Saturday, 2020-02-01

« Friday, 2020-01-31 Index Sunday, 2020-02-02 »
corvuskvno service/opendev-zuul@OPENSTACK.ORG00:00
corvusservice/opendev-zuul@OPENSTACK.ORG: kvno = 300:00
corvusiiuc, i think that points strongly in that direction.00:01
clarkbafs_tarballs_opendev_org ya that has the name service/opendev-zuul@OPENSTACK.ORG00:02
clarkbso I think it was an unintentional mixup00:03
corvusso if there is a copy of the new keytab somewhere, then the other secret can be updated and we should be okay00:03
clarkbya let me see if I can find fungi's decryption utility then reencrypt00:03
corvusie, if there's a copy of kvno 3 somewhere, we can update the opendev-zuul-tarballs secret00:04
clarkbits in openstack/project-config00:04
corvusclarkb: i've got a decryption utility handy00:04
clarkboh cool do you want to do the decrypt -> reencrypt dance then?00:05
*** rfolco has quit IRC00:05
clarkbI've found fungi's docs now and am reading up if not00:05
corvusyeah00:06
corvushttps://opendev.org/openstack/project-config/commit/675bb510f1a3491bf14a6ded17faa5083395aeb900:06
corvusyes, that looks like it was added around the correct time00:06
corvusclarkb: can you look for any other instances of that principal?00:06
clarkbcorvus: yes I'll ask codesearch00:07
clarkbcorvus: opendev-zuul-docs and opendev-zuul-tarballs both in opendev/base-jobs appear to be the only two00:08
corvusthe secret as written in project-config does not have the path restriction that it has in the zuul tenant.  that may be dangerous.00:08
clarkbcorvus: if preferable I think you could issue a new one instead and update base-jobs for that00:09
clarkbthen ianw can create a different keytab for !zuul00:09
corvusclarkb: then i'd have to update 3 secrets00:10
clarkbcorvus: just two, leave the openstack side alone (it will break) and ianw can fix on monday00:10
clarkbthat stuff is still in testing so shouldn't affect anything yet00:10
corvuswell, i mean, i'm not sure that it's wrong to use this principal00:10
clarkbah00:11
corvusso if i do that, then ianw will need to come back on monday and update 3 :)00:11
*** mattw4 has quit IRC00:13
corvusklist says that is kvno300:16
clarkbwhich is what we expect as being the current one right?00:16
corvusyep00:16
openstackgerritJames E. Blair proposed opendev/base-jobs master: Update afs keytab  https://review.opendev.org/70531400:20
corvusclarkb: ^ are those the right secrets?00:20
clarkbyes00:21
clarkbI've approved the change00:21
hasharwell done :]00:21
hasharhave a good rest of your day, I am escaping00:21
corvushashar: thanks for noticing :)00:21
hasharyou are welcome!00:22
openstackgerritJames E. Blair proposed opendev/system-config master: Add warning about kerberos key rotation  https://review.opendev.org/70531600:23
corvus(also i manually got a ticket using the kvno 3 keytab, so that looks good)00:24
*** rkukura has quit IRC00:26
*** rfolco has joined #openstack-infra00:26
*** hashar has quit IRC00:26
clarkbianw: ^ to summarize you created a new keytab for tarballs afs stuff and that invalidated the existing keytab that zuul was using to upload its tarballs and docs00:27
clarkbianw: on top of that corvus noticed there is no more path restriction on the new keytab (something we may need to think about)00:27
corvuswell, i didn't look hard into that -- it may just be in a different place in that job.  but it's something we should double check and be careful about.00:28
*** tosky has quit IRC00:29
openstackgerritMerged opendev/base-jobs master: Update afs keytab  https://review.opendev.org/70531400:30
openstackgerritClark Boylan proposed opendev/system-config master: WIP Deploy refstack with ansible docker  https://review.opendev.org/70525800:34
*** hwoarang has quit IRC00:34
clarkbexplicitly setting container_command now rather than relying on the default value00:34
*** hwoarang has joined #openstack-infra00:35
*** dpawlik has quit IRC00:38
*** ahosam has quit IRC00:42
*** irclogbot_3 has quit IRC00:45
clarkbif ^ doesn't change anything I'll plan to set zuul verbose on monday00:46
clarkbbut I'm running out of week now00:46
*** irclogbot_1 has joined #openstack-infra00:49
*** Lucas_Gray has quit IRC00:57
*** Lucas_Gray has joined #openstack-infra00:57
openstackgerritMerged opendev/system-config master: Add warning about kerberos key rotation  https://review.opendev.org/70531601:01
*** Wryhder has joined #openstack-infra01:06
*** Lucas_Gray has quit IRC01:08
*** Wryhder is now known as Lucas_Gray01:08
*** Lucas_Gray has quit IRC01:20
*** Lucas_Gray has joined #openstack-infra01:22
*** rfolco has quit IRC01:24
*** armax has quit IRC01:30
*** Lucas_Gray has quit IRC01:33
*** HenryG has quit IRC01:45
*** HenryG has joined #openstack-infra01:47
*** armax has joined #openstack-infra02:00
*** ociuhandu has joined #openstack-infra02:22
*** rfolco has joined #openstack-infra02:23
*** ociuhandu has quit IRC02:27
*** zxiiro has quit IRC02:41
*** gyee has quit IRC02:51
ianwcorvus/clarkb: arrgghhh i'm very sorry!  that's exactly what i did; i did an ACL copy to tarballs.opendev.org volume and, i thought, issued an additional key ... i didn't realise i'd invalidate the current one03:15
*** rfolco has quit IRC03:42
*** artom has quit IRC03:58
*** artom has joined #openstack-infra04:00
*** artom has quit IRC04:01
*** bnemec has quit IRC04:13
*** factor has joined #openstack-infra05:07
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-infra05:34
*** kjackal has joined #openstack-infra06:26
*** ramishra has quit IRC06:27
*** ramishra has joined #openstack-infra06:30
*** ramishra has quit IRC06:38
*** kjackal has quit IRC06:40
*** Tengu has quit IRC06:42
*** Tengu has joined #openstack-infra07:00
*** lbragstad_ has joined #openstack-infra07:17
*** lbragstad has quit IRC07:19
openstackgerritElod Illes proposed openstack/devstack-gate master: Do not gzip files under logs in job results  https://review.opendev.org/70525508:48
*** roman_g has joined #openstack-infra10:11
*** slaweq has quit IRC10:15
*** roman_g has quit IRC11:12
*** Lucas_Gray has joined #openstack-infra11:14
*** roman_g has joined #openstack-infra11:23
*** slaweq has joined #openstack-infra12:11
*** slaweq has quit IRC12:16
*** adriant has quit IRC12:31
*** iokiwi has quit IRC12:31
*** adriant has joined #openstack-infra12:32
*** iokiwi has joined #openstack-infra12:32
*** tobiash has quit IRC13:05
*** tobiash has joined #openstack-infra13:06
*** tobiash has quit IRC13:12
*** tobiash has joined #openstack-infra13:15
*** ahosam has joined #openstack-infra13:48
*** tosky has joined #openstack-infra13:58
*** Lucas_Gray has quit IRC14:07
*** slaweq has joined #openstack-infra14:11
*** slaweq has quit IRC14:16
*** smarcet has joined #openstack-infra14:28
*** smarcet has quit IRC14:30
*** bnemec has joined #openstack-infra14:37
*** rfolco has joined #openstack-infra14:49
*** lxkong has quit IRC14:59
*** lxkong has joined #openstack-infra15:00
*** ildikov has quit IRC15:03
*** ildikov has joined #openstack-infra15:04
*** bnemec has quit IRC15:10
*** cjohnston has quit IRC15:25
*** cjohnston has joined #openstack-infra15:25
*** rfolco has quit IRC15:57
*** armax has quit IRC16:06
*** slaweq has joined #openstack-infra16:11
*** davecore has quit IRC16:14
*** davecore has joined #openstack-infra16:14
*** slaweq has quit IRC16:16
*** csatari has quit IRC16:16
*** csatari has joined #openstack-infra16:17
*** rfolco has joined #openstack-infra16:26
*** setuid has quit IRC16:28
*** setuid has joined #openstack-infra16:28
*** abelur has quit IRC16:38
*** abelur has joined #openstack-infra16:39
*** rkukura has joined #openstack-infra16:45
*** srwilkers has quit IRC16:54
*** srwilkers has joined #openstack-infra16:55
*** tosky has quit IRC16:59
*** knikolla has quit IRC17:02
*** knikolla has joined #openstack-infra17:02
*** rpioso has quit IRC17:05
*** rpioso has joined #openstack-infra17:06
*** yolanda has joined #openstack-infra17:07
*** slaweq has joined #openstack-infra17:11
*** yolanda has quit IRC17:12
*** slaweq has quit IRC17:16
*** rfolco has quit IRC17:26
*** evrardjp has quit IRC17:33
*** evrardjp has joined #openstack-infra17:34
*** mattw4 has joined #openstack-infra17:34
*** mattw4 has quit IRC17:43
*** mattw4 has joined #openstack-infra17:43
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Debug weird Ansible loop behavior  https://review.opendev.org/70531217:48
*** tonyb[m] has quit IRC17:55
*** tonyb[m] has joined #openstack-infra17:55
openstackgerritSorin Sbarnea proposed zuul/zuul master: Add build history link to summary  https://review.opendev.org/70504918:04
*** slaweq has joined #openstack-infra18:11
*** slaweq has quit IRC18:16
*** mattw4 has quit IRC18:20
ykarel|awayclarkb, commented can u try that19:02
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Debug weird Ansible loop behavior  https://review.opendev.org/70531219:08
clarkbykarel|away: ^ https://review.opendev.org/#/c/705258/10 system-config-run-refstack is the job check that19:09
*** zzzeek has quit IRC19:09
ykarel|awayclarkb, yup i saw that before suggeting19:09
ykarel|awayi commented the reason why i suggested so19:10
ykarel|awaybecause of https://review.opendev.org/#/c/705258/10/playbooks/zuul/run-base-post.yaml@2419:10
clarkbwow ok19:10
clarkbI guess it is good hygiene to use a good unique name in a role naytime you might be run with a loop19:11
ykarel|awayif there are nested loops yes it should be done19:11
ykarel|awayfor sure19:11
clarkbwell in a role you dont know if you will be nested so good idea to assume it is possible19:23
ykarel|awayhmm ack19:26
*** zzzeek has joined #openstack-infra19:28
* ykarel|away out19:51
AJaegerthat's sad - nesting loops is common and if they all share the same namespace, you'll easily get these behaviours ;(19:51
*** smarcet has joined #openstack-infra20:03
*** slaweq has joined #openstack-infra20:11
*** slaweq has quit IRC20:16
*** jamesmcarthur has joined #openstack-infra20:20
*** dciabrin_ has quit IRC20:23
*** jamesmcarthur has quit IRC20:30
*** jamesmcarthur has joined #openstack-infra20:30
*** jamesmcarthur has quit IRC20:36
*** jamesmcarthur has joined #openstack-infra20:40
*** jamesmcarthur has quit IRC20:49
*** yolanda has joined #openstack-infra21:00
*** smarcet has left #openstack-infra21:49
*** Lucas_Gray has joined #openstack-infra21:58
*** slaweq has joined #openstack-infra22:11
*** slaweq has quit IRC22:16
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Don't use item in collect container logs loop  https://review.opendev.org/70531222:25
openstackgerritClark Boylan proposed opendev/system-config master: WIP Deploy refstack with ansible docker  https://review.opendev.org/70525822:27
*** Lucas_Gray has quit IRC22:37
openstackgerritClark Boylan proposed zuul/zuul-jobs master: Use unique loop vars to avoid conflicts  https://review.opendev.org/70533722:41
*** tosky has joined #openstack-infra22:55
*** tosky has quit IRC23:41
*** Goneri has quit IRC23:45
*** ahosam has quit IRC23:58
« Friday, 2020-01-31 Index Sunday, 2020-02-02 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!