| cardoe | Well let me know how I can help. | 00:45 |
|---|---|---|
| clarkb | I think the main thing at this point is getting fungi to look over the script to see if it makes sense and then scheduling a time to cut over? | 03:25 |
| *** ralonsoh_ is now known as ralonsoh | 07:58 | |
| *** ykarel__ is now known as ykarel | 13:24 | |
| fungi | yeah, i just wasn't in a state to be able to do a thorough job of it last night, but can take a look today | 14:34 |
| frickler | clarkb: fungi: please check https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/971115 to unblock that repo | 14:43 |
| ykarel | Hi can someone check https://review.opendev.org/c/openstack/project-config/+/971155 | 14:45 |
| fungi | frickler: also would https://review.opendev.org/965402 have taken care of it? | 14:46 |
| opendevreview | Merged openstack/openstack-zuul-jobs master: Delete legacy monasca jobs and playbooks https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/971115 | 14:54 |
| opendevreview | Jeremy Stanley proposed openstack/openstack-zuul-jobs master: Drop legacy bionic jobs https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/965402 | 14:57 |
| fungi | i rebased it | 14:57 |
| frickler | the bionic drop still needs further cleanup. or maybe we just force-merge it? and then some day we come up with a policy to drop repos from zuul that have config errors for more than a year and no other activity either | 15:08 |
| fungi | well, when zuul drops support for older ansible soon, those jobs are going to cease working regardless | 15:15 |
| opendevreview | Merged openstack/project-config master: [neutron] update dashboard with new jobs https://review.opendev.org/c/openstack/project-config/+/971155 | 15:38 |
| clarkb | fungi: frickler: ya at this point I'm thinking we just rip out bionic once zuul stops supporting it. Then we can drop projects that are un a non functional state from the zuul tenant config afterwards | 15:44 |
| clarkb | group based policy does seem to getsome maintenance though. They are probably just not aware? I dunno bionic is old it should be more apparent but that is also probably my personal bias speaking being aware of this stuff for opendev | 15:45 |
| frickler | difficult to tell whether contributors are simply unaware of config errors or ignore hints like starlingx has been doing for years now | 16:07 |
| fungi | cardoe: kozhukalov: clarkb: i'm in the process of running the helm scripts now (almost done in fact) | 17:06 |
| fungi | the vos release afterward may take some time to complete though | 17:07 |
| fungi | i reviewed the scripts thoroughly and they all lgtm | 17:07 |
| fungi | for the third script, i'm using the statically compiled helm v3.19.4 executable published by helm upstream | 17:08 |
| clarkb | fungi: thanks! | 17:08 |
| fungi | no problem, i'll let everyone known once it's done running so the results can be double-checked | 17:12 |
| fungi | er, s/known/know/ | 17:12 |
| fungi | scripts have all run and vos release is in progress, but as i said it will probably take some time to sync all the ro replicas | 17:17 |
| fungi | i'm keeping an eye on it | 17:18 |
| fungi | final vos release is running now, which should get the updated index.yaml synced out | 17:30 |
| fungi | cardoe: kozhukalov: all done, please check that https://tarballs.opendev.org/openstack/openstack-helm/ is functional in its new state and let me know if you need anything else done there | 17:33 |
| fungi | i think mnaser had also mentioned the slowness for that url previously, so may want to take a look at the new layout as well | 17:34 |
| cardoe | fwiw "helm repo add osh https://tarballs.opendev.org/openstack/openstack-helm/" or "helm repo update osh" then "helm search repo keystone --versions" shows me stuff. | 17:37 |
| cardoe | Nuking my local helm repo cache and re-adding it and running "helm template osh/keystone" for example grabs the latest chart and renders it. | 17:37 |
| cardoe | So that works for me. | 17:37 |
| fungi | awesome, thanks for testing! | 17:38 |
| cardoe | I've not had an issue with speed cause I don't browse the Apache directory listing. I use CLI tools or libraries for working with Helm repos so I never noticed it. They'll always grab the index.yaml and work form that file for the operations. | 17:38 |
| fungi | yeah, the bigger issue is that at some point afs was not going to be able to add new files to that directory | 17:39 |
| cardoe | Yep understood. We needed to do this. | 17:39 |
| cardoe | As an aside... can I register something like https://quay.io/openstackhelm/ and get you guys a service account or permissions so I can work with it in Zuul? | 17:39 |
| cardoe | Cause we can publish the charts to an OCI repo as well. | 17:40 |
| cardoe | Not something I'm gonna do today. | 17:40 |
| clarkb | fungi: cardoe yes the limit but also new users were hitting that when establishign their helm cache aiui | 17:41 |
| fungi | i think you can just stuff that into an encrypted zuul secret as well. pretty sure that's what the kolla team does for their publishing, but i'd need to double-check how their jobs are arranged | 17:41 |
| clarkb | so existing users sort of grandfathered in but if you did a new install you hit the timeout | 17:41 |
| clarkb | yes, the idea with zuul secrets is that you manage that yourself | 17:41 |
| cardoe | clarkb: they shouldn't have cause helm doesn't hit the directory index. | 17:42 |
| clarkb | cardoe: the email thread that started this process indicates it does | 17:42 |
| clarkb | I don't use helm so can't say for myself. But a user tried to use helm and hit the timeout | 17:42 |
| clarkb | (which is 2 minutes by default) | 17:43 |
| cardoe | hrm I cannot find the users original email. | 17:45 |
| clarkb | cardoe: it is quoted in my email because they sent it to our private security disclosure list | 17:45 |
| clarkb | you have to click the ... in the email here to expand it https://lists.opendev.org/archives/list/service-discuss@lists.opendev.org/thread/VTMDDVSPM5HRUYWAATNMZOILT5OE57VR/ | 17:45 |
| cardoe | ah okay. So if you use a 4 year old version of helm it hits the top level / with a GET to check for a 200 response before grabbing index.yaml | 17:53 |
| cardoe | I bet its a distro package. | 17:53 |
| clarkb | ya that seems likely if it is a behavior of older versions. Now you're prepared for the futuer and compatibile with the past | 17:56 |
| cardoe | Either way. I'm happy to try and improve what we do with the project. | 17:56 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!