Wednesday, 2019-10-30

« Tuesday, 2019-10-29 Index Thursday, 2019-10-31 »
*** rlandy has quit IRC00:02
*** panda has quit IRC00:02
*** panda has joined #zuul00:05
*** jamesmcarthur has quit IRC00:15
*** armstrongs has joined #zuul00:28
*** jamesmcarthur has joined #zuul00:29
*** armstrongs has quit IRC00:34
SpamapSfungi: oh thanks, that does look entirely relevant00:38
*** michael-beaver has quit IRC00:43
*** jamesmcarthur has quit IRC00:44
*** pots has quit IRC00:54
*** pots has joined #zuul00:55
*** jamesmcarthur has joined #zuul01:01
*** jamesmcarthur has quit IRC01:13
*** bhavikdbavishi has joined #zuul02:19
*** bhavikdbavishi1 has joined #zuul02:22
*** bhavikdbavishi has quit IRC02:24
*** bhavikdbavishi1 is now known as bhavikdbavishi02:24
*** swest has quit IRC02:34
*** swest has joined #zuul02:49
*** todun has joined #zuul04:07
*** sgw has quit IRC05:17
*** todun has quit IRC05:23
*** bolg has joined #zuul05:25
*** todun has joined #zuul05:31
*** todun has quit IRC05:34
*** sanjayu_ has joined #zuul05:47
*** igordc has quit IRC06:37
*** fdegir has quit IRC06:40
*** fdegir has joined #zuul06:41
*** sanjayu_ has quit IRC07:02
*** saneax has joined #zuul07:02
*** sanjayu_ has joined #zuul07:04
*** saneax has quit IRC07:05
*** sanjayu__ has joined #zuul07:07
*** sanjayu__ has quit IRC07:08
*** pcaruana has joined #zuul07:09
*** sanjayu_ has quit IRC07:09
*** saneax has joined #zuul07:10
*** sanjayu_ has joined #zuul07:12
*** saneax has quit IRC07:13
*** themroc has joined #zuul07:49
*** chandankumar has quit IRC08:19
*** chandankumar has joined #zuul08:20
*** hashar has joined #zuul08:27
*** jpena|off is now known as jpena08:37
*** jangutter has joined #zuul08:56
*** sshnaidm|afk is now known as sshnaidm09:21
openstackgerritFabien Boucher proposed zuul/zuul master: Pagure - add support for git.tag.creation event  https://review.opendev.org/67993809:30
openstackgerritFabien Boucher proposed zuul/zuul master: Pagure - Support for branch creation/deletion  https://review.opendev.org/68511609:30
openstackgerritFabien Boucher proposed zuul/zuul master: Pagure - add support for git.tag.creation event  https://review.opendev.org/67993809:32
openstackgerritFabien Boucher proposed zuul/zuul master: Pagure - Support for branch creation/deletion  https://review.opendev.org/68511609:32
openstackgerritFabien Boucher proposed zuul/zuul master: Pagure - add the enqueue_ref unit test  https://review.opendev.org/68735109:32
*** pcaruana has quit IRC10:35
openstackgerritFabien Boucher proposed zuul/nodepool master: Remove uneeded shebang and exec bit on some files  https://review.opendev.org/69210010:39
*** openstackstatus has quit IRC10:44
*** mgoddard has quit IRC10:46
*** mgoddard has joined #zuul10:47
*** rfolco|off has joined #zuul10:54
*** panda is now known as panda|pto11:00
*** arxcruz is now known as arxcruz|lunch11:10
*** sshnaidm has quit IRC11:23
*** rfolco|off has quit IRC11:35
*** sshnaidm has joined #zuul11:43
*** bolg has quit IRC11:57
*** jpena is now known as jpena|lunch11:59
*** pcaruana has joined #zuul12:00
*** rlandy has joined #zuul12:13
*** arxcruz|lunch is now known as arxcruz12:18
*** hashar is now known as hasharAway12:25
*** hasharAway has quit IRC12:32
*** hashar has joined #zuul12:34
*** hashar is now known as hasharAway12:35
*** bolg has joined #zuul12:37
*** gtema_ has joined #zuul12:40
*** Goneri has joined #zuul12:49
*** rfolco has joined #zuul13:01
*** jpena|lunch is now known as jpena13:02
*** bolg has quit IRC13:03
*** sgw has joined #zuul13:03
*** hasharAway has quit IRC13:13
*** hashar has joined #zuul13:14
*** hashar_ has joined #zuul13:15
*** bolg has joined #zuul13:26
*** hashar_ has quit IRC13:37
*** hashar has quit IRC13:38
*** hashar has joined #zuul13:38
*** gtema_ has quit IRC13:56
*** mattw4 has joined #zuul14:04
*** mattw4 has quit IRC14:16
*** jamesmcarthur has joined #zuul14:24
*** jamesmcarthur has quit IRC14:31
*** bolg has quit IRC14:32
fungireminder for folks who are joining us in shanghai next week, there are (at least) 5 talks about zuul: https://www.openstack.org/summit/shanghai-2019/summit-schedule/global-search?t=Zuul14:36
fungiprobably also plenty of opportunities to discuss zuul in other sessions too14:37
*** Goneri has quit IRC14:49
ShrewsSo, looks like our buildset-registry jobs are failing because we are expecting a buildset_proxy container to be running, but it is not. Trying to figure out if the fix is to plan for it to NOT be running (we currently do not), or to figure out why it isn't running in the first place14:58
ShrewsHere is where we expect it to be running (and thus failing): https://opendev.org/opendev/base-jobs/src/branch/master/playbooks/buildset-registry/post.yaml#L2015:00
ShrewsUnfortunately, I'm not up-to-speed enough to know what the proxy is15:01
clarkbthe buildset proxy wasacaching proxy for dockerhub  I believe the new zuul registry which runs as buildset registry is meant to provide that functionality too15:03
Shrewsbuildset_proxy shows up in only that post playbook if i search codesearch15:03
clarkblikely the case we dont want to run the buildset proxy anymore15:03
*** jpena is now known as jpena|off15:04
Shrewswell, afaict, we don't run it  :)15:04
*** rfolco is now known as rfolco|ruck15:08
*** sanjayu_ has quit IRC15:10
Shrewsah, i think this explains it: https://review.opendev.org/68923815:11
Shrewsfix incoming15:12
*** rfolco|ruck is now known as rfolco|rucker15:13
Shrewsremote:   https://review.opendev.org/692167 Remove buildset_proxy reference15:16
*** rfolco|rucker has quit IRC15:26
*** jamesmcarthur has joined #zuul15:29
*** michael-beaver has joined #zuul15:39
*** jamesmcarthur has quit IRC15:41
*** Goneri has joined #zuul15:49
*** bhavikdbavishi has quit IRC15:53
*** mattw4 has joined #zuul16:14
*** jamesmcarthur has joined #zuul16:18
*** igordc has joined #zuul16:21
*** jamesmcarthur has quit IRC16:22
*** jamesmcarthur has joined #zuul16:22
*** hashar has quit IRC16:49
*** hashar has joined #zuul16:59
*** openstackstatus has joined #zuul17:04
*** ChanServ sets mode: +v openstackstatus17:04
*** rfolco has joined #zuul17:04
*** jamesmcarthur has quit IRC17:38
*** jamesmcarthur has joined #zuul17:39
*** jamesmcarthur has quit IRC17:44
*** hashar has quit IRC17:44
*** jamesmcarthur has joined #zuul17:51
*** jamesmcarthur has quit IRC17:58
*** jamesmcarthur has joined #zuul18:00
*** hashar has joined #zuul18:01
*** jamesmcarthur has quit IRC18:05
*** pcaruana has quit IRC18:10
*** jamesmcarthur has joined #zuul18:13
*** jamesmcarthur has quit IRC18:15
*** jamesmcarthur has joined #zuul18:16
*** chandankumar is now known as raukadah18:17
*** jamesmcarthur has quit IRC18:23
*** jamesmcarthur has joined #zuul18:24
*** stevthedev has joined #zuul18:31
*** Goneri has quit IRC18:46
*** jamesmcarthur has quit IRC18:58
*** jamesmcarthur has joined #zuul18:58
*** jamesmcarthur has quit IRC19:03
*** pcaruana has joined #zuul19:05
*** jamesmcarthur has joined #zuul19:16
*** hashar has quit IRC19:24
*** pcaruana has quit IRC19:29
*** jamesmcarthur has quit IRC19:34
*** Goneri has joined #zuul19:36
*** pcaruana has joined #zuul19:39
*** pcaruana has quit IRC20:09
*** rfolco has quit IRC20:12
*** jamesmcarthur has joined #zuul20:13
*** Goneri has quit IRC20:22
*** hashar has joined #zuul20:28
*** jamesmcarthur has quit IRC20:29
*** jamesmcarthur has joined #zuul20:50
SpamapSAnybody know exactly why we chose 1024 bits for the Zuul build SSH key?20:50
SpamapS(It's incompatible with AWS's ec2 instance connect feature...they won't let you use less than 2048 bits.. would have been a nice win if I could re-use it for testing some utilities that use that. ;)20:50
SpamapShttps://opendev.org/zuul/zuul-jobs/src/branch/master/roles/add-build-sshkey/tasks/create-key-and-replace.yaml#L2 for reference20:51
SpamapSthe first commit goes back to openstack-zuul-jobs so it's an old choice20:51
SpamapSone I think is worth re-evaluating.20:51
fungii expect the idea was that it's only used for a few hours anyway, so the odds that there exists hardware to brute-force a 1024-bit ssh key in a few hours is slim for the foreseeable future. but yes, no idea why we even applied the -b at all. could have just let ssh-keygen pick its default keysize20:53
fungii have no objections to changing that20:54
clarkbwe need a newone for every build so may be an effort to use entropy efficiently20:54
*** hashar has quit IRC20:55
fungiwe shouldn't really "use" entropy. but people may not be running executors on recently enlightened kernels/tools which know that you don't need to extract entropy from the pool over time20:59
fungiideally the kernel is seeding a cryptographically-strong prng and then re-seeding it with a bit of entropy over time, but the amount of re-seeding doesn't need to scale with the use of the prng20:59
*** jamesmcarthur has quit IRC21:00
*** hashar has joined #zuul21:03
clarkbwe've definitely hadproblems when haveged isnt running but should have haveged everywhere ourselves21:07
*** jamesmcarthur has joined #zuul21:07
*** jamesmcarthur_ has joined #zuul21:09
*** jamesmcarthur has quit IRC21:12
*** panda|pto has quit IRC21:14
*** panda has joined #zuul21:18
*** jamesmcarthur_ has quit IRC21:24
*** jamesmcarthur has joined #zuul21:27
*** jamesmcarthur has quit IRC21:29
*** jamesmcarthur has joined #zuul21:32
*** jamesmcarthur has quit IRC21:44
*** jamesmcarthur has joined #zuul21:44
*** jamesmcarthur has quit IRC21:49
*** jamesmcarthur has joined #zuul21:50
*** jamesmcarthur has quit IRC21:55
*** jamesmcarthur has joined #zuul21:56
*** jamesmcarthur has quit IRC22:00
*** hashar has quit IRC22:15
*** hashar has joined #zuul22:17
*** igordc has quit IRC22:25
*** hashar has quit IRC22:42
*** rlandy has quit IRC23:00
*** mattw4 has quit IRC23:14
mordredI'm fine changing23:16
fungiwith modern kernels/userland the main reasons to install something like haveged is if the server lacks a good source of entropy at boot and so blocks on reads from /dev/random for too long while it's getting seeded23:19
fungi(well, /dev/random or equivalent kernel syscall)23:19
mordrednod23:21
fungii think once things are running, repeated ssh-keygen calls shouldn't be significantly impeded regardless of keysize, but that can be tested fairly easily23:23
fungiyeah, running ssh-keygen in a loop (-P '' will bypass the passphrase prompt) gets me a couple keys a second with no sign of depleting the system entropy pool23:27
fungithis is on debian/sid, so not sure how far back to expect that sort of behavior, but probably ubuntu bionic and rhel/centos 8 at least23:28
clarkbwe are still on xenial fwiw23:28
fungixenial may be recent enough, but would want to test23:29
fungijust needs to be new enough that it's not using the old kernel model where every read from /dev/random sucked an equivalent number of bytes from the entropy pool23:31
fungikinda sad the linux kernel community was so slow to move to the new model. the *bsds had it (/dev/random basically being identical to /dev/urandom) for years23:32
fungionce the prng was implemented via a strong encryption cipher in counter mode, there was no need for them to be different23:34
fungiother than blocking reads until sufficient initial seeding has been achieved23:40
SpamapSI wonder how much of "BSD is better for web serving" came from that.23:40
SpamapSanyway, sounds like a small patch to drop the -b would be welcomed.23:41
fungiyes, if nothing else, it gives us somewhere to post some benchmarks23:42
mordredSpamapS: I would +2 such a patch23:42
* SpamapS dons helmet and shouts: INCOMING!23:43
mordredassuming benchmarks on the appropriate platforms are acceptabler23:43
openstackgerritClint 'SpamapS' Byrum proposed zuul/zuul-jobs master: Remove argument to ssh-keygen for key size  https://review.opendev.org/69224423:44
fungion a booted ubuntu/xenial vm in rackspace's dfw region with no haveged installed, i can loop this and get 3 or 4 keys a second... while :;do rm -f foo{,.pub};ssh-keygen -P '' -b 2048 -f foo -t rsa;done23:47
*** EmilienM has quit IRC23:47
fungiso i think it's probably fine23:47
*** EmilienM has joined #zuul23:48
« Tuesday, 2019-10-29 Index Thursday, 2019-10-31 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!