Thursday, 2023-03-23

« Wednesday, 2023-03-22 Index Friday, 2023-03-24 »
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add container build jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/87829101:14
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829601:42
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829601:54
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829602:01
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829602:07
opendevreviewIan Wienand proposed zuul/zuul-jobs master: buildx: remove experimental flags  https://review.opendev.org/c/zuul/zuul-jobs/+/87829302:37
opendevreviewIan Wienand proposed zuul/zuul-jobs master: buildx: remove experimental flags  https://review.opendev.org/c/zuul/zuul-jobs/+/87829303:06
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829603:06
ianwthere is a https://gerrit.googlesource.com/gerrit/+/v3.7.2 now03:22
ianwhttps://23.253.56.187/ is a held host03:23
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829603:26
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829603:32
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] test direct push  https://review.opendev.org/c/zuul/zuul-jobs/+/87829603:40
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] build-container-image : refactor buildx a bit  https://review.opendev.org/c/zuul/zuul-jobs/+/87829605:18
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830406:06
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830406:34
ianwi think review is not happy :/06:53
tkajinamseems we have some trouble with gerrit ?07:02
tkajinam502 proxy error07:05
tkajinamhm seems it's back07:05
ianwi've banned and ip and restarted it ... we'll see07:05
ianwtkajinam: that was just the restart, try again should work07:05
tkajinamah, ok now gerrit dashboard loads and git review passes.07:06
tkajinamianw, thanks !07:06
ianwheh don't thank me yet, i'm still not sure what exactly is happening :)07:06
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830407:07
tkajinamwired. it seems gerrit created two review urls for same change id07:07
tkajinamhttps://review.opendev.org/c/openstack/tripleo-ansible/+/87831007:07
tkajinamhttps://review.opendev.org/c/openstack/tripleo-ansible/+/87831107:08
tkajinamI'll abandon these as I remember some problems with a similar situation and will push it with a different change id. I guess we can just abandon these but I'll share this for records07:08
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830407:50
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830408:04
*** jpena|off is now known as jpena08:23
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830408:51
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830409:56
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830410:23
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830410:31
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830410:47
*** JasonF is now known as JayF13:56
fungiwe're back to higher activity levels in openstack now that the release is past, and the rax-ord graph looks pretty healthy alongside the other two regions at ~full use: https://grafana.opendev.org/d/a8667d6647/nodepool-rackspace?orgId=1&from=now-6h&to=now14:50
fungiwe're seeing ~75% in use and 25% building/deleting in rax-ord, whereas previously it would have been almost 0% in use and 100% building/deleting14:52
fungiso i think we can close out that chapter14:52
clarkbthat is good news. I'm sorting out tea and breakfast but I need to rereview gitea server load/demand and decide if I'm proceeding with old server permanent removal today15:12
clarkbI should considering replacing python3.8 and 3.10 with just 3.11. >2600 packge updates due to python getting all the updates15:36
fungithat's certainly one up side to distros that pick one version of python at a time15:37
clarkbI finished my tea before local updates today. heh15:39
dtantsurclarkb: hi, has https://lists.openstack.org/pipermail/openstack-discuss/2023-March/032773.html resolved your concerns re image deletions? I somehow missed your question, but I think Jay addressed it16:05
clarkbdtantsur: I think maybe half addressed. It wasn't clear to me how that mapped onto the specific request and the deletion for specific files. I also think there continues to be a bug in how ironic is publishing images based on that feedback. It seems you expect people to never use old images but then don't publish a "just use this image" image and instead publish very version and16:06
clarkbdisto specific things that need periodic cleanup?16:06
clarkbWhat I take away form that is that ironic should probably publish a single golden image and expect people to use that. Then update that image over time16:06
dtantsurclarkb: we stopped publishing the images that are part of this clean up. We no longer publish images for bugfix branches (even up-to-date ones) because we cannot offer a reasonable support for them.16:07
clarkbaha that is the bit I was missing16:07
dtantsurwe do publish images per stable branched (and don't delete them)16:07
dtantsurwe mark the images with distros for clarity, but we have only one distro per each branch16:07
dtantsurthat does lead to situations like when we start publishing "master" images on centos8 and then have to switch to centos9 and remove the incorrect images16:08
dtantsur(keeping the centos8 image is misleading because it's not actually "master", it's "master at the point before the switch")16:09
clarkbya I think that should be avoided16:09
clarkbyour users don't actually care what the distro is right? this is a utility that gets booted to execute things on the host prior to/after user images run16:10
dtantsurwell.. they do. distro implies shipped drivers.16:10
clarkbbut that centos 8 version is dead and unsupported now and will never receive updates?16:10
dtantsurwe had to keep support for CentOS 7 exceptionally long because CS8 removed some drivers for hardware still in use16:10
dtantsurcentos8-master is dead, yes16:11
clarkbright but that may not be clear to anyone who is using it16:11
clarkbwhereas if you just have the latest image the would automatically convert over16:11
dtantsurit can be a breakage either way. a new distro may (and does in practice) stop supporting certain hardware.16:11
dtantsurwe'll consider going versionless once we reach CS10 :)16:12
dtantsur(if we drop the version or the whole distro prefix now, we'll once again end up with images to delete)16:12
clarkbright but that can be a one time thing instead of an every 6 months thing16:13
dtantsuryeah, but why do it now instead of at the next update?16:13
dtantsur(I hope CentOS Stream does not get a new major version every 6 months, that's the reason we picked it over e.g. ubuntu or fedora)16:13
JayFYeah, we can't drop the distro out of the IPA image names because that's somethign an operator needs to know16:14
JayFwe often see folks break during those transitions because of upstream hardware support changes16:14
JayFI think this seems like a bigger problem because dtantsur is cleaning up literally almost a decade of bad IPA images16:15
JayFwhereas in the normal case now I believe we'd be removing 1/2 at a time if we catch up and stay caught up16:15
fungii remember deleting some a few years ago, but maybe it was a more selective cleanup and not a purge16:15
JayFwe did a big move, and you cleaned up the old location16:16
dtantsurfungi: it was because of a mistake in the build jobs. unfortunately, they're not trivial to test in advance (if they are, please tell me how)16:16
dtantsurand maybe that as well16:16
fungiin theory we could do something with them like we do for testing container images16:16
clarkbdtantsur: mostly I brought it up because requests like that are a major "smell" for automation/CI/release managment/packaging16:16
JayFAre there other openstack projects that ship, as a deliverable, a full OS image/ramdisk?16:17
clarkbI wanted to take it as an opportunity for the ironic project to think about how they organize and publish artifacts that end users rely on. So that we can avoid needing to potentially break them again later16:17
JayFIf so, how do they manage this problem?16:17
JayFI guess there's even another angle on it: a full OS image/ramdisk targetted at hardware, not VMs16:17
clarkbJayF: I think octavia and trove and sahara also publish images, but their official process is for people to build them locally16:17
clarkbthey are os images not ramdisks16:18
fungivirtual machine images basically, yes16:18
JayFI think this is why we have a bigger problem; in our case hardware support matters so we can't handwave the distro or version16:18
johnsomOctavia builds an image, but it is marked for testing only and is primarily used by the deployment tool test jobs.16:18
JayFmaking it ugly when we have to change those b/c we don't delete the old (is there a way we could automate this piece? I doubt it?)16:18
clarkbJayF: but I'm hearing that you kinda do by silently dropping support for centos 816:18
clarkbI get that the centos 8 image might be necessary but in that case you should probably continue updating it?16:19
opendevreviewElod Illes proposed openstack/project-config master: Unpin nodeset for tag-releases  https://review.opendev.org/c/openstack/project-config/+/87847216:19
clarkbjohnsom: ok cool my memory was correct then16:19
clarkbJayF: dtantsur to be clear I don't know what the answers are. I just wanted people to think about them before we go and delete things16:19
JayFclarkb:  CentOS Stream 8 EOL'd in 202116:19
clarkbJayF: right but stream still exists and presumably with os driver overalp16:20
JayFWe support CentOS 9 Stream now, which is next16:20
clarkbright but dtantsur is saying that 8 doesn't have the same os drivers as 9 so some people are likely still intentionally using a now not updated 8 image?16:20
JayFclarkb: I don't love the stream model, and would personally prefer we test against a more stable Rocky or Alma linux; but that's not just my choice so I go with what the community likes16:21
clarkbBut like I said I'm not here to prescribe anything. More just "this is a good opportunity to look at why we are deleting things and determine if that is appropriate or necessary and shift if appropriate"16:21
JayFclarkb: or in those cases, we have modified images to make them have better support16:21
JayFclarkb: we actually are going to add a package to our centos 9 images to fix an issue with some stuff that was moved into extra-hardware 16:21
JayFMy answer is: I agree this all seems like it could be better. I'm not sure what concrete things we could do given current limitations to improve it.16:22
clarkbfrom what little I know it soundslike maybe you should publish a single up to date image for each base distro that you support16:22
clarkbthat gets you driver coverage and ensures that the tooling is up to date and doesn't get stale (staleness being the concenr leading to deletion aiui)16:23
JayFThe problem with that comes when we change distros, from Version X to X+1. We publish master iamges so in those cases; we have to cleanup the old distro-named releases16:24
clarkbjust me talking out loud here: maybe master images should be testing only and not be distro specific. Just have an image that meets the need of development. Then you have centos-7-ipa-latest centos-8-stream-ipa-latest centos-9-stream-ipa-latest (or similar) for that latest release of ipa16:27
clarkbThen the only time you delete anything is when a centos version is 10 years old and no longer getting updates16:28
clarkband it a single file with a clear end of life plan16:28
JayFCentOS doesn't follow that model anymore. There is no LTS for CentOS Stream.16:28
JayFAt least AIUI16:28
clarkbthere is some planned sunset though16:28
clarkbwhatever it is16:28
JayFfor the CentOS Stream 8, it was 2021. and 9 is the current version16:28
JayFso there's only one version currently supported16:28
clarkbcentos 8 stream is currently supported16:28
clarkblooks like may 31 2024 is the centos 8 stream eol16:29
* JayF finding conflicting info on the internet and now looking for a more authoritative source16:29
dtantsurAre you suggesting we keep building C7/CS8 versions of master IPA? these releases are not in PTI and their Python 3 versions make everything complicated16:29
clarkbso thats the date you delete those images16:29
clarkbdtantsur: what I'm hearing is that some users need centos 7 for old hardware. If I'm a ironic user I would expect ipa to continue to work with the old hardware I have16:30
dtantsuryeah, and we kept it supported for longer than we wanted. but we cannot any more.16:30
clarkband not require me to use old unsupported buggy insecure releases16:30
clarkbif ironic isn't able to do that (which I a totally valid stance from a development perspective) then I think that should be more clear and we can probably help do that via the publication practices16:31
clarkbJayF: https://www.centos.org/centos-stream/ states May 31, 2024 fwiw16:33
JayFclarkb: yeah I see that, but is CentOS Stream 8 still in the PTI?16:33
dtantsuryep, CS8 is still alive and kicking. but its Python 3.6 makes it harder for us to build on it.16:33
dtantsurin any case, our image choice is to a large extent driven by the PTI16:33
dtantsurs/image/distro/16:34
dtantsurOur policy is essentially "pick a distro from the PTI and publish images with it until it changes"16:34
dtantsurwhich may not be great, but it's a nice compromise between putting a reasonable load on us and putting up any images at all16:35
JayFwe need to *notify* operators if that changes so they know what's up, and we can try to get their stuff working on newer releases 16:35
JayFhence the version id being in the name16:35
dtantsurdo you think IPA-builder release notes are not enough? we may pick another venue16:35
JayFhonestly this whole chat makes me wonder if we need to publish a readme alongside our tarballs outlining this policy along with the cleanup16:37
JayFor something similar16:37
JayFthis is one of those things where our behavior is documented, but in like 3 different places spread across openstack docs :D16:37
clarkbJayF: that is not a bad idea. Even if it serves as a pointer to those other locations. Since people are going to grab the images in that spot they will likely notice a readme16:38
clarkbI know i read the readmes for things like the openshift client releases that way16:38
dtantsuris it possible to somehow render the readme in the listing?16:38
dtantsurI know some projects do it16:38
clarkbbut again I was just trying to make sure we'd done some due diligence before deleting things to make sure we weren't going to surprise people and to avoid getting in a spot where we repeat potential mistakes16:39
clarkbdtantsur: if you supply the html/js/css16:39
clarkbbut no by default its just apache mod autoindex iirc16:39
JayFclarkb: yeah, from our perspective this is about trying to make sure we don't publish images that just won't work if someone downloads them16:39
JayFclarkb: so if I have a vote; I'd say dtantsur and I will take the action to more clearly document this alongside, but can we execute the changes requested to make sure in the interim, users don't get years-old images?16:40
clarkbJayF: when you say won't work thats with latest ironic right?16:40
dtantsuryeah, particularly coreos-image, which sounds cool until you understand it's even not the coreos that exists now16:40
clarkbone of my questions was whether or not it would be necessary for old installs out there16:40
JayFWe publish images versioned to our stable versions16:40
clarkb(it sounds like no generally an old install can use a newer ipa as long as the base ipa image supports their hardware)16:41
JayFso if you were installing Train (weeps inside), you could download our train-published image16:41
dtantsurwe keep branched images up to liberty actually: https://tarballs.opendev.org/openstack/ironic-python-agent/coreos/16:41
JayFclarkb: it's actually pretty flexible. We had one Ironic<>IPA break (agent token) but if you're on the right side of that, you're mostly OK16:41
dtantsuralthough these use the ancient coreos, I don't request deleting them16:41
JayFand I bet they work with the proper ironic version16:41
JayFno reason they wouldn't16:42
dtantsurbut the master one is dangerous since it may imply that the image works with ironic master. and it may or may not, or may break at some weird point. nobody knows nowadays.16:42
JayFbtu it's slightly horrifying to think about someone actually running a published ramdisk image from 7 years ago lol 16:42
dtantsuryeah, I hope they understand the risks :)16:42
clarkbI agree its scary, but what I've found as a cloud user is that often times we don't make those decisions16:45
clarkbgranted the ipa image is more of a deployment decision16:45
* JayF goes back to his roost16:46
JayF*roots16:46
JayFif someone is running Liberty Ironic, bless their heart16:46
JayFthe amount of pain they are feeling for a vastly inferior cloud project is immense :|16:47
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Add container build jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/87829116:47
clarkbtalking out loud here: you mentioned you don't use ubuntu because they have a major release every 6 months. This isn't really true anymore. The LTS releases occur every 2 years. And one thing Ubuntu is actually really good at ime is hardware compatibility. Paritcularly with their hardware enablement kernels. Just throwing that out there16:56
dtantsurclarkb: yeah, there was also a trademark concern.. maybe JayF remembers it better, something about removing ubuntu branding if you modify it enough.17:09
opendevreviewMerged zuul/zuul-jobs master: Add container build jobs  https://review.opendev.org/c/zuul/zuul-jobs/+/87829117:09
JayFWay back in the day there was an issue publishing images labelled "ubuntu" without their explicit consent17:09
clarkbya I remember that. I thought it was only if you were rebuilding things but I'm not a lawer17:10
JayFIt was not, at least in context of Rackspace Cloud at the time.17:10
JayFI mean, that's not a good reason to not do it unless we actually investigated that space17:10
JayFbut traditionally that's why Ironic published non-ubuntu images17:11
JayFdebian and then flipped to centos at some point while I was mostly-gone from the project iic17:11
JayF*iirc17:11
clarkbinfra-root I've scanned the cacti graphs for gitea09-14 and I don't see anything that concerns me since the openstack release. I've removed my WIP vote on https://review.opendev.org/c/opendev/system-config/+/877298 and if I don't hear any objections I'll proceed with cleaning gitea01-04 up today17:26
clarkbthat first change stops gerrit replication to the 4 servers. I'll trigger full gerrit replication after that lands to ensure we didn't miss anything17:26
*** jpena is now known as jpena|off17:26
clarkbOnce that is done we can land https://review.opendev.org/c/opendev/system-config/+/877301/ to pull the servers out of config management. THen we delete them and then clean up dns17:27
opendevreviewJames E. Blair proposed opendev/base-jobs master: Add container-image jobs  https://review.opendev.org/c/opendev/base-jobs/+/87828817:47
corvusclarkb: ^ updated that change and replied17:48
clarkbcorvus: ack so avoid documenting it in that section entirely since the parent jobs capture it17:49
corvusclarkb: well, more like it's just one possible way to use the jobs.  so if we want to have some narrative structure around the different possible ways, let's put that in something like https://opendev.org/opendev/base-jobs/src/branch/master/doc/source/docker-image.rst17:50
clarkbgot it17:50
corvus(the removal of that section is an unrelated change -- it's a duplicate of what's in credentials.rst)17:50
corvus(basically the job docs split that part up, so each job's docs only shows the relevant jobvars)17:51
opendevreviewMerged opendev/base-jobs master: Add container-image jobs  https://review.opendev.org/c/opendev/base-jobs/+/87828818:10
opendevreviewClark Boylan proposed zuul/zuul-jobs master: Add docker buildx multiarch support to container roleset  https://review.opendev.org/c/zuul/zuul-jobs/+/87824618:14
opendevreviewClark Boylan proposed zuul/zuul-jobs master: buildx: remove experimental flags  https://review.opendev.org/c/zuul/zuul-jobs/+/87829318:14
opendevreviewJames E. Blair proposed opendev/base-jobs master: Add ensure-* roles to container image jobs  https://review.opendev.org/c/opendev/base-jobs/+/87847818:52
corvusclarkb: ^ i missed a thing18:52
clarkbloking18:52
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830419:25
ianwDo you really want to submit the above commits?19:34
ianwType 'yes' to confirm, other to cancel: yes19:34
ianwerror: remote unpack failed: error Missing blob 098d484a6143c07ea9aeaa261da1785d42e53ee919:34
ianwfatal: Unpack error, check server log19:34
ianwthat's a new one ...19:34
ianwthis is in zuul-jobs19:36
opendevreviewMerged opendev/base-jobs master: Add ensure-* roles to container image jobs  https://review.opendev.org/c/opendev/base-jobs/+/87847819:40
ianwi can replicate it but i don't know why19:42
ianwgit clone https://opendev.org/zuul/zuul-jobs19:42
ianwgit fetch https://review.opendev.org/zuul/zuul-jobs refs/changes/46/878246/7 && git checkout FETCH_HEAD19:42
ianwadd a change19:42
ianwgit review19:42
corvusdifference in packing on those 2 repos?  (and possibly a difference on a specific gitea backend?)19:43
Clark[m]I think that's the --no-thin thing19:43
Clark[m]Git review has a flag to set that now and it has to do with some jgit thing iirc19:43
opendevreviewIan Wienand proposed zuul/zuul-jobs master: [dnm] testing manifest create  https://review.opendev.org/c/zuul/zuul-jobs/+/87830419:45
ianwClark[m]: ahh, good call.  first time i've seen that!19:45
ianwi guess cloning from gitea but then pushing to gerrit is probably at the heart of it somewhere19:48
opendevreviewlotorev vitaly proposed opendev/system-config master: docs: Fix link to https://testinfra.readthedocs.io/  https://review.opendev.org/c/opendev/system-config/+/87843519:54
opendevreviewMerged zuul/zuul-jobs master: Add support for passing env vars to the container build env  https://review.opendev.org/c/zuul/zuul-jobs/+/87823919:55
opendevreviewJames E. Blair proposed opendev/base-jobs master: Fix container-image pre playbook container_command default  https://review.opendev.org/c/opendev/base-jobs/+/87848219:56
opendevreviewlotorev vitaly proposed opendev/system-config master: docs: Fix link to https://testinfra.readthedocs.io/  https://review.opendev.org/c/opendev/system-config/+/87843519:56
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Fix container-image pre playbook container_command default  https://review.opendev.org/c/zuul/zuul-jobs/+/87848319:57
opendevreviewlotorev vitaly proposed opendev/system-config master: docs: Fix link to https://testinfra.readthedocs.io/  https://review.opendev.org/c/opendev/system-config/+/87843520:02
opendevreviewlotorev vitaly proposed opendev/system-config master: Fix typos in doc/source/open-infrastructure.rst  https://review.opendev.org/c/opendev/system-config/+/87843520:14
opendevreviewJames E. Blair proposed opendev/base-jobs master: Move pull-from-intermediate-registry to localhost  https://review.opendev.org/c/opendev/base-jobs/+/87848420:19
corvusClark: ianw ^ another oops20:19
opendevreviewMerged opendev/base-jobs master: Fix container-image pre playbook container_command default  https://review.opendev.org/c/opendev/base-jobs/+/87848220:40
opendevreviewMerged opendev/base-jobs master: Move pull-from-intermediate-registry to localhost  https://review.opendev.org/c/opendev/base-jobs/+/87848420:42
clarkbok I havne't heard any opposition to removing the old giteas. I'm going to approve the change to stop replication now21:01
clarkbhttps://review.opendev.org/c/opendev/system-config/+/877298 is on its way now. I'll trigger full rereplication after that takes effect to mitigate any lost events21:04
* fungi loudly unopposes21:12
opendevreviewMerged opendev/system-config master: Remove gitea01-04 from Gerrit replication  https://review.opendev.org/c/opendev/system-config/+/87729821:13
clarkbinfra-root I've finally gotten around to looking into infra-project-manage-projects to see if I can determine why it is ok to have multiple projects.yaml updates in a row after renaming projects and I simply don't get it.21:45
clarkbThe job has openstack/project-config as a required project which causes the merged change to be checked out https://opendev.org/opendev/system-config/src/branch/master/zuul.d/infra-prod.yaml#L89-L10421:46
fungithe checkout ends up having the equivalent of the branch tip, right? so subsequent runs are a no-op21:46
fungisince this is happening post-merge21:46
clarkbI don't think so?21:47
fungihmm...21:47
clarkbhttps://opendev.org/opendev/system-config/src/branch/master/playbooks/manage-projects.yaml#L29-L31 is run by the job to copy project-config from zuul homedir (as setup by the required projects) to review21:47
fungii thought a zuul checkout always merged the change in question to the branch tip (which post-merge is an empty diff)21:47
clarkbfungi: oh I see what you are saying21:48
clarkbthat I'm not sure of. But I guess the recent cherry pick support fixes in zuul would agree with that21:49
fungii was pretty sure using the zuul checkout there was just an easy way to make sure the repo was refreshed21:49
clarkbthat role run by the job above does explicitly check out master for system-config but only for periodic/hourly jobs https://opendev.org/opendev/base-jobs/src/branch/master/playbooks/infra-prod/setup-src.yaml#L37-L5321:49
clarkbfungi: but I think are are saying that if we merge A, B, and C in that order each with a different project rename in them. That they will all effectively run with the content of C because when zuul merges A to tip of master its already got A B C in it and it isn't running without B and C?21:51
clarkb*but I think what you are saying21:52
clarkbfor some reason I really thought the order was preserved21:53
fungiyes21:53
fungithat's what i was assuming happened, at least, but we probably need to inspect the history of the checkout for the A build to see if B and C appear21:54
fungiin order to progress from assumption to fact21:54
fungior just look at A's manage projects log to see if it took the expected actions from B and C21:55
fungiand whether the builds for B and C were ultimately no-op21:55
clarkboh sorry the base-jobs role I linked does updates project-config form master too but only in the hourly pipelines21:57
clarkbs/hourly/periodic and hourly/21:57
clarkbThis code did change since the lsat time we did renames but it should be a pretty direct port of what we had before21:58
clarkbsaid another way it was always just periodic and hourly pipelines that got the master update explicitly21:58
clarkbfungi: but I think you may be on to something. Deploy is triggered by change-merged not ref-updated. change-merged merges the change again and it would noop?22:00
clarkbcorvus: ^ is that your understanding? I'll try to confirm this (maybe via zuul tests?) before we need to decide if we squash all the project rename chnages into a single change22:00
clarkbworst case I think that is our safety valve and it isn't a difficult one22:01
clarkbI just like to understand what is going on22:01
corvusgot a build for me to look at?22:02
clarkbcorvus: not off the top of my head, but let me dig around22:03
corvusclarkb: i think i have enough context clues from what you and fungi wrote, so don't worry, i'll try to answer22:06
clarkbcorvus: https://zuul.opendev.org/t/openstack/build/44aa9576778840919d321e10ce258cde then https://zuul.opendev.org/t/openstack/build/3da70eb3e1294a4fa11b356f3a54c606 look like they ran back to back for subseuqent project creations22:06
corvusack ok22:06
corvusi think the answer is yes, that's all correct.  and the rule of thumb is use deploy for things where the change matters and not the repo content; and use post when the repo content matters but not the change.22:08
opendevreviewMerged opendev/system-config master: Fix typos in doc/source/open-infrastructure.rst  https://review.opendev.org/c/opendev/system-config/+/87843522:08
corvuser i should say "change-merged" rather than "deploy" and "ref-updated" rather than "post" but you get the idea22:08
clarkbcorvus: ok so we don't actually need to worry about change A recreating the project that B renames becuase the jobs effectively run as if A abd B are both present in the repo in a change-merged pipeline22:09
clarkbwe do need to merge them very quickly together though?22:10
clarkbreplication config has updated. I'll trigger global replication now22:10
corvusi think the behavior is probably worth some serious thought22:10
clarkbcorvus: I agree and it is why I wanted to figure it out before we do the actual renames22:11
clarkbI'll continue to noodle on it and read into what zuul does and read those logs. Thought probably more tomorrow now that I'm understanding this will take a bit of digging22:13
corvusclarkb: i think the deploy pipeline/job structure assumes idempotency22:13
corvusso if the rename playbook doesn't, could be tricky22:13
clarkbcorvus: right we typically rename everything in one go outside of zuul to shorten the outage fo rgerrit. Then we merge the changes that update the names of the repos after gerrit back up again to reflect the new reality with the expectation that things noop22:14
opendevreviewSteve Baker proposed openstack/diskimage-builder master: Check and grow the GPT structure to the end of the volume  https://review.opendev.org/c/openstack/diskimage-builder/+/82755822:14
clarkbMy understanding is that this could be problematic for the seuqenced merges but then we've done them in the past (unfrotauntely years ago) long enough ago that I don't recall exactly what happened but that we didn't think we ended up with new empty repos with the wrong names22:15
clarkbfuzzy memory says that maybe the jobs for A failed due to the inconsistent state before running manage-projects so that it only actually runs the job on the last change which is consistent22:16
clarkbbut I don't want to rely on that as an assumption. I'll continue to look into this22:16
clarkbnow that I've written that out I want to say that is precisely what happened22:17
clarkbI seem to recall the jobs were aborted due to an earlier failure of some sort due to the inconsistency22:17
clarkbheh ya those examples I linked had only manage-projects in their buildset22:18
clarkbas far as workarounds we can squash the changes or we can disable zuul infra-prod interactions until after those changes are processed. Then hourly will do the correct thing checking out master22:21
opendevreviewMerged zuul/zuul-jobs master: Add docker buildx multiarch support to container roleset  https://review.opendev.org/c/zuul/zuul-jobs/+/87824622:23
opendevreviewMerged zuul/zuul-jobs master: buildx: remove experimental flags  https://review.opendev.org/c/zuul/zuul-jobs/+/87829322:23
opendevreviewIan Wienand proposed zuul/zuul-jobs master: build-container-image: directly push with buildx  https://review.opendev.org/c/zuul/zuul-jobs/+/87848722:26
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Handle zk_image.repository not being defined in container roles  https://review.opendev.org/c/zuul/zuul-jobs/+/87848822:29
clarkbreplication is complete22:29
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Handle zk_image.repository not being defined in container roles  https://review.opendev.org/c/zuul/zuul-jobs/+/87848822:32
opendevreviewJames E. Blair proposed zuul/zuul-jobs master: Handle credential repository not being defined in container roles  https://review.opendev.org/c/zuul/zuul-jobs/+/87848822:33
*** promethe- is now known as prometheanfire23:08
opendevreviewIan Wienand proposed zuul/zuul-jobs master: push-to-intermediate-registry: look for container_images variable  https://review.opendev.org/c/zuul/zuul-jobs/+/87849223:33
opendevreviewIan Wienand proposed zuul/zuul-jobs master: push-to-intermediate-registry: look for container_images variable  https://review.opendev.org/c/zuul/zuul-jobs/+/87849223:35
opendevreviewMerged zuul/zuul-jobs master: Fix container-image pre playbook container_command default  https://review.opendev.org/c/zuul/zuul-jobs/+/87848323:37
opendevreviewMerged zuul/zuul-jobs master: Handle credential repository not being defined in container roles  https://review.opendev.org/c/zuul/zuul-jobs/+/87848823:38
corvusinfra-root: i updated emilienm's script: https://paste.opendev.org/show/bYuiVPu62mWDqjaAw93m/23:59
« Wednesday, 2023-03-22 Index Friday, 2023-03-24 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!