Tuesday, 2023-03-21

opendevreviewMerged openstack/project-config master: gerrit/acl : check for function/s-r in normalize  https://review.opendev.org/c/openstack/project-config/+/87599700:09
opendevreviewMerged openstack/project-config master: gerrit/acl : check for capital booleans in normalize  https://review.opendev.org/c/openstack/project-config/+/87757100:09
corvusi removed the afs content i was using to test htaccess00:19
ianwok, will call out in meeting but i've now put DONE next to everything in the areas of concern in https://etherpad.opendev.org/p/gerrit-upgrade-3.700:44
ianwalthough i should add something about the group submit stuff00:45
ianwbut yeah, double checking those DONE's to ensure we agree with my conclusions would be good00:45
opendevreviewIan Wienand proposed opendev/system-config master: gerrit images : trigger rebuild  https://review.opendev.org/c/opendev/system-config/+/87804200:54
opendevreviewIan Wienand proposed opendev/system-config master: gerrit images : trigger rebuild  https://review.opendev.org/c/opendev/system-config/+/87804202:55
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add promote-container-image role  https://review.opendev.org/c/zuul/zuul-jobs/+/83891903:14
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Revert "Use --password-stdin for upload-container-image"  https://review.opendev.org/c/zuul/zuul-jobs/+/87804803:14
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add container repository cred permission checks  https://review.opendev.org/c/zuul/zuul-jobs/+/87804903:14
corvusianw: clarkb fungi ^ i think those 3 changes should get us the promote container role and near-parity with the docker roles03:16
corvusuntested by me locally, however, i think they should be self-testing, so we can evaluate job results.  i'm sure they will fail the first time.  :)03:17
opendevreviewMerged openstack/diskimage-builder master: A new diskimage-builder command for yaml image builds  https://review.opendev.org/c/openstack/diskimage-builder/+/87624504:30
opendevreviewMerged openstack/diskimage-builder master: Switch run_functests.sh from disk-image-create to diskimage-builder  https://review.opendev.org/c/openstack/diskimage-builder/+/87647904:33
opendevreviewMerged openstack/diskimage-builder master: Document diskimage-builder command  https://review.opendev.org/c/openstack/diskimage-builder/+/87663304:33
opendevreviewMerged opendev/system-config master: system-config-run-review : add review priority and backport labels  https://review.opendev.org/c/opendev/system-config/+/86805405:03
ianwclarkb: https://review.opendev.org/c/opendev/system-config/+/878042 is to trigger a gerrit image refresh which should get us the fixes for the related-changes links in the UI for 3.7.  I think we could go to prod with that, but will keep an eye for further point releases05:23
hitesh1409__Hi 05:52
opendevreviewMerged openstack/diskimage-builder master: Add swap support  https://review.opendev.org/c/openstack/diskimage-builder/+/86927006:38
opendevreviewMerged openstack/diskimage-builder master: Correct boot path to cover FIPS usage cases  https://review.opendev.org/c/openstack/diskimage-builder/+/87619206:39
*** jpena|off is now known as jpena08:22
hitesh1409_Hi Team, 08:32
hitesh1409_I've made some changes in the python-jenkins repository. Can you please review it?08:32
fricklerhashar: ^^ seems the person has already left again, but it looks like you've been working on CI fixes recently. also not sure whether there's a better channel to redirect this to?09:09
hasharfrickler: hello :)09:09
hasharah yeah I think the CI is broken :/09:09
hasharI will comment on their proposed change09:10
hasharnamely the fix is https://review.opendev.org/c/jjb/python-jenkins/+/865776 ;)09:13
hasharthere are various issues such as multi_key_dict requirement that probably got removed from the images/global requirements09:25
hasharsetuptools v66 dropping `LegacyVersion`09:26
hasharand tox renaming `whitelist_externals` to `allowlist_externals` ;)09:26
hasharwhat puzzles me with the OpenDev Gerrit is we can't see the projects access lists nor the groups ( https://review.opendev.org/admin/repos/jjb/python-jenkins,access and `python-jenkins-core` group https://review.opendev.org/admin/groups/94568a57f89b3e6e706e37db97b4bc01649294f9  both show as empty)09:35
*** dhill is now known as Guest841811:44
fungihashar: newer gerrit versions hide all access rules from users who aren't party to each rule. it's very annoying but i guess the gerrit maintainers think it's a security improvement that a general user can't find out who has access to what12:09
fungihashar: you can find our acls in git though: https://opendev.org/openstack/project-config/src/branch/master/gerrit/acls/jjb/python-jenkins.config12:11
hasharfungi: ah great. Thank you12:11
fungihashar: but you're not able to see the members in this list? https://review.opendev.org/admin/groups/python-jenkins-core,members12:12
hasharyeah that works sorry12:13
hasharlooks like I earlier today I stopped at the group page which merely has the descriptions https://review.opendev.org/admin/groups/python-jenkins-core12:13
fungithe default groups view in newer gerrit is the general group info yeah, you have to click "members" in the far left column12:13
hasharsorry for the misleading comment earlier :)12:14
hasharwhile on this topic, don't you have some yaml based system to manage all those groups and ACL?12:14
fungithe acls are in gerrit's ini type format and we just push those in through its git interface, groups are generally managed through the webui (we don't have any separate group management system)12:16
fungiwe do have the mapping of acl files to projects in https://opendev.org/openstack/project-config/src/branch/master/gerrit/projects.yaml if that's what you're remembering12:17
fungithough the "groups" mentioned in there are for mapping from gerrit project names to project names in bug trackers12:17
funginothing to do with gerrit groups12:18
opendevreviewMerged opendev/system-config master: gerrit images : trigger rebuild  https://review.opendev.org/c/opendev/system-config/+/87804213:04
opendevreviewJulia Kreger proposed openstack/diskimage-builder master: Add a FIPS element  https://review.opendev.org/c/openstack/diskimage-builder/+/87753913:07
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add promote-container-image role  https://review.opendev.org/c/zuul/zuul-jobs/+/83891914:56
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Revert "Use --password-stdin for upload-container-image"  https://review.opendev.org/c/zuul/zuul-jobs/+/87804814:56
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add container repository cred permission checks  https://review.opendev.org/c/zuul/zuul-jobs/+/87804914:56
noonedeadpunkhey there :) 15:11
noonedeadpunkfwiw clarkb: I've tried using rocky 8 container image and "just update" it with rocky-container dib element. And it failed on updating image due to curl/curl-minimal stuff https://paste.openstack.org/show/bXTh5GOe5PY6mWGMGtXJ/15:12
noonedeadpunkjust decided to follow up on idea that package update should be just fine...15:13
clarkbnoonedeadpunk: is your dib up to date? there was an issue in dib itself around that iirc15:17
clarkbI mean if you pull the latest rock 8 image today and update it and that doesn't work again thats a bug with the distro15:18
clarkbbut I think in this case dib needed an update and you dib may be out of date15:18
opendevreviewMichael Johnson proposed openstack/diskimage-builder master: Fix ubuntu-minimal to run autoremove  https://review.opendev.org/c/openstack/diskimage-builder/+/87808915:19
noonedeadpunkclarkb: to be fair - I had like half a year old image lying around and jsut decided to try it out15:20
noonedeadpunkI know it's fixed now, but I guess what I meant is that just updating old images doesn't ususally work with rhel....15:20
noonedeadpunkiirc it was fixed by `dnf install /usr/bin/curl` isntead of `dnf install curl`15:21
clarkbhow do people update rhel then? I mean I've never had this issue with a traditionally released distro. Arch yes because arch expects users to continuously update to keep up with its rolling nature15:21
clarkbBut I also don't use rhel based distros15:21
noonedeadpunkDunno, with pain? Because in osa we used to have issues a lot, whenever new point release was published15:22
noonedeadpunkchanges in package names, repos, config paths - all was happening for 7 and 815:23
clarkbright but you have to be able to upgrade from 8.1 to 8.6 or whatever?15:23
clarkbI understand package names may change and binaries may move, but the packages and package manager should accomodate that?15:23
noonedeadpunkWell, might be, but it's way harder to accomodate tools like dib to deal with that. As another example was rename of high-availability repo to HighAvailability, so with new point release attempt to add `high-availability` would just fail out. And attempt to add HighAvailability on older point release as well was failing.15:26
clarkbI guess they don't do transitional packages like debuntu?15:27
noonedeadpunkSo to support that in element you need to really identify exact release number and install based on that, which is way more hussle to support15:27
clarkbI guess the issue is the distro is buggy :)15:27
noonedeadpunknah. they don't15:27
noonedeadpunkWell, maybe they do sometimes... I don't really use centos for really a long time now anywhere on prod so can't tell how just manual updates go, but trying to automate these was really interesting thing to do.15:28
clarkbjitsi meet hasn't updated docker image locations yet16:00
*** artom_ is now known as artom16:08
fungiwere they planning to?16:19
fungiwas there any discussion linked somewhere?16:19
clarkbfungi: yes they are planning to host on github's registry https://github.com/jitsi/docker-jitsi-meet/issues/150216:20
fungiaha, thanks, now i remember you pointing that out earlier16:21
clarkbpart of my concern here is that we don't end up on stale images again without noticing. I'll keep an eye on that issue and their docker-compose file over the next few days and hopefully catch the switch16:38
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image variables  https://review.opendev.org/c/zuul/zuul-jobs/+/87813717:00
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add promote-container-image role  https://review.opendev.org/c/zuul/zuul-jobs/+/83891917:18
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Revert "Use --password-stdin for upload-container-image"  https://review.opendev.org/c/zuul/zuul-jobs/+/87804817:19
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add container repository cred permission checks  https://review.opendev.org/c/zuul/zuul-jobs/+/87804917:19
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image variables  https://review.opendev.org/c/zuul/zuul-jobs/+/87813717:20
*** jpena is now known as jpena|off17:21
opendevreviewJeremy Stanley proposed openstack/project-config master: Replace old Antelope cycle key with 2023.2/Bobcat  https://review.opendev.org/c/openstack/project-config/+/87814417:44
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image variables  https://review.opendev.org/c/zuul/zuul-jobs/+/87813718:02
clarkbfungi: ianw: I think we may want ot ask both works on arm and linaro if they want to be posted since they are two halves of the one coin there20:02
fungiianw: i guess it's a question of whether we attribute it to linaro, or works on arm, or both20:02
fungiwe did something similar with platform9 right?20:02
clarkbMy initial thought is both because with only one or the other we wouldn't have what we need20:02
fungithough also i'm now remembering that our linaro justification was for hosting the nodepool builder, which has since moved to osuosl?20:03
fungistarting to wonder if we should just list everybody there ;)20:03
ianwi mean it's not lying, and more logos does i guess convey that we interact with a wide range of providers in various ways20:05
opendevreviewMerged openstack/project-config master: Temporarily remove release docs semaphores  https://review.opendev.org/c/openstack/project-config/+/87755220:15
opendevreviewMerged openstack/diskimage-builder master: Fix ubuntu-minimal to run autoremove  https://review.opendev.org/c/openstack/diskimage-builder/+/87808920:33
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/87817220:51
corvusclarkb: fungi ianw ^ that refactors the jobs to make it clear that there are multiple axes: roleset ("docker" or "container"), command ("docker" or "podman"), multiarch (true, false), promote (true, false)20:53
corvusi think i also added container_roleset+docker_command tests in there20:53
corvusonce we're happy with that, we should add the multi-arch support on top of that and add those jobs to the matrix too20:54
clarkbcorvus: sounds good20:58
clarkbianw: your gerrit 3.7 checklist of DONE items lgtm. I did leave a couple of comments in places but nothing that needs action. THough I suggest we might test downgrades20:59
clarkbcorvus: I'll take a look at that change after a bike ride. Then start looking at multiarch I guess21:00
ianwclarkb: thanks, yep we can try with a held node with the new build21:00
corvusclarkb: awesome thanks!21:00
ianwfungi: https://review.opendev.org/c/openstack/project-config/+/877721 was one i meant to mention.  that came out of discussions in #openstack-infra about the way openstack/releases is showing in the UI21:08
fungiianw: yep, i saw 877721 but it didn't have feedback from the release managers acknowledging it yet and i didn't want to change things up on them until after the impending openstack release anyway21:13
ianwok no worries, a good answer on the whole thing alludes me anyway21:14
fungiagreed, it's yet another example of gerrit ui changes which they probably didn't consider too heavily beyond "does google rely on this?:21:15
opendevreviewIan Wienand proposed zuul/zuul-jobs master: containers : update test variable  https://review.opendev.org/c/zuul/zuul-jobs/+/87817522:58
opendevreviewIan Wienand proposed zuul/zuul-jobs master: container role docs : clarify requirements  https://review.opendev.org/c/zuul/zuul-jobs/+/87817622:58
opendevreviewIan Wienand proposed zuul/zuul-jobs master: container role docs : clarify requirements  https://review.opendev.org/c/zuul/zuul-jobs/+/87817622:59
opendevreviewMerged zuul/zuul-jobs master: build-docker-image: further cleanup buildx path  https://review.opendev.org/c/zuul/zuul-jobs/+/87280623:27
clarkbcorvus: I'm looking at that change and a number of things confuse me around the addition and removal of the files. It seems you didn't remove the file that called the inner playbook and that playbook set additional vars to not promote things. Should we keep the inner file and send things through that outer playbook or remove it and move the vars it set into the new file?23:37
clarkband then we need to update the jobs in the pipeline listigs. I can do that but I'm somewhat confused over what the intent was there23:37
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/87817223:38
corvusclarkb: re the job listings -- i forgot to run the update script (and also i had a docker/container typo at one point)23:39
corvusoh i'll go delete the other playbooks23:39
corvusthe intent with removing those playbooks was to just defer to the new "promote" variable in the job def since that's all those did23:40
clarkbcorvus: I see and that gets mapped properly with the different vars names?23:40
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/87817223:41
clarkbya ok that looks more like what I expected.23:41
corvusone more pass for whitespace23:41
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Refactor docker/container image jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/87817223:42
corvusthere we go23:42

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!