Wednesday, 2018-03-14

openstackgerrit	Tristan Cacqueray proposed openstack-infra/nodepool master: zk: use kazoo retry facilities https://review.openstack.org/535537	00:45
*** odyssey4me has quit IRC		00:53
*** odyssey4me has joined #zuul		00:53
*** harlowja has quit IRC		01:20
openstackgerrit	Tristan Cacqueray proposed openstack-infra/zuul master: mqtt: add basic reporter https://review.openstack.org/535543	01:21
*** rlandy\|afk is now known as rlandy		01:53
*** rlandy has quit IRC		02:06
Wei_Liu	corvus: No, I publish docs to our internal website in CI/CD, and I want to tell the author, who commit this change, the url published in zuul response to gerrit and show it in gerrit as same as the log url.	02:07
Wei_Liu	clarkb: hi, I publish docs to our internal website in CI/CD, and I want to put the url published in zuul response to gerrit and show it in gerrit as same as the log url. How can I do it?	02:09
*** myoung\|snow\|bbl is now known as myoung\|rover		02:15
*** myoung\|rover is now known as myoung\|afk		02:17
tristanC	Wei_Liu: you could use the zuul_return like in this change: https://review.openstack.org/#/c/548425/1/roles/emit-job-report/tasks/main.yaml	02:32
tristanC	Wei_Liu: or using the job's success-url, like this: http://git.openstack.org/cgit/openstack-infra/zuul/tree/.zuul.yaml#n81	02:32
Wei_Liu	tristanC: I did not know which field of zuul that should I use in zuul_return, zuul can handle zuul.log_url, does it handle the parameter I defined in the zuul_return?	02:39
tristanC	Wei_Liu: zuul.log_url is the one zuul comments back to the review	02:40
Wei_Liu	tristanC: I used success-url for such jobs in zuul v2.5, not in pipeline, can I do the same thing in v3?	02:41
tristanC	Wei_Liu: iirc, success-url gets appened to the log_url, you need to zuul_return another zuul.log_url to replace the url returned to gerrit	02:44
Wei_Liu	tristanC: Thanks a lot, I will try it today.	02:46
tristanC	Wei_Liu: the zuul_return likely needs to happen after the upload-log roles to over-write the value	02:50
Wei_Liu	tristanC: yes, I will append new role after it.	02:54
*** Wei_Liu1 has joined #zuul		03:03
*** Wei_Liu has quit IRC		03:03
*** Wei_Liu1 is now known as Wei_Liu		03:03
openstackgerrit	Tristan Cacqueray proposed openstack-infra/nodepool master: WIP: Handle ZK session loss during node launch https://review.openstack.org/552538	03:04
openstackgerrit	Tristan Cacqueray proposed openstack-infra/nodepool master: zk: use kazoo retry facilities https://review.openstack.org/535537	03:04
*** Wei_Liu has quit IRC		03:58
*** Wei_Liu has joined #zuul		03:59
*** harlowja has joined #zuul		04:12
openstackgerrit	Tristan Cacqueray proposed openstack-infra/nodepool master: WIP: Handle ZK session loss during node launch https://review.openstack.org/552538	04:21
openstackgerrit	Tristan Cacqueray proposed openstack-infra/nodepool master: Refactor run_handler to be generic https://review.openstack.org/535554	04:21
openstackgerrit	Tristan Cacqueray proposed openstack-infra/nodepool master: Refactor NodeLauncher to be generic https://review.openstack.org/535555	04:21
openstackgerrit	Tristan Cacqueray proposed openstack-infra/nodepool master: zk: use kazoo retry facilities https://review.openstack.org/535537	04:22
*** harlowja has quit IRC		04:40
openstackgerrit	Merged openstack-infra/zuul master: Add zuul-tox-remote to gate pipeline https://review.openstack.org/552692	05:53
tobiash	corvus: I've comments on 552688 (just two accidentally added files)	06:14
openstackgerrit	Tobias Henkel proposed openstack-infra/zuul master: Add zuul_json tests https://review.openstack.org/552688	06:15
openstackgerrit	Simon Westphahl proposed openstack-infra/zuul master: Fix zuul_json callback plugin problem with loops https://review.openstack.org/552799	06:37
openstackgerrit	Clint 'SpamapS' Byrum proposed openstack-infra/zuul master: Use re2 for change_matcher https://review.openstack.org/536389	07:09
openstackgerrit	Clint 'SpamapS' Byrum proposed openstack-infra/zuul master: Add irrelevant-branches negative matcher https://review.openstack.org/552809	07:09
SpamapS	corvus: ^ split	07:09
SpamapS	Haven't tested tho	07:09
* SpamapS heads to bed		07:09
tobiash	patch and run ;)	07:34
*** hashar has joined #zuul		07:43
*** jpena\|off is now known as jpena		08:25
*** electrofelix has joined #zuul		08:33
openstackgerrit	Joshua Hesketh proposed openstack-infra/zuul master: Decode gearman function into utf https://review.openstack.org/552888	11:54
*** elyezer has joined #zuul		11:55
openstackgerrit	Joshua Hesketh proposed openstack-infra/zuul master: Decode gearman function into utf https://review.openstack.org/552888	12:08
*** elyezer has joined #zuul		12:08
*** elyezer has quit IRC		12:08
openstackgerrit	Joshua Hesketh proposed openstack-infra/zuul master: Decode gearman function into utf https://review.openstack.org/552888	12:11
openstackgerrit	Matthieu Huin proposed openstack-infra/zuul master: [WIP] Zuul Web: Add 'projects' endpoint https://review.openstack.org/552891	12:16
*** jpena is now known as jpena\|lunch		12:27
*** rlandy has joined #zuul		12:32
*** odyssey4me has quit IRC		12:47
*** odyssey4me has joined #zuul		12:47
dmsimard	Is it technically feasible for secrets to be... variable ? Like pretend we have a generic role to publish something to... DockerHub. Could projects supply their own credentials to the role somehow ? It hurts my brain.	12:59
dmsimard	I haven't used secrets much so hoping someone can chime it :)	12:59
dmsimard	s/it/in/	13:00
tobiash	dmsimard: secrets are attached to a job, not a role	13:01
tobiash	a job's playbook can parameterize the roles it's using	13:01
dmsimard	tobiash: right .. but I mean, are you able to supply a different secret to a job ?	13:01
tobiash	so there is no problem using a generic role	13:01
dmsimard	or because of that trust thing it won't let you do that	13:02
tobiash	dmsimard: you just inherit from it and supply your own secret	13:02
tobiash	you just cannot share the playbook, but the roles	13:02
dmsimard	makes sense, was just confirming, thanks :D	13:02
* dmsimard has an idea		13:02
tobiash	note that secrets are only available in the playbook where the job is defined	13:03
tobiash	supplying a secret to a parent job and not supplying/duplicating the run-playbook won't work	13:03
dmsimard	tobiash: yeah, I understand	13:05
dmsimard	tobiash: maybe I can tell you about my idea and you'll see what I mean	13:05
* tobiash is listening		13:05
dmsimard	TripleO has these ARA modules that basically sends all the Ansible metrics (task duration, etc.) to graphite or influxdb, ex influxdb: http://git.openstack.org/cgit/openstack/tripleo-quickstart-extras/tree/roles/collect-logs/library/ara_influxdb.py	13:06
dmsimard	It's kind of a shame because these are /almost/ generic -- we'd take the time to wrap these in a role and run them around the time where emit-ara-html is run	13:07
dmsimard	making it available in zuul-jobs, or wrapping it under a pattern like we do with gearman things would allow us to get a ton of metrics about the jobs running	13:08
dmsimard	at the kind of scale we are running, it would be valuable to tell if something that we do has an adverse impact on performance (for example)	13:09
dmsimard	like pretend we tweak the internal poll interval.. or the amount of forks.. or just optimize $thing	13:09
dmsimard	I realize that the performance is not uniform across all the clouds (and even within the same cloud) but it sort of averages out	13:10
tobiash	yes, a generic role probably makes sense	13:14
*** Wei_Liu has quit IRC		13:17
dmsimard	oh darn, even better .. with https://review.openstack.org/#/c/513874/ saving the database at a particular location, it would be almost trivial to use our gearman pattern to do it	13:20
*** jpena\|lunch is now known as jpena		13:27
*** myoung\|afk is now known as myoung\|rover		13:35
*** electrofelix has quit IRC		14:16
openstackgerrit	Merged openstack-infra/zuul master: Add zuul_json tests https://review.openstack.org/552688	14:26
openstackgerrit	Merged openstack-infra/zuul master: Fix zuul_json callback plugin problem with loops https://review.openstack.org/552799	15:04
tobiash	\o/	15:04
*** swest has quit IRC		15:11
*** rlandy has quit IRC		15:24
*** rlandy has joined #zuul		15:24
corvus	tobiash: that's probably worth a note to the list too...	15:29
tobiash	corvus: yes, will draft a mail later	15:29
dmsimard	I don't remember who and where, but someone asked about the "let zuul start with a broken configuration" patch recently, I've poked fbo about https://review.openstack.org/#/c/535511 and he'll resume his work on it	15:31
corvus	dmsimard: thanks. that was clarkb in the infra meeting yesterday in the context of making it safer to deal with project renames	15:32
dmsimard	ah, I couldn't find in my logs but I remembered someone asked about it. Thanks.	15:32
corvus	is anyone else interested in reviewing configloader changes (ie, my effort to rework things to use less memory)? https://review.openstack.org/546428	15:52
clarkb	corvus: yes I'll take a look	15:53
Shrews	corvus: I will look after lunch if you like	15:53
corvus	fyi, that's just the first baby step -- i expect a whole series like that before we're through	15:54
clarkb	I've confirmed we have existing tests that verify secrets and approved the change	16:00
openstackgerrit	Merged openstack-infra/zuul master: Import Zuul modules at top of files https://review.openstack.org/549730	16:09
tobiash	corvus: will look after dinner	16:21
openstackgerrit	Merged openstack-infra/zuul master: Match github model of granting admins write https://review.openstack.org/549853	16:26
openstackgerrit	Merged openstack-infra/zuul master: Make sure we fail because of path checks https://review.openstack.org/552502	16:26
openstackgerrit	Merged openstack-infra/zuul master: Decode gearman function into utf https://review.openstack.org/552888	16:26
dmsimard	Oh, contributions to Zuul from Wikimedia, that's awesome :D	16:35
dmsimard	I thought they used phabricator or something like that	16:35
clarkb	dmsimard: I think they are in the middle of a transition from gerrit to phabricator and it has gone longer than expected? so zuul is still used by the gerrit projects	16:36
clarkb	also in theory we could hook gerrit to phabricator though I don't know that that is in their plans	16:36
dmsimard	I know too little about phabricator to know how Zuul could fit in there	16:37
dmsimard	Then again, OVH has a nodepool-like project so it's probably not uncommon for orgs to have their own custom/purpose built workflow	16:38
dmsimard	It would probably be interesting to reach out and ask them how Zuul could fit their needs, even if just out of curiosity to see what are the use cases out there.	16:45
clarkb	them being wikimedia? I think they have been in touch	16:45
corvus	dmsimard: who's them?	16:45
dmsimard	corvus: OVH	16:45
dmsimard	One of the components of their platform is basically nodepool https://ovh.github.io/cds/hatchery/	16:46
openstackgerrit	Merged openstack-infra/zuul master: Skip autohold if no autohold was requested https://review.openstack.org/547302	16:54
openstackgerrit	Merged openstack-infra/zuul master: Add queue size to tenant overview https://review.openstack.org/548248	16:54
openstackgerrit	Merged openstack-infra/zuul master: Don't store references to secret objects from jobs https://review.openstack.org/546428	16:54
openstackgerrit	Merged openstack-infra/zuul master: Add test for fingergw on ipv4 / ipv6 addresses https://review.openstack.org/552645	16:54
Shrews	corvus: the test_slow_start failure in that fingergw timeout change confuses me. do you think it could be related? http://logs.openstack.org/35/546735/1/gate/zuul-tox-py35/f00479c/testr_results.html.gz	16:57
Shrews	i don't see how really since we don't start the fingergw	17:01
* Shrews going to recheck		17:02
*** hashar is now known as hasharAway		17:43
*** bhavik1 has joined #zuul		17:52
*** jpena is now known as jpena\|off		18:01
openstackgerrit	Merged openstack-infra/zuul master: Unset finger client timeout after connect https://review.openstack.org/546735	18:05
tobiash	Shrews: I've seen this test failing several times for unrelated changes	18:09
tobiash	maybe we have some race in there	18:09
*** harlowja has joined #zuul		18:11
Shrews	i suppose so	18:11
*** bhavik1 has quit IRC		18:17
tobiash	corvus: how's that? https://etherpad.openstack.org/p/FpVT6Dl62i	18:22
tobiash	fungi, clarkb ^	18:23
*** myoung\|rover is now known as myoung\|lunch		18:23
corvus	tobiash: lgtm	18:24
tobiash	:)	18:24
pabelanger	do we know of any project is openstack affected?	18:26
tobiash	pabelanger: you probably need to check your post playbooks that doo job upload etc	18:27
corvus	a question for #openstack-infra :)	18:28
fungi	tobiash: thanks, reviewing now	18:28
corvus	though fwiw, once that goes out, i was planning on posting a message to openstack-dev about it. i think it's important for operators to notify their downstream users who may not be watching zuul-announce for things like this.	18:29
tobiash	pabelanger: upload-logs at least seems not affected	18:29
tobiash	just checked zuul-jobs, which seems ok	18:30
tobiash	no no_log combination with loops in there	18:30
tobiash	corvus: yeah, that makes sense	18:31
fungi	tobiash: i think that second sentence could use rephrasing to be a little more clear. i'll try to propose an alternate wording in the pad	18:32
tobiash	fungi: thanks, sounds good, what do you think about adding 'despite defining no_log' to that?	18:34
fungi	what do you think now?	18:35
tobiash	lgtm	18:36
tobiash	good to send now?	18:37
corvus	tobiash: ++	18:37
fungi	yeah, i think so unless others object	18:37
tobiash	corvus, fungi: do we want/need a worklist or dashboard for the zuul-security stories?	18:46
corvus	tobiash: that's probably a good idea	18:46
tobiash	corvus: so what do you think is better in this case, a worklist or a dashboard?	18:47
tobiash	I'm not yet that familiar with storyboard	18:47
fungi	though it'll be interesting if we try to mix tasks from public and private stories	18:47
fungi	i want to say there's still some implementation question around that	18:47
fungi	though if you have sb questions, the weekly storyboard meeting starts in ~10 minutes	18:48
corvus	tobiash: i guess a worklist? unless we wanted a board for triaging bugs or something.	18:49
corvus	worklist is the simplest "list of stories matching criteria" thing	18:50
corvus	interestingly, worklists can be private too	18:50
tobiash	corvus: https://storyboard.openstack.org/#!/worklist/258	18:50
tobiash	I had that private, but not sure if I can add users to that	18:50
corvus	omg, when i click that link i'm logged in	18:51
tobiash	is that bad?	18:51
tobiash	I guess that worklist will be empty for non zuul-security members?	18:52
fungi	hopefully. we should have one of them test that hypothesis	18:53
Shrews	fwiw, that link is blank for me	18:54
rcarrillocruz	so is for me	18:54
fungi	perfect, that was the desired result	18:54
rcarrillocruz	i see the title	18:55
rcarrillocruz	nothing on main page	18:55
tobiash	so the filter is active + openstack-infra/zuul + label zuul-security	18:55
corvus	tobiash: sorry, it's just a storyboard bug(?) i've been struggling with. i can't generally use it in more than one tab, and... well, it's very hard to use storyboard without tabs. so, every time i open up storyboard, boartty gets just a little bit more complete.	18:57
corvus	tobiash: so i was surprised that we accidentally found a way for me to open more than one tab	18:58
tobiash	\o/	18:58
rcarrillocruz	boartty == gertty for storyboard ?	18:58
corvus	rcarrillocruz: yep	18:59
rcarrillocruz	haha, that's awesome corvus	18:59
corvus	it's really rough. breaks a lot. kinda works though.	18:59
corvus	http://git.openstack.org/cgit/openstack/boartty	19:00
openstackgerrit	Matthieu Huin proposed openstack-infra/zuul master: web: Add /projects, /projects/{project} endpoints https://review.openstack.org/552891	19:13
*** myoung\|lunch is now known as myoung\|rover		19:18
openstackgerrit	Merged openstack-infra/zuul master: configloader: check for unknown shadow projects https://review.openstack.org/550763	19:38
openstackgerrit	Tobias Henkel proposed openstack-infra/zuul master: Fix safe path check for directories containing symlinks https://review.openstack.org/553029	19:55
tobiash	corvus, clarkb: ^	19:56
openstackgerrit	James E. Blair proposed openstack-infra/zuul master: Perform late validation of secrets https://review.openstack.org/553041	20:09
openstackgerrit	Merged openstack-infra/zuul master: Fix safe path check for directories containing symlinks https://review.openstack.org/553029	20:24
tobiash	\o/	20:25
tobiash	corvus: I have a question on 553041	20:25
tobiash	/have/posted	20:25
tobiash	corvus, fungi, clarkb: https://etherpad.openstack.org/p/j0wvUWWWH7	20:27
clarkb	tobiash: left a small edit otehrwise lgtm	20:28
tobiash	thanks	20:28
corvus	tobiash: lgtm	20:29
tobiash	looks like I'm going to be the bad news messenger ;)	20:30
fungi	such is the life of a vulnerability coordinator	20:32
corvus	i'm looking at tobiash's next patch in storyboard, and i just realized that using <pre> is problematic -- we still need to escape <> or it gets eaten	20:33
fungi	tobiash: your announcement wording lgtm	20:34
clarkb	markdown has a block quote method that is easy to use iirc	20:35
clarkb	but I'd have to go reread how to do it	20:35
corvus	clarkb: i could only come up with "indent everything a couple of spaces" if there's something better, that'd be great	20:35
* clarkb googles around		20:35
tobiash	corvus: oh, didn't notice	20:36
fungi	this may also explain why lp just punted to making you put patches in text/plain downloadable attachments	20:36
clarkb	corvus: wrap in ``` and ```	20:36
clarkb	corvus: so line 0 is ``` and line EOF-1 is ```	20:36
corvus	tobiash: would it be easy for you to try that real quick?	20:37
tobiash	ya	20:37
tobiash	just a sec	20:37
corvus	(i want to review the next one in git, so want to run it through git am)	20:37
fungi	the alternative we've talked about for years (and still have a possibly abandoned spec floating around for?) is to run a non-public shadow gerrit, but syncing projects into it and doing the access controls for all the project-specific security review teams is where we always ended up getting stuck	20:39
fungi	it's tractable, just a lot of initial and ongoing effort for only a handful (hopefully) of patches	20:40
tobiash	oh wow, with backticks it dows syntax highlighting	20:40
corvus	oh that's nice	20:41
corvus	that looks copy/pastable, so i guess that's what we should put in our docs for now	20:41
corvus	yay, git am succeeded	20:42
tobiash	:)	20:42
fungi	excellent	20:49
clarkb	ya the ``` is code block quoting which is why it does syntax highlighting. I expect that will be the most friendly version of quoting for diffs	20:58
*** dkranz has quit IRC		21:03
corvus	note i just found a markdown trap: * is used for italicizing, so if you type "/" you get an italic slash. this makes writing comments about paths (eg foo/bar) treacherous.	21:04
tobiash	ya, marking paths or so should be done with `/`	21:09
dmsimard	tobiash: the last fix for looped no_log, ARA should correctly strip that out. Are you able to confirm ?	21:40
openstackgerrit	James E. Blair proposed openstack-infra/zuul master: Perform late validation of secrets https://review.openstack.org/553041	22:01
*** myoung\|rover is now known as myoung\|afk		22:13
openstackgerrit	James E. Blair proposed openstack-infra/zuul master: Perform late validation of secrets https://review.openstack.org/553041	22:41
openstackgerrit	James E. Blair proposed openstack-infra/zuul master: Perform late validation of nodesets https://review.openstack.org/553088	22:41
*** hasharAway has quit IRC		23:23
*** kmalloc has quit IRC		23:38

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!