| *** darmach4 is now known as darmach | 02:07 | |
| ykarel | frickler, fungi just wanted to check if you tracking somewhere secrets to update | 11:54 |
|---|---|---|
| ykarel | context is looking for failure in translation update job and that seems to require zanata_api_credentials which currently set to dummy | 11:54 |
| ykarel | so wanted to check if that's already in your radar | 11:54 |
| frickler | ykarel: for me the status is: yes, I'm aware of that, but I don't know how to regenerate those credentials still missing and/or will leave it to others to do so | 12:22 |
| ykarel | frickler, ok thx | 13:55 |
| corvus | Adrian Vladu: fungi perhaps we can move the discussion of re-encryption here? | 15:19 |
| fungi | yes, please | 15:19 |
| AdrianVladu[m] | hello, I got the information I neede, thanks! | 15:20 |
| AdrianVladu[m] | I wanted to know if it s safe to re encrypt the new github key | 15:20 |
| AdrianVladu[m] | the old key was removed from github deploy keys already | 15:20 |
| corvus | ah you removed it then? good | 15:20 |
| fungi | AdrianVladu[m]: okay, perfect, yes it's safe to redo it at any time | 15:21 |
| fungi | we replaced our zuul encryption keys when that announcement was sent on friday | 15:21 |
| AdrianVladu[m] | starlingx community needs to do the same process | 15:21 |
| corvus | (that was the only point i was unsure about from the previous conversation). it does sound like you're all set then. :) | 15:21 |
| fungi | yes, i reached out to their community manager to give her a heads up too | 15:22 |
| AdrianVladu[m] | thanks all! | 15:22 |
| corvus | so perhaps we could have made it more clear that it's okay to re-encrypt "right now" when we sent the announcement. | 15:22 |
| fungi | you're welcome! and sorry for any confusion/disruption | 15:22 |
| opendevreview | Clark Boylan proposed opendev/system-config master: Force a rebuild of the etherpad container image https://review.opendev.org/c/opendev/system-config/+/973267 | 15:53 |
| opendevreview | Merged opendev/system-config master: Force a rebuild of the etherpad container image https://review.opendev.org/c/opendev/system-config/+/973267 | 16:44 |
| clarkb | etherpad image promotion succeeded according to zuul so ^ is looking good so far | 16:46 |
| fungi | deploy succeeded too | 16:59 |
| clarkb | docker ps -a shows a self reported healthy container | 16:59 |
| clarkb | pads do open for me so I think this is all working as expected. We can proceed with actual updates like etherpad 2.6.0 and gitea 1.25.3 and gerrit with java 21 when we're comfortable with those I expect | 17:00 |
| mnasiadka | Is https://review.opendev.org/c/openstack/project-config/+/972508 fine to go now? Seems it needs a second +2 | 17:45 |
| fungi | does it need the ironic ptl to +2? | 17:46 |
| clarkb | fungi: it is a chnge to kolla acls | 17:47 |
| fungi | oh! right, i misread | 17:47 |
| mnasiadka | It’s kolla - we just want to implement what Ironic implemented (sort of) - Ironic doesn’t own the trademark hopefully :) | 17:47 |
| fungi | yeah, proposed by the ptl, so wfm | 17:48 |
| clarkb | I could rereview it but I fixed the chagne earlier so best if someone double checks what i did | 17:48 |
| fungi | lgtm | 17:50 |
| mnasiadka | Btw, the UI vote deletion patch is getting backported - https://gerrit-review.googlesource.com/c/gerrit/+/542241 | 17:50 |
| fungi | excellent! | 17:51 |
| mnasiadka | clarkb: who should I bug for second +2 on https://review.opendev.org/c/zuul/zuul-jobs/+/966187? ;-) | 17:55 |
| clarkb | mnasiadka: corvus is always a good one (but also busy I'm sure). I think mordred wrote some of the initial ideas behind that and has been around a bit more recently. fungi may also have thoughts? | 17:55 |
| corvus | +2 very happy to see that move along. :) | 17:59 |
| opendevreview | Merged openstack/project-config master: kolla: Introduce a version of Ironic core two tier structure https://review.opendev.org/c/openstack/project-config/+/972508 | 18:00 |
| mnasiadka | corvus: just missing workflow now :) | 18:05 |
| corvus | mnasiadka: if it lacks it by tomorrow, i'll be happy to add it, but left it off for now in case mordred or fungi want to look before then | 18:06 |
| mnasiadka | Ah, right | 18:07 |
| mnasiadka | clarkb: if there’s anything next I can help with - let me know, I’ll try to look on the weekly meeting channel - but it’s been my 10th working hour in a row today and I’ll probably loose focus :) | 18:08 |
| clarkb | mnasiadka: you should take a break! I'll make a note to take a look at the backlog and see what good options there are. Thank you for volunteering and for all the help | 18:10 |
| opendevreview | James E. Blair proposed opendev/zuul-providers master: Re-encrypt upload secret https://review.opendev.org/c/opendev/zuul-providers/+/973284 | 18:11 |
| opendevreview | Merged opendev/zuul-providers master: Re-encrypt upload secret https://review.opendev.org/c/opendev/zuul-providers/+/973284 | 18:12 |
| corvus | i re-enqueued the periodic image build jobs | 18:13 |
| opendevreview | Merged zuul/zuul-jobs master: Use mirror_info in configure-mirrors role https://review.opendev.org/c/zuul/zuul-jobs/+/966187 | 19:28 |
| opendevreview | James E. Blair proposed opendev/statusbot master: Fix sending commands from IRC https://review.opendev.org/c/opendev/statusbot/+/973292 | 19:40 |
| clarkb | I just sent a quick reminder about the matrix move | 19:55 |
| clarkb | hrm did 966187 break things? | 20:28 |
| clarkb | https://zuul.opendev.org/t/openstack/build/c1530dd156114d0783bea0b3d2d4ed12 from corvus' statusbot fix change says mirror_fqdn is undefined | 20:28 |
| clarkb | ok the failure is coming from opendev/base-jobs/roles/mirror-info | 20:31 |
| clarkb | but is likely a side effect of 966187 | 20:31 |
| opendevreview | Clark Boylan proposed opendev/base-jobs master: Handle missing mirror_fqdn https://review.opendev.org/c/opendev/base-jobs/+/973304 | 20:34 |
| clarkb | infra-root ^ that may fix things but will likely need force merging. If that doesn't work then we'lre likely going to need to revert 966187 | 20:35 |
| clarkb | is anyone else around to sanity check that before we force merge it? | 20:35 |
| clarkb | alternatively to say they would prefer we start with a revert | 20:35 |
| corvus | a revert would be a good opportunity to clean up the testing holes | 20:36 |
| corvus | and come up with a full test plan for that | 20:36 |
| clarkb | works for me let me push a revert then | 20:36 |
| opendevreview | Clark Boylan proposed zuul/zuul-jobs master: Revert "Use mirror_info in configure-mirrors role" https://review.opendev.org/c/zuul/zuul-jobs/+/973305 | 20:38 |
| opendevreview | Merged zuul/zuul-jobs master: Revert "Use mirror_info in configure-mirrors role" https://review.opendev.org/c/zuul/zuul-jobs/+/973305 | 20:42 |
| clarkb | ok revert is merged. I'llrecheck the statusbot change now | 20:44 |
| clarkb | could send something like #status notice An update to one of our base jobs roles broke another base job role. This update has been reverted and jobs should be working again. | 20:45 |
| clarkb | I've deescalated my privs after the force merge too | 20:46 |
| corvus | clarkb: notice lgtm and seems like a good idea | 20:57 |
| corvus | image credential is working now | 20:57 |
| clarkb | #status notice An update to one of our base jobs roles broke another base job role. This update has been reverted and jobs should be working again. | 20:57 |
| opendevstatus | clarkb: sending notice | 20:57 |
| clarkb | corvus: great! | 20:57 |
| -opendevstatus- NOTICE: An update to one of our base jobs roles broke another base job role. This update has been reverted and jobs should be working again. | 20:57 | |
| clarkb | with that fixed I've approved the gitea upgrade change. I do have a school run to do in a bit which might coincide with deployment a bit but I should be able to work with that | 21:01 |
| clarkb | and we can always unapprove it between now and then if tehre is concern | 21:01 |
| opendevreview | Merged opendev/statusbot master: Fix sending commands from IRC https://review.opendev.org/c/opendev/statusbot/+/973292 | 21:05 |
| clarkb | the hourly jobs should deploy ^ doesnlt look like the 2100 hourlies ran early enough to get it | 21:23 |
| fungi | ouch, i stepped out at just the wrong time after approving that mirror_info change, sorry | 21:38 |
| clarkb | zuul predicts that gitea upgrade change will merge right around when school pickup happens. I suspect it will be fine and I'll followup after I get home | 21:54 |
| opendevreview | Merged opendev/system-config master: Update gitea to 1.25.3 https://review.opendev.org/c/opendev/system-config/+/971469 | 22:51 |
| fungi | infra-prod-service-gitea is running in deploy now | 22:54 |
| Clark[m] | Gitea10 has updated. I'm on my way home and can check cloning and stuff then | 22:57 |
| clarkb | deployment reports success | 23:07 |
| clarkb | git clone works for me | 23:07 |
| clarkb | https://opendev.org/opendev/system-config/commit/659f6743901c8558f28cdfe77952642daa5bc79f browsing around looks good too | 23:08 |
| clarkb | each of the backends has new container and images from ~2 hours ago so that all looks good too | 23:10 |
| clarkb | last thing to check is gerrit replication | 23:10 |
| clarkb | https://opendev.org/airship/armada-operator/commit/9d4a18d210f0404e8c94b549697d3c23188dc76e and that looks good as well | 23:10 |
| clarkb | and statusbot also updated as expected via the hourly jobs | 23:14 |
| clarkb | mnasiadka: I'm looking at https://etherpad.opendev.org/p/opendev-running-todo-list and "bulk update fot toggleWipState to allow core reviewers to toggle that on their projects" and "convert use of iptables to nftables" are probably two that can be done without too much special access. For iptables to nftables we have rules in both system-config for our production servers and then | 23:19 |
| clarkb | opendev/zuul-providers for the test nodes. For the system-config side testing of that should be largely automated and give us a good sense of the transition, but we may also not want to update existing nodes so maybe that is a toggleable option? Either way I think getting that into a state where we can review the new ruleset and have it tested would be good | 23:19 |
| clarkb | mnasiadka: there is also this zuul-registry bug that is pruning our images on the next pruning run rather than waiting 180 days. The main issue with debugging that on your side is likely access to the pruning logs but I can share those I think if that interests you | 23:20 |
| fungi | yeah, on the toggleWipState implementation, our acl normalization should make it rather straightforward | 23:21 |
| clarkb | and if none of that sounds interesting I'm sure I can dig up more, but I don't want to overwhelm anyone to start | 23:21 |
| clarkb | fungi: re the etherpad with the todo list there is an item about upgrading openafs on all the servers whcih I think you did when you replaced/upgraded them. Do you want to mark that one off if it is done now? | 23:22 |
| fungi | could even use the normalization script itself and just add a routine to inject toggleWipState for every group that has Workflow -1 access if not already set | 23:22 |
| fungi | ah, i didn't even know it was on there but yes, they're all running openafs 1.8.13 now | 23:24 |
| clarkb | fungi: maybe its best to simply delete the line? | 23:24 |
| clarkb | I can do that if you prefer, just wanted you to get whatever credit there is to be had since you did the woprk | 23:25 |
| fungi | i can delete the line after dinner, but not really looking for credit | 23:25 |
| clarkb | ok I'll go ahead and do ti so you can enjoy dinner | 23:27 |
| fungi | thanks! sorry i hadn't noticed it was on there | 23:29 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!