Wednesday, 2024-07-24

« Tuesday, 2024-07-23 Index Thursday, 2024-07-25 »
opendevreviewCyril Roelandt proposed openstack/pbr master: Python 3.14: do not use the onerror parameter in shutil.rmtree()  https://review.opendev.org/c/openstack/pbr/+/92480300:01
opendevreviewClark Boylan proposed openstack/project-config master: Set xenial min ready to 0  https://review.opendev.org/c/openstack/project-config/+/92480600:28
opendevreviewMerged openstack/project-config master: Set xenial min ready to 0  https://review.opendev.org/c/openstack/project-config/+/92480600:55
*** bauzas_ is now known as bauzas06:04
*** bauzas_ is now known as bauzas09:08
*** bauzas_ is now known as bauzas09:21
jakeyiphi, sorry to bother, is there any admins around who can help me check why is https://opendev.org/openstack/magnum-capi-helm-charts/ not replicating to https://github.com/openstack/magnum-capi-helm-charts ? it may be due to a force-push we previously did to gerrit, so may need to wipe github and let gerrit push everything again...11:04
tonybjakeyip: I can look after the meeting I'm in finishes11:06
jakeyipthanks tonyb, appreciate it. it isn't urgent.11:08
tonybjakeyip: It doesn't look like that's been configured to run at all?11:38
jakeyiptonyb: not sure what you mean?11:38
tonybjakeyip: I think you need something like: https://opendev.org/openstack/project-config/src/branch/master/zuul.d/projects.yaml#L2193-L2196 for the openstack/magnum-capi-helm-charts/  project11:38
tonybThe key thing is the official-openstack-repo-jobs template that includes the job to publish and sync the repos11:39
tonybjakeyip: I'm looking at the 3555,11:         - maintain-github-openstack-mirror jobs now, maybe that's where it's supposed to happen11:40
jakeyiphmm I see, trying to trace 11:42
jakeyipI think you are right, there's a 'openstack-upload-github-mirror' job which sounds like what we want :) 11:47
tonybjakeyip: I'm about to sign off for now but ad me as a reviewer and I'll check it out first thing tomorrow11:50
jakeyiptonyb: sure, thanks for your help11:50
opendevreviewJake Yip proposed openstack/project-config master: Sync magnum-capi-helm-charts repo to GitHub mirror  https://review.opendev.org/c/openstack/project-config/+/92484611:53
fungijakeyip: once it merges, the next change to merge in the magnum-capi-helm-charts repo should trigger replication11:55
jakeyipfungi: great, thanks :)11:55
opendevreviewMerged openstack/project-config master: Sync magnum-capi-helm-charts repo to GitHub mirror  https://review.opendev.org/c/openstack/project-config/+/92484612:10
noonedeadpunkhey folks! do you happen to know if in nodepool vm root auth is permitted with a key?13:13
noonedeadpunkI'm trying to investigate why https://review.opendev.org/c/openstack/openstack-ansible-tests/+/921434 fails in CI but not locally13:13
noonedeadpunkor maybe restriction on key length?13:14
fricklerI would hope we disallow root login in the ssh config13:19
noonedeadpunkaha13:23
noonedeadpunkthat would explain it :D13:23
noonedeadpunkand seems we do override it....13:24
frickleractually I'm wrong, we don't. if we hold a node, the login is as root13:28
fricklerbut also I can set up a hold for your patch and we can try to check in place. assuming the infra root login isn't broken by what you are doing13:29
noonedeadpunkit's in check right now, but will fail 99.9% 13:31
noonedeadpunkso if you can make a hold - that might be helpful13:31
noonedeadpunkbut in the patch I've added storing /etc/ssh directory, so can check for the content when it fail13:32
noonedeadpunkyeah, `PermitRootLogin yes`13:39
noonedeadpunkso if you make a hold - would be pretty much appreciated13:50
clarkbside note: when you want to refer to a failure I personally find it most helpful if you link directly to the failure. Not the change, not the top level of the build, not the top level of the log file, etc. https://zuul.opendev.org/t/openstack/build/b6fee14ad4484afebb5f7b7cc53e971f/log/job-output.txt#5371-5373 or similar in this case. It is very easy to work backward from that14:12
clarkbpoint to the other details like what job what change etc. But working forward can often be a slog as I'm not familiar with everyone's jobs14:12
clarkbif I had to guess maybe localhost in that context is not the localhost you expect it to be and there is no sshd running there14:14
clarkbfor example if within a container with its own network namespace14:14
opendevreviewClark Boylan proposed openstack/project-config master: Limit what volvocars loads from opendev/base-jobs  https://review.opendev.org/c/openstack/project-config/+/92485814:20
clarkbnoonedeadpunk: perhaps the regression here (if there is one) is that you were previously using a local connection for ansible but now it is trying to ssh to localhost in the container and there is no sshd?14:25
clarkbseems like the sort of thing with an ansible version bump that might change subtly for reasons because ansible14:26
fricklerI was too late with the hold, need to recheck once the current run finishes14:26
noonedeadpunkclarkb: well yes, it was using local connection, and now tries to SSH. But at this point it should have had a SSH key generated and placed for that, ie https://zuul.opendev.org/t/openstack/build/cd9da1010d33419b8c1395283b963089/log/job-output.txt#4199-421814:31
noonedeadpunkand task for that is https://opendev.org/openstack/openstack-ansible-tests/src/branch/master/test-prepare-keys.yml#L20-L6314:31
clarkbbut does it have an sshd server? the error is unreachable not authentication failure14:31
clarkboh its pubkey failure and unreachable14:31
clarkbnice ansible14:32
noonedeadpunkyeah, so it's specifically smth with auth. and on a local VM this passes nicely each time14:32
noonedeadpunkI've added /etc/ssh to logs but don't see anything obvious either14:33
noonedeadpunkit indeed could be that `localhost` is smth very different now14:33
clarkbI would expect ot see logs indicating that auth failed at least. If you don't see that then ya maybe ist takling to something else14:34
noonedeadpunkyeah, I actually also was slightly surprised not seeing that14:35
noonedeadpunkfrickler: I can run recheck now if you're around to put a hold?14:38
clarkbnoonedeadpunk: the existing hold should still be valid if it didn't catch anything. You just have to wait for the current run to report otherwise the recehck will be ignored14:39
clarkbbasically go ahead and recheck once gerrit gets a comment for the last run14:39
noonedeadpunkI think it's reported?14:39
clarkbya I don't see it in the current status dashboard and there is a report from 15 minutes or so ago. I think you can recheck now14:40
fricklernoonedeadpunk: I have the held node now. "ssh root@localhost" as root works just fine. I added your key if you want to check yourself root@104.130.124.13115:14
noonedeadpunkugh....15:17
noonedeadpunkthanks a lot15:17
noonedeadpunkbut I actually don't see ansible's ssh key added there15:19
noonedeadpunkso probably there's smth that's different15:19
noonedeadpunkyou didn't wipe out /root/.ssh/authorized_keys when pulling keys?15:20
noonedeadpunkwonder if zuul does that though...15:21
clarkbzuul doesn't.15:23
clarkbglean sets the authorized keys at first boot then they should never be touched again automatically15:23
clarkbthere may be some zuul job content that tries to manage them though15:23
clarkbbut the service itself shouldn't15:24
noonedeadpunkok, yeah, so I apparently don't see self-generated SSH key that is supposed to be used by internal ansible there15:24
noonedeadpunkwhich can explain issue easily15:24
fricklerI do see the key there15:27
fricklerat least the one from /root/.ssh/id_rsa.pub which is what I think we're talking about?15:28
noonedeadpunkah, right, I've changed a way to generate the key recently, so local sandbox differs a bit15:31
noonedeadpunkwas expecting to see a specific comment15:33
noonedeadpunkso, running same tox job now doesn't bring any auth issues /o\15:42
jrossermaybe we need a meta: reset_connection after dropping the ssh keys?15:46
noonedeadpunkyeah, thinking about that already15:54
noonedeadpunkbut then, it's weird as you'd try to connect differently16:03
noonedeadpunki really clueless why it fails16:22
noonedeadpunkreset_connection obviously does not help16:25
funginoonedeadpunk: and you're sure the localhost ssh attempt is happening in the scope of the test node not on the executor?16:46
noonedeadpunkso that looks like nested ansible to me: https://zuul.opendev.org/t/openstack/build/7faa9d9a289149d3a1ad58587eb41345/log/job-output.txt#415016:50
noonedeadpunkand yeah - ubuntu-jammy is a label of the test vm16:50
noonedeadpunkso I'd say it's not on executor16:50
noonedeadpunkjrosser: I was just able to reproduce on my test VM by running the tox as ubuntu user16:51
jrosseroooh16:51
noonedeadpunkpretty much - git clone; ./run_tests.sh functional16:52
noonedeadpunkI think you can release a hold now - thanks16:52
noonedeadpunkfrickler: ^17:47
clarkbI suspect frickler may have called it a day. I can clean that up later after I'm done with this gitea maintenance17:52
noonedeadpunk++ thanks18:01
fricklerdeleted18:04
*** bauzas_ is now known as bauzas19:17
opendevreviewClark Boylan proposed openstack/project-config master: Limit what volvocars loads from opendev/base-jobs  https://review.opendev.org/c/openstack/project-config/+/92485820:45
*** bauzas_ is now known as bauzas21:20
opendevreviewMerged openstack/project-config master: Limit what volvocars loads from opendev/base-jobs  https://review.opendev.org/c/openstack/project-config/+/92485821:55
« Tuesday, 2024-07-23 Index Thursday, 2024-07-25 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!