| *** ministry is now known as __ministry | 00:06 | |
| ianw | mlavalle: oh, we went through a whole thing with dashboards with frickler | 01:45 |
|---|---|---|
| ianw | as fungi says, the fragment was causing issues : we ended up merging https://gerrit-review.googlesource.com/c/gerrit/+/321535 upstream to update docs | 01:46 |
| mlavalle | ianw: any pointers? | 01:47 |
| mlavalle | ianw: thanks | 01:47 |
| ianw | iirc it was basically just remove /#/ and use /dashboard/?... directly | 01:51 |
| fzzf[m] | I use zuul as CI, but review change on manila, CI seem not to be triggered, where to check | 01:54 |
| fzzf[m] | hello folks, zuul check queue have a lot project. Is there any way to monitor only manila? I'm add change on manila. | 02:07 |
| fungi | tbarron: ^ next time you're around, maybe you know how third-party ci systems for manila are typically configured? | 02:30 |
| fungi | or know who might? | 02:30 |
| *** ysandeep|out is now known as ysandeep | 05:41 | |
| noonedeadpunk | mornings! Can I ask for some review of https://review.opendev.org/c/openstack/project-config/+/824230/ and https://review.opendev.org/c/openstack/project-config/+/824229 ? | 07:14 |
| *** aluria is now known as Guest504 | 07:49 | |
| *** amoralej|off is now known as amoralej | 08:04 | |
| *** jpena|off is now known as jpena | 08:35 | |
| vkmc | fzzf[m], hey, looking at your change | 08:45 |
| fzzf[m] | vkmc: https://review.opendev.org/c/openstack/manila/+/825429 | 08:54 |
| vkmc | fzzf[m], and you ci change? | 08:55 |
| fzzf[m] | I'm build a local CI use SF. this don't have change | 08:56 |
| fzzf[m] | vkmc: I'm using CI to submit the driver. CI is local, is this right? | 08:58 |
| vkmc | fzzf[m], I'm not familiar with software factory | 09:00 |
| vkmc | and I cannot find relevant docs right now | 09:00 |
| vkmc | let's wait for other 3rd party driver maintainers to join (I'm thinking a couple of folks based in Americas timezone) | 09:01 |
| vkmc | and ask to them | 09:01 |
| vkmc | ok? | 09:01 |
| fzzf[m] | A software package zuul nodepool gerrit zookeeper and so on | 09:01 |
| fzzf[m] | vkmc: https://softwarefactory-project.io/docs/operator/index.html | 09:01 |
| *** ysandeep is now known as ysandeep|lunch | 09:27 | |
| *** ysandeep|lunch is now known as ysandeep | 10:28 | |
| elodilles | hi infra team, it seems something is wrong with the tag releases jobs | 10:38 |
| elodilles | as I see it misses some ECDSA host keys | 10:39 |
| elodilles | for example: https://zuul.opendev.org/t/openstack/build/a490703c83514eb7ba9d0ff6307f7371/log/job-output.txt#641-647 | 10:40 |
| elodilles | and https://zuul.opendev.org/t/openstack/build/00d3f765ea6847a3bf7ea53294cf2a88/log/job-output.txt#979-980 | 10:40 |
| elodilles | and https://zuul.opendev.org/t/openstack/build/d8aaeff52dac442e89fd3e253596e0c2/log/job-output.txt#980 | 10:40 |
| elodilles | do you have any idea what could be the root cause of these errors? | 10:41 |
| frickler | elodilles: well we upgraded gerrit last night, so chances are high that this is related, but it needs further investigation. infra-root ^^ | 10:42 |
| elodilles | frickler: thanks for the info | 10:44 |
| *** rlandy|out is now known as rlandy|ruck | 11:14 | |
| *** dviroel|out is now known as dviroel | 11:20 | |
| *** soniya29 is now known as soniya29|afk | 11:56 | |
| *** sshnaidm|afk is now known as sshnaidm | 12:28 | |
| *** ysandeep is now known as ysandeep|mtg | 12:59 | |
| *** amoralej is now known as amoralej|lunch | 13:31 | |
| fungi | elodilles: frickler: oh, i wonder if gerrit 3.4 added some new host key algorithms and it's tripping over that. any clue where we set up gerrit's known hosts entry for those jobs? | 13:59 |
| fungi | we took out the sshfp records so it's not that it's missing from those | 14:00 |
| fungi | here we go: https://zuul.opendev.org/t/openstack/build/a490703c83514eb7ba9d0ff6307f7371/console#1/0/25/ubuntu-focal | 14:01 |
| fungi | so it's in the add-sshkey role | 14:02 |
| *** amoralej|lunch is now known as amoralej | 14:02 | |
| fungi | called from opendev.org/openstack/project-config/playbooks/release/pre.yaml | 14:02 |
| fungi | it's a zuul-jobs standard role, but we pass in a release_ssh_key secret from zuul.d/secrets.yaml | 14:05 |
| fungi | looks like it currently includes ssh-rsa, ssh-ed25519, and ecdsa-sha2-nistp256 host key types | 14:06 |
| opendevreview | Merged openstack/project-config master: Use same ACL for all OpenStack-Ansible Projects https://review.opendev.org/c/openstack/project-config/+/824230 | 14:06 |
| opendevreview | Merged openstack/project-config master: Add Backport-Candidate label to openstack-ansible ACL https://review.opendev.org/c/openstack/project-config/+/824229 | 14:06 |
| fungi | ianw: clarkb: when you're around, that's probably something we should check in future upgrades | 14:06 |
| fungi | i'll work on getting the updated host key list in any places we stored the old one | 14:07 |
| *** ysandeep|mtg is now known as ysandeep | 14:17 | |
| fungi | frickler: elodilles: on closer inspection, i think the unknown host key message there is a benign warning because we forgot to update the ip addresses of review.opendev.org in those *_ssh_key secrets. i'm fixing that, but the real error message is: "You need 'Create Tag' rights to push a normal tag." | 14:22 |
| frickler | fungi: I was just about to mention the old IP addresses and wondering why that would have been broken only now | 14:22 |
| fungi | i wonder if something changed with gerrit's acls that it now needs push-tag rights in addition to (or instead of) push-signed-tags? | 14:22 |
| fungi | frickler: my guess is if you pulled up the job history and looked at a recent successful run you'd find the same host key warning | 14:23 |
| fungi | i did double-check the server with ssh-keyscan and still only see the same key types with the same hash values we've already got | 14:23 |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Update Gerrit IP addresses in SSH key secrets https://review.opendev.org/c/openstack/project-config/+/826294 | 14:25 |
| fungi | that's ^ to silence the unknown host key warnings | 14:25 |
| elodilles | indeed, the 'not in list of known hosts' message is there in previous successful job runs as well | 14:32 |
| fungi | i'm leaning toward this being an actual gerrit bug. thankfully we grant release team permissions centrally so we can fix this for openstack fairly easily. on the other hand any projects with their own release processes spread across a bunch of individual acls will not be so lucky | 14:34 |
| fungi | i'll need to do a bit more testing unfortunately | 14:34 |
| elodilles | :S | 14:38 |
| elodilles | thanks for working on this | 14:39 |
| frickler | looking at https://review.opendev.org/Documentation/access-control.html#access_categories I would think we need to grant the "Create Reference" permission, but I cannot find how that would translate into a config file | 14:41 |
| fungi | previously https://review.opendev.org/Documentation/access-control.html#category_create_signed was sufficient | 14:46 |
| fungi | i worry that create reference permission on refs/tags/* would allow people to accidentally push unsigned tags | 14:47 |
| elodilles | the create and pushSigned is there: https://opendev.org/openstack/project-config/src/branch/master/gerrit/acls/openstack/meta-config.config#L3 | 14:47 |
| elodilles | or do i look the wrong thing? | 14:47 |
| fungi | no, that's what we've been using up to now. i'm trying to work out if there's a regression or if we missed something subtle in the release notes | 14:48 |
| clarkb | fungi: is it possible we need create tag and create signed tag? maybe that is what you are getting at about allowing unsigned tags | 14:53 |
| fungi | right, if so that'd be a regression but maybe they call it out in the release notes? i haven't looked yet | 14:57 |
| clarkb | I skimmed the release notes and they did not | 14:57 |
| clarkb | I did a ^F tag and looked at hte 7 results | 14:58 |
| *** sshnaidm is now known as sshnaidm|afk | 15:01 | |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Grant Create Annotated Tag perms on bindep https://review.opendev.org/c/openstack/project-config/+/826305 | 15:10 |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Update bindep ACL to use new createSignedTag perm https://review.opendev.org/c/openstack/project-config/+/826309 | 15:17 |
| *** ysandeep is now known as ysandeep|out | 15:23 | |
| opendevreview | Merged openstack/project-config master: Update Gerrit IP addresses in SSH key secrets https://review.opendev.org/c/openstack/project-config/+/826294 | 15:34 |
| *** dviroel is now known as dviroel|lunch | 15:37 | |
| opendevreview | Merged openstack/project-config master: Update bindep ACL to use new createSignedTag perm https://review.opendev.org/c/openstack/project-config/+/826309 | 15:39 |
| *** sshnaidm|afk is now known as sshnaidm | 15:55 | |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Grant Create Annotated Tag perms on bindep https://review.opendev.org/c/openstack/project-config/+/826305 | 15:56 |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Grant Create Annotated Tag perms on bindep https://review.opendev.org/c/openstack/project-config/+/826305 | 15:57 |
| opendevreview | Merged openstack/project-config master: Grant Create Annotated Tag perms on bindep https://review.opendev.org/c/openstack/project-config/+/826305 | 16:33 |
| *** dviroel|lunch is now known as dviroel | 16:38 | |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Work around signed tag regression from Gerrit 3.4 https://review.opendev.org/c/openstack/project-config/+/826334 | 17:15 |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Remove unsigned tagging permission from projects https://review.opendev.org/c/openstack/project-config/+/826335 | 17:15 |
| *** jpena is now known as jpena|off | 17:34 | |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Work around signed tag regression from Gerrit 3.4 https://review.opendev.org/c/openstack/project-config/+/826334 | 17:43 |
| opendevreview | Jeremy Stanley proposed openstack/project-config master: Remove unsigned tagging permission from projects https://review.opendev.org/c/openstack/project-config/+/826335 | 17:43 |
| *** amoralej is now known as amoralej|off | 17:44 | |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: DNM testing py39 https://review.opendev.org/c/openstack/ci-log-processing/+/826359 | 18:58 |
| opendevreview | Merged openstack/project-config master: Work around signed tag regression from Gerrit 3.4 https://review.opendev.org/c/openstack/project-config/+/826334 | 18:58 |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: DNM testing py39 https://review.opendev.org/c/openstack/ci-log-processing/+/826359 | 18:59 |
| fungi | i'll keep tabs on the 826334 deployment | 18:59 |
| fungi | er, wrong channel | 18:59 |
| fungi | timburke_: your recollection matches mine on the fips test addition for swift, the insufficient space errors were misleading, because it was trying to write extended attributes to a non-xfs filesystem since the fips mode reboot was umounting the xfs loop file, solved by moving the reboot much earlier in the test prep | 20:41 |
| timburke_ | 👍 | 20:43 |
| *** dviroel is now known as dviroel|afk | 21:38 | |
| *** rlandy|ruck is now known as rlandy|out | 23:48 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!