Wednesday, 2025-12-17

cardoeWell let me know how I can help.00:45
clarkbI think the main thing at this point is getting fungi to look over the script to see if it makes sense and then scheduling a time to cut over?03:25
*** ralonsoh_ is now known as ralonsoh07:58
*** ykarel__ is now known as ykarel13:24
fungiyeah, i just wasn't in a state to be able to do a thorough job of it last night, but can take a look today14:34
fricklerclarkb: fungi: please check https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/971115 to unblock that repo14:43
ykarelHi can someone check https://review.opendev.org/c/openstack/project-config/+/97115514:45
fungifrickler: also would https://review.opendev.org/965402 have taken care of it?14:46
opendevreviewMerged openstack/openstack-zuul-jobs master: Delete legacy monasca jobs and playbooks  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/97111514:54
opendevreviewJeremy Stanley proposed openstack/openstack-zuul-jobs master: Drop legacy bionic jobs  https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/96540214:57
fungii rebased it14:57
fricklerthe bionic drop still needs further cleanup. or maybe we just force-merge it? and then some day we come up with a policy to drop repos from zuul that have config errors for more than a year and no other activity either15:08
fungiwell, when zuul drops support for older ansible soon, those jobs are going to cease working regardless15:15
opendevreviewMerged openstack/project-config master: [neutron] update dashboard with new jobs  https://review.opendev.org/c/openstack/project-config/+/97115515:38
clarkbfungi: frickler: ya at this point I'm thinking we just rip out bionic once zuul stops supporting it. Then we can drop projects that are un a non functional state from the zuul tenant config afterwards15:44
clarkbgroup based policy does seem to getsome maintenance though. They are probably just not aware? I dunno bionic is old it should be more apparent but that is also probably my personal bias speaking being aware of this stuff for opendev15:45
fricklerdifficult to tell whether contributors are simply unaware of config errors or ignore hints like starlingx has been doing for years now16:07
fungicardoe: kozhukalov: clarkb: i'm in the process of running the helm scripts now (almost done in fact)17:06
fungithe vos release afterward may take some time to complete though17:07
fungii reviewed the scripts thoroughly and they all lgtm17:07
fungifor the third script, i'm using the statically compiled helm v3.19.4 executable published by helm upstream17:08
clarkbfungi: thanks!17:08
fungino problem, i'll let everyone known once it's done running so the results can be double-checked17:12
fungier, s/known/know/17:12
fungiscripts have all run and vos release is in progress, but as i said it will probably take some time to sync all the ro replicas17:17
fungii'm keeping an eye on it17:18
fungifinal vos release is running now, which should get the updated index.yaml synced out17:30
fungicardoe: kozhukalov: all done, please check that https://tarballs.opendev.org/openstack/openstack-helm/ is functional in its new state and let me know if you need anything else done there17:33
fungii think mnaser had also mentioned the slowness for that url previously, so may want to take a look at the new layout as well17:34
cardoefwiw "helm repo add osh https://tarballs.opendev.org/openstack/openstack-helm/" or "helm repo update osh" then "helm search repo keystone --versions" shows me stuff.17:37
cardoeNuking my local helm repo cache and re-adding it and running "helm template osh/keystone" for example grabs the latest chart and renders it.17:37
cardoeSo that works for me.17:37
fungiawesome, thanks for testing!17:38
cardoeI've not had an issue with speed cause I don't browse the Apache directory listing. I use CLI tools or libraries for working with Helm repos so I never noticed it. They'll always grab the index.yaml and work form that file for the operations.17:38
fungiyeah, the bigger issue is that at some point afs was not going to be able to add new files to that directory17:39
cardoeYep understood. We needed to do this.17:39
cardoeAs an aside... can I register something like https://quay.io/openstackhelm/ and get you guys a service account or permissions so I can work with it in Zuul?17:39
cardoeCause we can publish the charts to an OCI repo as well.17:40
cardoeNot something I'm gonna do today.17:40
clarkbfungi: cardoe yes the limit but also new users were hitting that when establishign their helm cache aiui17:41
fungii think you can just stuff that into an encrypted zuul secret as well. pretty sure that's what the kolla team does for their publishing, but i'd need to double-check how their jobs are arranged17:41
clarkbso existing users sort of grandfathered in but if you did a new install you hit the timeout17:41
clarkbyes, the idea with zuul secrets is that you manage that yourself17:41
cardoeclarkb: they shouldn't have cause helm doesn't hit the directory index. 17:42
clarkbcardoe: the email thread that started this process indicates it does17:42
clarkbI don't use helm so can't say for myself. But a user tried to use helm and hit the timeout17:42
clarkb(which is 2 minutes by default)17:43
cardoehrm I cannot find the users original email.17:45
clarkbcardoe: it is quoted in my email because they sent it to our private security disclosure list17:45
clarkbyou have to click the ... in the email here to expand it https://lists.opendev.org/archives/list/service-discuss@lists.opendev.org/thread/VTMDDVSPM5HRUYWAATNMZOILT5OE57VR/17:45
cardoeah okay. So if you use a 4 year old version of helm it hits the top level / with a GET to check for a 200 response before grabbing index.yaml17:53
cardoeI bet its a distro package.17:53
clarkbya that seems likely if it is a behavior of older versions. Now you're prepared for the futuer and compatibile with the past17:56
cardoeEither way. I'm happy to try and improve what we do with the project.17:56

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!