| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 00:00 |
|---|---|---|
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 00:14 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 00:46 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 00:54 |
| *** rlandy|bbl is now known as rlandy | 01:08 | |
| *** rlandy is now known as rlandy|out | 01:13 | |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 01:33 |
| opendevreview | OpenStack Proposal Bot proposed openstack/project-config master: Normalize projects.yaml https://review.opendev.org/c/openstack/project-config/+/847230 | 02:26 |
| *** ysandeep|out is now known as ysandeep | 04:53 | |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 04:58 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 05:09 |
| abhishekk | can any core please have a look at this, https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847193 | 05:57 |
| abhishekk | this will unblock gate for glance | 05:58 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 06:00 |
| opendevreview | Merged openstack/project-config master: Normalize projects.yaml https://review.opendev.org/c/openstack/project-config/+/847230 | 06:03 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 06:22 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 06:53 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 06:59 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 07:13 |
| *** ysandeep is now known as ysandeep|afk | 07:30 | |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 07:32 |
| *** jpena|off is now known as jpena | 07:38 | |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Change Zuul CI job to upload container image on merging https://review.opendev.org/c/openstack/ci-log-processing/+/847008 | 08:08 |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Change Zuul CI job to upload container image on merging https://review.opendev.org/c/openstack/ci-log-processing/+/847008 | 09:05 |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: DNM checking upload job https://review.opendev.org/c/openstack/ci-log-processing/+/847281 | 09:06 |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Change Zuul CI job to upload container image on merging https://review.opendev.org/c/openstack/ci-log-processing/+/847008 | 09:10 |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: DNM checking upload job https://review.opendev.org/c/openstack/ci-log-processing/+/847281 | 09:11 |
| *** ysandeep|afk is now known as ysandeep | 09:20 | |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Change Zuul CI job to upload container image on merging https://review.opendev.org/c/openstack/ci-log-processing/+/847008 | 09:56 |
| *** rlandy_ is now known as rlandy | 10:34 | |
| *** rlandy_ is now known as rlandy | 10:49 | |
| *** rlandy_ is now known as rlandy | 11:08 | |
| *** dviroel|afk is now known as dviroel | 11:20 | |
| opendevreview | Merged openstack/openstack-zuul-jobs master: Add nslookup_target to fips jobs https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847193 | 11:28 |
| dpawlik | Hey, fungi, clarkb: could someone help with https://review.opendev.org/c/openstack/ci-log-processing/+/847008 ? | 11:54 |
| fungi | dpawlik: i managed to dig a log url for one of the retried builds out of the executor logs: https://0b48b99a1954caa6a5cb-d177fea3a813a6c3857df2d202d4eaea.ssl.cf5.rackcdn.com/847008/5/gate/ci-log-processing-functional-test-centos-8-stream-sender/241f80d/job-output.txt | 11:59 |
| fungi | seems like something was preventing zuul from being aware the logs were uploaded | 12:00 |
| dpawlik | fungi: it seems like it fails when zuul executor wants to operate on the vm, am I right? But from the other side, similar configuration is done in Zuul | 12:06 |
| fungi | not sure what you mean by "operate on the vm" but all those lines which start with "centos-8-stream" ran on the vm | 12:07 |
| dpawlik | fungi: em, are we talking about ci-log-processing-upload-image job ? | 12:08 |
| fungi | e.g. the "Ensure that all services are available and running" loop iterated through output for both the logscraper-openstack and logsender-openstack services | 12:08 |
| dpawlik | because this job "ci-log-processing-upload-image" is problematic | 12:09 |
| dpawlik | other are working on the gates for a while, they are fine | 12:09 |
| fungi | i think i mistakenly filtered the executor logs for the event id instead of the build id | 12:09 |
| dpawlik | UUID 4341445e1ce24a2593b295acafc892c9 | 12:10 |
| dpawlik | Event ID 71d0a8ba900a4a829dcf11c33dd96054 | 12:10 |
| fungi | yeah, i shouldn't have tried to start looking into this before coffee | 12:11 |
| fungi | ValueError: Encryption/decryption failed. | 12:13 |
| fungi | dpawlik: it's unable to decrypt a supplied secret | 12:13 |
| dpawlik | thank you fungi! | 12:13 |
| fungi | how did you encode the secret? | 12:13 |
| dpawlik | fungi: so I need to write long story. Last time when we were talking about the repository, it was suggestion that ci-log-processing project should have another account and push there images. I create such account on docker: https://hub.docker.com/repository/docker/cilogprocessing | 12:15 |
| dpawlik | the user and password are available in AWS secrets | 12:15 |
| dpawlik | and how I encrypt the password: | 12:16 |
| dpawlik | I did not know, which is a zuul config repository | 12:16 |
| fungi | ahh, where is the secret defined? | 12:16 |
| dpawlik | so I use system-config: python3 ./encrypt_secret.py --tenant openstack --infile mypasswordfile --outfile herewillbepassword.yml https://zuul.opendev.org/ opendev/system-config | 12:16 |
| fungi | okay, so the secret definition is in opendev/system-config? i'm not sure that will work for a job triggered by openstack/ci-log-processing changes | 12:17 |
| dpawlik | fungi: AWS got a service Secrets Manager - https://us-east-1.console.aws.amazon.com/secretsmanager/home | 12:17 |
| fungi | right, i'm talking about the "zuul secret" not an aws secret | 12:18 |
| dpawlik | aa xD | 12:18 |
| dpawlik | fungi: so the secret is defined here: https://review.opendev.org/c/openstack/ci-log-processing/+/847008/5/.zuul.yaml#21 | 12:18 |
| dpawlik | but on which config repository it should base to encrypt the file? | 12:19 |
| fungi | openstack/ci-log-processing | 12:19 |
| dpawlik | hm | 12:19 |
| dpawlik | ok, let me try | 12:19 |
| fungi | every project gets its own unique encryption key, so jobs run for openstack/ci-log-processing won't have the ability to decrypt things encrypted for opendev/system-config's key | 12:20 |
| fungi | for security reasons | 12:20 |
| dpawlik | yeah, I know | 12:20 |
| * dpawlik need to check our infra secrets how its done | 12:20 | |
| dpawlik | I was thinking that it is base on zuul config repository | 12:21 |
| fungi | well, opendev/system-config isn't a zuul config repository either | 12:21 |
| fungi | but to be clear, it has to do with where the playbook using the secret resides | 12:22 |
| fungi | usually it's in the same repository as your job definition, but i'd have to look at how you've set up that job | 12:23 |
| fungi | dpawlik: ahh, i see you're parenting it on the opendev-upload-docker-image and using pass-to-parent to supply the docker_credentials secret to the parent job, so it's actually that parent job's context which matters in this case | 12:24 |
| dpawlik | o, good to know | 12:25 |
| dpawlik | so the secret should be generated base on the public key from parent repository? | 12:25 |
| fungi | opendev-upload-docker-image is actually defined in the opendev/base-jobs repo | 12:25 |
| * dpawlik just to confirm | 12:25 | |
| fungi | the repository where the playbook using the secret resides | 12:26 |
| fungi | in this case it's the https://opendev.org/opendev/base-jobs/src/branch/master/playbooks/docker-image/upload.yaml playbook which is handing it off to the upload-docker-image role | 12:27 |
| fungi | https://docs.opendev.org/opendev/base-jobs/latest/docker-image.html#job-opendev-upload-docker-image | 12:28 |
| fungi | that's the job documentation | 12:29 |
| * dpawlik reading | 12:29 | |
| dpawlik | small improvement about providing the credentials/secret would be good. Will do a PS later | 12:32 |
| fungi | there is a credentials section for that job's documentation. what's it missing? | 12:32 |
| fungi | dpawlik: revisiting https://zuul-ci.org/docs/zuul/latest/config/secret.html i think you need to encrypt the secret for openstack/ci-log-processing after all | 12:34 |
| dpawlik | the message "The Docker Hub password." is not enough IMHO | 12:34 |
| dpawlik | fungi: I think same I asked tristanC and got confirmation that it should be done with ci-log-processing | 12:34 |
| dpawlik | let's try :D | 12:34 |
| opendevreview | daniel.pawlik proposed openstack/ci-log-processing master: Change Zuul CI job to upload container image on merging; change secret https://review.opendev.org/c/openstack/ci-log-processing/+/847008 | 12:34 |
| fungi | yeah, "if the job.secrets.pass-to-parent attribute is set to true [...] the secret is made available not only to the playbooks in the current job definition, but to all playbooks in all parent jobs as well." | 12:35 |
| fungi | so it gets supplied to the job's playbooks as well as the playbooks of parent jobs, but that implies that it does need to be encrypted for the project where the job with the pass-to-parent is being set | 12:36 |
| fungi | (rather than for the parent job) | 12:36 |
| fungi | so hopefully this works | 12:36 |
| * dpawlik finger crossed ;) | 12:37 | |
| *** dasm|off is now known as dasm | 13:03 | |
| *** ysandeep is now known as ysandeep|afk | 13:39 | |
| opendevreview | Merged openstack/ci-log-processing master: Change Zuul CI job to upload container image on merging; change secret https://review.opendev.org/c/openstack/ci-log-processing/+/847008 | 13:43 |
| *** ysandeep|afk is now known as ysandeep | 13:47 | |
| dpawlik | fungi: tag name is ugly, but it works \o/ | 13:51 |
| dpawlik | thank you for help | 13:51 |
| fungi | dpawlik: the tag name is intentionally ugly, you need the promote job to retag it accordingly | 14:20 |
| fungi | because you might have the upload job succeed in gate but other jobs fail, so you don't want it tagged as latest or whatever unless that change actually merges successfully | 14:21 |
| coreycb | hello infra, I'd like to see if someone can take a look at merging this new job for the charms project https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/846200 | 15:05 |
| opendevreview | Merged openstack/openstack-zuul-jobs master: Add openstack-python3-charm-zed-jobs https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/846200 | 15:15 |
| *** ysandeep is now known as ysandeep|out | 15:21 | |
| opendevreview | Kendall Nelson proposed openstack/project-config master: Setup #openinfra-envirosig IRC Channel https://review.opendev.org/c/openstack/project-config/+/847364 | 15:42 |
| *** frenzy_friday is now known as frenzyfriday|PTO | 16:21 | |
| *** jpena is now known as jpena|off | 17:02 | |
| *** dviroel is now known as dviroel|out | 21:14 | |
| opendevreview | Samuel Walladge proposed openstack/project-config master: Add Cinder Dell EMC PowerStore charm https://review.opendev.org/c/openstack/project-config/+/846888 | 21:32 |
| opendevreview | Gage Hugo proposed openstack/project-config master: Retire openstack-helm-deployments repo https://review.opendev.org/c/openstack/project-config/+/847414 | 21:38 |
| opendevreview | Gage Hugo proposed openstack/project-config master: Retire openstack-helm-deployments repo https://review.opendev.org/c/openstack/project-config/+/847414 | 22:03 |
| *** dasm is now known as dasm|off | 22:07 | |
| *** rlandy is now known as rlandy|bbl | 22:30 | |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 23:35 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 23:47 |
| opendevreview | Ian Wienand proposed openstack/openstack-zuul-jobs master: [dnm] testing grafana https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/847128 | 23:53 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!