Tuesday, 2020-12-08

« Monday, 2020-12-07 Index Wednesday, 2020-12-09 »
*** rfolco has joined #softwarefactory01:10
*** rfolco has quit IRC01:28
*** zenkuro has joined #softwarefactory05:24
*** zenkuro has quit IRC06:32
*** zenkuro has joined #softwarefactory06:33
lyrthanks for the example playbook tristanC07:29
lyrAbout certificates : lecm seems to have been removed, both the sf-lecm ansible role, and I found no reference in the doc about lecm or letsencrypt. But the network.use_letsencrypt is still here. Should we deal with this ourselves ?07:33
lyrOr SF have a replacement for lecm ?07:33
*** apevec has joined #softwarefactory08:16
zenkurohi! Is there a place where I can read more about concept of tenants? Ive checked out https://softwarefactory-project.io/docs/guides/tenant_deployment.html?highlight=resources#workflow-details and https://softwarefactory-project.io/docs/guides/unmanaged_tenant.html?highlight=resources but it is not enough for me08:36
*** rfolco has joined #softwarefactory09:03
*** rfolco has quit IRC09:07
*** rfolco has joined #softwarefactory09:51
lyrI think "A tenant SF is an instance that does not run Zuul services" says it all ?09:54
zenkurolyr: may be Im missing something but what is the point of SF without zuul? + this tenant can run jobs and upload logs10:05
lyrzenkuro: maybe managesf + gerrit on an instance, zuul & nodepool on another instance, ... ?10:11
zenkurolyr: hm, does it help with security or resource allocation? For now I can see that different tenant can be used in combinations with different acl and different base job10:13
zenkurofrom perspective of code organization.10:13
zenkuroor for instance to minimize damage to main config repo if you want to experiment with things10:15
lyrI don't know10:18
lyrI'm a beginner in the topic10:18
lyrJust trying to get nodepool to build an openstack based image atm10:19
zenkurolyr: lol, Ive havent get to nodepool yet, Im trying to figure out how to manage logs with static machines =)10:21
lyrWell,trying to build debian image, requies debootstrap, which is available in EPEL only, and software factory is incompatible with EPEL10:28
zenkurolyr: m... hm... that is strange to hear10:49
zenkurolyr: Im curious on how you gona solve this? like create a dedicated machine and ssh to it to build there? is it possible with SF?11:15
zenkuroor make it as a job?11:16
lyrfor now the ugly way11:31
lyrremoved sfconfig rpm, installed epel, installed debootstrap, removed epel, installed back sfconfig11:32
lyrMy own "install SF" config will do that as an initial step, before installing software factory11:32
lyrBut I'm waiting for tristanC or other knowledgeable guy to solve this and other issues11:33
zenkurowow... that is dangerous, it is better to do snapshots if you can11:56
tristanClyr: oops, i thought we did a release note about droping lecm. You do need to manage tls yourself12:31
tristanCzenkuro: the point of sf tenant is to isolate the service that do not have tenancy, for example gerrit, logserver or kibana12:31
tristanCzenkuro: to manage different zuul config/resources, you can just create zuul tenant, no need to deploy another instance12:32
tristanClyr: you don't have to use disk-image-builder, you can use the virt-customize role to customize an existing debian cloud image12:33
zenkurotristanC: I was kinda experimenting with it now and I stopped at at getting check job show up https://softwarefactory-project.io/docs/guides/unmanaged_tenant.html12:34
tristanCzenkuro: yeah, that seems like the documentation you are looking for12:35
tristanCzenkuro: and here is the zuul documentation to control the acl per zuul tenant: https://zuul-ci.org/docs/zuul/reference/tenants.html#attr-tenant.allowed-triggers12:36
zenkurotristanC: many thanks!12:37
tristanCzenkuro: you're welcome :)12:39
zenkurobut may be you can enlight me regarding the reason that made me investigate this thing: report-build-page12:39
zenkurosorry for throwing one question after another12:39
tristanCzenkuro: no worries, what is the question?12:39
zenkuroit looks like this property is auto generated:   resources/_internal.yaml:        zuul/report-build-page: True12:40
zenkuroso when I change it at tenant: local definition around my project it has no effect12:41
zenkuroso I was thinking if I should create a separate tenant in order not to mess up with auto-generated configs12:42
tristanCright, this is a tenant level configuration, and it's hardcoded to true at the moment, so what you are doing is correct: create a separate tenant with your custom configuration12:43
tristanCactually we would like to rename the default `local` tenant to `internal`, and make it manage the config update (e.g. nodepool and zuul top-level tenant configuration)12:44
tristanCbecause it's quite tricky to update the `local` tenant when needed (e.g. when the config-update job change) while keeping user configuration12:45
zenkurotristanC: sounds cool, it would be nice if you also deliver pre build `external` tenant, since I have issues with making `check` job from the guide to appear12:46
zenkurotristanC: false alarm! sfconfig + reboot saves the day =)12:46
tristanCyeah that would be an useful tool to have, i agree it's a pain to setup a new tenant from scratch12:47
*** rfolco has quit IRC13:22
*** rfolco has joined #softwarefactory13:22
zenkuroby the way is there a support of zuul jobs? Im mentioning this because turning them on by upstream_zuul_jobs: true leads to:13:58
zenkuro[ara-report : Create the ARA database report directory] {"msg": "There was an issue creating ara-report as requested: [Errno 30] Read-only file system: b'ara-report'", "path": "ara-report"}13:59
zenkurojust if somebody is interested in this thing. This happens on config check. So it should not be a consequences of my "experimentation"14:00
lyrtristanC: well, the big idea behing using dib was to use the elements provided to get a basic debian buster image. We don't need any tweaking, so I expected nodepool's vanilla setup to speed up things14:06
tristanClyr: dib can be used to produce special image, it is used in opendev to setup a custom cloud-init and install zuul ssh key. It is quite a complicated process since it creates the image from scratch.14:34
tristanClyr: if you don't need dib elements, then it may be easier to just add the zuul ssh key on an image provided by the distro, it will be closer to what your user use14:35
lyrI need the easiest way possible15:24
lyrNot in a complicated process way of15:25
lyrI mean15:25
lyrI don't care if you're doing complicated stuff or not15:25
lyrI care about spending the least amount of time on the topic15:25
lyrOtherwise I'ld go for a packer something, since that's my prefered way of dealing with those question15:25
zenkurolyr: common it is open-source and project is under dev15:48
lyrzenkuro: I know. As a new user I'm giving my input about adopting the project15:53
tristanClyr: have you seen https://softwarefactory-project.io/cgit/software-factory/sf-config/tree/ansible/roles/sf-repos/files/config/nodepool/virt_images/README.md ?15:59
lyryes16:00
tristanClyr: if that's too complicated, then you can also use you own tool to create the disk image, and uses the `cloud-image` nodepool configuration16:01
lyrI'm trying to get https://paste.garrigue.re/?b04e8cda9d62a8dd#6HE4NpYSHBXRLV8KncjtYGrSmfqkQ2Dmgtfa2cWXWYwA to work16:02
lyrI got the image built, my current issue being about uploading, but that's most likely about our openstack connection16:03
lyr(then ofc try to get a job running with the image)16:03
tristanClyr: i think you need other elements to add the ssh key and setup ssh, have you seen opendev dib config https://opendev.org/openstack/project-config/src/branch/master/nodepool/nb03.opendev.org.yaml ?16:04
lyrI sort of expected Zuul / Nodepool to deal with that16:08
lyrLike adding one of /var/lib/software-factory/bootstrap-data/ssh_keys/*.pub16:08
lyrIn one of the debian elements' requirements in this list16:09
lyrExpanded element dependencies to: dpkg sysprep modprobe runtime-ssh-host-keys base install-static debootstrap debian install-bin dib-python package-installs pkg-map dib-init-system debian-minimal manifests install-types openssh-server16:09
tristanClyr: Zuul / Nodepool doesn't know how to deal with that, you need to use an element such as nodepool-base16:09
lyrI guess I need to add zuul-worker-user & nodepool-minimal from /usr/share/sf-elements ?16:10
tristanClyr: yes16:11
*** csomh has quit IRC16:44
lyrWas there any deprecation between 3.3 & 3.5 nodepool version regarding the glance api version ?16:52
lyrWe've an ageing openstack running glance api v116:53
lyrI guess it's the reason why nodepool can't upload images, while our legacy SF 3.3 was ok16:54
lyrI see nothing in clouds.yaml to enforce a legacy version usage16:55
tristanClyr: sf-3.5 integrate a more recent nodepool that requires a new openstacksdk. you should be able to pin the api version in the clouds.yaml17:02
lyrtristanC: something like clouds.openstack.image_api_version: 2 ?17:04
tristanClyr: i guess yeah17:05
lyrhmpf... hardstuck on this one, got no lead17:23
lyrnodepool-builder.log is full of https://paste.garrigue.re/?50ebc5e96cb62342#5F5DLNmwjGjKkHZMogPQC3JrAWhHYGREMdmGr5h82RXs17:24
tristanClyr: perhaps add your couds.yaml to the paste and ping mordred about it?17:31
*** apevec has quit IRC17:32
*** apevec has joined #softwarefactory17:33
lyrdone17:40
*** zenkuro has quit IRC21:39
*** apevec has quit IRC21:46
*** rfolco has quit IRC23:06
*** rfolco has joined #softwarefactory23:21
*** rfolco has quit IRC23:53
*** rfolco has joined #softwarefactory23:53
*** rfolco has quit IRC23:58
« Monday, 2020-12-07 Index Wednesday, 2020-12-09 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!