then why is the job still failing15:43
corvusmordred, clarkb: indeed, --network=host does show my /etc/hosts file in the container15:43
clarkb that should've been using the hosts change15:44
clarkbbut the ip there is for prod meetpad0115:44
clarkbmaybe its a java thing?15:44
clarkbI guess I'll have to look closer15:44
corvusclarkb: oh yeah, java famously does its own dns resolution15:44
corvusit's really helpful15:45
mordredI think we're probably discovering why k8s runs an internal dns service15:45
fungiwhat little i know about java, i would expect it to look for an equivalent of a hosts file inside its jvm as an override15:45
openstackgerritMerged opendev/system-config master: Use ensure-nodejs in Gerrit deployment testing
corvusit ignores ttls too15:46
corvus(that's how i learned about it)15:46
mordredcorvus: it's doing that to be "helpful15:46
*** priteau has joined #opendev15:46
fungi"JNDI DNS service provider settings" at the bottom of
clarkbfungi: that says it should use the system default by default15:48
mordredI don't see similar settings for recent openjdk15:50
fungiyeah, so i guess that's specific to oracle's jvm15:50
fungiand maybe blackdown if that's still around15:50
clarkbI think I see the issue15:51
clarkbits using the actual servername not the logical node name in the nodeset15:51
clarkbalso ist only doing it for ipv4 (and not ipv6) but that is less of a concern15:51
corvusit seems that role is written with some different assumptions15:52
corvuswe could add the logical node name to the list of names15:52
corvusthat seems like it should be non-disruptive.  i'm less sure about adding v6 addresses though15:53
clarkb++ and agreed ipv6 may be a bit more disruptive since things will try to talk over ipv6 by default15:54
corvuscould add a feature flag15:54
openstackgerritClark Boylan proposed opendev/system-config master: WIP add support for multiple jvbs behind meetpad
clarkb^ is a new patchset that attempts to use the ansible inventory to look this up15:56
clarkbcan always switch back to the name if/when we update the hosts file role15:56
clarkbI think the hosts file role also updates ssh known hosts, we'll want to ensure the alias names end up in there as well15:57
clarkbfungi: re the ipv4 in ipv6 addressing method, I don't think that helps the testing of that change. We'd still need to distinguish between v4 and v6 now instead of doing it for use of [] it will be for use of ipv6 prefix15:58
fungiyeah, what would be convenient is if there was a list which included all the addresses for both families but prefixed the v4 addresses into v6 notation automatically16:00
fungiotherwise you still need some sort of conditional either inside or outside the loop16:00
openstackgerritJeremy Stanley proposed opendev/system-config master: Revert "Reject messages to starlingx-discuss-owner"
fungiinfra-root: ^ worth noting, the flood to .*-owner addresses for our mailman lists seems to have finally ceased in recent months (not sure when exactly)16:18
fungiwhatever botnet was responsible for that must have realized there was very little value in it16:19
clarkbI'm working on a gitea 1.12 change in system-config fwiw16:21
clarkbtrying to be careful wtih the template updates16:21
*** ykarel is now known as ykarel|away16:23
mordredclarkb: the template updates are always the fun part16:23
clarkbmordred: ya I think I may try and update our templates to carry the bits we don't want commented out so its clearly we are intentionally removing them16:27
clarkbmordred: beacuse otherwise its really hard to know what is just missing from previous versions and what we don't want to carry anymore16:28
hrwgood news: ubuntu-focal-arm64 works ;)16:29
hrwmy CI job may time out but node itself works fine16:30
mordredclarkb: I think that's a good idea16:33
mordredhrw: ++16:33
mordredclarkb: we should really investigate how many of the template sections we delete can be disabled completely by config - or adding config options to allow us to do that so we can not carry those diffs16:34
mordredclarkb: you know - next time we have a bunch of spare time16:35
openstackgerritClark Boylan proposed opendev/system-config master: Update to gitea 1.12.0-rc1
clarkbmordred: ++ fwiw ^ and reivew of that should be done carefully16:42
*** ysandeep is now known as ysandeep|afk16:42
clarkbI've not tried to run the docker buid locally16:42
clarkbthough I realize I maybe should've16:42
* hrw out16:46
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Added missing retry_delay instance variable
openstackgerritClark Boylan proposed opendev/system-config master: Update to gitea 1.12.0-rc1
clarkbzbr: one thing on
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Switch to ensure-docker role
clarkbmordred: gitea's changelog also says "Change default charset for MySQL on install to utf8mb4 (#10989)" Earlier they mention that you can upgrade from like 1.6 to 1.12 so I don't expect htat is an issue for us but thought I'd mention it since it caused so many problems for us with etherpad in the past too16:54
mordredclarkb: "neat"16:54
zbrclarkb: since yesterday few things changed, i realised that it will be easier to switch to ansible/docker and ditch puppet.16:55
zbrbad part is that I keep finding bugs while doing the work and local changes grow very fast.16:56
zbrfor example I found while trying to run locally.16:57
zbrso before doing anything to er, i need to refresh gerritlib and assure we test it better, include py36+ testing,...16:58
clarkbzbr: I believe there is python3.6 testing already, but with the narrow use case of manage-projects?16:59
zbrnope, is only py35 which does not make me happy at all.16:59
zbri use py38 locally....16:59
clarkbzbr: that is using python3.617:00
clarkbyou are correct that the unittests aren't doing a 3.6 interpreter run though17:00
zbranyway, i will take care of this and ping you when CRs are ready17:00
clarkbya I have 3.8 locally too. I haven o problem with 3.5...17:01
clarkbone thing I've learned about python is that with the quick iteration on v3 releases we've had all sorts of bugs including those to garbage collecting. The upside to 3.5 is they solved a lot of them and it got stable17:02
clarkbgranted it was super painful before that got fixed17:02
clarkbso I'm always sort of waiting for everything to break as my rolling relaeses give me new pythons17:02
zbrclarkb: i already said earlier today, py35 is going EOL in September, if I remember well. Many package maintainers already added min_python>=3.6.17:03
zbri am not proposing to drop it, but to test it.17:03
clarkbyes, I think we should get off of 3.5 I have no problem with that. I just don't understand all the 3.5 hate17:03
clarkbreally I think it boils down to rhel dragging their feet then when tehy finally moved they chose 3.6 so now everyone assumes 3.5 is terrible or something17:04
clarkband soon enough 3.6 will EOL too, but we will have to keep support for it around beacuse rhel17:04
clarkb(so the EOL argument doesn't seem like a great one, really its more what are python libraries converging around in practice and I expect 3.6 will be that thing due to rhel despite a relatively early eol)17:04
clarkb3.6 EOL is ~end of year 2021 fwiw17:05
clarkbwell before rhel8 EOL17:05
zbrwhat I seen so far is py36-py38 (less of the last) as being best bet.17:05
clarkbfungi: yes, my point was the python EOL matters less than what people are dev'ing libraries against due to distros like rhel817:07
clarkbfungi: 3.5 "lost out" because rhel didn't switch to python3 until 3.617:07
clarkbwhich means things are likely to converage around 3.6 in the library community17:07
clarkbfor the long term even well beyond 3.6's EOL17:07
fungisure, that goes back to the "what are we testing" argument (upstream python, or python as packaged by distros)17:07
zbrfor start lets do
clarkbeven if 3.5's EOL was 10 years from now it probably wouldn't matter because the convergnce would still be around 3.617:08
zbri am surprised that the linter did not spot this one.17:08
clarkbzbr: there has been bit of related fallout due to the refactor electrofelix did. I think we improperly assumed that was better tested17:09
zbrthere is another very important aspect, py36 introduced optional static typing, something very useful.17:09
clarkbzbr: that actually works with 3.5 too17:11
clarkbzbr: left a note on 729699, I don't know if it is worht a new patchset but thought I'd let you check it before approving17:11
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Added missing retry_delay instance variable
zbrfixed, lets be consistent.17:13
zbrwhich job templates should I add to enable at least py36, preferably py38 too to gerritlib?17:14
clarkbzbr: I don't know if there is a template for that. YOu can just add the jobs17:14
*** dpawlik has quit IRC17:15
clarkbopenstack has its branch specific sets which don't really may sense there17:15
clarkbfungi: re what python are we testing, you saw the reactions to the suggestion that openstack build python base image containers :)17:17
clarkbfungi: I expect that attitude will be common "in the real world" basically the expectation is that rhel and debian work17:17
zbrouch... the library has no tests at all, only one fake one.17:19
clarkbzbr: ya I think that may have been why we assumed poorly now that my memroy is coming back17:19
clarkband that is what prompted the integration test since really what mattered was our ability to interact with gerrit17:19
clarkbthe integration test doesn't test the stream watcher though, just other bits of the api used to create and modify gerrit projects17:20
*** ysandeep|afk is now known as ysandeep17:22
clarkb <- I think that shows the extra jvb is mostly working?17:25
clarkbit also reports successful healthchecks. I'm not sure if that is different than the other stats things17:25
corvusclarkb: lgtm, now seems like a great time to spin it up and see :)17:26
clarkbcorvus: ya why don't I remove my WIP prefix then we can properly review it and if happy land it then spin up a jvb node17:26
openstackgerritClark Boylan proposed opendev/system-config master: Add support for multiple jvbs behind meetpad
clarkbinfra-root ^ I think we can safely review that now (as well as its parent for the firewall stuff)17:27
clarkbthe way that change is written it should leave the existing meetpad install alone and the only chagnes happen when we create a jvb01 instance17:27
corvusmordred: do you understand this?
fungiclarkb: yes, on what we're testing, i think part of the misconception comes from naming the jobs after python interpreter versions but actually testing distro-mangled python interpreters without saying which distro (which is arguably as important as which interpreter version)17:28
*** priteau has quit IRC17:28
fungiso the distro used is (probably in most cases) buried in the job definition or a parent, while the interpreter version is out front in the job name17:29
zbron ansible zuul, i already started to include disto in name, like
zbrin order to make it clear that I test pyXY-OS-version blends.17:33
zbrand the logic was to test cross platforms only with official distro python versions17:33
zbrthis means that py38 should be tested via either py38-fedora-32 or py38-ubuntu-folcal17:34
zbri find this setup much closer to what user is. expected to use in production/real-life17:35
hrwI checked wrong and turned out that even focal is too old for openstack requirements ;(17:35
hrwadding debian-bullseye would be too much imho17:36
hrwit is not yet released17:36
clarkbhrw: can you clarify on that? openstack requirements are based on what distros are shipping17:36
clarkbfor everything but python deps17:36
hrwno they are not17:36
zbri could try to write some tests for gerritlib, does any of you have something against pytest?17:36
clarkband openstack doesn't even support focal yet17:36
hrwconfluent_kafka python package on x86 is taken as wheel17:36
hrwon other archs it needs to be built17:37
hrwand it requires librdkafka 1.4.0+ which even focal does not have.17:37
clarkbhrw: the wheel is still going to link against the library right? so how does that work on older distros like bionic?17:37
openstackgerritMerged opendev/gerritlib master: Added missing retry_delay instance variable
hrwclarkb: binary wheel from pypi17:38
clarkbhrw: is the binary wheel vendoring the non python bits too?17:38
hrwclarkb: manylinux1 wheel works on centos6+ so even xenial works17:38
clarkbhrw: usually wheels expect the library to be present extenally17:38
clarkbzbr: I tend not to be a fan because I see it repeating many of nose's mistakes17:38
clarkbzbr: reliance on non standard constructs as well as non standard behaviors means you are stuck using that single tool to run all the tests. That limits the sorts of reporting you can produce as well as in many cases being very slow (no parallel testing)17:39
clarkbzbr: I think it is better to run using standards compliant tools in CI as much as possible. That allows developers to use whatever test runner they want locally including pytest17:39
hrwclarkb: -rw-r--r--. 1 hrw hrw 23M 04-18 20:55
hrwclarkb: linked against minimal set of libs17:40
clarkbhrw: from the wheel?17:40
hrw one17:40
fungiundeed the wheel vendors a confluent_kafka.libs/ build17:41
hrwfully complaint with manylinux1 PEP17:41
hrwarch/os specific wheels can contain libraries as long they link to minimal set of libs defined by manylinuxXYZ PEP17:41
clarkb is where that is built17:42
clarkbI think that means you can build the package without a wheel too and its fine17:42
hrwclarkb: nope17:42
clarkbhrw: why? if it is vendoring it the system version shouldn't matter17:42
fungiand yeah, openstack/requirements doesn't insist that the package versions it tracks are what distros are providing, only that the packages it tracks are (or can be) included in major distros17:42
hrwclarkb: debian:bullseye is first distro release which has new enough librdkafka17:42
clarkbhrw: but distro release librdkafka doesn't matter as they vendor it17:42
clarkbhrw: so when you install it from source it should build the library on demand17:43
fungiclarkb: the lib is vendored in the *wheel*17:43
hrwclarkb: debian:stretch/buster, ubuntu:xenial/bionic, centos7/8 cannot build it17:43
clarkbthe difference with a wheel is they've done the build ahead of time17:43
fungiyou need a platform capable of building that lib to create the wheel17:43
clarkbfungi: <- it appears to be in for anything17:43
hrwclarkb: they do not vendor it. they expect it to be installed17:43
hrw2020-05-20 17:29:56.064306 | ubuntu-focal-arm64 |   In file included from /tmp/pip-install-cxp19dop/confluent-kafka/confluent_kafka/src/confluent_kafka.c:17:17:43
hrw2020-05-20 17:29:56.064323 | ubuntu-focal-arm64 |   /tmp/pip-install-cxp19dop/confluent-kafka/confluent_kafka/src/confluent_kafka.h:65:2: error: #error "confluent-kafka-python requires librdkafka v1.4.0 or later. Install the latest version of librdkafka from the Confluent repositories, see"17:43
fungionce the wheel is created, it can be installed on platforms lacking that library17:43
clarkb ?17:43
clarkbah that src is what binds against the lib17:44
clarkbwhere are they including the lib then ? some hacked up whl build process?17:44
hrwon non-x86 we use
hrwand then it collapse17:44
fungimanylinux1 wheel builds automatically embed the libs linked from their c extensions17:45
fungiunless those libs are in the set manylinux1 expects to be present on supported systems (libc et cetera)17:45
hrwanyway. time to get to them and improve their .travis.xml17:45
fungiso the upshot is that the current confluent-kafka sdist is not compatible with platforms as old as ubuntu-focal (at least not unless you install some libs from elsewhere to build against), but their manylinux1 wheels of confluent-kafka are compatible with ubuntu-focal and even much older platforms17:47
fungibut requires them to have built them for the architecture you're using17:47
clarkbyup they run
clarkbthat seems like a really bad way to distribute software17:48
* fungi points at the comment box conveniently placed directly above the wastebin17:48
clarkbhrw: I think one workaroudn for you is to run that script17:49
clarkbthen in theory you'll have a librdkafka available for the sdist install17:49
hrwclarkb: and then do it in EACH openstack project which uses confluent_kafka? :D17:50
hrwclarkb: easier would be to sed it out ;P17:50
clarkbhrw: or part of a base arm64 job17:50
clarkbhrw: ya I guess thats another option. What is even using kafka?17:50
hrwclarkb: as 'add it into every node image'?17:50
hrwclarkb: requirements17:50
hrwand would need to check in kolla for others17:51
clarkbI'm pretty sure devstack for example has zero kafka support17:51
clarkbfungi: neat, I don't think we test that naywhere :)17:51
hrwmonasca uses it also17:51
fungiyeah, looks like kolla installs it for monasca17:52
clarkb may be a useable alternative too?17:52
fungicodesearch indicates oslo.messaging and monasca are the two relevant uses17:52
fungiall other mentions seem to be in support of those17:53
clarkbpykafka doesn't publish wheels so in theory its a bit easier to install. Though also appears to be less actively developed17:53
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Enable py36-py38 testing
corvusmordred: found it.  we're currently installing the wrong ppa on xenial.17:55
openstackgerritJames E. Blair proposed opendev/system-config master: Vendor the apt repo gpg keys used for Zuul
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Enable py36-py38 testing
*** hashar has joined #opendev17:57
* hrw off18:04
fungicorvus: see inline comment on 729401 but shouldn't that be using .asc files?18:06
*** chandankumar is now known as raukadah18:06
*** ysandeep is now known as ysandeep|away18:10
mordredcorvus: oh - that would do it18:26
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Enable py36-py38 testing
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Allow getPlugins to accept a format
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Initialize the logger
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Add / remove reviewer to / from patch set
AJaegerinfra-prod-run-cloud-launcher job failed in hourly pipeline, see
*** hashar is now known as hasharAway18:35
openstackgerritMerged opendev/system-config master: Open mirror ssl ports externally
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Enable py36-py38 testing
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Replace testrepository with stestr
openstackgerritSorin Sbarnea (zbr) proposed opendev/gerritlib master: Replace testrepository with stestr
zbrclarkb: ready.19:08
clarkbinfra-root which bumps gitea to 1.12.0-rc1 passed testing. I think its worth review now even if we don't want to upgrade until 1.12.0 is released19:12
clarkbinfra-root that way we can be ready when the release is made19:13
openstackgerritMerged opendev/system-config master: Listen on Quay Registry Mirror Ports
clarkbinfra-root re ^ mirror ports I'll plan to restart apache on the mirrors after my bike ride today (which should happen soonish)19:19
clarkbalso I think the reason it needs a restart is the listen directives, not the new vhosts19:19
clarkbfungi: ianw ^ I think there was some question about why that was necessary yesterday19:20
zbrclarkb: i managed to build the elastic-recheck image, but i need to find a solution for the ssh keys.19:43
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Add option to prefer https/ssl in configure-mirrors
clarkbzbr: the way we've been doing content like configs and secrets is to bind mount all of that into the container. The container itself should be largely stateless19:43
openstackgerritJeremy Stanley proposed openstack/project-config master: Add Engagement Statistics to docs index
zbryep, but I want a solution that makes it easy to run locally for development.19:44
zbrfor other secrets I used ENV vars, so they are not included in the image.19:45
openstackgerritSorin Sbarnea (zbr) proposed opendev/elastic-recheck master: WIP: Create elastic-recheck docker image
fungii think what we've done elsewhere is bindmount the keys from a host path into the running container using entries in a docker-compose file?19:46
openstackgerritJames E. Blair proposed opendev/system-config master: Save zuul and nodepool logs from gate test jobs
zbris too late for me, need to go, but take a look at ^ and comment.19:46
*** roman_g has quit IRC19:47
clarkbfungi: yup exactly19:47
mordredzbr: awesome!19:50
clarkbzbr: mordred fungi the neat thing about a docker image too is it may allow us to bind mount over other query sets for other projects19:50
clarkbkind of an end around e-r not directly supporting configurable configs in the first place (though fixing that properly like still best)19:50
*** hasharAway has quit IRC19:51
mordredzbr: I have an idea ...19:51
mordredclarkb, zbr: I'm going to push up a followup with it - it's based on something I saw from the mapbox folks in their tippecanoe image - but I think it will accomplish the goal zbr has as well as what we're doing in opendev19:52
clarkbI'm going to pop out for that bike ride now. I'll be back in a bit to do the mirror apache restarts19:54
openstackgerritMonty Taylor proposed opendev/elastic-recheck master: WIP Make a localdev image stage that isn't built in CI
mordredclarkb, zbr: somethign liek that - since we specify the target in the zuul config, the final stage will just get ignore dthere. BUT - since it's the final stage, if someone just pulls the repo and runs "docker build . " - they'll get that extra stuff copied in20:00
*** roman_g has joined #opendev20:08
openstackgerritJames E. Blair proposed opendev/system-config master: Save zuul and nodepool logs from gate test jobs
openstackgerritJames E. Blair proposed opendev/system-config master: Vendor the apt repo gpg keys used for Zuul
openstackgerritJames E. Blair proposed opendev/system-config master: Run Zuul as the zuuld user
openstackgerritJames E. Blair proposed opendev/system-config master: Add iptables_extra_allowed_groups
corvusthe iptables thing failed in gate, so i went ahead and restacked, hopefully this series will be more stable20:20
*** hashar has joined #opendev20:37
*** larainema has quit IRC20:38
openstackgerritJames E. Blair proposed opendev/system-config master: Add support for multiple jvbs behind meetpad
corvusrebased ^20:41
corvusif we change it again, we may just want to do a depends-on there20:42
openstackgerritAlbin Vass proposed zuul/zuul-jobs master: WIP: add simple test runner
*** sgw has quit IRC21:00
openstackgerritMerged opendev/system-config master: Document the need to use sudo in order to access OSC
mordredcorvus: SOOOOO21:33
mordredcorvus: wait - let me try something (I was about to tell you about an intractable issue)21:33
clarkbok back now21:34
corvus#status log added gearman certs to private hostvars for ease of management, and moved gearman client certs and keys to the zuul group (in privatate hostvars)21:36
openstackstatuscorvus: finished logging21:36
corvusmordred: ^ fyi21:36
clarkbI'm going to run `sudo ansible mirror -m service -a 'name=apache2 state=restarted'` now to restart all of the mirror apache processes21:36
clarkb* on bridge21:38
clarkbthats done, we should have ssl things now21:39
clarkb \o/ it works21:40
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Add option to prefer https/ssl in configure-mirrors
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Add option to prefer https/ssl in configure-mirrors
*** mlavalle has quit IRC21:53
openstackgerritJames E. Blair proposed opendev/system-config master: Correct the test gearman certs
corvusokay, that's now the tip of the make-zuul-tests-work stack; we'll see how that goes21:56
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Add option to prefer https/ssl in configure-mirrors
*** sgw has joined #opendev21:59
*** mlavalle has joined #opendev22:07
ianwhrw: seems to have failed due to probably missing libraries i guess, which is good (for me, the node boots)22:09
ianw Unable to correct problems, you have held broken packages.\n is worrying but i couldn't see that.  we definitely shouldn't be holding packages22:10
ianwlmn if that's coming up and we'll look into it22:11
ianwclarkb / mordred / (but anyone else too) : can i get your eyes on dropping py2 from dib ->
clarkbianw: did you see the thread on that in openstack-discuss?22:12
ianwoh, not yet, let me go to mail22:12
clarkbI was kind of hoping for a bit more resolution there before I acked the cahnge on dib22:12
clarkbI think we do want ot drop python2 in dib, it may require a small amount of coordination22:12
*** slaweq has quit IRC22:13
ianwahh, i see ... yeah.  also by keeping up with openstack requirements, it becomes 3.6 only, due to transitivie dependencies that end up in >=3.6 libraries only22:14
hrwianw: node works fine. thanks a lot for help22:17
* hrw -> bed22:17
clarkbI personally think stickign to openstack requirements is sort of the wrong thing for dib, but more for the networkx stuff than for python version selections22:17
clarkband I Think we addressed networkx so meh22:17
ianwi'm not sure i disagree, i'd have to dig back through history to see what the thinking was at the time22:19
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Add option to prefer https/ssl in configure-mirrors
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Remove failovermethod from fedora dnf repo configs
ianwclarkb: Fri Jul 26 22:27:45 2013 - As a first step to OpenStack alignment22:26
ianwso basically, it's always been like that :)22:26
ianwi've suggested on list we tag the switch to python3 as dib 3, giving us the options of a 2.x branch, if somebody absolutely requires it and wants to maintain it22:27
clarkbianw: that sounds like a reasonable idea22:28
*** hashar has quit IRC22:37
*** tkajinam has joined #opendev22:37
ianwclarkb: i'm tempted to force merge the focal support to and then tag from that22:46
ianwi don't see anything else in the queue that is particularly "pre 3" stuff22:46
mordredianw, clarkb: I agree re: 3.x and a possible 2.x branch if someone wants it22:48
mordredI think we align to openstack requirements largely because _several_ of the openstack projects use it - but maybe we don't have to in our own gate jobs22:49
mordredlike - what if we made a tox py35 job (to make sure 3.5 still works for nodepool while it still supports 3.5)22:49
clarkbmordred: well I think the issue is we use openstack libs and they are 3.6 only now?22:50
mordredand then also had an openstack-py36 job or something which _does_ run with openstack constraints - so we make sure we don't land anything that would break openstack installs22:50
clarkbI don't mind dropping 3.522:50
ianwmordred: the zipp library has gone to 3.6 only, and gets pulled in by networkx22:50
mordredit should be fine if those have done their python-requires metadata properly22:50
mordredour 3.5 installs will get a slightly older zipp22:50
mordredif they _haven't_ - we can put in version specifiers in our requirements22:51
mordredmostly saying- zuul is still supporting 3.5 - and dib is a big piece of nodepool - so I think just dropping 3.5 from dib puts us in a shaky situation22:51
clarkbthats fair and ya if packaged properly it should work22:51
clarkbunfortunately a lot of that depends on the packages themselves22:51
mordredthat said - the discussion about dropping 3.5 from zuul is also out there and it seems like people are reasonably ok with it for v422:52
clarkb(we can always use a python3.5 dep in requirements though)22:52
mordredI think we shoudl at least make a stab - hopefully we won't have to carry 3.5 ourselves for too long22:52
clarkbmordred: note the latest ps on your change (I think ianw may have updated it) does drop 3.522:52
clarkbso worth a comment probably22:52
mordredbut I worry that we're going to hit a bug in something that nodepool will need a dib patch for and we won't be able to deliver one22:52
ianwmordred: so basically run the openstack victoria jobs, but *also* add our own py35 job?22:52
mordredianw: yes22:52
clarkbianw: or maybe even drop the openstack-victoria template and list all teh things we care about too22:53
mordredianw: I did this for openstacksdk22:53
mordredwhich is still supporting 3.5 because nodepool22:53
mordredand it's a legit openstack deliverable even :)22:53
mordredso far it's working fine22:53
clarkbmordred: well and sdk is intended to be used far and wide so being very conservative there makes sense22:53
mordredyah - but dib is actually used further than we probably realize22:54
openstackgerritOleksandr Kozachenko proposed zuul/zuul-jobs master: Patch CoreDNS corefile
ianwok, i can rework the change to do something like that22:54
clarkbsweet and its parent pass testing. Thats the first step in updating our jobs to use ssl for mirrors if people want to look at that22:54
mordredcool. (don't get me wrong - I want 3.5 out of here as much as anybody... I just want to make sure we don't hurt ourselves in the process)22:54
clarkbbasically on newer debuntu and everywhere else use the https urls instead of http for distro and pypi mirrors22:55
ianwit looks to me bifrost is installing dib from git in the middle of playbooks22:55
ianwso essentially an override-checkout would seem to work for them22:58
ianwmaybe johnsom could tell me more about octavia before i have to dig :)22:59
johnsomianw What would you like to know?23:00
ianwjohnsom: discussing tagging dib basically now as the last 2.x release and upping to v3 with py2 dropped23:01
johnsomIt slices, it dices, it even julienne fries...23:01
mordred(with a stable branch for the v2 series potentially for bugfixes as needed)23:01
ianwleaving us the option of a v2 branch, but only if we find we need it23:01
ianwheh, dib, stable, that made me giggle :)23:02
johnsomYeah, I have been a bit of an advocate for DIB stable branches myself. This is perfectly workable for us as long as stable policy/requirements folks don't get too worked up at us for pinning the requirements in our stable branches.23:03
johnsomSo even if we don't go full branching, a v2 seems very workable23:03
ianw also has to make it in to drop triple-o jobs23:07
*** DSpider has quit IRC23:07
corvusmordred, clarkb: i don't think zuul is in a rush to drop 3.5.  there's nothing we need in a later version.  so i think it would be a really friendly thing if our dependencies like dib and sdk continued supporting it as long as feasible.23:11
mordredcorvus: yeah - I think it should be easy enough for dib to. I know it's easy enough for sdk to23:12
corvusoops, i stacked the gearman change on the jvb change, but that's fine for now :)23:13
clarkbI think the jvb change can land too as it won't affect the existing server until we add a new jvb server23:15
corvusclarkb, mordred: yeah, i think we can/should land everything up through
corvuswe're not at a working zuul yet, but i'm pretty sure the logs are indicating incremental improvement and we're not breaking anything23:15
clarkbk I'll start reviewing the bottom of that stack now23:16
corvusmordred, clarkb: the end of that stack is indicating that our sql connection is lacking a sql database, which, in fact is the case.23:17
corvusso what should we do for a sql in the gate?23:17
corvuswe could do like gerrit and move it to a mysql container on the scheduler host23:17
clarkbya I think for testing that pattern is a good one23:18
clarkband even in production we've started doing that (gitea and ehterpad)23:19
corvusand prod too?23:19
corvusoh i thought we did that for gerrit; my mistake23:19
openstackgerritIan Wienand proposed openstack/diskimage-builder master: Drop support for python2
mordredcorvus: I think we haven't moved gerrit yet because it'll go away with notedb23:20
mordredcorvus: that said - in the gate we run gerrit with h223:20
corvuswe could try sqlite with zuul, but it's not a supported option23:20
corvusbut if that works with 5m of effort, maybe we should start with that :)23:21
clarkbcorvus: couple of things on the extra whitespace thing may be worth another patchset? I'm not sure if apt is happy with that23:21
clarkbcorvus: feel free to approve if we think its fine as is23:21
corvusclarkb: done; i'll fix in followup23:22
ianwdoes anyone have context on if we deliberately don't have a openstack-python38-jobs template?23:23
openstackgerritJames E. Blair proposed opendev/system-config master: Fix whitespace in zuul-executor PPAs
clarkbianw: openstack hasnt gotten that far yet I think23:26
clarkbfocal transition talk has just started23:26
clarkband before that only a few things were testing eith 3.8 but it was opy in and not global iirc23:27
ianwok, it's used in the victoria job template, but there's no openstack-python38-jobs equivalent23:27
clarkbianw: my guess is it was just missed23:29
openstackgerritJames E. Blair proposed opendev/system-config master: Use sqlite with Zuul in the gate
corvusmordred, clarkb: ^ spaghetti thrown, we'll see if it sticks.23:33
ianwsimilar to using 3.5 on the bottom end, since zuul uses 3.8 on the top end i guess dib should at least run tox under that too23:33
fungiis zuul usable with 3.8 yet? i thought current ansible versions still didn't work with it23:34
clarkbfungi: zuul itself is, but you have to use different python for ansible or only newer ansible versions23:35
clarkbansible is installed into virtualenvs so is in theory able to be run as different python version than zuul23:35
clarkball of our installation tooling assumes they are the same though iirc23:35
fungiheh, that's an interesting definition of "usable" but sure, i get it23:35
openstackgerritIan Wienand proposed openstack/diskimage-builder master: Drop support for python2
fungiin theory we could make future ansible venvs with 3.8 but use 3.7 or older to make other ansible vencs23:36
ianwfungi: not sure if you saw but you might like that, to autogen the ssl check list23:39
fungii saw, just been trying to keep afloat all day. can probably take a look now, thanks for the reminder!23:42
*** mlavalle has quit IRC23:43
fungiianw: longer term, bridge seems like a perfectly reasonable place to run that in production too... it's not like it needs special privileges anyway23:45
ianwdid i see something about containerising cacti anyway?23:45
fungithough it does necessitate installation of an additional distro package23:45
fungiif there was talk of containerizing cacti, i missed it, but i've been pretty distracted so maybe... it will happen eventually for sure23:46
ianwyeah just mailx i think23:46
fungiwell, and the certcheck utility23:46
*** tosky has quit IRC23:48
fungiianw: do you have any idea how we would go about reusing the same cert on multiple tcp sockets for the same dns name, given your proposed extensions to the letsencrypt_certs data structure?23:51
fungiseparate entry per socket?23:51
ianwfungi: i figured you don't need to check it's freshness on multiple ports?23:56
fungiahh, maybe. so we consider the port number listed in the letsencrypt_certs entries to be their canary ports23:57
fungii can't remember if we're still mixing static certs and le on the same hosts, but if we are we could see this as a reason to just not23:58
ianwyeah, that was my thinking; however, we could look at *all* entries in the list, and then run a uniq on the final output maybe?23:58
ianwlike the gitea case23:58
fungiand to be clear, our le automation doesn't generate multiple certs for a single host, so it's safe to only check one socket+name?23:59

Generated by 2.17.2 by Marius Gedminas - find it at!