Thursday, 2019-02-21

« Wednesday, 2019-02-20 Index Friday, 2019-02-22 »
*** agopi has joined #openstack-infra00:00
*** jamesmcarthur has quit IRC00:01
*** jcoufal has quit IRC00:03
*** hwoarang has quit IRC00:04
*** wolverineav has quit IRC00:05
*** hwoarang has joined #openstack-infra00:05
*** wolverineav has joined #openstack-infra00:06
*** wolverineav has quit IRC00:11
*** agopi has quit IRC00:12
*** mattw4 has joined #openstack-infra00:16
*** markvoelker has joined #openstack-infra00:19
*** tosky has quit IRC00:19
*** wolverineav has joined #openstack-infra00:37
*** hrubi has quit IRC00:38
*** wolverineav has quit IRC00:42
*** rascasoft has joined #openstack-infra00:46
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: WIP: use-buildset-registry: support running before docker installed  https://review.openstack.org/63818000:47
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: Split docker mirror config into its own role  https://review.openstack.org/63819500:47
*** rascasoft has quit IRC00:50
*** mattw4 has quit IRC00:50
*** slaweq has quit IRC00:52
paladoxcorvus did you see https://i.imgur.com/l0y7OVw.png ? (zuul status in gerrit's ui) :)00:57
corvuspaladox: no -- is that using the verify status plugin?01:12
paladoxNope, that's using the zuul endpoint01:12
*** whoami-rajat has joined #openstack-infra01:12
corvuspaladox: so javascript added to gerrit to query zuul api?01:13
paladoxyeh, it's a PolyGerrit plugin01:13
paladoxI built one for the wmf.01:13
corvusah, neat01:13
paladoxcorvus His one was much better then mine :) (so i updated it to match his one)01:14
paladoxhttps://gerrit-review.googlesource.com/admin/repos/plugins/zuul-status01:14
paladoxthat's the one i built for the wmf ^^ :)01:14
paladoxthat supports zuul v2 (and v3)01:15
openstackgerritKendall Nelson proposed openstack-infra/storyboard master: Add documentation for private stories  https://review.openstack.org/63623501:18
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: WIP: use-buildset-registry: support running before docker installed  https://review.openstack.org/63818001:18
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: Split docker mirror config into its own role  https://review.openstack.org/63819501:18
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: use-buildset-registry: configure as a pull-through proxy  https://review.openstack.org/63831201:18
corvusfungi, AJaeger, mordred, clarkb: https://review.openstack.org/638312 needs to merge before i can proceed with further registry testing01:20
*** logan- has quit IRC01:22
paladoxcorvus this is what it looks like https://phabricator.wikimedia.org/F28247287 :)01:22
*** logan- has joined #openstack-infra01:23
*** wolverineav has joined #openstack-infra01:24
*** agopi has joined #openstack-infra01:26
*** wolverineav has quit IRC01:28
*** logan- has quit IRC01:31
*** logan- has joined #openstack-infra01:31
*** mriedem has quit IRC01:35
*** rascasoft has joined #openstack-infra01:36
*** rascasoft has quit IRC01:42
*** sdake has quit IRC01:44
*** rh-jelabarre has quit IRC01:44
*** hwoarang has quit IRC01:47
*** sdake has joined #openstack-infra01:47
*** hwoarang has joined #openstack-infra01:48
*** wolverineav has joined #openstack-infra01:50
*** hwoarang has quit IRC01:55
*** hwoarang has joined #openstack-infra01:56
openstackgerritMerged openstack-infra/storyboard master: Imported Translations from Zanata  https://review.openstack.org/62539302:04
*** anteaya has quit IRC02:04
*** gyee has quit IRC02:06
*** jamesmcarthur has joined #openstack-infra02:10
*** wolverineav has quit IRC02:20
*** wolverineav has joined #openstack-infra02:21
*** wolverineav has quit IRC02:22
*** wolverineav has joined #openstack-infra02:26
openstackgerritMerged openstack-infra/storyboard master: Use python3 for basepython in tox.ini  https://review.openstack.org/63335202:30
openstackgerritMerged openstack-infra/storyboard master: Remove upper limit on PyMySQL version  https://review.openstack.org/63335502:30
*** wolverineav has quit IRC02:31
*** jamesmcarthur has quit IRC02:37
*** jamesmcarthur has joined #openstack-infra02:42
*** efried_pto is now known as efried02:43
*** hongbin has joined #openstack-infra02:48
*** sdake has quit IRC02:48
*** sdake has joined #openstack-infra02:50
*** psachin has joined #openstack-infra02:52
*** sdake has quit IRC02:57
*** sdake has joined #openstack-infra02:59
*** dklyle has quit IRC03:03
*** wolverineav has joined #openstack-infra03:06
*** jamesmcarthur has quit IRC03:08
*** wolverineav has quit IRC03:10
*** apetrich has quit IRC03:14
*** roman_g has quit IRC03:16
*** dklyle has joined #openstack-infra03:17
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: gerrit: add support for report only connection  https://review.openstack.org/56821603:18
*** markvoelker has quit IRC03:20
*** jamesmcarthur has joined #openstack-infra03:32
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add buildsets page  https://review.openstack.org/63004103:32
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add /{tenant}/buildset/{uuid} route  https://review.openstack.org/63007803:32
*** spsurya has joined #openstack-infra03:34
openstackgerritIan Wienand proposed openstack-infra/project-config master: Add nodepool-dib dashboard  https://review.openstack.org/63832503:36
*** ramishra has joined #openstack-infra03:43
*** wolverineav has joined #openstack-infra03:48
*** udesale has joined #openstack-infra03:51
*** jamesmcarthur has quit IRC04:00
*** jamesmcarthur has joined #openstack-infra04:01
*** jamesmcarthur has quit IRC04:05
*** rascasoft has joined #openstack-infra04:06
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: gerrit: add support for report only connection  https://review.openstack.org/56821604:08
*** hwoarang has quit IRC04:12
*** hwoarang has joined #openstack-infra04:14
*** rascasoft has quit IRC04:18
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add /{tenant}/buildset/{uuid} route  https://review.openstack.org/63007804:19
*** markvoelker has joined #openstack-infra04:21
*** wolverineav has quit IRC04:29
*** gagehugo has joined #openstack-infra04:29
*** ianychoi has quit IRC04:31
*** jbadiapa has quit IRC04:38
*** jbadiapa has joined #openstack-infra04:38
*** sdake has quit IRC04:50
*** sdake has joined #openstack-infra04:54
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add /{tenant}/buildset/{uuid} route  https://review.openstack.org/63007804:54
*** markvoelker has quit IRC04:55
*** hongbin has quit IRC05:04
*** diablo_rojo has quit IRC05:05
*** Dobroslaw has quit IRC05:07
*** emccormick has quit IRC05:07
*** jtomasek has joined #openstack-infra05:09
*** sdake has quit IRC05:14
*** sdake has joined #openstack-infra05:16
*** hwoarang has quit IRC05:16
*** hwoarang has joined #openstack-infra05:18
kota_hello, can I have a way to pin a package version lower than openstack upper constraint in requirements.txt?05:22
kota_when installing the package/dependencies with `-r requirements.txt -c https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt`, the version pinned at the upper constraint even we have `package == specific version` in requirments.txt05:23
kota_the specific version is lower than upper constraints so it should be pinned at the lower one, is it correct?05:24
*** hwoarang has quit IRC05:39
*** hwoarang has joined #openstack-infra05:41
*** yamamoto has quit IRC05:44
*** yamamoto has joined #openstack-infra05:48
*** fdegir has quit IRC05:48
*** sdake has quit IRC05:48
*** fdegir has joined #openstack-infra05:48
*** agopi has quit IRC05:49
*** sdake has joined #openstack-infra05:49
*** markvoelker has joined #openstack-infra05:52
*** wolverineav has joined #openstack-infra05:55
*** wolverineav has quit IRC05:59
*** kmrchdn is now known as chandankumar06:01
*** sdake has quit IRC06:03
*** sdake has joined #openstack-infra06:05
*** auristor has quit IRC06:07
*** auristor has joined #openstack-infra06:10
*** kjackal has joined #openstack-infra06:15
openstackgerritTristan Cacqueray proposed openstack-infra/nodepool master: Add python-path option to label  https://review.openstack.org/63733806:22
*** markvoelker has quit IRC06:25
*** spsurya has quit IRC06:25
*** sdake has quit IRC06:37
*** stakeda has joined #openstack-infra06:46
*** quiquell|off is now known as quiquell06:50
*** rkukura_ has joined #openstack-infra06:50
*** rkukura has quit IRC06:54
*** rkukura_ is now known as rkukura06:54
*** yamamoto has quit IRC06:59
*** hrubi has joined #openstack-infra07:02
*** rascasoft has joined #openstack-infra07:05
*** slaweq has joined #openstack-infra07:08
*** rascasoft has quit IRC07:09
*** psachin has quit IRC07:10
*** egonzalez has quit IRC07:10
*** egonzalez has joined #openstack-infra07:11
*** rcernin has quit IRC07:13
*** aojea has joined #openstack-infra07:14
*** spsurya has joined #openstack-infra07:17
*** wolverineav has joined #openstack-infra07:18
*** kopecmartin|off is now known as kopecmartin07:19
*** bhavikdbavishi has joined #openstack-infra07:19
*** pcaruana has joined #openstack-infra07:19
*** markvoelker has joined #openstack-infra07:22
*** Dobroslaw has joined #openstack-infra07:29
*** quiquell is now known as quiquiell|brb07:30
*** psachin has joined #openstack-infra07:32
*** apetrich has joined #openstack-infra07:33
*** yamamoto has joined #openstack-infra07:38
*** rlandy|bbl is now known as rlandy07:44
*** wolverineav has quit IRC07:52
*** markvoelker has quit IRC07:55
*** bhavikdbavishi has quit IRC07:56
*** quiquiell|brb is now known as quiquell07:59
*** rascasoft has joined #openstack-infra08:05
*** jaosorior has quit IRC08:08
*** ccamacho has quit IRC08:18
*** tkajinam has quit IRC08:23
*** jpich has joined #openstack-infra08:23
*** ginopc has joined #openstack-infra08:25
openstackgerritIan Wienand proposed openstack-infra/project-config master: Add nodepool-dib dashboard  https://review.openstack.org/63832508:26
*** tosky has joined #openstack-infra08:26
*** wolverineav has joined #openstack-infra08:28
*** jpena|off is now known as jpena08:29
openstackgerritMerged openstack-infra/grafyaml master: Add valueMaps and rangeMaps support  https://review.openstack.org/63828808:40
*** markvoelker has joined #openstack-infra08:52
*** dtantsur|afk is now known as dtantsur\08:53
*** dtantsur\ is now known as dtantsur08:53
*** yamamoto has quit IRC08:56
*** jento has quit IRC08:59
*** gfidente has joined #openstack-infra08:59
*** wolverineav has quit IRC09:00
*** jento has joined #openstack-infra09:01
*** yamamoto has joined #openstack-infra09:04
*** ociuhandu has quit IRC09:04
*** electrofelix has joined #openstack-infra09:08
*** ccamacho has joined #openstack-infra09:09
*** roman_g has joined #openstack-infra09:10
*** ccamacho has quit IRC09:10
*** ccamacho has joined #openstack-infra09:11
*** janki has joined #openstack-infra09:12
*** e0ne has joined #openstack-infra09:14
*** aojea has quit IRC09:14
*** ociuhandu has joined #openstack-infra09:24
*** markvoelker has quit IRC09:25
*** ociuhandu has quit IRC09:25
*** ociuhandu has joined #openstack-infra09:26
*** derekh has joined #openstack-infra09:31
*** panda|off is now known as panda09:54
*** wolverineav has joined #openstack-infra09:57
*** jaosorior has joined #openstack-infra09:57
*** yamamoto has quit IRC09:58
*** iurygregory has quit IRC10:01
*** markvoelker has joined #openstack-infra10:17
*** spsurya has quit IRC10:22
stephenfincoreycb: Quick question: why are there two different types of py37 patch, "Change python3.5 job to python3.7 job on Stein+" and "add python 3.7 unit test job", and do we plan to switch the latter to the former?10:27
*** wolverineav has quit IRC10:30
*** yamamoto has joined #openstack-infra10:34
*** ChosSimbaOne_Lap has quit IRC10:34
*** kjackal has quit IRC10:38
*** psachin has quit IRC10:38
*** kjackal has joined #openstack-infra10:38
*** yamamoto has quit IRC10:39
*** luizbag has joined #openstack-infra10:41
*** ChosSimbaOne_Lap has joined #openstack-infra10:41
*** psachin has joined #openstack-infra10:41
*** ChosSimbaOne_Lap has quit IRC10:45
*** stakeda has quit IRC10:49
*** jaosorior has quit IRC10:55
quiquellhello10:56
quiquellwhen I ping review.openstack.org it rediects me to review01.openstack.org is this all good ?10:56
*** lpetrut has joined #openstack-infra11:03
*** bhavikdbavishi has joined #openstack-infra11:10
Shrewsquiquell: yes. that's a common pattern we follow so that we can upgrade/replace instances more easily11:12
quiquellShrews: thanks I was following a red herring, it's all ok11:13
*** jaosorior has joined #openstack-infra11:15
*** psachin has quit IRC11:22
*** udesale has quit IRC11:26
*** wolverineav has joined #openstack-infra11:27
*** yamamoto has joined #openstack-infra11:29
*** yamamoto has quit IRC11:34
geguileodhellmann: hi, do we need tonyb's +1 or is it enough with mriedem's? https://review.openstack.org/#/c/637614/11:43
*** ldnunes has joined #openstack-infra11:46
*** FlorianFa has joined #openstack-infra11:47
*** FlorianFa has quit IRC11:51
*** FlorianFa has joined #openstack-infra11:54
*** FlorianFa has quit IRC11:56
*** jpena is now known as jpena|lunch11:56
*** FlorianFa has joined #openstack-infra11:56
*** bhavikdbavishi has quit IRC11:59
*** bhavikdbavishi has joined #openstack-infra11:59
*** wolverineav has quit IRC12:00
*** sdake has joined #openstack-infra12:02
*** quiquell is now known as quiquell|lunch12:05
*** dayou has quit IRC12:19
*** bhavikdbavishi1 has joined #openstack-infra12:20
*** bhavikdbavishi has quit IRC12:20
*** bhavikdbavishi1 is now known as bhavikdbavishi12:20
*** dayou has joined #openstack-infra12:23
*** e0ne has quit IRC12:24
*** yamamoto has joined #openstack-infra12:28
*** e0ne has joined #openstack-infra12:31
*** yamamoto has quit IRC12:34
*** kgiusti has quit IRC12:37
*** kaiokmo has quit IRC12:44
*** jesusaur has quit IRC12:50
coreycbstephenfin: the original approach to adding the py37 unit tests was "Change python3.5 job to python3.7 job on Stein+" and that received a lot of pushback12:54
coreycbstephenfin: i think dropping py35 has since been approved but that's not my focus anyway so i figured the patches should just focus on py37.12:55
*** jesusaur has joined #openstack-infra12:56
openstackgerritSorin Sbarnea proposed openstack-infra/zuul-jobs master: Assure iptables is installed inside multi-node-firewall role  https://review.openstack.org/63841412:58
*** wolverineav has joined #openstack-infra12:58
coreycbso the only ones that should land are titled "add python 3.7 unit test job". i've made an effort to override the old subject patches with the new one (using the same change-id), however I haven't heard back from Filippo Inzaghi about his abandoned patches which i can't override so i've submitted new ones for those.12:59
coreycbstephenfin: ^12:59
aspiersis it just me or has the post job for https://review.openstack.org/#/c/638396/ *not* run, plus it's not in the zuul queue?12:59
stephenfincoreycb: Ahh, fair enough. I'll got back and re-review, in that case12:59
coreycbstephenfin: thanks! always good when someone reviews things and doesn't give a blind +1 :)13:00
*** kaiokmo has joined #openstack-infra13:00
AJaegeraspiers: check http://zuul.openstack.org/builds13:01
aspiersAJaeger: not there either13:02
*** yamamoto has joined #openstack-infra13:03
dhellmanngeguileo : Matt's is enough for that one13:03
*** trown|outtypewww is now known as trown13:06
*** rh-jelabarre has joined #openstack-infra13:06
aspiersAJaeger: definitely looks to me like something went wrong13:08
aspiersthe job should either be in the queue, or running, or done - right?13:08
aspiersno other cracks for it to fall down13:08
*** yamamoto has quit IRC13:08
openstackgerritSorin Sbarnea proposed openstack-infra/zuul-jobs master: Assure iptables is installed inside multi-node-firewall role  https://review.openstack.org/63841413:08
*** quiquell|lunch is now known as quiquell13:10
*** jcoufal has joined #openstack-infra13:13
*** jpena|lunch is now known as jpena13:15
*** markvoelker has quit IRC13:17
*** markvoelker has joined #openstack-infra13:18
AJaegeraspiers: yeah, should be...13:20
AJaegeraspiers: check again: http://zuul.openstack.org/builds?project=openstack%2Fopenstack-manuals&pipeline=post13:21
AJaegeraspiers: which points to http://zuul.openstack.org/build/ac6653406146418099af9c9e652ff0df13:21
AJaegerSo, that one run13:21
*** markvoelker has quit IRC13:22
*** sdake has quit IRC13:23
*** sdake has joined #openstack-infra13:24
aspiersOh OK, so it's not a substring search AND I missed that you have to switch to filter by project13:24
geguileodhellmann: thanks13:24
aspiersnor does it give you access to the job logs13:26
aspiersand the publish job is still not shown at https://review.openstack.org/#/c/638396/13:26
aspiersbut apparently it finally ran13:26
aspiersI'm not sure why it's a black box though13:27
AJaegeraspiers: it gives access to logs, see second link13:27
AJaegerclick on the "SUCCESS" for the log file13:27
aspiersI tried that, nothing happened13:27
AJaegeraspiers: the publish job will never be shown at 63839613:27
aspiersreally? I could have sworn I saw it previously13:28
AJaegeraspiers: http://logs.openstack.org/20/206a92cf3593340295692a78a97463fb6291072e/post/publish-openstack-manuals-lang/ac66534/13:28
aspiersOK, somehow that page hung in my browser13:28
AJaegerto get there: Go to http://zuul.openstack.org/build/ac6653406146418099af9c9e652ff0df and then click on log URL13:28
aspiersafter reloading it now works13:28
openstackgerritMerged openstack-infra/zuul-jobs master: use-buildset-registry: configure as a pull-through proxy  https://review.openstack.org/63831213:28
aspiersMurphy is doing everything possible today :-/13:28
AJaegerah, that was the lang job - you want another one...13:28
AJaegeraspiers: in a meeting - can't help further - hope this bit helps...13:29
aspiersAJaeger: it does indeed, many thanks!13:29
aspiersalthough I'm still puzzled why it didn't show up in zuul's post queue13:30
*** wolverineav has quit IRC13:30
*** bhavikdbavishi has quit IRC13:32
*** mriedem has joined #openstack-infra13:34
*** yamamoto has joined #openstack-infra13:36
AJaegeraspiers: did you have some filter running on zuul.openstack.org ? E.g filter for 638396 ?13:36
*** sdake has quit IRC13:36
*** yamamoto has quit IRC13:36
*** sdake has joined #openstack-infra13:38
aspiersI searched with and without a filter13:38
*** rlandy has joined #openstack-infra13:40
AJaegeraspiers: with filter you would not see it since post jobs do not have the 638396 but the sha1 of the change!13:42
AJaegerso, you need to search for sha1 or for openstack-manuals for post jobs13:42
AJaegerbbl13:43
*** jamesmcarthur has joined #openstack-infra13:43
*** yamamoto has joined #openstack-infra13:47
*** kgiusti has joined #openstack-infra13:47
*** kgiusti has quit IRC13:52
*** jamesmcarthur has quit IRC13:58
*** jamesmcarthur has joined #openstack-infra13:58
*** jamesmcarthur has quit IRC14:03
*** kgiusti has joined #openstack-infra14:08
*** jaosorior has quit IRC14:08
fungiyeah, and unless the change could be pushed down as a fast-forward, the sha you'd need to look for would be the merge commit gerrit creates when zuul calls the submit api after the gate jobs succeed14:10
fungieasier to go to the builds table and filter there for the job name (and maybe also project and pipeline depending on how much that same job is reused in other places)14:12
*** yamamoto has quit IRC14:13
*** sdake has quit IRC14:14
*** yamamoto has joined #openstack-infra14:14
*** yamamoto has quit IRC14:14
*** yamamoto has joined #openstack-infra14:15
*** panda is now known as panda|ruck14:16
*** markvoelker has joined #openstack-infra14:18
*** yamamoto has quit IRC14:19
*** udesale has joined #openstack-infra14:22
*** eharney has joined #openstack-infra14:25
*** wolverineav has joined #openstack-infra14:28
*** jamesmcarthur has joined #openstack-infra14:29
*** jaosorior has joined #openstack-infra14:30
*** sdake has joined #openstack-infra14:31
*** jamesmcarthur has quit IRC14:34
*** ramishra has quit IRC14:40
*** dave-mccowan has joined #openstack-infra14:47
*** sdake has quit IRC14:51
*** markvoelker has quit IRC14:53
*** ekultails has joined #openstack-infra14:53
openstackgerritsebastian marcet proposed openstack-infra/openstackid-resources master: Updated Filter available summit class  https://review.openstack.org/63843014:56
*** yamamoto has joined #openstack-infra14:57
openstackgerritMerged openstack-infra/openstackid-resources master: Updated Filter available summit class  https://review.openstack.org/63843014:57
*** sdake has joined #openstack-infra15:01
*** wolverineav has quit IRC15:01
*** yamamoto has quit IRC15:01
*** anteaya has joined #openstack-infra15:04
*** jaosorior has quit IRC15:08
*** anteaya has quit IRC15:09
*** jamesmcarthur has joined #openstack-infra15:10
openstackgerritsebastian marcet proposed openstack-infra/openstackid-resources master: Revert "Update API code to work with Presentation Moderators collection (+N)"  https://review.openstack.org/63843615:11
openstackgerritsebastian marcet proposed openstack-infra/openstackid-resources master: Revert "Speakers/Moderators Refactoring"  https://review.openstack.org/63843715:11
*** gfidente has quit IRC15:14
*** jamesmcarthur has quit IRC15:17
*** anteaya has joined #openstack-infra15:19
*** dave-mccowan has quit IRC15:21
openstackgerritsebastian marcet proposed openstack-infra/openstackid-resources master: Revert "Update API code to work with Presentation Moderators collection (+N)"  https://review.openstack.org/63843615:22
*** jistr is now known as jistr|afk15:22
*** markmcd has joined #openstack-infra15:22
openstackgerritMerged openstack-infra/openstackid-resources master: Revert "Update API code to work with Presentation Moderators collection (+N)"  https://review.openstack.org/63843615:23
*** markmcd has left #openstack-infra15:24
dmsimardinfra-root: nb03 is out of disk space on the /opt partition15:25
fungidmsimard: thanks for the heads up15:26
pabelangerdmsimard: what is the size of gentoo cache? That caused the last HDD space issues last time on other builder15:26
fungidmsimard: are you working on cleaning it up? if not, i'll dig into that after i get done sorting out the config change we need to fix e-mail notifications for storyboard15:26
fungi(which will be after i see the light at the end of the current meeting tunnel)15:27
openstackgerritsebastian marcet proposed openstack-infra/openstackid-resources master: Revert "Speakers/Moderators Refactoring"  https://review.openstack.org/63843715:27
dmsimardfungi: I found it "by accident" when looking for another problem -- I can get to it eventually but need to take care of the first issue before rabbitholing :)15:28
openstackgerritMerged openstack-infra/openstackid-resources master: Revert "Speakers/Moderators Refactoring"  https://review.openstack.org/63843715:29
fungidmsimard: got it, thanks. sounds familiar ;)15:30
*** ramishra has joined #openstack-infra15:30
*** jistr|afk is now known as jistr15:32
openstackgerritsebastian marcet proposed openstack-infra/openstackid-resources master: Fixed merge conflict  https://review.openstack.org/63844115:34
openstackgerritMerged openstack-infra/openstackid-resources master: Fixed merge conflict  https://review.openstack.org/63844115:34
*** kjackal has quit IRC15:35
*** apetrich has quit IRC15:36
*** apetrich has joined #openstack-infra15:41
*** dave-mccowan has joined #openstack-infra15:41
*** sc has joined #openstack-infra15:43
*** dave-mccowan has quit IRC15:45
*** jaosorior has joined #openstack-infra15:46
chandankumarHey Infra!15:47
*** sdake has quit IRC15:48
chandankumarWhy stackviz has two tarballs published on tarballs.openstack.org?15:48
chandankumarhttp://tarballs.openstack.org/stackviz/dist/ and http://tarballs.openstack.org/package-stackviz-element/15:48
*** jamesmcarthur has joined #openstack-infra15:48
*** markvoelker has joined #openstack-infra15:50
*** sdake has joined #openstack-infra15:50
*** janki has quit IRC15:53
*** jamesmcarthur has quit IRC15:53
*** tosky has quit IRC15:53
*** tosky has joined #openstack-infra15:54
*** jamesmcarthur has joined #openstack-infra15:58
*** jamesmcarthur has quit IRC15:58
*** jamesmcarthur has joined #openstack-infra15:58
*** wolverineav has joined #openstack-infra15:58
*** diablo_rojo has joined #openstack-infra16:00
openstackgerritJeremy Stanley proposed openstack-infra/system-config master: Add site name to Exim local_domains on SB server  https://review.openstack.org/63844816:01
fungiinfra-root: ^ brown bag fix for e-mail notification on storyboard.o.o16:02
dmsimardfungi: ok, looking at nb03.16:02
dmsimardmay I stop nodepool-builder and put nb03 in the emergency file so it doesn't get in my way ?16:04
*** ekultails has quit IRC16:04
fungidmsimard: i say go for it16:04
fungiall that's going to do, at worst, is not build more images16:04
fungiwhich it probably isn't doing anyway16:04
dmsimardyeah, just validating :)16:04
*** ramishra has quit IRC16:05
*** NCLanceman has joined #openstack-infra16:06
*** kjackal has joined #openstack-infra16:06
clarkbpabelanger: the gentoo cache was not the cause of the disk problems16:07
*** rfolco is now known as rfolco|rover16:07
clarkbpabelanger: it just looked that way because of lvm disk accounting16:07
dmsimardI was discussing an odd behavior of nodepool with pabelanger in another channel16:07
dmsimardand noticed it upstream as well16:07
clarkbthe actual problem was not being able to upload images reliably to some clouds so that odd images were sticking around (effectively we doubled the number of images we kept) as well as some leaked builds16:08
dmsimardshould we ever only build and upload raw images ? we have some qcow, raw and even vhd images16:08
clarkbdmsimard: different clouds need different formats so that is normal on our nb01 and nb02 builders. I do not know if we should be doing that for the arm64 clouds (nb03 is the arm64 dedicated builder)16:10
dmsimardyeah nb03 is all qcow -- I saw the vhd's in nb0116:11
*** sthussey has joined #openstack-infra16:11
*** udesale has quit IRC16:11
pabelangerrackspace needs vhds16:11
pabelangervhd*16:11
dmsimardI was trying to correlate with an issue we're seeing in RDO's nodepool -- it's building both qcow2 and raw while we specify "formats: raw"16:12
*** quiquell is now known as quiquell|off16:13
*** jamesmcarthur has quit IRC16:13
*** NCLanceman has quit IRC16:13
clarkbdmsimard: newer nodepool uses the cloud.yaml data to determine format. Possible that is set to qcow2 and overriding?16:13
pabelangerdmsimard: do you have more then 1 provider for the image that be being used?16:13
*** hamzy has quit IRC16:15
dmsimardclarkb: nothing specific in clouds.yaml and it's a cloud that isn't mapped in openstacksdk16:15
dmsimardpabelanger: not as far as I can tell16:16
dmsimardanyway, I'll take care of nb03 and I'll go back to that after -- it's two different things :p16:16
*** ekultails has joined #openstack-infra16:19
clarkbdmsimard: looks like most of it is leaked images again in /opt/nodepool_dib16:21
clarkbdmsimard: when I ran into that before I do nodepool image listings to find which images are still valid then deleted those that werent16:21
clarkbI wonder if zk connections issues might explain that (possibly worth looking in the logs for evidence of that)16:22
corvusclarkb: can you remind me which is the current docker v2 mirror address?16:22
corvusis that 8082?16:22
dmsimardclarkb: nodepool@nb03:~$ 2019-02-21 16:19:44,912 WARNING kazoo.client: Connection dropped: socket connection error: Network is unreachable16:22
dmsimardthat was when doing a "nodepool dib-image-list"16:22
*** e0ne has quit IRC16:23
*** markvoelker has quit IRC16:23
clarkbcorvus: yes the higher numbered port. 8081 is the old protocol iirc16:23
clarkbthough it might be 8080 and 8081 /me checks apache conf16:24
clarkbcorvus: 8081 is old 8082 is new16:24
clarkbdmsimard: I think that is "normal"16:24
corvusclarkb: how sure are we that it's working?  this is what i get with 'docker pull alpine'  --  http://paste.openstack.org/show/745628/16:26
dmsimardclarkb: do you have a script or a one liner to easily compare the image list against the image directory ?16:26
clarkbdmsimard: no I did it by hand beacuse I was trying to understand what might have caushed it (so was debugging concurrently)16:27
clarkbunfortunately I didn't find anything16:27
dmsimardok16:27
clarkbcorvus: hrm maybe dockerhub moved their backend data again16:27
*** jamesmcarthur has joined #openstack-infra16:27
clarkbcorvus: the cachign there is weird because dockerhub redirects you to a cdn/object store and that has changed in the past16:28
clarkbwow and you can't do anonymous fetches?16:30
*** defionscode has quit IRC16:30
*** wolverineav has quit IRC16:31
clarkbcorvus: `https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/ca/caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019/data?verify=1550769259-lsxHynSfq%2Bt7BBVW3nPZCE8Q60Q%3D` works from here16:32
corvusclarkb: i'm attempting to reverse the rewrite for the first 404 there, and i come up with " https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/ca/caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019/data?verify=1550769259-lsxHynSfq%2Bt7BBVW3nPZCE8Q60Q%3D"  which seems to work....16:32
clarkbya16:32
clarkbcorvus: possibly hitting a bad cdn node from $cloud?16:33
*** kopecmartin is now known as kopecmartin|off16:33
corvusclarkb: it works from mirror.iad.rax.openstack.org too16:33
corvusclarkb: maybe it doesn't like our user agent?16:33
clarkbmaybe? or possibly apache is rewriting the url in a subtly different way and beraking it?16:34
clarkbcorvus: will apache use a different user agent than the client it is proxying for? Maybe we can have it use the client's user agent16:37
corvusi'm going to try to get some debug logging from apache16:39
clarkbok16:39
*** hamzy has joined #openstack-infra16:40
*** emccormick has joined #openstack-infra16:40
openstackgerritEmilien Macchi proposed openstack-infra/project-config master: Add publish-to-pypi to instack-undercloud  https://review.openstack.org/63845916:41
*** ekultails has quit IRC16:43
*** ekultails has joined #openstack-infra16:45
*** yamamoto has joined #openstack-infra16:45
corvusclarkb: debug level logging doesn't seem to provide any more information, it just repeats the urls more often. :(16:46
*** lpetrut has quit IRC16:46
clarkbcorvus: what about wget'ing the url through the mirror now. Is it a consistent failure?16:47
* clarkb contructs that url16:47
*** defionscode has joined #openstack-infra16:47
*** dave-mccowan has joined #openstack-infra16:47
clarkb`http://mirror.iad.rax.openstack.org:8082/cloudflare/registry-v2/docker/registry/v2/blobs/sha256/ca/caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019/data?verify=1550769259-lsxHynSfq%2Bt7BBVW3nPZCE8Q60Q%3D` is a 40416:48
*** gyee has joined #openstack-infra16:48
clarkbso does seem consistent16:48
*** lpetrut has joined #openstack-infra16:49
*** yamamoto has quit IRC16:50
*** defionscode has quit IRC16:51
*** defionscode has joined #openstack-infra16:53
*** mlavalle has joined #openstack-infra16:53
clarkbcorvus: RequestHeader set User-Agent "docker/18.09.2 go/go1.10.6 git-commit/6247962 kernel/4.15.0-45-generic os/linux arch/amd64 UpstreamClient(Docker-Client/18.09.2 \\(linux\\))" to force that through?16:54
dmsimardThat's a lot of leaked images on nb03... http://paste.openstack.org/show/745633/16:55
clarkbdmsimard: hrm ya. It seems more and more liekly this is a regression in nodepool we'll need to address16:56
*** ginopc has quit IRC16:57
*** gfidente has joined #openstack-infra16:57
dmsimardlet me do the same exercise on the other nbs out of curiosity16:57
clarkbfwiw those files can be safely deleted if nodepool has lost track of them. (not sure if that will make debugging harder though)16:58
dmsimardno leaks on nb01 apparently16:58
fungiclarkb: dmsimard: pabelanger: https://review.openstack.org/638448 is a one-liner change to get e-mail notifications working for storyboard again (it's been broken since friday's maintenance to replace the old trusty server with a xenial one, since we switched to using a different hostname from the service name)16:58
fungia concerned user e-mailed me directly about it this morning, worried their mail host was blocking notifications16:59
clarkbfungi: approved16:59
dmsimardno leaks on nb02 either16:59
fungithanks!16:59
corvusi'm restarting apache on mirror.iax to load mod_log_forensic17:01
clarkbrgr17:01
corvusthat didn't help either17:03
Shrewsdmsimard: clarkb: nb03 was what i was using for some manual testing a couple weeks back for the build timeout. possible some of those are from that?17:03
dmsimardnb03 now has 120GB free, up from ... 017:04
dmsimardgoing to restart nodepool builder and remove from the emergency file17:04
*** mlavalle has left #openstack-infra17:06
*** jpich has quit IRC17:06
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: Proposed spec: tenant-scoped admin web API  https://review.openstack.org/56232117:06
dmsimard#status log (dmsimard) nb03 was found out of disk space on /opt, there is now 120GB available after cleaning up leaked images17:06
openstackstatusdmsimard: finished logging17:06
*** pcaruana has quit IRC17:07
clarkbcorvus: terrible idea: looks like cloudflare does http in addition to https. We could flip to http to capture the network transfer more easily17:07
corvusclarkb: i like it.  will do.17:07
dmsimardShrews: don't know, let's wait a bit and check if things seem to leak still.17:09
openstackgerritMerged openstack-infra/infra-specs master: Update priority effort Gerrit topics  https://review.openstack.org/63802417:13
*** yamamoto has joined #openstack-infra17:20
*** markvoelker has joined #openstack-infra17:20
*** luizbag_ has joined #openstack-infra17:21
corvusclarkb: hrm, i can't figure out how to get apache to do that right now; i have to afk for a few, server is all yours if you want it.17:22
*** jamesmcarthur_ has joined #openstack-infra17:24
*** luizbag has quit IRC17:24
*** erikm has joined #openstack-infra17:25
*** yamamoto has quit IRC17:25
*** luizbag_ has quit IRC17:26
*** wolverineav has joined #openstack-infra17:26
*** jamesmcarthur has quit IRC17:27
clarkbok curre tly juggling a sick kid but will look in a bit17:27
*** dtantsur is now known as dtantsur|afk17:29
openstackgerritMerged openstack-infra/system-config master: Add site name to Exim local_domains on SB server  https://review.openstack.org/63844817:31
*** mattw4 has joined #openstack-infra17:35
*** ccamacho has quit IRC17:36
*** trown is now known as trown|lunch17:38
*** mattw4 has quit IRC17:42
*** mattw4 has joined #openstack-infra17:43
*** zzzeek has quit IRC17:44
clarkbcorvus: bah on closer inspection http is a 301 to https17:46
clarkbalso my old urls now return 403 forbidden so I think the timer on whatever token we had has expired17:47
*** yamamoto has joined #openstack-infra17:47
*** ociuhandu has quit IRC17:48
*** panda|ruck is now known as panda|ruck|off17:48
*** wolverineav has quit IRC17:48
clarkbI'm going to put my thinking cap on while drinking this tea and ponder other approaches17:48
clarkbfungi: ^ may have ideas too. I'd like to avoid sorting out https pcap but maybe that is what we are left with17:49
*** zzzeek has joined #openstack-infra17:49
*** shardy has quit IRC17:49
*** ociuhandu has joined #openstack-infra17:50
fungiwe want to be able to get plaintext packet captures of ssl/tls streams?17:50
*** Vadmacs has joined #openstack-infra17:51
clarkbfungi: more generally debug why the 404s in http://paste.openstack.org/show/745628/ are 404s when they are 200s when requested to the backend locally17:52
clarkbfungi: plaintext packet capture of the tls stream between apache and dockerhubs CDN may be on path there17:53
*** markvoelker has quit IRC17:53
*** ociuhandu has quit IRC17:54
*** lpetrut has quit IRC17:54
clarkbnote that those urls seem to be 403s for me locally now, I think they must only be valid for an hour?17:56
openstackgerritJan Kundrát proposed openstack-infra/nodepool master: runc: Allow overlayfs mounts for container's rootfs  https://review.openstack.org/63846917:57
fungihttps://medium.com/@tonywooster/docker-in-docker-in-gitlab-runners-220caeb708ca seems to describe an implementation where a docker registry is used as a central dockerhub image cache. not as straightforward as a caching web proxy unfortunately, but worth mentioning since i happened to stumble across it looking for solutions to the problem we're seeing18:02
fungisimilar use case to ours though, i think18:03
*** sdake has quit IRC18:05
*** sdake has joined #openstack-infra18:06
clarkbhttps://docs.docker.com/registry/recipes/mirror/ is the docs for that. So far we've avoided it because in theory this protocol is http and should just work (tm). Unfortunately they try really ahrd to not make that the case18:06
*** wolverineav has joined #openstack-infra18:06
clarkbits silly to think we'd need application specific http caches, but maybe that is the reality we live in18:07
*** roman_g has quit IRC18:13
clarkbwe likely could replace the docker vhost config in our mirrors with a copy of the insecure docker registry but configured to be a pass through mirror instead. I don't know how it manages disk usage though18:15
clarkb(like will it have a sad not being the only cache on the system)18:15
*** mattw4 has quit IRC18:17
*** mattw4 has joined #openstack-infra18:17
fungiwell, back to sniffing the https communication, did we consider https://httpd.apache.org/docs/2.4/mod/mod_dumpio.html yet?18:24
clarkbfungi: no I don't think so18:24
clarkbbut that looks like a good option. I'm currently trying to set up a local docker daemon to talk to our mirror18:25
clarkban interesting experience18:26
fungii'm digging around for more info on whether mod_dumpio works with mod_proxy in the way we're hoping18:26
*** jpena is now known as jpena|off18:29
fungiwe tried upping the mod_proxy log level to trace?18:29
fungii.e., "LogLevel error proxy:trace5" or similar?18:30
fungii do see a few anecdotes of people using mod_dumpio and mod_proxy together for similar troubleshooting, though it's not very clear how we'll differentiate the client-facing traffic from the server-facing traffic (i guess it dumps both)18:32
clarkbthe headers might make that apparent?18:36
clarkbI think I've almost got my local docker daemon talking to mirror.iad so hopefully I can use that to learn something useful18:36
*** electrofelix has quit IRC18:37
clarkbthis gets weirder. I set up local docker to talk to mirror.iad. I see my docker pull ubuntu in there and it succeeded locally. However apache logs shows the same 404s so did docker go and ask some other registry I hadn't configured for this image18:38
fungia packet capture just looking at outbound network traffoc could maybe tell you that18:39
clarkbya the -D debug flag tells me nothing extra18:41
mordredclarkb: the -D debug flag to the docker daemon?18:45
clarkbmordred: no to docker pull18:45
clarkblet me see if the daemon will log things better18:45
mordredthere's also a debug setting for the docker daemon I believe that will spit more crap into the docker daemon logs about the http interactions with the registry18:45
clarkb(seriously though it has to be a security issue to fallback to unspecified registries)18:45
clarkbsince people use names to pull stuff you could get the entirely wrong image pulled down this way18:46
corvusclarkb: yes, docker daemon will fall back to upstream docker18:46
corvus* docker hub18:47
corvusclarkb: there is an important thing to keep in mind, which is that docker is explicitly designed to work only with dockerhub.  so if you use "registry-mirrors" you're saying "these are mirrors of dockerhub"18:47
corvusprivate registries, in dockerland, always have their hostnames as part of the repository name18:48
corvusit's really a mess and makes no sense18:48
fungibest summary yet18:48
clarkbI see so a private registry is a different config item and ya daemon debug shows that it tries our mirror, fails and then talks to upstream dockerhub18:48
corvusbut that's why docker doesn't consider it to be erroneous behavior to try upstream dockerhub when the mirror doesn't work.18:49
fungii guess that's sort of like an extra_index_url for pip18:49
mordredyeah. so a zuul image in  registry.opendev.org  would actually be registry.opendev.org/zuul/zuul and would not necessarily have a hub.docker.com/zuul/zuul counterpart18:49
mordredbasically, docker pull zuul/zuul is shorthand for docker pull hub.docker.com/zuul/zuul18:49
clarkbkind of amazing the client debug flag doesn't help you debug anything either but that is probably because the daemon is doing all the work and not communicating debug info back over the socket18:50
mordredclarkb: yah. the client is almost meaningless18:50
clarkbin any case I can now reliably reproduce this problem and generate urls that should be valid to test with18:50
*** markvoelker has joined #openstack-infra18:50
mordredwoot!18:51
clarkbnow to try the mirror in france and see if we get the same behavior (that should rule out any cdn weirdness)18:51
*** trown|lunch is now known as trown18:52
clarkbhappens in ovh gra1 as well. So ya likely not a cdn region specific behavior (which we already mostly ruled out via local wget)18:54
*** wolverineav has quit IRC18:54
clarkbcorvus: did you see fungi's suggestion of mod_dumpio?19:01
clarkbcorvus: that may be our next best bet19:01
fungior did we try loglevel proxy:trace5?19:02
fungii couldn't tell from scrollback19:02
corvusfungi: i have not tried that19:02
corvusclarkb: have an iad url handy?19:03
corvusi'll try trace5 now19:03
fungiagain i don't know exactly what's provided at that loglevel, just saw anecdotes of using that to check headers on proxied requests19:04
corvusfungi: it didn't seem to help19:04
clarkbcorvus: /cloudflare/registry-v2/docker/registry/v2/blobs/sha256/7b/7b722c1070cdf5188f1f9e43b8413157f8dfb2b4fe84db3c03cb492379a42fcc/data?verify=1550777451-F0Z9Fan80qywgPCyFRGqEkd0jdc%3D19:04
fungi:/19:05
clarkbnot a url, but the 404ing path19:05
corvusfungi: mod_dumpio doesn't seem to be available19:07
fungiinfra-root: just to follow up, e-mail notifications from storyboard.openstack.org do seem to be getting delivered now that the configuration change merged, though it did need me to manually reload the exim4 service before it would take effect19:08
mordredfungi: nod19:08
corvusweird /usr/lib/apache2/modules/mod_dumpio.so exists19:10
fungiyeah, i just got so far as confirming that on one of our mirror servers19:10
fungithe apache2-bin package provides it19:11
fungimaybe ot19:11
fungigrr19:11
corvusfungi: a2enmod dump_io19:11
corvusthat's really weird19:11
fungimaybe it's just lacking a config snippet in configs_available19:11
corvusnote the extra "_"19:11
mordredyay for _s19:11
fungioh, hah19:11
fungimods-available i meant19:11
fungiand yeah, /etc/apache2/mods-available/dump_io.load so i guess that was why19:12
corvusrestarting to pick up module19:12
fungiooh, infra-root just got spam advertising "npm enterprise"19:13
mordredSWEET WHEN CAN WE BUY IT19:13
corvusfungi, clarkb: http://paste.openstack.org/show/745645/19:13
*** manjeets has quit IRC19:14
fungiwow, that's pretty verbose19:14
*** manjeets has joined #openstack-infra19:14
corvusare we requesting "/cloudflare/..." from the cloudflare host?19:15
fungilooks like the "[remote 52.22.67.152:443] mod_dumpio:  dumpio_out" lines are what we're sending to dockerhub19:16
clarkbcorvus: it almost reads that way19:16
fungiand yeah, that does look to be the case19:16
clarkbcorvus: also that seems to confirm that we are passing the user agent through so that shouldn't be an issue. One thing we might want to do is disable the x forwarded for headers19:17
clarkbto appear less like a proxy to the remote19:17
*** alishamohanty_ has joined #openstack-infra19:17
* clarkb rereads vhost config19:17
fungii wouldn't disable X-Forwarded-For if we can get by with it. i mean, it's polite of us to include it19:17
clarkbProxyPass "/cloudflare/" "https://production.cloudflare.docker.com/" ttl=120 keepalive=On retry=019:17
corvusdoes order matter?19:18
clarkbfungi: ya we should leave it if that isn't related to the problem19:18
*** wolverineav has joined #openstack-infra19:18
corvusi just put the / proxy at the end and i think it worked.19:18
corvuslet me try with real docker19:18
fungihuh19:18
clarkboh ya if it isn't doing a longest match but instead first match that may matter19:19
*** wolverineav has quit IRC19:19
corvushere are the logs from 2 'docker pull's of the same image: http://paste.openstack.org/show/745648/19:20
corvusfirst is a cache miss, second is a cache hit.  both are now response 20019:20
corvusi'll work on a patch19:20
mordredcorvus: that seems much betterer19:20
clarkband 8081 doesn't exhibit this problem because we suffixed the root19:21
clarkbI can't help but feel that the reason docker deprecated url paths in the pull api is to make us sad19:22
mordredclarkb: are we sure we still need 8081? like - I thought I read that dockerhub should be able to handle both apis19:22
clarkb(seriously what point does it serve? this is basically just http)19:22
clarkbmordred: I think its more there for our clients that use it19:23
fungiwell, if nothing else, today i learned that mod_dumpio is way cool19:23
openstackgerritJames E. Blair proposed openstack-infra/system-config master: Fix docker registry proxy  https://review.openstack.org/63849019:23
clarkbmordred: if you move all of those jobs off of 8081 to 8082 when it is working then we can drop 8081 I think19:23
corvusfungi: ++19:23
*** markvoelker has quit IRC19:23
corvusi, um, kept the SamYaple comment, but i don't understand it.19:24
mordredclarkb: ya - I was thinking it might be nice to test that old v1 clients actually can use 8082 - because it would make docker registry mirror settings a little easier to wrap the head around19:24
clarkbcorvus: it is explaining the difference between 8081 and 808219:24
clarkbcorvus: with 8081 we did /docker-registry to the docker registry19:24
clarkbcorvus: but then docker stopped talking to a non / root19:24
clarkbmordred: that should be self testing if you propose a change to say the tripleo or kolla jobs19:25
clarkbthen you just have to watch out for the wonderful fallback behavior I just discovered19:25
mordredclarkb: not really - they'd just fallback ... yeah19:25
mordredclarkb: I think I'd rather test it manually first :)19:25
fungiare we sure they're even still using the old one?19:26
clarkbfungi: fairly certain as basically nothing uses 8082 at this point19:26
fungioh19:26
clarkb(I think only mordred and corvus' work is attempting to use 8082)19:26
fungifor some reason i thought this was required for newer docker versions anyway19:26
mordredfungi: it is19:27
clarkbit is, but very newer versions19:27
clarkbbut also tripleo uses other tools to pull19:27
clarkband those tools aren't so particular19:27
openstackgerritJames E. Blair proposed openstack-infra/system-config master: Improve comments in docker proxy config  https://review.openstack.org/63849319:27
*** wolverineav has joined #openstack-infra19:28
corvusall right, i'm going to afk until after lunch, then, um, i guess i'm going to docker some more docker.19:29
clarkbI'm going to context switch to trying to confirm my comments about github status events over in #zuul19:30
clarkb(basically i think that if a project moves quickly enough we won't be able to cache the merge commit shas accurately)19:30
mordredcorvus: docker docker the docker dockers with the docker in the docker19:31
fungii'm going to start looking at the story attachments patches for storyboard19:31
fungibut on a related note, we should probably brainstorm some ideas for where to stick the datastore for those19:31
*** ccamacho has joined #openstack-infra19:31
fungihow far did we get on looking into hosted swift options for zuul logs?19:32
mordredfungi: we looked at a few different clouds and I think there are more than one good option19:35
mordredfungi: I think for starters we were just using vexxhost and deferring doing multi-swift til later19:35
*** ldnunes has quit IRC19:35
fungimakes sense19:37
clarkbhrm though most of the api load early this morning may have been the confluence of uncached merged commit sha and many many unlabel events19:38
fungimordred: so in theory i can just create a swift container in vexxhost and configure storyboard to point there for uploading and serving story attachments?19:38
fungiany odd caveats with their swift deployment?19:39
*** Vadmacs has quit IRC19:42
clarkbya reading ansible's github merge logs I think in general our cache is helping a ton. They've merged a bunch of commits in the last half hour all with status results happening after merge and our github queue is back down to 0 now19:43
mordredfungi: a few - but I believe we've captured all of them in openstacksdk so far19:43
clarkbwe only went up into the high teens at peak too19:43
clarkbso I think the confluence of many events being sent around that time and possibly not having been able to cache the merge_commit_sha because either it moved in a way we didn't see or we just evicted the entries from the cache did us in early this monring19:44
clarkbgiven that I think I won't spend any extra time debugging this19:44
mordred++19:44
* clarkb fixes local docker to speak to the normal registry19:45
fungiclarkb: given where the lru stuff ended up and the impact we've seen from it, do you see any use in https://review.openstack.org/636404 or the suggestion there to track per-event time to process?19:46
clarkbfungi: I think that data may still be helpful to expose to users. Then ttx or gundalow or whoever can quickly check "why is github slow with my PR" without pinging us to query logs directly19:47
clarkbfungi: similar to how we expose zuuls internal event queue and the results queue19:47
clarkbmaybe ^ implies we just want to expose it via the status page rather than via statsd? though I think statsd has the nice benefit of showing data over time19:48
clarkbfwiw I think the derivative data would be nice too but even just exposing the simpler count is probably fine19:49
clarkbre processing delay we peaked at 7 minutes during the great gundalow merging spree of 45 minutse ago19:50
clarkbwhich isn't bad compared to what it was before but still likely long enough to be noticed by users19:51
fungicool, i'll pick it back up in that case19:52
*** jamesmcarthur_ has quit IRC19:56
*** jamesmcarthur has joined #openstack-infra19:57
*** wolverineav has quit IRC20:01
*** emccormick has quit IRC20:01
*** jamesmcarthur has quit IRC20:01
*** whoami-rajat has quit IRC20:02
*** emccormick has joined #openstack-infra20:07
openstackgerritAndreas Jaeger proposed openstack-infra/project-config master: Add nodepool-dib dashboard  https://review.openstack.org/63832520:14
*** e0ne has joined #openstack-infra20:14
*** jamesmcarthur has joined #openstack-infra20:18
ianwdmsimard: i'm not sure if you got to the bottom of it, but there were changes put in for defaulting to .qcow2, and it sounds like maybe it's a bit aggressive and always builds it, even if you don't want it?20:19
ianwAJaeger: thanks ... if you're interested there's a test version of it @ http://grafana.openstack.org/d/ZGHytDriz/nodepool-dib?orgId=120:20
ianwi'll delete this of course in due course20:21
*** markvoelker has joined #openstack-infra20:21
AJaegerianw: nice, thanks! I just fixed the titles, rest looked fine - and that graph confirms it ;)20:24
ianwi'm not sure about the way we put the stats in, though; we seem to miss a few which a pipeline would help with (https://review.openstack.org/#/c/638265/)20:27
ianwand the return code for each image type is going to be the same, as it's all done in the same build20:28
*** wolverineav has joined #openstack-infra20:33
*** ijw has joined #openstack-infra20:37
*** e0ne has quit IRC20:37
*** wolverineav has quit IRC20:38
clarkbianw: ya though the biggest cost in building the image is the build itself last I looked. The image conversions do take time but not nearly as much as the rest of the process20:39
*** jamesmcarthur has quit IRC20:40
openstackgerritMerged openstack-infra/system-config master: Fix docker registry proxy  https://review.openstack.org/63849020:40
*** jamesmcarthur has joined #openstack-infra20:40
clarkbianw: what sets the test image size to 4TB?20:40
clarkbthat seems a bit excessive :)20:41
clarkbhrm looks like we actually write "fake-data" to the image file20:42
clarkbah g is for gauge not gb20:43
clarkbms is for timing20:43
clarkbso 4096 is block size whcih is largely correct in places20:43
*** jamesmcarthur has quit IRC20:45
ianwyeah that's in bytes :)20:45
ianwit's this loop that will only ever return the same thing -> https://git.openstack.org/cgit/openstack-infra/nodepool/tree/nodepool/builder.py#n88820:47
clarkbianw: those graphs seem to show our mysteriously large qcow2s getting smaller again?20:47
clarkbI wonder if that was a regression in qemu-img or something that has been fixed20:47
ianwclarkb: but others show it jump back up too20:47
ianwi'm not convinced it's not a graph artifact, yet20:47
clarkbhrm ya20:48
clarkbre that loop returning the same value I think it is technically correct. Since we convert the image types at the end of the single build. But probably confusing from a stats perspective20:48
ianwthe conversion happens within dib though via the -t args, so it's all the one process20:49
clarkbya20:50
ianwthe other thing is that a single timer event every ~24 hours is hard to work with for the duration20:51
ianwyou can "keeplastvalue", but that only works if there is a last value in your view20:51
ianwso essentially any zoom < 24 hours is likely to now show anything, which can be confusing20:51
ianws/now/not20:51
clarkbya I zoomed out to 7 days20:52
clarkbbut probably not clear that doing so is probably required20:52
*** gfidente is now known as gfidente|afk20:52
clarkbcan we set the default time range to say 24 hours by default for that one dashboard?20:52
ianwyeah, or make the duration a gauge20:52
*** jamesmcarthur has joined #openstack-infra20:53
*** markvoelker has quit IRC20:55
openstackgerritMerged openstack-infra/system-config master: Improve comments in docker proxy config  https://review.openstack.org/63849320:58
*** wolverineav has joined #openstack-infra21:06
*** kgiusti has left #openstack-infra21:08
clarkbinfra-root can I get a second reviewer on https://review.openstack.org/#/c/629662/2 I am happy to babysit that today21:08
mordredclarkb: on it21:09
clarkbif you can review the child of that (enable future parser for kerberos servers) I'll likely approve that one once afs is done and happy21:09
mordredclarkb: +2'd - +A at will21:09
clarkbtyty21:09
clarkbmordred: can you get the child too?21:09
mordredclarkb: done21:09
*** wolverineav has quit IRC21:09
clarkbwoot thanks again21:09
*** wolverineav has joined #openstack-infra21:10
fungi637388 (the storyboard cleanup change) touches some of the same files if anybody's in the mood21:10
fungino idea if they're going to merge-confict21:10
fungior merge-confLict21:10
clarkbfungi: conflicts with says the child does conflict21:10
clarkbmordred: if you want to approve fungi's change I'm happy to rebase the kerbeeros child change21:11
*** rcernin has joined #openstack-infra21:11
mordredclarkb: on it21:12
*** ijw has quit IRC21:12
mordredI approved fungi's change21:12
*** ijw has joined #openstack-infra21:14
corvusmmm.  merge confit.21:18
mordredthe best part of working from a coffee shop is when the snippet of conversation you overhear is "mmm. mini bundt cakes"21:20
corvusi don't know if the're good (how is it i don't know this?)  but i love their name: https://www.nothingbundtcakes.com/21:21
fungiand now i hunger21:22
*** ijw has quit IRC21:22
clarkbI just had lunch but now I want desert21:22
clarkb*dessert21:22
openstackgerritMatthieu Huin proposed openstack-infra/zuul master: Proposed spec: tenant-scoped admin web API  https://review.openstack.org/56232121:26
*** ijw has joined #openstack-infra21:27
*** ijw has quit IRC21:32
*** ijw has joined #openstack-infra21:32
*** wolverineav has quit IRC21:34
mordredcorvus: they are actually delicious. I've gotten a red velvet cake from nothing bundt cakes the last 2 years21:35
*** eharney has quit IRC21:35
mordredcorvus: and most days I'm sad that I do not have one - but also happy, because if I had one I would eat it21:35
*** slaweq has quit IRC21:35
*** alishamohanty_ has quit IRC21:36
fungiand then you would be sad again because you don't have one21:38
fungia vicious cycle21:38
*** wolverineav has joined #openstack-infra21:39
*** wolverineav has quit IRC21:40
*** wolverineav has joined #openstack-infra21:40
*** wolverineav has quit IRC21:41
clarkbfwiw github event queue is quite large right now :/21:41
*** wolverineav has joined #openstack-infra21:41
clarkbhrm it seems that one of the changes that merged when I thought things were ok may have been the kick off event?21:43
clarkbliek we had some delay in getting to processing that?21:43
mordredclarkb: it's your fault for thinking it was ok21:44
clarkbindeed21:45
fungii need to go wet-sand some drywall mud. back soon21:46
*** slaweq has joined #openstack-infra21:48
mordredfungi: it might not be dry when you're finished21:51
*** markvoelker has joined #openstack-infra21:53
*** ociuhandu has joined #openstack-infra21:54
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: run-buildset-registry: run a dual registry  https://review.openstack.org/63851421:54
openstackgerritMerged openstack-infra/system-config master: Turn on future parser for afs servers  https://review.openstack.org/62966221:55
*** jamesmcarthur has quit IRC21:57
mordredcorvus: I love that there is more content in the commit message than the actual patch there22:00
corvusmordred: yeah... i mean, at least docker makes "run a daemon twice on the same host on different ports because it's authors have an ongoing polite disagreement with reality" easy.22:01
mordredcorvus: ++22:02
*** erikm has left #openstack-infra22:04
openstackgerritMerged openstack-infra/system-config master: Clean up after StoryBoard replacement maintenance  https://review.openstack.org/63738822:05
*** jamesmcarthur has joined #openstack-infra22:05
*** jamesmcarthur has quit IRC22:07
*** trown is now known as trown|outtypewww22:07
*** ociuhandu has quit IRC22:10
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: use-buildset-registry: support running before docker installed  https://review.openstack.org/63818022:12
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: Split docker mirror config into its own role  https://review.openstack.org/63819522:12
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: Use buildset registry push endpoint  https://review.openstack.org/63852022:12
corvusmordred, clarkb, fungi: can you +3 the stack of 4 changes which starts at https://review.openstack.org/638514 ?22:13
corvusabout half of that is used in project-config, and half isn't, but it'll probably be easiest to review and merge all at once22:13
*** ijw has quit IRC22:14
*** kjackal has quit IRC22:14
*** ijw has joined #openstack-infra22:15
openstackgerritJames E. Blair proposed openstack-infra/zuul-jobs master: Use buildset registry push endpoint  https://review.openstack.org/63852022:15
clarkbcorvus: yup I'll take a look as sono as I get these changes rebased now that storyboard cleanup merged22:17
clarkbhrm gerrit doesn't say that change conflicts anymore. I never understand how this conflicts checking works22:17
openstackgerritIan Wienand proposed openstack-infra/grafyaml master: Update valueName values  https://review.openstack.org/63852222:18
corvusclarkb: i'm starting to suspect it's "touches the same file"22:18
*** jcoufal has quit IRC22:19
corvusbut even if it isn't, it does seem very loose.  however, i've come to view that as an asset, in that it helps find potentially related changes, even if they don't truly textually conflict.22:20
*** ijw has quit IRC22:20
clarkbya22:20
openstackgerritJames E. Blair proposed openstack-infra/system-config master: Use host networking for gitea  https://review.openstack.org/63733422:21
*** hamzy has quit IRC22:21
mordredcorvus, clarkb: don't know if you saw, but the gitea folks have already put an indexer abstraction in front of issues, and I think the same dude is working on adding one for repos22:23
corvusmordred: i saw!  fingers crossed :)22:23
mordredand has elasticsearch and redis drivers planned. and has implemented a "use the db" driver - which is a bad idea but is there for tiny installs22:23
mordredcorvus: \o/22:24
clarkbmordred: nice22:24
*** markvoelker has quit IRC22:25
clarkbafs01.dfw.o.o and afsdb01.o.o have had puppet runs under puppet4 and the only oddity (on afs01) was present before the futureparser change22:26
clarkbgoing to approve kerberos change now and if it conflicts rebase then22:26
clarkbcorvus: also now I know why you know so much about mirror and private registries :)22:26
corvusnope.  i don't know a thing.  no one ask me any questions about docker.  docker what?22:27
*** sdake has quit IRC22:27
mordredcorvus: docker docker registry docker docker mirror docker22:29
mordredcorvus: container container kuberenetes docker docker skopeo!22:29
clarkbthat shared fs hack is so good (yay for sha256 addressed data blobs I guess22:29
* mordred is cloud native now22:29
corvusclarkb: that was mordred's idea :)  and yeah, it's a good one22:30
* mordred is useful for coming up with ways to subvert people's intentions22:30
*** wolverineav has quit IRC22:30
clarkbcorvus: have you checked yet if the main in region mirror proxies have the fix ?22:31
corvusclarkb: no -- however, none of this uses those proxies right now22:31
*** wolverineav has joined #openstack-infra22:31
corvus(we will be able to use them, i think, but i'd like to do it as a follow-up, because this has enough moving parts as-is)22:32
clarkbcorvus: reviewing https://review.openstack.org/#/c/638180/8/roles/use-buildset-registry/tasks/main.yaml and noticing the daemon.json content is being decoded from base 64? isn't it just normal human readable ascii/utf8?22:33
*** ijw has joined #openstack-infra22:34
corvus(weirdly, if they *had* been working, we might not have ended up with the dual-registry idea, because i think we would just fall through.  however, this is better because it makes the system work for folks without region-local mirrors)22:34
corvusclarkb: it is, ansible slurp module base64 encodes data22:34
clarkbah22:34
corvusfor, what i assume, must be excellent raisons.  :)22:34
*** wolverineav has quit IRC22:36
*** jtomasek has quit IRC22:37
clarkbcorvus: https://review.openstack.org/#/c/638180/8/roles/use-buildset-registry/tasks/user-config.yaml sets the username and passwd for the main docker registry which won't workl right? is that a bug?22:38
mordredclarkb: you're going to love the explanation of that one22:38
corvusi guess that should probably be in the commit message...22:38
corvusbecause docker assumes that any mirror is a mirror of *the* docker.io registry, whenever it communicates with a mirror, it uses, exclusively, the credentials for *the* docker.io registry.  regardless of the actual network address of the mirror.22:39
*** ijw has quit IRC22:39
* corvus ducks for cover22:39
*** dave-mccowan has quit IRC22:40
clarkbso we can remove the credentials for the non push instance?22:40
clarkbI suppose that too would be confusing. That is amazing btw22:40
corvusyes, we could theoretically remove them22:40
mordredclarkb: right? I thought you'd like that22:40
*** dave-mccowan has joined #openstack-infra22:40
*** gfidente|afk has quit IRC22:40
corvus(they only way they would be used is if the non-push buildset registry endpoint were directly addressed (like "docker pull 1.2.3.4:5000/foo/bar:latest") and we don't do that)22:41
corvusand yes, this has been declared "not a bug"22:42
clarkbdoes it fail when it falls back to the upstream source?22:43
clarkbbecause the creds are wrong?22:43
corvusif it did, it would22:43
*** slaweq has quit IRC22:43
corvusbut it doesn't in this case because of the pull-through proxy, which is configured with it's own set of empty credentials to talk to upstream22:44
corvusif the pull-through proxy fails (like, not because it doesn't have an image, but, say, there's a network partition or something), it will talk to upstream and fail because of the credentials.22:44
clarkbright if that failed for some reason (network blip) we'd see a failure in auth when talking upstream in the fallback (assuming network started working by then)22:45
mordredtaht's awesome22:45
clarkbok I think I understand22:45
clarkbor rather get the behavior22:45
corvusin this situation, i actually think that's good behavior for us.  it may cause a job to fail rather that to accidentally use an upstream non-speculative image.22:45
mordredso we also get a hard fail if the local mirror usage stops working22:45
clarkbnot sure I understand why that behavior is desirable but don't expect you would argue for it either22:45
clarkbya I mean if it were me not falling back by default and hard failing as default behavior makes way moe sense22:45
clarkbbut I didn't design the thing22:45
clarkband ya adding more words to things might be a good idea (though I've approved the cnage, maybe a readme aside section?)22:46
*** dave-mccowan has quit IRC22:46
corvusclarkb: yeah, you *clearly* didn't design it.  i am certain we would have a much better system if you had.  :)22:46
openstackgerritJames E. Blair proposed openstack-infra/system-config master: Run an haproxy load balancer for gitea  https://review.openstack.org/63803322:49
*** wolverineav has joined #openstack-infra22:49
*** rh-jelabarre has quit IRC22:52
openstackgerritMerged openstack-infra/grafyaml master: Update valueName values  https://review.openstack.org/63852222:52
fungistill catching up... any reason we're holding off approval of 638195 with three (soon to be four) +2 votes?22:54
fungipresumably those are just inherited from earlier patchsets on rebasing22:54
corvusfungi: nope, and we've both approved it now :)22:55
*** slaweq has joined #openstack-infra22:56
fungiheh22:56
corvusalso, i'm not sure that "tox-py35-on-zuul" is necessarily the best thing to be running in zuul-jobs now...22:56
fungibecause of waiting for xenial nodes?22:56
clarkbno reason I was just reading it and continuing to try and udnerstand this docker stuff22:57
corvusbecause it's a little flakey, and now that we have more robust usage of tox in zuul-jobs' own tox jobs, it's probably not adding anything22:57
mordredcorvus: yeah. I agree22:57
fungioh, i see now there's also a plain tox-py3522:58
openstackgerritMerged openstack-infra/system-config master: Turn on future parser for kerberos servers  https://review.openstack.org/62966322:59
openstackgerritJames E. Blair proposed openstack-infra/project-config master: Remove tox-py35-on-zuul from zuul-jobs  https://review.openstack.org/63852522:59
*** slaweq has quit IRC23:00
*** tkajinam has joined #openstack-infra23:01
openstackgerritCarlos Goncalves proposed openstack/diskimage-builder master: [wip] rhel8 beta support  https://review.openstack.org/62313723:05
clarkbinfra-root in checking if puppet futureparser is happy with the kdc servers I've discovered that kdc04 seems to be unhappy23:07
mordreduhonh23:07
clarkbI don't see it running a krb process23:08
clarkband puppet can't install krb5-admin-server23:08
clarkbI think the package install failure might be a package bug?23:08
clarkbthe --configure process returns exit code 1023:08
clarkband if I run it by hand I get a notice saying "hey this package won't configure this for you you need to do it yourself"23:09
*** ijw has joined #openstack-infra23:09
clarkbso I guess my first question is kdc04 listed as a valid kerberos server in dns23:09
* clarkb looks at our docs23:09
*** rascasoft has quit IRC23:10
clarkbkdc01 is primary but kdc04 is listed as a valid server in the SRV record23:11
*** slaweq has joined #openstack-infra23:11
*** tosky has quit IRC23:11
clarkbmy hunch is if we fix the package install weirdness that puppet will be happy and configure things the way we want23:12
clarkbthen we can make kdc04 primary and upgrade kdc01 to xenial from trusty23:12
clarkbunless we aren't supposed to run the processes on kdc04 since it isn't primary? is this active active or active with standby?23:12
clarkbmordred: ^23:12
*** sdake has joined #openstack-infra23:13
clarkboh docs say it is a standby so maybe the service side of things is fine and it is just apt and puppet unhappy23:13
corvusclarkb: k believe krb5 should be running on both, and kadmind only running on 0123:14
corvuser, i believe.  i don't know what agent k believes.23:14
fungiclarkb: are you seeing the error in syslog or somewhere else?23:14
*** mriedem has quit IRC23:14
clarkbfungi: yes syslog but also running apt-get install -o DPkg::Options::=--force-confold krb5-admin-server in the foreground23:15
clarkbfungi: grep puppet-user to see puppet logs23:15
fungii might be able to play the role of "the apt whisperer"23:15
tonybWould y'll object if I made a new (apache) puppet template that was a mash-up of static-https-redirect.vhost.erb and static-http-and-https.vhost.erb23:15
*** slaweq has quit IRC23:16
fungitonyb: mashup in what way? to what purpose? maybe we can just fix one (or both) of those?23:16
tonybone that redirected http -> https but enabled Redirect on the https server?23:16
tonybor would it be better to just do the latter in static-http-and-https.vhost.erb?23:16
fungihttps-redirect is supposed to be used to redirect http to https, http-and-https is intended to serve the same content over both http and https23:17
tonybfungi: basically I want Redirect on releases.o.o and I think we also want that content only available over https because signatures?23:17
fungiseems like we should just start redirecting http to https for releases.o.o23:17
tonybfungi: we do23:17
tonybfungi: BUT that template doesn't have AllowOverrideList Redirect RedirectMatch23:18
tonybso I can't add a .htaccess file with Redirect statements in it23:18
tonybfungi: http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002771.html is the context23:18
fungioh, got it. releases.o.o today redirects http to https but doesn't give you the ability to also put a redirect in a .htaccess file23:19
tonybfungi: Yup that one23:19
fungii would just update static-https-redirect.vhost.erb to allow that, personally. it doesn't seem super unsafe but feedback from others is warranted23:19
tonybfungi: so we can either a) add AllowOverrideList... to the exsisting template ;or b) create a new one just for rleases.o.o23:19
tonybfungi: OK, I'll propose a change to do the simple thing and we can discuss it there23:20
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: gerrit: add support for report only connection  https://review.openstack.org/56821623:20
fungitonyb: to clarify, the goal with those templates is to reduce the amount of duplication and risk of divergence between vhost definitions for sites on that server23:21
fungiso in keeping with that, improving the existing templates to be usable for the sites we're serving there rather than splitting more out is my preference23:22
*** markvoelker has joined #openstack-infra23:22
tonybfungi: Yup I thought it might be, but there is a small risk in added this ALlowOverrideList for all static sites23:23
fungithe primary trigger for switching to those was when i was updating our mod_ssl settings and didn't want them to end up wildly divergent23:23
clarkbfungi: https://git.launchpad.net/ubuntu/+source/krb5/tree/debian/krb5-admin-server.postinst?h=ubuntu/xenial-updates#n17 we do change the config with puppet23:23
tonybso I thought the trade off there might come down the other way23:23
clarkbbut we are setting the confold flag so I wouldn't expect it to complain about it there23:23
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: web: add /{tenant}/buildset/{uuid} route  https://review.openstack.org/63007823:25
fungii guess the postinstall script doesn't provide any actual output to explain its concern23:27
openstackgerritJames E. Blair proposed openstack-infra/system-config master: Use host networking for gitea  https://review.openstack.org/63733423:28
openstackgerritJames E. Blair proposed openstack-infra/system-config master: Run an haproxy load balancer for gitea  https://review.openstack.org/63803323:28
fungisubprocess installed post-installation script returned error exit status 1023:28
openstackgerritTristan Cacqueray proposed openstack-infra/zuul master: zuul-runner: add quick-start integration test  https://review.openstack.org/63570123:28
clarkbfungi: ya23:29
fungiany objection to me trying it without --force-confold to see what it wants to do?23:29
clarkbthe postinst script runs set -e and doesn't explicitly exit 10 so it must be a command failing23:29
clarkbfungi: I guess not? it is probably going to want to update the config and it should show you diffs right?23:30
fungientirely possible it's also nothing to do with the config though23:30
clarkbya23:30
openstackgerritTony Breeds proposed openstack-infra/system-config master: Add Redirect options to static https vhosts  https://review.openstack.org/63852723:31
tonybfungi: ^^^23:31
fungiclarkb: actually, i'll first try adding -x in /var/lib/dpkg/info/krb5-admin-server.postinst23:31
clarkbfungi: ok23:31
*** ijw has quit IRC23:32
*** ijw has joined #openstack-infra23:32
fungithe last command it runs is:23:32
fungiexec /usr/share/debconf/frontend /var/lib/dpkg/info/krb5-admin-server.postinst configure 1.13.2+dfsg-5ubuntu223:32
*** sdake has quit IRC23:33
fungiit does try to start the krb5-admin-server service23:34
clarkbthat is from the #DEBHELPER# substitued content of postinst I think23:35
clarkbso maybe service logs will give us the answer23:35
*** rh-jelabarre has joined #openstack-infra23:35
fungiso i suspect it's attempting to start kadmind, failing, and that's the cause23:35
clarkb`sudo journalctl -u krb5-admin-server` has no entries23:36
*** sdake has joined #openstack-infra23:38
*** gyee has quit IRC23:38
fungii don't suppose we can tell perl to verbosely echo everything it runs to stdout?23:38
*** mattw4 has quit IRC23:39
clarkb/var/crash/krb5-admin-server.0.crash says this started february 123:39
clarkbassuming it hasn't rolled over the instances of this logging23:39
openstackgerritMerged openstack-infra/zuul-jobs master: run-buildset-registry: run a dual registry  https://review.openstack.org/63851423:39
openstackgerritMerged openstack-infra/zuul-jobs master: use-buildset-registry: support running before docker installed  https://review.openstack.org/63818023:39
fungioh, i bet we can set debconf to noninteractive23:39
clarkbI assume not given the 0 in that file23:39
clarkbfungi: maybe try start the server manaully23:39
clarkband see if systemd/journalctl give us anything23:39
fungifirst gonna try:23:40
fungisudo DEBIAN_FRONTEND=noninteractive apt-get install -o DPkg::Options::=--force-confold krb5-admin-server23:40
fungiyeah, still same inscrutible error23:40
fungiyou wanna try starting the service? see where that leads up23:41
fungier, leads us23:41
clarkbsure I'll give that a go23:41
clarkbheh systemctl seems to think it started but ps says no23:42
clarkbbut Feb 21 23:41:53 kdc04 kadmind[28609]: kadmind: kadmind: Can not fetch master key (error: No such file or directory). while initializing, aborting23:42
clarkbis our answer I think?23:42
openstackgerritMerged openstack-infra/zuul-jobs master: Split docker mirror config into its own role  https://review.openstack.org/63819523:43
openstackgerritMerged openstack-infra/zuul-jobs master: Use buildset registry push endpoint  https://review.openstack.org/63852023:43
fungisounds quite likely23:43
fungii've undone my edit to the postinst script now that we've gone down that path23:44
clarkbdo we need to do a sync from kdc01 to kdc04 via kprod?23:45
clarkb*kpropd23:46
clarkbI wonder if this step was just never completed when the new 04 server was built23:46
*** sdake has quit IRC23:46
*** sdake has joined #openstack-infra23:47
*** rh-jelabarre has quit IRC23:48
clarkbwe don't seem to have incremental propagation enabled on kdc0423:48
fungii guess the new server was to upgrade from trusty to xenial?23:49
clarkbhowever there is a kpropd running on kdc04 so maybe we can force it?23:49
clarkbfungi: ya I think pabelanger did the upgrade last summer23:49
clarkbshould I go ahead and run /usr/local/bin/run-kprop.sh to see if that propagates the db info like we need it to?23:50
clarkbcorvus: mordred ^ you may know off the top of your head?23:51
*** sdake has quit IRC23:51
*** sdake_ has joined #openstack-infra23:51
pabelangerclarkb: kdc04 was the replacement for kdc0223:52
*** gyee has joined #openstack-infra23:52
pabelangerso, it should be slave to kdc0123:52
clarkbpabelanger: yup23:53
clarkbpabelanger: the problem is it isn't running krb5-admin-server. I think possibly because we never propagated the database info from kdc01 to kdc0423:53
clarkbI think the script above will do that for us23:53
clarkbso I'm tempted to just give it a go23:53
clarkbany objections?23:53
corvusclarkb: i don't know off the top of my head.  no objections.23:54
clarkbthat says it succeeded but I don't see a stash or keytab file in the /etc/krb5kdc dir23:55
clarkbso maybe this doesn't do that23:55
*** markvoelker has quit IRC23:55
pabelangerclarkb: I think I followed directions at: https://docs.openstack.org/infra/system-config/kerberos.html#realm-creation23:57
*** wolverineav has quit IRC23:57
*** ekultails has quit IRC23:57
pabelangerbut been some time, so cannot fully remember23:57
clarkbhttps://web.mit.edu/kerberos/krb5-1.12/doc/admin/install_kdc.html#configure-slave-kdcs might be our answer23:59
clarkbI'm guessing we haven't puppeted that23:59
« Wednesday, 2019-02-20 Index Friday, 2019-02-22 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!