Saturday, 2014-04-05

mordred	clarkb: I was just thinking that there was a better key exchange mechanism going on here than what we were currently doing - but on second read, it would be essentially the same amount of work	00:00
mordred	just different	00:00
*** ArxCruz has quit IRC		00:00
fungi	mordred: openssh certificates solve a problem we don't really have (letting servers figure out who to let in without having a list of their keys)	00:04
fungi	sdague: the remaining devstack image rebuilds completed while i was at dinner, so should be safe to use those fedora images now	00:04
fungi	er, those fedora qcow files (not to confuse them with nodepool images)	00:05
mordred	fungi: awesome. I will stop caring about that	00:05
*** e0ne has joined #openstack-infra		00:06
*** dcramer_ has joined #openstack-infra		00:06
*** alexpilotti has quit IRC		00:06
*** zhiyan_ is now known as zhiyan		00:07
fungi	they're neat if you just want to distribute a ca public key to all your systems and then centrally sign auth credentials with an authority and let your servers check the sigs	00:09
fungi	but with ubiquitous active config management, that's not really much help to us	00:10
*** wenlock has quit IRC		00:10
fungi	but also, i'd just suggest kerberos before i'd suggest ssh certificates. greater flexibility and not too much more hassle	00:11
*** Sukhdev has quit IRC		00:11
mordred	fungi: ++	00:12
mordred	SpamapS: btw ^^	00:12
*** thuc has quit IRC		00:13
*** Sukhdev has joined #openstack-infra		00:13
fungi	though the ability to sign host keys is sort of nice	00:13
fungi	no more tofu	00:13
*** thuc has joined #openstack-infra		00:13
fungi	but honestly i'd rather do dnssec+sshfp for that	00:13
clarkb	++	00:15
SpamapS	fungi: they solve the opposite problem that you _DO_ have	00:15
fungi	SpamapS: working around providers with broken dns? ;_	00:16
SpamapS	fungi: when you bring a new server online if you had server certs you could just let the clients trust the server CA and there'd be no "what's the fingerprint for that new server?"	00:16
SpamapS	its just not a problem you have often enough to care much about	00:16
fungi	yeah, that's what i meant by no more tofu	00:16
fungi	(trust on first use)	00:16
*** thuc has quit IRC		00:17
SpamapS	fungi: so dnssec+sshfp hasn't happened.. why? Perhaps "a bridge too far"	00:18
fungi	with working dnssec (which will be useful for other things too) it boils down to whether you sign a host key cert or add an sshfp record for each new system	00:19
*** blamar has quit IRC		00:20
fungi	and honestly, if we go too much longer with no providers offering proper zone signing for their domain hosting, i'm going to be getting behind designate and pushing if i have to	00:20
*** blamar has joined #openstack-infra		00:21
fungi	it wouldn't surprise me to see us hosting a handful of authoritative-only name servers scattered between several providers so we cease having to wait for them to "learn up how to dns"	00:22
clarkb	fungi: hp provides designate	00:22
clarkb	fungi: just without the bits we need...	00:22
clarkb	:/	00:23
fungi	gah	00:23
*** malini_afk is now known as malini		00:23
*** blamar has quit IRC		00:24
clarkb	apparently DNS is hard	00:24
clarkb	we should go shopping	00:24
*** blamar has joined #openstack-infra		00:25
*** UtahDave has quit IRC		00:25
clarkb	fungi: Kiall would know more. We should perhaps corner him one day and get details on how we can use their service for what we need	00:30
nkinder	clarkb: I know FreeIPA is working on dnssec related improvements, and there is also work under way to allow it to be a backend for designate	00:31
fungi	i have this thing i'm planning to be at in atlanta next month... maybe he'll be there too	00:31
nibalizer	sshfp is easy, dnssec is hard	00:32
clarkb	fungi: no way I plan on being there too, its almost like this is a planned thing	00:32
nibalizer	also we talked about this way back in the portland summit	00:32
clarkb	nibalizer: right and first without the second isn't worth much	00:32
nibalizer	probably some of you were in the room	00:32
nibalizer	i know I was	00:32
fungi	nkinder: that could be neat... though we don't really have a need for ipam	00:32
nibalizer	is the openstack dns still done by rax?	00:32
clarkb	nibalizer: yes	00:32
*** markmcclain has quit IRC		00:32
fungi	nkinder: and bind makes a fine backend (and frontend!) for dnssec ;)	00:32
* nibalizer doesn't even know how to ask dig if the NS servers are doing dnssec		00:33
nkinder	it's the signing and key management that's a hassle AFAIK	00:33
*** e0ne has quit IRC		00:33
nibalizer	i guess NS server is a bit redudnant :(	00:33
clarkb	nibalizer: it sets a flag in the flags output	00:33
*** e0ne has joined #openstack-infra		00:33
fungi	nkinder: agreed. doing it infrequently for one or a handful of zones is pretty easy, though i've wrapped the ks tools for bind zones in existing automation in years past without much trouble	00:34
*** gokrokve has quit IRC		00:34
fungi	nkinder: and yeah, the biggest hassle with any signing process is never the tools anyway. it's properly securing where you store the private key material for you authority, of course	00:35
fungi	er, for your authority	00:35
clarkb	nibalizer: also dig +dnssec	00:35
nibalizer	oh that makes much more sense	00:36
*** khyati has quit IRC		00:36
nibalizer	as was brought up before, running our own bind just to get dnssec is a tradeoff	00:37
nibalizer	becuase we won't have anycasted always on impenetrable CDN dns anymore	00:37
fungi	nibalizer: well, you're mixing roles there	00:37
* nibalizer is suprised denial of service abuse isn't more common on the openstack infra		00:38
fungi	nibalizer: those are drawbacks to running our own recursive resolver	00:38
*** e0ne has quit IRC		00:38
fungi	nibalizer: authoritative resolution is a different kettle of fish (and ought to be on separate servers anyway)	00:38
nibalizer	ya thats valid	00:38
nibalizer	so right now we dont have a bind server right? just someone presses buttons in the rax webui?	00:39
fungi	we have pretty pictures (a webui dashboard, so we get to poke a few buttons ourselves and then marvel at the seeming common features they didn't implement or insane assumptions they made)	00:40
fungi	so yes	00:40
clarkb	ah right dig +adflag	00:41
clarkb	nibalizer: ^	00:41
fungi	for example, i noticed a few months back when we were doing sip things for the pbx that rackspace's dns won't let you have two srv rrs with the same name	00:43
fungi	which prevented us from adding tcp and udp protocol entries for the same service	00:43
nibalizer	mordred: i would echo what fungi said above, openssh certs are great if configuring a mass of boxes is hard	00:43
nibalizer	but its not really a problem we have	00:43
nibalizer	especially since few people are actually doing ssh	00:43
mordred	++	00:44
fungi	nibalizer: SpamapS made a good point about host certs, but i still would rather push for dnssec so we can do sshfp (plus all sorts of other useful things which stem from having a chain of possession on dns recursion)	00:44
nibalizer	in my corp env with hundreds of users mapped randomly to hundreds of machines.. it would be good	00:44
fungi	nibalizer: though i'd still argue for the user authentication use case, kerberos gets you more than ssh user certs do, with not much more management overhead	00:45
nibalizer	yea, when we provision a new machine with the various providers apis, can we provide ssh certs and keys	00:45
nibalizer	cus that would be really cool if we didn't have to trust the machine on first log in	00:46
nibalizer	fungi: im laughing over here	00:46
nibalizer	because the number of times i have told someone or been told someone else something to the equivalent of "lets just use kerberos" it has always felt like pinky and the brain	00:46
nibalizer	but heck yea kerberoz!	00:47
fungi	no, here kerberos is old hat. the pinky-and-the-brain moments involve the andrew filesystem	00:47
nibalizer	haha, yes	00:47
nibalizer	at PSU ( where clark and I hail from) the holy grail has always been NFS secured by kerberos with authorization provided by ldap	00:48
nibalizer	often atempted, never finished	00:48
clarkb	nibalizer: and still not done yet	00:48
mordred	gah	00:48
mordred	AFS	00:48
clarkb	but thats ok, makes installing freebsd with zfs root over nfs easy	00:48
nibalizer	clarkb: hahha I forgot about that hack, that was awesome	00:49
mordred	at NCSU (Where jeblair and I hail from) the holy grail was kerberos + AFS SSO across multiple operating systems campus-wide	00:49
mordred	it was operational fully when I was there in 1993	00:49
mordred	and I have never been in another place where it all worked as well	00:49
clarkb	mordred: clearly the software was knew better than to mess with the likes of you guys	00:50
mordred	certainly not at anywhere that used ldap or nfs :)	00:50
mordred	clarkb: hehe	00:50
clarkb	nibalizer: that install method isn't still recommended for machines without dvd drives is it?	00:50
nibalizer	there are what.. 5 rooters total? and zero regular user logins.. seems way overkill to roll out kerb	00:50
fungi	yeah, i helped install and manage kerberos environments ~20 years ago, and unsurprisingly it's far, far, far easier and better documented now	00:50
clarkb	nibalizer: if so I must win a prize or something	00:50
nibalizer	clarkb: totally what we used for a cpl years	00:50
clarkb	awesome	00:51
mordred	(btw - this worked with roaming profiles and homedirs across mac, windows, ultrix, solaris and linux)	00:51
nibalizer	i mean the dvd media eventually was rsyncd to a real fileserver, and the whole process scripted	00:51
clarkb	nibalizer: but you guys would boot off cdrom, mount nfsshare and install?	00:51
nibalizer	yuuuup	00:51
nibalizer	eventually we stopped even using the freebsd installer	00:51
nibalizer	just called key functions from it	00:51
mordred	nibalizer: the kerb is overkill here- but we'd solve SO MANY PROBLEMS if we just gave in and installed AFS	00:51
nibalizer	mordred: why didn't i see this before	00:52
clarkb	mordred: pretty sure we could stop testing if used AFS	00:52
nibalizer	i'll start puppeting right away	00:52
mordred	jeblair: ^^^ check it out - another convert	00:52
clarkb	mordred: aiui AFS is the miracle software	00:52
fungi	nibalizer: anyway, i'm not advocating kerberos for admin logins to openstack infrastructure servers, just saying i'd be more likely to roll out kerberized ssh than pki ssh	00:52
clarkb	oh hey we have tripleo-f20 machines now	00:53
clarkb	\o/	00:53
clarkb	sudo: service: command not found guessing fedora/systemd doesn't buy into `service` as a way of toggling services?	00:53
fungi	so once demand for tripleo-precise fell below the magic threshold, jeblair's theory was proven sound	00:53
fungi	clarkb: not in the new systemd utopia	00:54
fungi	clarkb: you want systemctl i think	00:54
fungi	something like that	00:54
clarkb	fungi: thats ok you can't even boot the kernel with systemd anymore	00:54
clarkb	fungi: ya, so tripleo will need to update their toci stuff	00:54
fungi	clarkb: you don't even need a kernel with systemd, haven't you heard?	00:54
clarkb	oh right, it boots itself and magically creates a process table	00:54
fungi	lennart bundled one in once he was done with the bus and dev management subsystems	00:55
*** Sukhdev_ has joined #openstack-infra		00:55
nibalizer	are there rhel7 beta machines as well?	00:55
clarkb	nibalizer: no we have 0 rhel* machines	00:55
nibalizer	ah	00:55
clarkb	turns out we tried and were denied	00:55
nibalizer	wow	00:55
mordred	turns out redhat could not figure out how to get us licenses. honest to god. they tried very hard	00:56
nibalizer	i ran redhat 7 beta on my laptop last night	00:56
nibalizer	for about a day	00:56
nibalizer	#doesn'tworkyet	00:56
clarkb	mordred: did you see that hpcloud glance uploads were working?	00:56
clarkb	mordred: I have trusty beta 2 in the opencstack jenkins 2 account	00:56
clarkb	it is a qcow2 image	00:57
mordred	clarkb: woot	00:57
*** Sukhdev has quit IRC		00:57
clarkb	mordred: I was thinking about the fedora testing a bit more. And it would be awesome if redhat was more candid about a release schedule for rhel7 because we could possibly just avoid the fedora all together and go stragiht to rhel7	00:58
clarkb	mordred: or centos7. That way we wouldn't need to stop running tests	00:58
*** Sukhdev_ has quit IRC		00:59
mordred	clarkb: yes. but they can't announce a release data for rhel7	00:59
clarkb	ya I know	00:59
mordred	because as soon a they do, they stop being able to recognize revenue on existing rhel6 contracts	00:59
mordred	yay finance	01:00
clarkb	however, if we dib things I don't really care that much. People that care about fedora can step up and make it work in that case	01:00
clarkb	the only real loss is when we have to stop running one particular test set	01:00
mordred	clarkb: ++	01:02
clarkb	mordred: reading your nodepool dib change I would remove takeover node, and put the elements in puppet (or wherever) don't actually bundle those with nodepool	01:04
clarkb	mordred: in fact I think you could have nodepool know about a dib elements dir and use those similar to how it knows about nodepool scripts being a thing	01:05
*** VijayTripathi has joined #openstack-infra		01:05
*** gokrokve has joined #openstack-infra		01:05
clarkb	mordred: also it would probably be good to update nodepool docs to point at dib docs	01:06
clarkb	mordred: the chroot on loopback then run parts stuff may not be obvious to everyone	01:06
*** e0ne has joined #openstack-infra		01:06
*** melwitt has quit IRC		01:07
*** melwitt has joined #openstack-infra		01:07
openstackgerrit	Michael Krotscheck proposed a change to openstack-infra/storyboard: [WIP] Added filtering to Stories, Projects, Users, Tasks. https://review.openstack.org/85532	01:08
clarkb	mordred: https://review.openstack.org/#/c/46482/3/elements/infra-puppet/pre-install.d/10-preseed is a bit scary though. I suppose that is what you get for using chroots	01:08
*** e0ne has quit IRC		01:10
*** gokrokve has quit IRC		01:10
*** saschpe has quit IRC		01:11
clarkb	mordred: krotscheck is storyboard using storyboard for bugs yet?	01:12
krotscheck	clarkb: Yes	01:12
mordred	clarkb: yes	01:12
clarkb	woot /me creates some stories	01:13
*** melwitt has quit IRC		01:13
*** melwitt has joined #openstack-infra		01:13
mordred	clarkb: so - I'm mildly torn about putting teh elements into the puppet dir	01:14
*** blamar has quit IRC		01:14
mordred	because they really would be things that are quite usalbe outside of the context of our puppet repo	01:14
mordred	that said - as long as we keep them as files and not templates, nothing woudl stop someone from adding modules/openstack_project/files/nodepool/elements to their DIB_ELEMENT_PATH	01:15
clarkb	mordred: but they aren't. The dns server thing from yesterday is evidence of this	01:15
*** blamar has joined #openstack-infra		01:15
clarkb	I agree they shouldn't be puppet templtes	01:15
*** melwitt has quit IRC		01:16
clarkb	puppet is just a convenient place to put them as they are us specific	01:16
mordred	clarkb: but also - once we have this, then we could actually pretty easy add gate tests that could test a new image by running devstack-gate on it	01:16
clarkb	and may be reconsumable	01:16
clarkb	putting stuff in nodepool to me means they are super generic	01:16
mordred	clarkb: I'm not saying they should be in nodepool itself, on that I agree	01:16
*** saschpe has joined #openstack-infra		01:16
mordred	clarkb: just I'm not convinced that openstack_project is the right place for them either	01:17
clarkb	mordred: ya I can see putting them in their own repo too	01:17
clarkb	puppet is more convenient than correct	01:17
mordred	yah	01:17
mordred	clarkb: I can put them in openstack_project to start - but I think once we prove out the mechanism, they should get their own repo	01:18
mordred	taht way we could potentially add them to the integrated gate same as d-g	01:18
mordred	(if we can figure out the mechanics of that)	01:18
clarkb	krotscheck: bam submitted two stories	01:18
mordred	I _don't_ think we want to gate all changes to config in with the d-g gate	01:18
clarkb	krotscheck: mostly trying to do useful things while I play with the current state of storyboard	01:18
mordred	:)	01:19
clarkb	mordred: ++	01:19
krotscheck	clarkb: Useful things like why the list of stories is the wrong way around? :)	01:19
clarkb	krotscheck: is it the wrong way around?	01:19
clarkb	krotscheck: the first thing that struck me is the new story description field is only two lines tall	01:19
krotscheck	Yeah, it’s by index	01:19
clarkb	krotscheck: which is unwieldy	01:19
krotscheck	clarkb: That’s easy to fix	01:19
clarkb	krotscheck: well you have a task to fix it now :)	01:20
jhesketh	fungi: ping	01:20
clarkb	if I ever figure out css I may attempt a fix myself	01:20
fungi	jhesketh: how's your saturday treating you?	01:20
krotscheck	clarkb: The story list currently has no concept of only showing stories with closed tasks, for instance. It’s just a list dump	01:20
krotscheck	Sorry - only showing stories with open tasks	01:20
jhesketh	fungi: good thanks, doing a bit of work today to take Monday off	01:21
jhesketh	yourself?	01:21
clarkb	jhesketh: is that because you wanted to spend more time with us Mericans?	01:21
jhesketh	exactly!	01:21
jhesketh	:-)	01:22
fungi	we are boorish and loud	01:22
jhesketh	but fun ;-)	01:22
jhesketh	fungi: just wondering if you had a moment to discuss the swift infra stuff?	01:22
mordred	clarkb, lifeless: this: https://review.openstack.org/#/c/46482/3/elements/openstack-repos/source-repository-openstack is now clearly the wrong approach	01:23
mordred	lifeless: we're currently running a script on the host to query the list of repos from gerrit and then clone all of them - you guys don't have something similar already do you?	01:23
fungi	jhesketh: potentially--i've not been following it as closely as i should... were you able to work out how to manipulate swift acls through the api?	01:23
*** pfallenop has quit IRC		01:24
jhesketh	fungi: I haven't tried it, but I found this: http://www.rackspace.com/blog/create-cloud-files-container-level-access-control-policies/	01:24
jhesketh	not sure what HP does	01:24
jhesketh	basically it's possible and doesn't seem too difficult	01:24
*** thuc has joined #openstack-infra		01:24
jhesketh	you can also have rackspace accounts that only have access to cloud files (aka swift)	01:24
jhesketh	so they can't launch instances etc	01:24
fungi	oh, cool... well i suspect we were planning to mainly upload into rackspace initially, though i guess we could want to spread the love	01:24
*** freyes has quit IRC		01:25
*** gokrokve has joined #openstack-infra		01:25
*** pfallenop has joined #openstack-infra		01:25
mordred	clarkb: oh - also, we don't need takeover anymore, since we have glance uploads now	01:25
mordred	clarkb: that was a hack to be able to use dib before we had glance uploads	01:26
*** zhiyan is now known as zhiyan_		01:26
fungi	yeah, i know we can create rackspace users which can only control file containers and not have access to compute et cetera, though the granularity through the webui is basically "this user has access to all containers" which is sort of disappointing	01:26
jhesketh	fungi: hmm, actually I'd need to make a small tweak to allow multiple providers (multiple containers are currently allowed, just not providers)	01:26
mordred	clarkb: which we _could_ keep if we wanted to have a compat layer for hp 1.0	01:26
jhesketh	fungi: yeah	01:26
clarkb	jhesketh: http://docs.hpcloud.com/api/object-storage I think you can do it with hpcloud too	01:26
clarkb	scroll down to 2.7.4	01:26
jhesketh	fungi: so would we want to push files to both Rackspace and HP simultaneously?	01:27
jhesketh	for all changes	01:27
clarkb	mordred: its going away, I don't think we need to keep compat	01:27
mordred	clarkb: k. then we don't need takeover node	01:27
fungi	jhesketh: but it sounded like there was access through the exposed swift api to directly control swift acls at rackspace, just nothing for that exposed at the webui layer, which is honestly probably just fine by us anyway	01:27
clarkb	jhesketh: fungi: actually and I don't know if this is possible but I think swift allows container to container replication	01:27
mordred	clarkb: this patch actualy is going to change rather massively	01:27
clarkb	jhesketh: fungi: I think we should push to one then have it replicate to other containers (possibly in otherclouds) if necessary	01:27
mordred	clarkb: since we do many things in the nodepool scripts quite differently now	01:27
clarkb	jhesketh: fungi but maybe that complicates things	01:28
fungi	jhesketh: i presume we're fine starting with just one provider to get the system proven	01:28
mordred	also, I think I might split out the "install puppet" element from the "run a puppet bootstrap for infra" element	01:28
mordred	because an element that gets puppet onto a node is useful generally	01:28
clarkb	++	01:28
mordred	and then a thing that grabs out puppet repo and runs puppet apply on it is a thing	01:29
clarkb	that ++ is for fungi and mordred	01:29
mordred	clarkb: wow. simul-++	01:29
jhesketh	fungi, clarkb: yeah, maybe as a starting point we should just use one	01:29
*** thuc has quit IRC		01:29
*** aconrad has quit IRC		01:29
jhesketh	clarkb: thanks for that link, that looks like it would work if you can get an HP cloud user with no permissions (ie can't launch instances etc) that we can then grant individual access to containers	01:29
*** freyes has joined #openstack-infra		01:30
*** gokrokve has quit IRC		01:30
*** wchrisj has quit IRC		01:33
mordred	clarkb: oh wow: https://review.openstack.org/#/c/85474/2/scripts/init-keystone	01:33
mordred	clarkb: tripleo is beating us in starting to use python-openstackclient	01:33
*** SumitNaiksatam has joined #openstack-infra		01:35
jhesketh	fungi: so I guess the question is, would you be able to set up a read and write user for a logs container for infra per chance please?	01:37
lifeless	mordred: what makes it clearly wrong ?	01:37
mgagne	mordred: I remember reading that python-openstackclient is not an "official" project as there wasn't any PTL associated to it and/or wasn't under the umbrella of one of the official project. What's the current status now? Or did I understand wrong?	01:38
fungi	jhesketh: sure--i'll need to generate a password for it and put it in hiera... you've got placeholders in your puppet if memory serves where we need to switch those files to erb templates and put variables in?	01:39
jhesketh	correct	01:40
jhesketh	fungi: it's already an erb template in config/modules/zuul/templates/zuul.conf.erb	01:41
fungi	jhesketh: got a suggestion for the username and the hiera keyname under which i'll make the password accessible?	01:41
fungi	oh, all the better	01:41
mgagne	or clarkb or fungi =)	01:41
jhesketh	fungi: so we just need to add this section to it : http://ci.openstack.org/zuul/zuul.html#swift	01:41
jhesketh	fungi: hmm, maybe 'infra-assets' or something similar?	01:41
mordred	lifeless: the list is hard-coded in the element - and the current nodepool prep script infers the list dynamically	01:42
jhesketh	or infra-files (since we'll likely have different containers)	01:42
fungi	mgagne: afaik dtroyer is putting together a proposal for a new program, possibly, which would include openstackclient and possibly other things as well	01:42
mordred	lifeless: nodepool prep scripts pre-fetch ALL of the repos that happen to be in gerrit, not a subset of them	01:42
mgagne	fungi: cool, I'm glad to hear it then	01:42
mordred	mgagne: dtroyer is going to be applying for official status - since we all want opensatckclient to be a thing	01:42
* mordred loses to fungi		01:43
*** zhiyan_ is now known as zhiyan		01:43
mgagne	mordred: cool =)	01:43
*** zhiyan is now known as zhiyan_		01:43
*** zhiyan_ is now known as zhiyan		01:43
mordred	lifeless: I guess I should say "clearly wrong for our purposes" - one could imagine such a list being useful in other contexts	01:44
mgagne	mordred: also, do you have an idea of the vision of the openstack project regarding support for other SDK/clients in other languages?	01:45
mordred	mgagne: I do not think we've grown one yet	01:45
mordred	lifeless: do you think dib would accept a patch that added a "gerrit" type to source-repositories that would take a base-dir and a gerrit url as args and would do the work of our script that clones all repos in a gerrit?	01:46
mordred	lifeless: I do like the idea of having the local build-env cache of things	01:46
mordred	work properly	01:46
fungi	jhesketh: okay, i'll create an infra-files account in our jenkins tenant (i think that's where our thought processes eventually led us) and add its password in hiera as zuul_infra_files_password? (avoiding bikeshedding too much, "infra" makes some sense in the account name since we talked about possibly having accounts for individual third-party ci systems to be able to push logs later)	01:47
jhesketh	fungi: sounds great to me	01:47
jhesketh	although do we want two accounts?	01:47
jhesketh	one to read and one to write	01:47
mordred	lifeless: oh- I'm sorry, it takes a yaml file url and processes that to find the list of urls to clone	01:48
jhesketh	and if so, do we want to differentiate between them in their usernames?	01:48
mordred	lifeless: http://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/files/nodepool/scripts/cache_git_repos.py	01:48
fungi	jhesketh: good point... that way the wsgi access can be read-only	01:48
mordred	lifeless: (I can clearly just run that in an element - but it shadows the function of source-repository so much, it might be neat to make it a generalized feature or something	01:49
mgagne	mordred: is there any doc I can read about how tripleo is managing their images? I'm curious as to how image versioning is done (if any is done) and the retention policy/tools used to keep space usage to a sane level	01:50
*** amotoki has joined #openstack-infra		01:50
*** zz_gondoi is now known as gondoi		01:50
*** alff has quit IRC		01:51
*** alff_ has quit IRC		01:51
*** marun has quit IRC		01:53
*** zhiyan is now known as zhiyan_		01:53
*** amotoki has quit IRC		01:55
*** thomasem has joined #openstack-infra		01:59
jhesketh	clarkb: I've suggested some more work for you in reviews.. not sure if you'll like my suggestion to 76057 as it's probably a fair bit more work	01:59
*** wenlock has joined #openstack-infra		02:01
*** thomasem has quit IRC		02:03
*** e0ne has joined #openstack-infra		02:07
*** e0ne has quit IRC		02:09
*** harlowja is now known as harlowja_away		02:14
*** gondoi is now known as zz_gondoi		02:16
*** malini is now known as malini_afk		02:18
openstackgerrit	A change was merged to openstack-infra/elastic-recheck: Add query for a heat db error https://review.openstack.org/85039	02:20
*** markwash has quit IRC		02:20
*** mriedem has quit IRC		02:20
*** Ryan_Lane has quit IRC		02:24
*** gokrokve has joined #openstack-infra		02:25
*** gokrokve_ has joined #openstack-infra		02:27
lifeless	mordred: you could generate the source-repository file that	02:28
lifeless	mordred: way and let source-repositories do the remaining work itself	02:28
*** gokrokve has quit IRC		02:30
*** gokrokve_ has quit IRC		02:32
*** rfolco has quit IRC		02:33
*** yamahata has quit IRC		02:36
*** mwagner_lap has joined #openstack-infra		02:42
*** jepoy_ has joined #openstack-infra		03:01
*** jepoy has quit IRC		03:04
*** e0ne has joined #openstack-infra		03:07
*** mgagne has quit IRC		03:09
*** timrc is now known as timrc-afk		03:11
*** dteselkin_ has quit IRC		03:14
*** e0ne has quit IRC		03:16
*** dteselkin_ has joined #openstack-infra		03:16
fungi	jhesketh: i created an infra-files container in our openstackjenkins tenant and added two new accounts, infra-files-ro which has read-only access to files and infra-files-rw which has administrative access to files (but neither have access to any other products). their passwords are in hiera under the keys infra_files_ro_password and infra_files_rw_password	03:16
jhesketh	fungi: awesome, thanks	03:17
jhesketh	fungi: so you've just given them cloud file access? ie, not container level?	03:17
fungi	jhesketh: at the moment yes, but we can set them both to no access and test out container level acls if we want	03:18
clarkb	fungi: out of curiousity all of that is configured with one of those gui things?	03:18
fungi	clarkb: pretty pictures, yes	03:18
jhesketh	fungi: sounds smart	03:18
* fungi was in a hurry... getting late here		03:19
*** pfallenop has quit IRC		03:21
fungi	anyway, i'm knocking off for the night and on the road a lot of the weekend, so am not expecting to be responding in irc much	03:22
jhesketh	no worries, thanks for your help fungi :-)	03:22
fungi	jhesketh: sure thing	03:22
fungi	thanks for yours!	03:22
*** gokrokve has joined #openstack-infra		03:25
*** pfallenop has joined #openstack-infra		03:28
*** gokrokve has quit IRC		03:29
*** dteselkin_ has quit IRC		03:30
*** zul has quit IRC		03:32
*** dteselkin_ has joined #openstack-infra		03:37
*** timrc-afk is now known as timrc		03:42
*** zul has joined #openstack-infra		03:45
*** _nadya_ has joined #openstack-infra		03:45
*** talluri has joined #openstack-infra		03:47
*** Sukhdev has joined #openstack-infra		04:01
*** pcrews_ has quit IRC		04:01
nibalizer	asdfasdfasdfasdfasfasdfadsf	04:04
*** e0ne has joined #openstack-infra		04:06
*** e0ne has quit IRC		04:08
*** _nadya_ has quit IRC		04:10
*** talluri_ has joined #openstack-infra		04:12
*** talluri has quit IRC		04:15
*** gokrokve has joined #openstack-infra		04:25
*** Sukhdev has quit IRC		04:27
*** gokrokve has quit IRC		04:30
*** timrc is now known as timrc-afk		04:38
*** talluri_ has quit IRC		04:43
nibalizer	oh yes	04:48
nibalizer	ssh lag	04:48
*** rwsu has quit IRC		04:50
*** talluri has joined #openstack-infra		04:52
*** Ryan_Lane has joined #openstack-infra		04:55
openstackgerrit	Joshua Hesketh proposed a change to openstack-infra/config: Configure swift credentials for workers to push to https://review.openstack.org/85540	04:59
*** Ryan_Lane has quit IRC		04:59
*** salv-orlando_ has joined #openstack-infra		05:00
*** salv-orlando has quit IRC		05:00
*** salv-orlando_ is now known as salv-orlando		05:00
*** e0ne has joined #openstack-infra		05:06
*** CaptTofu has joined #openstack-infra		05:07
*** e0ne has quit IRC		05:10
*** gokrokve has joined #openstack-infra		05:11
*** gokrokve has quit IRC		05:13
*** talluri has quit IRC		05:18
*** mkoderer has joined #openstack-infra		05:38
*** gokrokve has joined #openstack-infra		05:43
*** kevinbenton has quit IRC		05:44
*** gokrokve has quit IRC		05:48
*** kevinbenton has joined #openstack-infra		05:49
*** amotoki has joined #openstack-infra		05:52
*** amotoki has quit IRC		05:56
*** e0ne has joined #openstack-infra		06:06
*** mihgen has joined #openstack-infra		06:11
*** e0ne has quit IRC		06:11
*** DinaBelova has quit IRC		06:17
*** DinaBelova has joined #openstack-infra		06:17
*** mattoliverau has quit IRC		06:17
*** mattoliverau has joined #openstack-infra		06:18
*** talluri has joined #openstack-infra		06:19
*** mestery has quit IRC		06:21
*** mestery has joined #openstack-infra		06:22
*** talluri has quit IRC		06:24
*** gokrokve has joined #openstack-infra		06:25
*** alff_ has joined #openstack-infra		06:29
*** alff has joined #openstack-infra		06:29
*** VijayTripathi has quit IRC		06:29
*** gokrokve has quit IRC		06:29
*** CaptTofu has quit IRC		06:33
*** e0ne has joined #openstack-infra		06:35
*** e0ne has quit IRC		06:38
*** CaptTofu has joined #openstack-infra		06:43
*** e0ne has joined #openstack-infra		06:43
*** e0ne has quit IRC		06:45
*** _nadya_ has joined #openstack-infra		06:56
*** talluri has joined #openstack-infra		07:03
*** denis_makogon has joined #openstack-infra		07:03
*** talluri has quit IRC		07:07
*** _nadya_ has quit IRC		07:07
*** jcoufal has joined #openstack-infra		07:07
*** signed8bit has quit IRC		07:22
*** gokrokve has joined #openstack-infra		07:25
*** CaptTofu has quit IRC		07:28
*** gokrokve has quit IRC		07:30
*** denis_makogon has quit IRC		07:35
*** talluri has joined #openstack-infra		07:44
*** e0ne has joined #openstack-infra		07:45
*** talluri has quit IRC		07:49
*** e0ne has quit IRC		07:49
*** e0ne has joined #openstack-infra		07:50
*** amotoki has joined #openstack-infra		07:53
*** e0ne has quit IRC		07:54
*** vistabrn has joined #openstack-infra		07:55
*** amotoki has quit IRC		07:57
*** vistabrn has quit IRC		08:02
*** sbslayer has joined #openstack-infra		08:07
*** alff_ has quit IRC		08:14
*** alff has quit IRC		08:14
*** sbslayer has quit IRC		08:25
*** gokrokve has joined #openstack-infra		08:25
*** jepoy_ has quit IRC		08:25
*** gokrokve has quit IRC		08:30
*** mkoderer has quit IRC		08:31
*** chandan_kumar has quit IRC		08:37
*** harlowja_away has quit IRC		09:07
*** gokrokve has joined #openstack-infra		09:25
*** gokrokve_ has joined #openstack-infra		09:27
*** _nadya_ has joined #openstack-infra		09:29
*** gokrokve has quit IRC		09:29
*** gokrokve_ has quit IRC		09:31
*** andreykurilin_ has joined #openstack-infra		09:37
*** yamahata has joined #openstack-infra		09:47
*** amotoki has joined #openstack-infra		09:52
*** _nadya_ has quit IRC		09:54
*** ildikov_ has joined #openstack-infra		10:04
*** wenlock has quit IRC		10:14
*** tnurlygayanov has quit IRC		10:15
*** tnurlygayanov has joined #openstack-infra		10:16
*** _nadya_ has joined #openstack-infra		10:17
*** _nadya_ has quit IRC		10:18
*** gokrokve has joined #openstack-infra		10:25
*** gokrokve has quit IRC		10:29
*** salv-orlando has quit IRC		11:00
*** _nadya_ has joined #openstack-infra		11:01
*** hashar has joined #openstack-infra		11:18
*** gokrokve has joined #openstack-infra		11:25
lifeless	mordred: seen http://clarete.li/curdling/ ?	11:29
*** gokrokve has quit IRC		11:29
*** hashar has quit IRC		11:32
*** _nadya_ has quit IRC		11:37
*** talluri has joined #openstack-infra		11:50
*** talluri has quit IRC		11:54
*** flaper87\|afk is now known as flaper87		12:08
*** talluri has joined #openstack-infra		12:11
openstackgerrit	Sergey Skripnick proposed a change to openstack-infra/config: Add rally-scenarios job https://review.openstack.org/84719	12:12
openstackgerrit	Sergey Skripnick proposed a change to openstack-infra/config: Add rally-scenarios job https://review.openstack.org/84719	12:16
*** gokrokve has joined #openstack-infra		12:25
*** gokrokve_ has joined #openstack-infra		12:26
*** e0ne has joined #openstack-infra		12:27
*** gokrokve has quit IRC		12:29
*** _nadya_ has joined #openstack-infra		12:29
openstackgerrit	Sergey Skripnick proposed a change to openstack-infra/config: Add rally-scenarios job https://review.openstack.org/84719	12:30
*** gokrokve_ has quit IRC		12:30
*** gokrokve has joined #openstack-infra		12:33
*** e0ne has quit IRC		12:36
*** andreykurilin_ has quit IRC		12:36
*** e0ne has joined #openstack-infra		12:38
*** sdake has quit IRC		12:38
*** gokrokve has quit IRC		12:50
*** _nadya_ has quit IRC		12:56
*** yamahata has quit IRC		13:00
*** yamahata has joined #openstack-infra		13:01
*** mihgen has quit IRC		13:05
*** talluri has quit IRC		13:06
*** flaper87 is now known as flaper87\|afk		13:12
*** dstanek has quit IRC		13:15
*** _nadya_ has joined #openstack-infra		13:17
*** e0ne has quit IRC		13:19
*** e0ne has joined #openstack-infra		13:20
*** e0ne has quit IRC		13:24
*** julim has quit IRC		13:26
*** CaptTofu has joined #openstack-infra		13:30
*** _nadya_ has quit IRC		13:31
*** atiwari has quit IRC		13:46
*** CaptTofu has quit IRC		13:52
*** pcrews_ has joined #openstack-infra		13:53
*** pcrews_ has quit IRC		14:03
*** mihgen has joined #openstack-infra		14:09
*** CaptTofu has joined #openstack-infra		14:15
*** e0ne has joined #openstack-infra		14:20
*** _nadya_ has joined #openstack-infra		14:37
*** _nadya_ has quit IRC		14:39
*** thuc has joined #openstack-infra		14:46
*** CaptTofu has quit IRC		14:47
*** CaptTofu has joined #openstack-infra		14:47
*** thuc has quit IRC		14:48
*** thuc has joined #openstack-infra		14:49
*** pcrews has joined #openstack-infra		14:50
*** CaptTofu has quit IRC		14:51
*** dstanek has joined #openstack-infra		15:01
*** jhesketh has quit IRC		15:03
*** thuc has quit IRC		15:09
*** thuc has joined #openstack-infra		15:09
*** _nadya_ has joined #openstack-infra		15:14
*** thuc has quit IRC		15:14
*** _nadya_ has quit IRC		15:16
*** msabramo has joined #openstack-infra		15:17
*** dcramer_ has quit IRC		15:17
*** e0ne has quit IRC		15:26
*** e0ne has joined #openstack-infra		15:27
*** sdake has joined #openstack-infra		15:28
*** e0ne has quit IRC		15:31
*** mspreitz has joined #openstack-infra		15:33
*** alff_ has joined #openstack-infra		15:33
*** alff has joined #openstack-infra		15:33
*** thuc has joined #openstack-infra		15:50
*** thuc has quit IRC		15:56
*** thuc has joined #openstack-infra		15:56
*** jamielennox\|away has quit IRC		16:00
*** jamielennox\|away has joined #openstack-infra		16:00
*** thuc has quit IRC		16:01
*** amotoki has quit IRC		16:08
*** alexpilotti has joined #openstack-infra		16:10
openstackgerrit	Marc Abramowitz proposed a change to openstack-infra/jenkins-job-builder: Output name of ini file when it's not valid https://review.openstack.org/85553	16:12
*** hogepodge has joined #openstack-infra		16:13
*** thedodd has joined #openstack-infra		16:17
mordred	lifeless: NO! I will now look at it	16:33
*** hogepodge has quit IRC		16:34
mordred	lifeless: omg. I may just have your babies	16:36
pabelanger	clarkb: is there anything else I need to do to get OFFLINE_NODE_WHEN_COMPLETE working? It seems jenkins is not reporting the jobs successful correct, so zuul continues to keep launching the jobs	16:37
pabelanger	eg: http://jenkins.kickstand-project.org/job/gate-grunt-puppet-syntax/32/	16:37
mordred	clarkb, fungi, jeblair: ^^ lifeless has just shared a link to curdling, which seems to be a tool written to do exactly what we want with our whole pypi-mirror setup - and it also is written by peoople for another CI system	16:37
mordred	and it already does wheel caching	16:37
openstackgerrit	Marc Abramowitz proposed a change to openstack-infra/jenkins-job-builder: Output name of ini file when it's not valid https://review.openstack.org/85553	16:40
*** zehicle has joined #openstack-infra		16:40
fungi	pabelanger: we have http://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/files/zuul/layout.yaml#n311 which makes it call http://git.openstack.org/cgit/openstack-infra/config/tree/modules/openstack_project/files/zuul/openstack_functions.py#n32	16:43
fungi	pabelanger: and then using the current version of the jenkins gearman plugin, that will cause it to atomically offline the slave in jenkins at completion, before jenkins has a chance to hand it any other jobs	16:44
* fungi disappears again for road trip		16:44
pabelanger	fungi: ya, I have it setup and going, zuul sees the parameters: http://pastebin.com/9Sabq69V	16:45
pabelanger	jenkins is just not reporting SUCCESS / FAILURE properly	16:45
pabelanger	it returns NONE	16:45
pabelanger	will check gearman plugin	16:45
*** yamahata has quit IRC		16:47
pabelanger	here is where I think the issue is: http://pastebin.com/XMSM0Tus	16:51
pabelanger	the result back via zuul.Gearman is None	16:52
*** Sukhdev has joined #openstack-infra		16:53
*** alff has quit IRC		17:02
*** alff_ has quit IRC		17:02
mordred	jeblair: you know - when we give talks on infra and we talk numbers, I usually pull jbryce's numbers about how many developers and how many patchsets, etc	17:04
mordred	which is great when talking about openstack	17:04
*** wchrisj has joined #openstack-infra		17:05
mordred	but when talking about the challenges we face running infra, I think we might should be including stackforge in there (we do in the nodepool/zuul graphs of course)	17:05
* mordred just had a moment of pulling down the nodepool dib patch, which he wrote last fall, which is https://review.openstack.org/#/c/46482/		17:06
mordred	we have almost doubled the number of changes processed since then ^^	17:06
*** thuc has joined #openstack-infra		17:07
*** wchrisj has quit IRC		17:07
clarkb	pabelanger: how new is your jenkins? the offline behavior did break in a newish version of jenkins so we use lts jenkins now. (not sure if that causes a none result)	17:07
pabelanger	clarkb: I'm running 1.555 for jenkins	17:08
clarkb	pabelanger ya that may be too new. zaro and jeblair would know	17:09
pabelanger	clarkb: okay, that helps me narrow down the issue. I'll start looking down that path	17:10
mordred	clarkb: joy	17:10
*** thuc has quit IRC		17:12
*** primemin1sterp has joined #openstack-infra		17:13
clarkb	mordred if curdling does a thing we need we should use it. two questions that come up for me are how does it do transitive deps and can we put its cache behind apache and use pip in our test jobs	17:14
*** msabramo has quit IRC		17:14
*** primeministerp has quit IRC		17:14
*** dcramer_ has joined #openstack-infra		17:15
pabelanger	clarkb: okay, going to roll back and try with an older version of jenkins	17:18
pabelanger	clarkb: okay, that appears to be the issue. offline logic looks broken in newer versions. Thanks	17:23
clarkb	it appears to follow deps with the exception that "primary" deps have precedence which is not pip's behavior.	17:24
clarkb	pabelanger: np and we should probably fixthat	17:24
pabelanger	clarkb: Ya, going to open a bug today, and see if I can track down when it broke	17:25
clarkb	mordred: I am not sure about how its caching works but if it is like pip caching and we can rsyncthose files to the mirror we should use it	17:25
mordred	clarkb: I am investigating these things	17:28
mordred	clarkb: basically - the question I'm working on now is "can we use it for mirror building"	17:28
clarkb	ya, I think that is my question but in the functional sense :)	17:28
mordred	clarkb: the second question will be "should we try making devstack use it instead of pip - because it's concurrent"	17:29
clarkb	mordred: "primary" deps having precedence may break us in subtle ways because pip doesn't work that way but I am willing for that to become a problem before I worry about it	17:29
clarkb	mordred: no	17:29
mordred	but I'm poking at the first question first	17:29
*** alexpilotti has quit IRC		17:29
clarkb	mordred: I mean we could, but pip is the tool we expect people to use so should probably test with it	17:29
mordred	do we though? I think we expect people who are installing from python and not from distros to use whatever tool the gate uses	17:30
clarkb	and since dependency resolution between pip and curd is different I worry that we would let stuff slip through where pip install didn't work	17:30
*** alexpilotti has joined #openstack-infra		17:30
mordred	I believe most people who are not tripleo have told us that the idea of installing a cloud directly from pip is crazy :)	17:30
mordred	and I betcha that if it works, tripleo would also probably happily change tools	17:31
mordred	I'm not saying we should	17:31
mordred	just that, if it's sufficiently good-er - we shoudl talk about it	17:31
clarkb	definitely, especially since it maintains a local cache too we could in theory install things in virtualenvs with devstack and not recompile the world over and over	17:32
mordred	yup	17:32
clarkb	but curd explicitly breaks dependency resolution as compared to pip	17:32
clarkb	if it didn't do that I wouldn't be as worried	17:32
mordred	yah. that's why we'd need to do some serious investigation first	17:32
mordred	it's _possible_ that doing primary first is actually what people think pip is doing though :)	17:33
clarkb	yup, I actually think primary first is a bit more sane (both need a proper dependency resolver though)	17:33
clarkb	that essentially makes curd a breadth first saerch, but pip is depth first	17:34
*** mrmartin has joined #openstack-infra		17:40
*** aconrad has joined #openstack-infra		17:40
*** yamahata has joined #openstack-infra		17:41
*** ebenezeer has joined #openstack-infra		17:50
*** mspreitz has quit IRC		18:04
*** e0ne has joined #openstack-infra		18:13
*** dstanek has quit IRC		18:32
*** russell_h has quit IRC		18:33
*** dstanek has joined #openstack-infra		18:33
*** thedodd has quit IRC		18:33
*** krtaylor has quit IRC		18:34
*** russell_h has joined #openstack-infra		18:35
mordred	clarkb: ok. we can't use it as a pip replacement.	18:36
mordred	clarkb: we might could use it to replace the "fetch all the stuff" part of pypi-mirror, since it does seem to do that part fairly well	18:37
mordred	but it stores things in a single flat dir, rather than package-per-dir - so we'd still have to construct a mirror from it	18:37
*** russell_h has quit IRC		18:37
*** russell_h has joined #openstack-infra		18:37
mordred	so, sadly, I don't think there's a HUGE win	18:37
*** thedodd has joined #openstack-infra		18:37
mordred	biggest issue for using it locally is that, while it DOES do what I want in terms of looking in its local cache and not talking to the internet at all if it finds somethign there	18:38
mordred	(which is great)	18:38
mordred	it doesn't have a way really to force it to check upstream for new versions	18:38
*** wenlock has joined #openstack-infra		18:38
mordred	so I installed python-cinderclient==1.0.7 into a venv	18:39
mordred	and then subsequent requests for python-cinderclient get served by the local cache	18:39
mordred	even though 1.0.8 exists	18:39
mordred	now, this is not incorrect- 1.0.7 DOES satisfy that request	18:39
mordred	but I can't figure out how to tell it, even with a force flag "hey, seriously, go check and see if there is something newer"	18:40
*** yamahata has quit IRC		18:42
*** Daviey has quit IRC		18:42
*** ebenezeer has quit IRC		18:43
*** wenlock has quit IRC		18:43
*** zz_gondoi is now known as gondoi		18:50
*** mrmartin has quit IRC		18:51
jesusaurus	what is curd?	18:52
* jesusaurus fails at googling for it		18:52
mordred	jesusaurus: curdling	18:52
mordred	jesusaurus: http://clarete.li/curdling/index.html	18:53
lifeless	mordred: ok so nodepool images	18:53
mordred	lifeless: morning	18:53
mordred	lifeless: I was just going to work on that next	18:53
lifeless	mordred: and source-repositories; did you see my suggestion? yaml -> source-repos file, source repos from there?	18:53
mordred	lifeless: I did - the main concern I have ...'	18:53
lifeless	when I get back	18:54
mordred	lifeless: is that the intent from a nodepool config perspective was that I'd just give it a list of elements that should be in a given image	18:54
mordred	so I'm not sure where the file generation would live	18:55
lifeless	I'm going to have to profile the zbook14 vs the 9470m, I have a horrid suspicion the zbook actually dropped a CPU class from intel and is thus slower	18:55
lifeless	mordred: one of the elements	18:55
mordred	lifeless: ++	18:55
mordred	lifeless: have an element generate the file for the subsequent element?	18:55
lifeless	yes	18:55
mordred	will it be clear from reading dib or dib source how I would specify for the element that it should do that (target path would be the trickiest part, yeah?)	18:56
lifeless	read diskimage-builder/elements/source-repositories/extra-data.d/98-source-repositories	18:57
*** Sukhdev has quit IRC		18:57
lifeless	for _SOURCEREPO in $(find $TMP_HOOKS_PATH -maxdepth 1 -name "source-repository-" -not -name '~'); do	18:57
lifeless	thats where it reads from	18:58
mordred	yah	18:58
lifeless	so just drop a file in TMP_HOOKS_PATH called source-repository-all-of-openstack	18:58
mordred	gotcha	18:58
lifeless	with an extra-data.d script that is numbered before 98	18:58
mordred	so don't add it to another element - I drop it in TMP_HOOKS_PATH	18:58
mordred	k. thanks	18:59
mordred	btw - I found a bug ina comment	18:59
mordred	# Gets repositories or individual files listed in the a repository file	18:59
*** tchaypo has quit IRC		18:59
lifeless	mordred: so you have an element whose job it is is to create a file in TMP_HOOKS_PATH	19:00
mordred	yah	19:00
lifeless	mordred: ^ for clarity	19:00
mordred	I'm with you	19:00
*** tchaypo has joined #openstack-infra		19:00
lifeless	cool	19:00
lifeless	tchaypo: ENOSLEEP?	19:01
*** wenlock has joined #openstack-infra		19:01
mordred	and the action of doing that in the element shoudl specifically be in an extra-data.d script numbered before 98	19:01
lifeless	yes	19:01
mordred	lifeless: do I need to do that _after_ anything else?	19:01
lifeless	you probably want it after 50	19:02
lifeless	based on a quick grep	19:02
mordred	lifeless: btw - if you get bored, read the scrollback I wrote to clark about curdling - I ran it through its paces this morning - it's not bad, but sadly not a slam-dunk win for removing local code	19:03
lifeless	I did, bit sad	19:03
lifeless	also their bundling everything in one binary made me super unenthused	19:03
mordred	it was worthwhile to dig in to it though - and I'm pondering whether it could be useful to us with a couple of small patches	19:03
*** dcramer_ has quit IRC		19:04
lifeless	OTOH if the caching can be turned off I'm wondering whether it might make our builds substantially faster (once wheels etc etc are all in place)	19:04
mordred	yah. well - it reminded me- we really need to start using our wheel-based mirrors :)	19:04
lifeless	mordred: tripleo is :)	19:05
mordred	since we are bulding them already	19:05
*** gondoi is now known as zz_gondoi		19:05
mordred	lifeless: awesome. they are working well fo ryou?	19:05
lifeless	well, rephrase. we use wheel mirrors to tune things, CI doesn't yet.	19:05
mordred	nod	19:06
lifeless	but CI needs local local not hosted in rackspace local.	19:06
mordred	it's on my todo list to sort out per-region mirrors	19:06
*** aconrad has quit IRC		19:06
lifeless	so we have to figure out whether we do heat etc deployed mirrors downstream of pypi.o.o or puppet stuff our users can't all use in infra :/	19:06
mordred	well, we try to make all of the stuff to buiold and consume such things not be encoded in puppet logic itself	19:07
lifeless	right	19:07
lifeless	its shallow	19:07
lifeless	install pypi-mirror (we have an element)	19:07
lifeless	configure it (heat)	19:07
lifeless	teach toci to use that url in image builds (switch on hostname)	19:08
mordred	well - it's the last part I want to figure out how to generalize	19:08
mordred	as I think zuul has context to tell you something (maybe) from which you could infer what mirror you should use	19:08
mordred	hands waving madly	19:09
mordred	so as long as we can figure out what the information passing wants to be - then we can at least share some of the guts for making the mirror switch happen	19:09
lifeless	mordred: oh so when I discussed this here a few weeks ago	19:10
lifeless	we determined that the lowest investment path was a string match on hostname	19:10
*** mriedem has joined #openstack-infra		19:10
mordred	really? ok. well, I won't open that can of worms now then	19:10
mordred	and will assume that the thought train that got there was sound	19:11
*** wenlock has quit IRC		19:12
rcarrillocruz	guys, i'm looking at bug https://bugs.launchpad.net/openstack-ci/+bug/1248813 . However i'm not sure how to really do the testing. Do we have a test launchpad instance within openstack-infra? or should I compile and run a local launchpad instance in my laptop for the testing?	19:14
uvirtbot	Launchpad bug 1248813 in openstack-ci "Switch bug status in launchpad when reviews get abandoned" [Medium,Triaged]	19:14
mordred	rcarrillocruz: we don't - I think installing a local launchpad instance will likely kill you	19:15
mordred	rcarrillocruz: I recommend just making or using a test project in the real launchpad	19:16
*** aconrad has joined #openstack-infra		19:16
mordred	(thisis one of those areas where, because launchpad is an external service and hard to duplicate, testing is always a bit sketchy)	19:16
rcarrillocruz	i figure, cos i'm seeing the instructions to run launchpad and it seems a bit hackish to make it work...	19:17
rcarrillocruz	will do that, thx mordred	19:18
mordred	yah. it's a big beast	19:18
rcarrillocruz	btw, it's simply amazing that i can just pull openstack-infra/config , tweak a few params and get any openstack-infra machine in a VM	19:18
rcarrillocruz	just saying	19:18
mordred	rcarrillocruz: :) thanks! glad you like that!	19:18
lifeless	this is win 48	19:19
lifeless	rcarrillocruz: running LP - its entirely automated for local dev environments	19:20
lifeless	rcarrillocruz: but you really don't want to run it up as part of a test :)	19:20
rcarrillocruz	one thing though mordred: if i use the real launchpad, i will need to configure my local review.openstack.org VM with the stuff to integrate with launchpad	19:21
rcarrillocruz	namely lp token	19:21
lifeless	rcarrillocruz: there is a dev launchpad instance which is a sandbox and kept generally available (though without the SLA) [but it is deployed automatically only from CI passed revisions..]	19:21
rcarrillocruz	lp sync	19:21
rcarrillocruz	and i guess i do not have access to that	19:21
rcarrillocruz	since it's hosted in hiera	19:21
lifeless	rcarrillocruz: so you can use that to make a fake bug, execute against it etc	19:21
rcarrillocruz	am i misssing somthing?	19:21
lifeless	rcarrillocruz: http://qastaging.launchpad.net/	19:22
rcarrillocruz	nice!	19:22
lifeless	or http://staging.launchpad.net/	19:22
lifeless	huh, both offline, thats odd	19:22
rcarrillocruz	if opt to choose the real launchpad, not sure how to procees in terms of lp tokens and such	19:22
rcarrillocruz	s/procees/proceed	19:22
lifeless	rcarrillocruz: make a token for your user and put it in your hiera	19:23
lifeless	and adjust the config to use your user	19:23
mordred	yes. what lifeless just said	19:24
rcarrillocruz	i'll look into launchpad documentation for that then	19:24
rcarrillocruz	thx guys	19:24
*** zz_gondoi is now known as gondoi		19:25
*** gondoi is now known as zz_gondoi		19:26
*** hashar has joined #openstack-infra		19:28
*** mgagne has joined #openstack-infra		19:33
*** flaper87\|afk is now known as flaper87		19:45
*** thedodd has quit IRC		19:47
*** andreykurilin_ has joined #openstack-infra		19:54
*** esker has quit IRC		19:54
lifeless	so yeah wow this build speed is astrocious. I'm going to have to look closely at this!	19:54
*** esker has joined #openstack-infra		19:55
*** yfried has joined #openstack-infra		20:05
*** dcramer_ has joined #openstack-infra		20:10
openstackgerrit	Antoine Musso proposed a change to openstack-infra/jenkins-job-builder: Tests for checkstyle publisher https://review.openstack.org/85561	20:14
openstackgerrit	Antoine Musso proposed a change to openstack-infra/jenkins-job-builder: Checkstyle publisher did not honor 0 values https://review.openstack.org/85562	20:14
*** aconrad has quit IRC		20:14
hashar	lifeless: build in RAM!	20:15
lifeless	hashar: pretty sure it is :)	20:16
hashar	or just comment out the slow code, who need tests	20:17
hashar	and I found out a nice little utility that detects duplicated python code across a project http://clonedigger.sourceforge.net/examples.html	20:19
hashar	spurt out a nice list of candidates to factor out some code and avoid repeating ourselves	20:19
*** krotscheck has left #openstack-infra		20:24
*** krotscheck has joined #openstack-infra		20:31
*** mihgen has quit IRC		20:36
*** krtaylor has joined #openstack-infra		20:36
openstackgerrit	Antoine Musso proposed a change to openstack-infra/jenkins-job-builder: Enhance coverage for builder trigger-builds https://review.openstack.org/85564	20:38
*** e0ne has quit IRC		20:42
*** e0ne has joined #openstack-infra		20:43
*** fifieldt has quit IRC		20:43
*** wenlock has joined #openstack-infra		20:54
*** adalbas has joined #openstack-infra		20:54
*** fifieldt has joined #openstack-infra		20:56
*** wenlock has quit IRC		20:58
*** alff has joined #openstack-infra		21:06
*** alff_ has joined #openstack-infra		21:06
clarkb	lifeless: you may find ark.intel.com is useful	21:14
clarkb	but they don't really have performance numbers ther, however there is a lot more info there than you get from a cpu model number	21:15
*** marun has joined #openstack-infra		21:16
lifeless	clarkb: ark is a wonderful site :)	21:16
*** marun is now known as marun_afk		21:18
*** mriedem has quit IRC		21:18
openstackgerrit	Antoine Musso proposed a change to openstack-infra/zuul: Factor out common code between cli utilities https://review.openstack.org/85565	21:20
*** aconrad has joined #openstack-infra		21:20
hashar	ah I have all the node pools instances just for me!!!!!!!	21:21
openstackgerrit	Antoine Musso proposed a change to openstack-infra/zuul: Factor out common code between cli utilities https://review.openstack.org/85565	21:24
*** mriedem has joined #openstack-infra		21:25
*** locke105 has quit IRC		21:28
openstackgerrit	Antoine Musso proposed a change to openstack-infra/zuul: Factor out common code between cli utilities https://review.openstack.org/85565	21:40
*** alexpilotti has quit IRC		21:45
*** dkliban has quit IRC		21:50
*** dkliban has joined #openstack-infra		21:50
*** aconrad has quit IRC		21:52
*** Ryan_Lane has joined #openstack-infra		21:52
*** pcrews has quit IRC		21:55
*** CaptTofu has joined #openstack-infra		21:57
*** Ryan_Lane has quit IRC		21:59
*** akurilin_ has joined #openstack-infra		21:59
*** Ryan_Lane has joined #openstack-infra		22:00
*** wenlock has joined #openstack-infra		22:01
*** andreykurilin_ has quit IRC		22:01
*** zz_gondoi is now known as gondoi		22:06
*** wenlock has quit IRC		22:09
*** greghaynes has quit IRC		22:15
*** locke105 has joined #openstack-infra		22:16
*** gondoi is now known as zz_gondoi		22:18
*** CaptTofu has quit IRC		22:19
*** akurilin_ has quit IRC		22:20
*** zz_gondoi is now known as gondoi		22:35
*** thuc has joined #openstack-infra		22:38
*** adalbas has quit IRC		22:43
*** gondoi is now known as zz_gondoi		22:43
*** saschpe has quit IRC		23:00
*** jcoufal has quit IRC		23:10
*** dstanek has quit IRC		23:13
*** zehicle_at_dell has quit IRC		23:17
*** zehicle has quit IRC		23:18
*** zehicle has joined #openstack-infra		23:18
*** zehicle_at_dell has joined #openstack-infra		23:18
*** saschpe has joined #openstack-infra		23:20
*** hashar has quit IRC		23:20
*** zz_gondoi is now known as gondoi		23:21
*** gondoi is now known as zz_gondoi		23:23
*** Ryan_Lane has quit IRC		23:24
*** thuc has quit IRC		23:26
*** thuc has joined #openstack-infra		23:27
*** wenlock has joined #openstack-infra		23:28
*** thuc has quit IRC		23:31
*** Ryan_Lane has joined #openstack-infra		23:36
*** flaper87 is now known as flaper87\|afk		23:37
*** wenlock has quit IRC		23:40

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!