| *** jamesmcarthur has quit IRC | 00:01 | |
| *** jamesmcarthur has joined #zuul | 00:07 | |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: scheduler: add job's tags to the rpc job_list method https://review.openstack.org/633653 | 00:08 |
|---|---|---|
| tristanC | tobiash: the zuul-runner patches were ready Monday, but they need yet another rebase now | 00:25 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: Add API endpoint to get frozen jobs https://review.openstack.org/607077 | 00:25 |
| tristanC | zuul-runner also need the /connections endpoint: https://review.openstack.org/#/c/631703 | 00:26 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: Get executor job params https://review.openstack.org/607078 | 00:27 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: Separate out executor server from runner https://review.openstack.org/607079 | 00:31 |
| tristanC | jhesketh: i suspect the zuul-runner cli interface will take the longest to be reviewed, do you mean if i removed it from the early patch and propose it at once at the end of the stack? | 00:37 |
| tristanC | mind* if. e.g. make 607082 630944 and 632064 only edit zuul.executor.runner, and squash 640672 and 631704 on top for zuul.cmd.runner | 00:40 |
| *** jamesmcarthur has quit IRC | 00:50 | |
| openstackgerrit | David Moreau Simard proposed openstack-infra/zuul-jobs master: Add a role to mirror a git repository to a remote git server https://review.openstack.org/643394 | 01:14 |
| openstackgerrit | David Moreau Simard proposed openstack-infra/zuul-jobs master: Do not merge: test zuul-jobs-upload-git-mirror job https://review.openstack.org/643437 | 01:15 |
| *** jamesmcarthur has joined #zuul | 01:16 | |
| *** jamesmcarthur has quit IRC | 01:18 | |
| *** jamesmcarthur has joined #zuul | 01:19 | |
| *** jamesmcarthur has quit IRC | 01:22 | |
| *** saneax has joined #zuul | 01:27 | |
| *** jamesmcarthur has joined #zuul | 01:33 | |
| wxy-xiyuan | hi, Does anyone know that if zuul-scheduler supports A/A deployment or not? Thanks. | 02:08 |
| pabelanger | wxy-xiyuan: currently no HA support for zuul-scheduler. However, it is something we are planning in the near future | 02:16 |
| wxy-xiyuan | pabelanger: Thanks!. Glad to hear that. BTW, Is there any place to get the roadmap for upstream zuul? Like specs, launchpad(or storyboard) bp and so one? | 02:18 |
| pabelanger | wxy-xiyuan: https://zuul-ci.org/docs/zuul/developer/index.html is likely the best location right now, if things are missing we should try to fix the missing info | 02:20 |
| *** jamesmcarthur has quit IRC | 02:22 | |
| *** jamesmcarthur has joined #zuul | 02:26 | |
| SpamapS | wxy-xiyuan: There's a frequent community update on the zuul-discuss mailing list. | 02:39 |
| wxy-xiyuan | pabelanger: SpamapS : Thanks very much!! | 02:45 |
| *** jamesmcarthur has quit IRC | 03:56 | |
| *** jamesmcarthur has joined #zuul | 04:00 | |
| *** jamesmcarthur has joined #zuul | 04:01 | |
| *** jamesmcarthur has quit IRC | 04:05 | |
| *** jamesmcarthur has joined #zuul | 04:27 | |
| *** saneax has quit IRC | 04:50 | |
| *** saneax has joined #zuul | 04:50 | |
| *** bjackman has joined #zuul | 04:56 | |
| *** bjackman has quit IRC | 05:43 | |
| *** raukadah is now known as chandankumar | 05:45 | |
| jhesketh | tristanC: I don't mind if they are reordered if it makes sense. We should probably add some warnings to the cli tool that it is still very experimental and not expected that people will run it. Then we can iterate on it from there rather than having to wait for it to be perfect to merge | 05:47 |
| *** bjackman has joined #zuul | 05:52 | |
| tristanC | jhesketh: i think it will be easier to iterate on the CLI once the internal API is working as expected. I'm almost there, finishing a unit test for the execute procedure | 05:53 |
| jhesketh | tristanC: oh yeah, I agree, I meant in addition | 05:53 |
| jhesketh | I'm happy to add the warning stuff, but don't want to step on your toes as you seem busy reordering :-) | 05:54 |
| jhesketh | (so can do it as a followup) | 05:54 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: runner: implement prep-workspace https://review.openstack.org/607082 | 05:57 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: runner: add configuration schema https://review.openstack.org/640672 | 05:57 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: runner: add execute sub-command https://review.openstack.org/630944 | 05:57 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: zuul-runner: add command line interface https://review.openstack.org/644770 | 05:57 |
| tristanC | ok, let's see... here is the Runner.execute() test: https://review.openstack.org/#/c/630944/16/tests/unit/test_web.py | 05:58 |
| tristanC | i haven't hooked the AnsibleManager so that zuul-runner would use any local ansible installation, but that can be a toggle | 05:59 |
| tristanC | now... what do you think of a tool that generates jjb using a builder script to call zuul-runner with the jobs parameters expressed as parameterized build input? :-) | 06:03 |
| tristanC | something like "zuul-runner --project zuul-jobs jenkins jjb.yaml" | 06:05 |
| jhesketh | I don't follow sorry... | 06:08 |
| jhesketh | what's the purpose? | 06:08 |
| tristanC | to be able to trigger job with custom parameter | 06:09 |
| jhesketh | but why use jjb? | 06:11 |
| tristanC | so that user can use an hosted web interface to click and sets the parameters for the jobs | 06:12 |
| jhesketh | I'm still confused sorry. Do you mean translate the job parameters into JJB that they then deploy into a Jenkins instance which when ran calls zuul-runner plugging the values back in? | 06:14 |
| tristanC | yes, i mean to parse the job description, decode the zuul:jobvar, and create jjb parameterized-build definition | 06:16 |
| jhesketh | so why not have zuul be able to execute a parameterised build in a special pipeline? (which is a discussion with split opinions, but ignoring that for now) | 06:18 |
| tristanC | oh yes, that or even AWX integration, I hope that zuul-runner jenkins command would be an intermediary solution | 06:19 |
| jhesketh | I wouldn't expect something like that to be in upstream (or at the very most be in a tools or contrib dir) | 06:21 |
| jhesketh | I would rather we focused on a first party parameterised build implementation/discussion | 06:21 |
| tristanC | though it may be an useful feature to enable jenkins->zuul interoperability | 06:21 |
| jhesketh | maybe.. I'm not so sure I see a use other than being able to use the jenkins slaves | 06:22 |
| tristanC | well we already have conversion from jenkins with zuul-migrate, that would just be the reverse operation :-) | 06:22 |
| jhesketh | but if you're running zuul you've already got another test pool resource | 06:22 |
| jhesketh | my vision was that for parameterised builds that you just use the zuul-runner CLI. We should build enough smarts into the CLI tool to utilise resources that you might have (your own developer cloud endpoint, or your nodepool etc) | 06:23 |
| jhesketh | with the end goal also being that it'll run on the code on your local git repo which may not be pushed anywhere | 06:24 |
| tristanC | that would work too (minus the fact we won't have an hosted service with all the build history) | 06:26 |
| tristanC | though we really need a form to set the parameters, with some sort of validation too. | 06:27 |
| jhesketh | well my intention was for it to be similar to running `tox` locally. It's not really something you need to keep the build history of. Once you're happy with your patch then you send it to zuul to do the usual check+gate runs. | 06:28 |
| jhesketh | Or similarly if something is failing in the gate you might want to pull it in locally to debug. But once you're done you're again going to send it to the main zuul for verification | 06:28 |
| openstackgerrit | Simon Westphahl proposed openstack-infra/zuul master: Ensure valid Ansible variable names in config https://review.openstack.org/644574 | 06:28 |
| jhesketh | of course this is just my vision for the tool, I'm happy for others to hack on whatever they want :-) | 06:28 |
| jhesketh | I feel like the need for a form to set the parameters is more a discussion about whether zuul should support parameterised/arbitrary/out of pipeline builds | 06:29 |
| tristanC | that was my initial intention as well, but we figured we might as well use zuul-runner in jenkins to keep that parameterized build our user rely on today | 06:29 |
| jhesketh | sure, maybe it's a quick fix for your situation :-) | 06:31 |
| tristanC | concretly, the first thing i'd like to add is parameter decoding, e.g. that function: https://review.openstack.org/#/c/644485/1/web/src/containers/build/BuildModal.jsx@81 | 06:31 |
| tristanC | at least, we could have a "zuul-runner execute --list-parameter" to show the users what are the available parameters | 06:32 |
| jhesketh | yep, that sounds useful :-) | 06:34 |
| tristanC | alright, let me fix ci errors with the current stack first | 06:35 |
| jhesketh | awesome, and thanks so much for all the work carrying the patches forward :-) | 06:38 |
| tobiash | tristanC, jhesketh: this should make the tests more stable so you might need less rechecks then: https://review.openstack.org/644655 | 07:00 |
| jhesketh | tobiash: oh cool, lgtm :-) | 07:03 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: runner: implement prep-workspace https://review.openstack.org/607082 | 07:17 |
| *** pcaruana has joined #zuul | 07:21 | |
| *** themroc has joined #zuul | 07:26 | |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: runner: add configuration schema https://review.openstack.org/640672 | 07:28 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: runner: add execute sub-command https://review.openstack.org/630944 | 07:28 |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: zuul-runner: add command line interface https://review.openstack.org/644770 | 07:28 |
| *** sshnaidm|rover is now known as sshnaidm|afk | 07:35 | |
| *** hashar has joined #zuul | 07:55 | |
| *** gtema has joined #zuul | 08:00 | |
| *** bbayszczak has joined #zuul | 08:06 | |
| *** snapiri has quit IRC | 08:43 | |
| bbayszczak | Hi | 08:52 |
| bbayszczak | We're using Zuul 3.5.1 and Gerrit 2.16.7 | 08:53 |
| *** jpena|off is now known as jpena | 08:53 | |
| bbayszczak | We have a pipeline triggered by git tags | 08:54 |
| bbayszczak | In an untrusted repo with 2 branches, a job to execute is defined for this pipeline | 08:54 |
| bbayszczak | when tagging, job variant receives a 'branch_matcher' then job is never matched | 08:54 |
| bbayszczak | So we’re not able to execute tags trigerred jobs on a multi branch untrusted repo | 08:54 |
| bbayszczak | Is this something already known ? Thanks | 08:55 |
| *** kepeket has joined #zuul | 09:03 | |
| kepeket | hi, I'm working with @bbayszczak on this, I can give more details if needed | 09:04 |
| *** snapiri has joined #zuul | 09:05 | |
| openstackgerrit | Tristan Cacqueray proposed openstack-infra/zuul master: runner: add job parameters listing https://review.openstack.org/644795 | 09:09 |
| *** bbayszczak has quit IRC | 09:13 | |
| *** bbayszczak has joined #zuul | 09:17 | |
| openstackgerrit | Merged openstack-infra/zuul master: Skip ansible validation for non-ansible tests https://review.openstack.org/644655 | 09:20 |
| *** bbayszczak has quit IRC | 09:24 | |
| *** kepeket has quit IRC | 09:33 | |
| openstackgerrit | Simon Westphahl proposed openstack-infra/zuul master: Align template formating for reporters https://review.openstack.org/643306 | 09:43 |
| *** bbayszczak has joined #zuul | 10:02 | |
| tobiash | bbayszczak: I guess you want https://review.openstack.org/#/c/578557 | 10:18 |
| *** electrofelix has joined #zuul | 10:21 | |
| bbayszczak | tobiash: that's exactly we wanted ! | 10:27 |
| bbayszczak | thanks | 10:27 |
| *** sshnaidm|afk is now known as sshnaidm|rover | 10:45 | |
| *** yolanda has quit IRC | 10:59 | |
| *** yolanda has joined #zuul | 10:59 | |
| *** gtema has quit IRC | 11:24 | |
| *** pcaruana has quit IRC | 11:38 | |
| *** saneax has quit IRC | 11:43 | |
| *** saneax has joined #zuul | 11:44 | |
| *** pcaruana has joined #zuul | 12:16 | |
| *** jpena is now known as jpena|lunch | 12:29 | |
| *** rlandy has joined #zuul | 12:31 | |
| *** gtema has joined #zuul | 12:50 | |
| *** bjackman has quit IRC | 13:13 | |
| *** bjackman has joined #zuul | 13:19 | |
| *** bbayszczak has quit IRC | 13:30 | |
| *** jpena|lunch is now known as jpena | 13:39 | |
| electrofelix | Is there a good summary of what differences there are between software factory zuul and openstack zuul? Any additional patches? Currently just browsing through the git tree https://softwarefactory-project.io/r/gitweb?p=scl/zuul-distgit.git;a=blob;f=zuul.spec;h=416fb624c0aa7ef6b05c3ac4c5b1dddce982da0c;hb=refs/heads/master | 13:42 |
| mhu | electrofelix, yes as you can see in the zuul spec, there are some extra patches in the rpm | 13:45 |
| fbo | electrofelix: That's the same except the patches you see in the distgit. | 13:45 |
| mhu | electrofelix, if you check the patch files you should find a link to the related upstream patches that are still in review | 13:47 |
| *** dkehn has quit IRC | 13:51 | |
| electrofelix | mhu fbo: thanks looking through each and just using the ChangeId to search for them in the upstream gerrit | 13:53 |
| mhu | we should probably list the topics or patch chains in the changelog for clarity though | 13:54 |
| openstackgerrit | David Moreau Simard proposed openstack-infra/zuul-jobs master: Add a role to mirror a git repository to a remote git server https://review.openstack.org/643394 | 14:00 |
| openstackgerrit | David Moreau Simard proposed openstack-infra/zuul-jobs master: Do not merge: test zuul-jobs-upload-git-mirror job https://review.openstack.org/643437 | 14:00 |
| *** gtema has quit IRC | 14:13 | |
| *** jamesmcarthur has quit IRC | 14:25 | |
| *** jamesmcarthur has joined #zuul | 14:25 | |
| *** bjackman has quit IRC | 14:27 | |
| *** chandankumar is now known as raukadah | 14:29 | |
| pabelanger | tobiash: SpamapS: have you created a promote pipeline yet for github? | 14:32 |
| pabelanger | looking at openstack pipeline, gerrit has a merge-event, but with github, I guess we'd just use the push event? | 14:32 |
| pabelanger | dmsimard: | 14:34 |
| pabelanger | err | 14:34 |
| pabelanger | dmsimard: related, have you don't promote pipeline yet in rdo for contain stuff? | 14:34 |
| pabelanger | s/don't/done | 14:35 |
| dmsimard | pabelanger: not me personally, maybe tripleo has | 14:38 |
| *** electrofelix has quit IRC | 14:41 | |
| *** themroc has quit IRC | 14:57 | |
| *** manjeets_ is now known as manjeets | 15:02 | |
| tobiash | pabelanger: not yet | 15:24 |
| tobiash | pabelanger: is is a change or ref based post pipeline? | 15:24 |
| openstackgerrit | Tobias Henkel proposed openstack-infra/zuul master: Forward artifacts to child jobs within buildset https://review.openstack.org/642857 | 15:26 |
| SpamapS | pabelanger: yes, testing it has so far gone well. | 15:27 |
| SpamapS | pabelanger: no you use the pull_request closed event. | 15:28 |
| SpamapS | http://paste.openstack.org/show/748127/ | 15:28 |
| SpamapS | I hope to roll it out soon, though I kind of got tripped up on trying to test some k8s stuff and finding that Zuul's k8s support lacks exec support. | 15:29 |
| pabelanger | SpamapS: Oh, interesting, pull_request closed | 15:30 |
| pabelanger | I didn't think of that | 15:30 |
| pabelanger | tobiash: ^ | 15:30 |
| pabelanger | I was trying to figure out how to use push event | 15:30 |
| pabelanger | but, talking to corvus in openstack-infra, that was likely the wrong approach | 15:31 |
| pabelanger | SpamapS: thanks! let me also try that pipeline stanza out | 15:31 |
| SpamapS | pabelanger: np, I was on that wrong track too ;) | 15:40 |
| SpamapS | I forget who helped me figure it out. | 15:40 |
| *** hashar has quit IRC | 15:44 | |
| corvus | tobiash: the multi-ansible work seems stable; do you think we're ready for a zuul release? | 15:52 |
| tobiash | corvus: I think I forgot to add the deprecation warnings when a job uses a deprecated ansible version (have to double-check this) | 15:53 |
| tobiash | if we're ok with releasing without this functionality I think we're ready for a release | 15:54 |
| tobiash | corvus: btw, I noticed that a promote job failed today | 15:54 |
| corvus | tobiash: i think you're right. i could go either way. | 15:54 |
| corvus | http://logs.openstack.org/98/644498/2/promote/zuul-promote-image/4653cfc/ | 15:55 |
| corvus | http://logs.openstack.org/98/644498/2/promote/zuul-promote-image/4653cfc/ara-report/result/0b48b5ea-24c9-414c-b742-cd6e6b6f0069/ | 15:55 |
| corvus | maybe we need to throw some retries at that | 15:55 |
| corvus | tobiash: i'll let you decide whether you want to add the deprecation warning before release or not. | 15:56 |
| tobiash | corvus: I'm not sure if I have the time to do that today. I think that's not crucial and could go into the next release as the default is 2.7 anyway | 15:57 |
| corvus | ok | 15:57 |
| *** sshnaidm|rover is now known as sshnaidm|afk | 15:58 | |
| tobiash | besides that I hope I find time soon to have a 'stabilize tests day' | 15:58 |
| tobiash | the various random test failures are annoying :( | 15:59 |
| corvus | tobiash, SpamapS: did we ever come to a conclusion on whether this should be a major version bump? (zuul 4.0.0 or 3.7.0?) the way we implemented it, zuul *should* keep working without changes to the installation, but we do recommend that folks make changes. here are the release notes: https://zuul-ci.org/docs/zuul/releasenotes.html#in-development | 15:59 |
| openstackgerrit | James E. Blair proposed openstack-infra/zuul-jobs master: Add retries to promote-docker-image https://review.openstack.org/644911 | 16:02 |
| tobiash | corvus: I'd be fine with either, and I'd vote for 3.7.0 | 16:04 |
| pabelanger | +1 3.7.0 too | 16:10 |
| *** bjackman has joined #zuul | 16:12 | |
| *** rfolco has quit IRC | 16:14 | |
| *** rfolco has joined #zuul | 16:14 | |
| *** rfolco has quit IRC | 16:16 | |
| *** rfolco has joined #zuul | 16:17 | |
| openstackgerrit | Fabien Boucher proposed openstack-infra/zuul master: wip - Elasticsearch Zuul reporter https://review.openstack.org/644927 | 16:22 |
| *** sshnaidm|afk is now known as sshnaidm|rover | 16:23 | |
| SpamapS | corvus: same as tobiash.. I think if we preserved install steps 3.7 is fine. | 16:27 |
| clarkb | ya I think I'm happy with 3.7.0 given that zuul will work with existing upgrade/install processes | 16:28 |
| clarkb | and we've already done an ansible version bump without bumping major rev on zuul | 16:28 |
| *** bjackman has quit IRC | 16:32 | |
| SpamapS | looks like the kubernetes driver is just plumb not gonna work with SSO auth systems... | 16:38 |
| SpamapS | Most of them execute commands to get tokens that are ephemeral.. but zuul only knows how to grok the `token` field. | 16:38 |
| SpamapS | (most: AWS EKS uses aws-iam-authenticator, Google GKE uses gcloud) | 16:39 |
| *** altlogbot_1 has joined #zuul | 16:41 | |
| *** altlogbot_1 has quit IRC | 16:41 | |
| pabelanger | SpamapS: tyty, your pipeline worked! | 16:46 |
| pabelanger | https://github.com/ansible-network/windmill-config/pull/170 | 16:46 |
| *** yolanda has quit IRC | 16:49 | |
| SpamapS | pabelanger: sweet | 16:51 |
| *** jamesmcarthur has quit IRC | 16:52 | |
| *** jamesmcarthur has joined #zuul | 16:53 | |
| pabelanger | oh, neat! http://logs.openstack.org/21/644721/1/gate/windmill-src-ubuntu-bionic/3e7cf9f/logs/ze01/var/log/zuul/executor-debug.log just started looking into multi-ansible patches | 17:10 |
| pabelanger | zuul-executor did the right things :D | 17:10 |
| pabelanger | Awesome | 17:10 |
| mordred | SpamapS: so - if I'm grokking that right - auth is pluggable and varies by deployment - so we might need a 'gke' and 'eks' drivers that subclass the k8s driver and know how to auth? | 17:26 |
| *** altlogbot_3 has joined #zuul | 17:27 | |
| *** altlogbot_3 has quit IRC | 17:28 | |
| *** altlogbot_3 has joined #zuul | 17:31 | |
| *** hashar has joined #zuul | 17:51 | |
| tobiash | pabelanger: so as expected it installed ansible at startup | 17:51 |
| pabelanger | tobiash: yah, that's nice! I am going to try creating own venv now. | 17:52 |
| *** themroc has joined #zuul | 17:53 | |
| mrhillsman | i'm totally confused by something - http://status.openlabtesting.org/builds?project=kubernetes%2Fcloud-provider-openstack&pipeline=periodic | 17:53 |
| pabelanger | tobiash: how would capping of point releases work? eg: venv ansible-2.7.8 and ansible-2.7.9. can jobs get that granularity for testing? | 17:53 |
| mrhillsman | i cannot for the life figure out how to get rid of the 1.10 and 1.11 jobs branch release-1.10 | 17:54 |
| tobiash | pabelanger: you'd need to patch the ansible.conf | 17:55 |
| mrhillsman | i thought at first because we removed the jobs from master branch they got picked up from an older one | 17:55 |
| mrhillsman | but if that is true, 1.11 should be release-1.11 and not release-1.10 | 17:55 |
| *** themroc has quit IRC | 17:55 | |
| mrhillsman | and where is 1.12 and 1.13 jobs | 17:56 |
| tobiash | pabelanger: and copy the module links | 17:56 |
| tobiash | That's not really meant to be a deployers choice | 17:56 |
| mrhillsman | latest zuul does not even have those jobs listed - https://github.com/kubernetes/cloud-provider-openstack/blob/master/.zuul.yaml | 17:57 |
| pabelanger | tobiash: Ah, okay. My original though was to create a new virtualenv for each dot release (as it happened) over continusly pip upgrading the one venv. Not a blocked right now | 17:59 |
| *** hashar is now known as hasharDinner | 18:08 | |
| *** hashar has joined #zuul | 18:09 | |
| clarkb | mrhillsman: https://github.com/kubernetes/cloud-provider-openstack/blob/release-1.10/.zuul.yaml#L41-L43 | 18:10 |
| mrhillsman | yeah, i am just not getting why it would run | 18:12 |
| mrhillsman | and there are others that are not running | 18:12 |
| clarkb | mrhillsman: it runs because it is listed tehre? | 18:12 |
| mrhillsman | https://github.com/kubernetes/cloud-provider-openstack/blob/master/.zuul.yaml#L102-L105 | 18:13 |
| mrhillsman | why would other branches with .zuul.yaml files jobs not run | 18:14 |
| mrhillsman | and just those two is confusing me | 18:14 |
| SpamapS | mordred: I think we might just need a pass-thru actually | 18:14 |
| clarkb | mrhillsman: have you reloaded your config since those changes were made? | 18:14 |
| mrhillsman | yes sir | 18:14 |
| clarkb | iirc zuul isn't gating your config repo so it doesn't auto load those changes? | 18:14 |
| SpamapS | mordred: and let people add things needed into the bubblewrap so their kubectl works. | 18:15 |
| *** jpena is now known as jpena|off | 18:15 | |
| corvus | clarkb: zuul should reload config whenever changes land regardless of whether it's gating | 18:15 |
| mrhillsman | i ran full-reconfigure again | 18:15 |
| corvus | mrhillsman: do you have access to the zuul scheduler debug logs? | 18:16 |
| mrhillsman | i do | 18:16 |
| mrhillsman | i can dig for sure, anything specific i need to look out for? | 18:17 |
| mordred | SpamapS: I defer to your judgement and knowledge | 18:17 |
| corvus | mrhillsman: there's going to be a big chunk of info in there where zuul tries to explain how it decided which jobs to run... let me dig up an example to help you find it | 18:17 |
| mrhillsman | ++ | 18:17 |
| corvus | mrhillsman: what's the tenant name? | 18:18 |
| mrhillsman | openlab | 18:19 |
| clarkb | SpamapS: if you mean exposing filesystem dirs in the bwrap container that is already configurable by zuul config | 18:20 |
| *** irclogbot_3 has quit IRC | 18:21 | |
| SpamapS | clarkb: no, I mean adding executables. :) | 18:22 |
| SpamapS | gcloud and/or aws-iam-authenticator, for instance | 18:22 |
| SpamapS | though folks can also do that in pre playbooks | 18:23 |
| clarkb | SpamapS: default is already to pass through /usr/bin and /usr/local/bin iirc and you could explicitly pass that through if installed elsewhere | 18:23 |
| clarkb | (all of /usr is passed in iirc) | 18:23 |
| corvus | mrhillsman: the block for the master branch should start with a line that matches: "zuul.Pipeline.openlab.periodic: Freezing job graph for .* kubernetes/cloud-provider-openstack refs/heads/master" (and will be refs/heads/release-1.10 etc for other branches) | 18:23 |
| mordred | yeah. they should just work if you install them into your executor | 18:23 |
| mrhillsman | ty sir | 18:23 |
| corvus | mrhillsman: here's an example of the whole block for a random openstack project: http://paste.openstack.org/show/748132/ | 18:23 |
| mrhillsman | ok i understand looking at that | 18:24 |
| *** irclogbot_2 has joined #zuul | 18:25 | |
| *** irclogbot_2 has quit IRC | 18:27 | |
| corvus | mrhillsman: i suspect there may be a complication due to the way branches are set up there. in a repo with branches, zuul only applies the "project" stanza from the branch which matches the change. so i think in this file: https://github.com/kubernetes/cloud-provider-openstack/blob/master/.zuul.yaml#L102-L105 the only jobs that will be added are the master and 1.14 jobs | 18:29 |
| mrhillsman | got it | 18:29 |
| mrhillsman | ty sir | 18:29 |
| *** irclogbot_3 has joined #zuul | 18:30 | |
| corvus | mrhillsman: np, let me know if you have more questions | 18:30 |
| mrhillsman | that makes sense then why we have the issue | 18:30 |
| *** PrinzElvis has quit IRC | 18:30 | |
| *** dcastellani has quit IRC | 18:30 | |
| corvus | mrhillsman: if you can update the file on that branch to just list those 2 jobs, then on the 1.10 branch to just list that job, etc, i think it will work (and might be easier to follow, as each branch's configuration is located in that branch) | 18:31 |
| mrhillsman | yep, totally understand now, will get those changes pushed out | 18:32 |
| *** tima has quit IRC | 18:32 | |
| mrhillsman | makes a lot of sense, was not aware of that caveat | 18:32 |
| corvus | mrhillsman: if, instead, you want to control all of the jobs from the master branch, there is a way to do that, but it's a bit more work/complex ( see https://zuul-ci.org/docs/zuul/user/config.html#attr-pragma ) | 18:32 |
| mrhillsman | i will, ty. | 18:32 |
| *** dcastellani has joined #zuul | 18:33 | |
| mrhillsman | i think we can do what we been doing just need to fix it as you stated | 18:33 |
| *** PrinzElvis_ has joined #zuul | 18:33 | |
| mrhillsman | will have to check on the plan of handling releases is decided and ensure we are aligned | 18:33 |
| corvus | mrhillsman: yeah, i think having the configs on each branch and not using pragmas is better | 18:33 |
| mrhillsman | there's a few moving pieces that need to be coordinated but agree with you | 18:33 |
| *** tima has joined #zuul | 18:35 | |
| mrhillsman | appreciate the help again, trying to clean up quite a few things with this particular one | 18:35 |
| corvus | mrhillsman: one more doc link (no new info, this is just the bit about projects and branches in more words -- second paragraph of https://zuul-ci.org/docs/zuul/user/config.html#project ) | 18:37 |
| mrhillsman | thx | 18:37 |
| *** saneax has quit IRC | 18:47 | |
| openstackgerrit | David Moreau Simard proposed openstack-infra/zuul-jobs master: Add a role to mirror a git repository to a remote git server https://review.openstack.org/643394 | 18:57 |
| SpamapS | clarkb: no, I mean pass through sections of .kube/config! | 19:00 |
| SpamapS | mordred: ^ | 19:00 |
| *** altlogbot_3 has quit IRC | 19:00 | |
| SpamapS | Right now we only carry certain details forward from nodepool... token is the only auth detail. Probably works fine on openshift but does not work on GKE or EKS | 19:01 |
| *** altlogbot_0 has joined #zuul | 19:03 | |
| *** PrinzElvis_ is now known as PrinzElvis | 19:05 | |
| *** altlogbot_0 has quit IRC | 19:06 | |
| *** altlogbot_1 has joined #zuul | 19:08 | |
| *** irclogbot_3 has quit IRC | 19:16 | |
| *** irclogbot_1 has joined #zuul | 19:18 | |
| *** irclogbot_1 has quit IRC | 19:30 | |
| *** irclogbot_0 has joined #zuul | 19:32 | |
| *** altlogbot_1 has quit IRC | 19:34 | |
| *** altlogbot_0 has joined #zuul | 19:37 | |
| mrhillsman | for Denver are there any Zuul evening/community events happening? | 19:39 |
| fungi | i haven't heard any mentioned yet | 19:43 |
| fungi | thuogh it sounds like we'll have at least a project update presentation and have possible wg and bof sessions reserved on... tuesday was it? | 19:44 |
| corvus | i'm going to tag 77ffb70104959803a8ee70076845c185bd17ddc1 as zuul 3.7.0. that look right? | 20:24 |
| tobiash | ++ | 20:25 |
| clarkb | 77ffb70 is what openstack's zuul reports it is running and the commits on HEAD since shouldn't affect production runtime | 20:26 |
| clarkb | so lgtm | 20:26 |
| pabelanger | +1 | 20:26 |
| corvus | pushed! | 20:30 |
| tobiash | :) | 20:30 |
| clarkb | SpamapS: reading the docs on aws authentication (haven't looked at gke yet) looks like you set up your aws creds in a credentials file then setup kubectl to use the authenticator plugin thing. I think that means the nodepool operator can configure nodepool's kubectl config file as well as aws credentials to make that side work. Then we need to have the zuul job side write out the correct kubectl config file as | 20:34 |
| clarkb | well as aws credentials file? | 20:34 |
| clarkb | thinking out loud here, the easiest way to do that might be to treat eks, gke, etc as distinct k8s flavors just like how openshift is managed as a different "flavor"? | 20:34 |
| clarkb | then we can write out the correct config and users can supply the aws creds via a secret maybe? | 20:34 |
| clarkb | an alternative to using a secret may be to have nodepool pass the credentials along instead of a token | 20:36 |
| corvus | are these creds unique to each pod/namespace that nodepool provides? | 20:37 |
| corvus | in general, i'm in favor of nodepool passing whatever is needed to use the nodes to zuul, but if we're talking sytem-wide credentials, that could be unsafe | 20:37 |
| corvus | (i'm not sure i'm up to speed on the auth systems under discussion here) | 20:38 |
| clarkb | corvus: no they are amazon iam roles https://github.com/kubernetes-sigs/aws-iam-authenticator#1-create-an-iam-role | 20:38 |
| clarkb | its possible that the nodepool driver would need to know to provision job or buildset specific roles to avoid system wide access | 20:39 |
| corvus | clarkb: yeah, that's what it looks like at first glance. with the plain k8s driver, each namespace gets its own system user token. | 20:39 |
| corvus | so that seems like the analog | 20:40 |
| *** irclogbot_0 has quit IRC | 20:45 | |
| *** irclogbot_2 has joined #zuul | 20:48 | |
| *** altlogbot_0 has quit IRC | 20:53 | |
| *** altlogbot_1 has joined #zuul | 20:56 | |
| *** hashar has quit IRC | 21:05 | |
| *** hashar has joined #zuul | 21:05 | |
| corvus | it looks like all the dockerhub image promotion jobs we're running in openstack are failing at the 'get jwt token' stage: http://zuul.openstack.org/builds?pipeline=promote | 21:13 |
| corvus | i made a test playbook which just has a copy of that task with the credentials for zuul's dockerhub account hardcoded, and ran it inside of zuul-bwrap on an executor and it works | 21:13 |
| clarkb | did you run it with ansible 2.7? | 21:14 |
| corvus | yes | 21:14 |
| corvus | /usr/lib/zuul/ansible/2.7/bin/ansible-playbook | 21:14 |
| clarkb | there goes my good idea :( | 21:14 |
| corvus | yeah, that seems like the most likely thing that's changed | 21:15 |
| *** pcaruana has quit IRC | 22:11 | |
| *** hashar has quit IRC | 22:14 | |
| *** hashar has joined #zuul | 22:15 | |
| *** hashar has quit IRC | 22:20 | |
| *** hashar has joined #zuul | 22:20 | |
| *** daniel2 has quit IRC | 22:28 | |
| *** hashar has quit IRC | 22:29 | |
| *** hashar has joined #zuul | 22:29 | |
| *** hashar has quit IRC | 22:38 | |
| corvus | okay i think i got it | 22:38 |
| corvus | File "/var/lib/zuul/ansible/2.7/zuul/ansible/action/uri.py", line 33, in run | 22:39 |
| corvus | paths._fail_if_unsafe(self._task.args['path']) | 22:39 |
| corvus | KeyError: 'path' | 22:39 |
| *** arxcruz is now known as arxcruz|pto | 22:39 | |
| openstackgerrit | James E. Blair proposed openstack-infra/zuul master: Fix Ansible 2.7 uri module https://review.openstack.org/645034 | 22:46 |
| corvus | tobiash, clarkb: ^ i think that's the problem with the promote jobs | 22:46 |
| clarkb | Cool I'll take a look | 22:47 |
| tobiash | oops | 22:48 |
| openstackgerrit | James E. Blair proposed openstack-infra/zuul master: Add missing Ansible invocation debug env variables https://review.openstack.org/645035 | 22:52 |
| corvus | and... that would have saved some time :) | 22:52 |
| clarkb | I'm looking at the ansible source code ot understand how this worked under 2.5 (to make sure we won't break 2.5 with this change) and there doesn't seem to be an action module for uri under 2.5? is that why this wasn't an issue until 2.7? | 22:54 |
| corvus | clarkb: yeah, i think it was handled by the 'normal' action module | 22:55 |
| corvus | so i think it went from being a "normal" module to an "action" module | 22:55 |
| clarkb | gotcha | 22:55 |
| corvus | clarkb: classdoc at https://git.openstack.org/cgit/openstack-infra/zuul/tree/zuul/ansible/base/action/normal.py#n26 has more words | 22:56 |
| corvus | also, fyi, the 'src' argument was added in 2.7, so we don't have to handle that in the older versions (and we don't) | 22:57 |
| jamesmcarthur | corvus: Can we add some time on the meeting agenda on Monday to discuss governance presentation and next steps? | 23:11 |
| corvus | jamesmcarthur: we stopped having a regular meeting a while ago in favor of email, but we can schedule an ad-hoc one if needed. want to do that? | 23:13 |
| corvus | (i thought we removed the meeting from the schedule; did we miss something there?) | 23:13 |
| corvus | tristanC: just in case you don't see this in your review workflow: i have a -1 comment on https://review.openstack.org/630079 which is masked by an earlier +2 | 23:19 |
| *** jamesmcarthur has quit IRC | 23:23 | |
| *** jamesmcarthur has joined #zuul | 23:32 | |
| *** jamesmcarthur has quit IRC | 23:38 | |
| *** jamesmcarthur has joined #zuul | 23:38 | |
| *** rf0lc0 has joined #zuul | 23:47 | |
| *** rfolco has quit IRC | 23:49 | |
| *** rlandy has quit IRC | 23:58 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!