Friday, 2020-02-07

openstackgerrit	James E. Blair proposed zuul/zuul master: Extract allow/disallow filter into util function https://review.opendev.org/706144	00:00
corvus	clarkb: ^ did the regex one; i think i'll pass on the sorted nit (since it's just a test and already extant and reviewed)	00:00
clarkb	corvus: sounds good	00:01
clarkb	corvus: tobiash I left an idea on how to handle the addition of a master branch on https://review.opendev.org/#/c/705663/1 I think it sort of forces the change to be done a different way though :/	00:01
corvus	yeah, that might be better.	00:03
openstackgerrit	James E. Blair proposed zuul/zuul-jobs master: WIP: add an ensure-tox test job https://review.opendev.org/706371	00:04
clarkb	corvus: you may want to check the status change in https://review.opendev.org/#/c/632727/17/zuul/executor/client.py is good. THe change lgtm otherwise so I'll +2	00:07
clarkb	mostly worried that that might break an assumption somewhere that I'm not aware of	00:08
*** mattw4 has quit IRC		00:08
corvus	clarkb: should be okay; there's more discussion in the child change	00:15
clarkb	ya I'm looking at the child change now. I think it may be ready?	00:15
clarkb	seems to haev addressed your concern by adding a final field to the db then filtering for it?	00:16
SpamapS	corvus: I'll peek	00:17
clarkb	on https://review.opendev.org/#/c/704060/ I'm half tempted to abandon that change. The sort order has been string for a long time and we even ensure we do 099 so that it sorts before 100	00:27
clarkb	I'd be curious to hear if anyone disagrees and I can pick that back up again and write ints to zk and read them back that way too	00:27
openstackgerrit	Merged zuul/zuul master: Add disallowed-labels tenant option https://review.opendev.org/705856	00:53
*** wxy-xiyuan has joined #zuul		01:09
*** zxiiro has quit IRC		01:18
*** michael-beaver has quit IRC		01:28
tristanC	clarkb: encoding node id as string does seems odd, wouldn't it be much more efficient overall to use natural instead?	01:51
clarkb	tristanC: it is part of the node path which I think is a string	02:16
clarkb	so we'd need to convert anyway	02:16
*** rfolco has quit IRC		02:22
*** Goneri has quit IRC		02:26
*** rfolco has joined #zuul		02:36
*** jamesmcarthur has joined #zuul		02:44
*** bhavikdbavishi has joined #zuul		02:46
*** bhavikdbavishi1 has joined #zuul		02:48
*** swest has quit IRC		02:50
*** bhavikdbavishi has quit IRC		02:50
*** bhavikdbavishi1 is now known as bhavikdbavishi		02:50
*** rfolco has quit IRC		03:02
*** swest has joined #zuul		03:05
*** rlandy has quit IRC		03:16
*** jamesmcarthur has quit IRC		03:31
*** jamesmcarthur has joined #zuul		03:32
*** sgw has quit IRC		03:55
*** jamesmcarthur has quit IRC		03:59
*** jamesmcarthur has joined #zuul		04:00
*** jamesmcarthur has quit IRC		04:04
*** raukadah is now known as chkumar\|rover		04:38
*** jamesmcarthur has joined #zuul		05:01
*** jamesmcarthur has quit IRC		05:06
*** swest has quit IRC		05:23
*** evrardjp has quit IRC		05:34
*** evrardjp has joined #zuul		05:34
*** bolg has joined #zuul		06:01
*** swest has joined #zuul		06:11
tobiash	clarkb: I'd agree as parsing it into int just adds more complexity for a probably mostly theoretical benefit	06:22
*** sgw has joined #zuul		06:23
*** jamesmcarthur has joined #zuul		06:52
*** jamesmcarthur has quit IRC		06:54
*** tosky has joined #zuul		08:48
*** jpena\|off is now known as jpena		08:52
openstackgerrit	Albin Vass proposed zuul/zuul-jobs master: Make revoke-sudo more general. https://review.opendev.org/706262	08:56
*** mhu has joined #zuul		09:07
*** carli has joined #zuul		09:23
ttx	corvus, fungi, mordred: news from the release-approval pipeline experiment -- it seems to work now. It's a bit noisy so I posted https://review.opendev.org/706453 .	09:44
ttx	The only thing that seems to not work as intended is the custom Label. It does not appear to display yet (see test on https://review.opendev.org/#/c/705991/) -- not sure if something else needs to be done to enable it (it was added to the ACL alright)	09:45
*** avass has joined #zuul		10:01
*** wxy-xiyuan has quit IRC		10:28
*** bhavikdbavishi has quit IRC		10:33
openstackgerrit	Jan Kubovy proposed zuul/zuul master: WIP: Store unparsed branch config in Zookeeper https://review.opendev.org/705716	10:40
*** bolg has quit IRC		11:14
*** bolg has joined #zuul		11:14
mhu	hello, can I get some eyes on https://review.opendev.org/#/c/705193/ (support %TENANT% magic word in authz rules definitions)	11:51
mhu	and also https://review.opendev.org/#/c/702275/ and https://review.opendev.org/#/c/701972/ (reintroducing capabilities in the info REST endpoint, so that the web gui can be configured properly)	11:53
*** bolg has quit IRC		11:57
*** rfolco has joined #zuul		12:16
Shrews	clarkb: enjoy my self-imposed confusion on 704060 :)	12:19
*** mhu has quit IRC		12:23
*** bhavikdbavishi has joined #zuul		12:27
mordred	ttx: I see PTL-Approved here: https://review.opendev.org/#/admin/projects/openstack/releases,access	12:28
mordred	so the label exists as far as gerrit is concerned	12:28
*** jpena is now known as jpena\|lunch		12:29
mordred	ttx: I'm also confused as to why the vote isn't there	12:30
*** bhavikdbavishi1 has joined #zuul		12:36
*** bhavikdbavishi has quit IRC		12:39
*** bhavikdbavishi1 is now known as bhavikdbavishi		12:39
*** rlandy has joined #zuul		13:05
*** mhu has joined #zuul		13:16
openstackgerrit	Merged zuul/zuul-jobs master: Add event id to emit-job-header https://review.opendev.org/706225	13:17
*** jamesmcarthur has joined #zuul		13:31
*** jpena\|lunch is now known as jpena		13:37
tristanC	zuul-maint : install-docker role user, could you please review https://review.opendev.org/702753	13:41
*** gmann has joined #zuul		13:43
*** jamesmcarthur has quit IRC		13:44
*** jamesmcarthur has joined #zuul		13:45
tristanC	also it seems like ansible/ansible no longer accept new modules, so perhaps we should start looking into collections support in zuul?	13:46
tristanC	iiuc, we could create a zuul-lib role with modules such as jsonpatch along an empty tasks list, then if we make it a dependencies of all the zuul-jobs roles, then we could benefit from out of tree modules...	13:48
fungi	tristanC: did you mean "a zuul-lib collection"?	13:49
fungi	oh, i see what you meant now, sorry	13:49
*** jamesmcarthur has quit IRC		13:50
*** jamesmcarthur has joined #zuul		13:52
*** plaurin has joined #zuul		13:54
mordred	tristanC: yes - I think there's several opportunities to leverage collections in zuul. last we chatted about it in person the thinking was to let the dust settle just a bit, since our ansible friends are still figuring out some of the details	13:56
mordred	but I agree, I think there's some real potential value in the construct for us	13:56
tristanC	fungi: iiuc, a role without tasks, when used as a requirement can act as a collection in existing ansible version	13:58
plaurin	morning irc people :)	13:58
tristanC	for example, we could get that much needed jsonpatch module, and used it in multiple zuul-jobs roles	13:59
fungi	tristanC: yep, makes sense	14:01
fungi	plaurin: good <whatever time of day it is for you>!	14:02
openstackgerrit	Tobias Henkel proposed zuul/zuul master: Offload setRefs to multiple processes https://review.opendev.org/706518	14:09
mordred	tobiash: ^^ wow, you have all the fun problems!	14:29
tobiash	yes fun all the time ;)	14:29
openstackgerrit	Tobias Henkel proposed zuul/zuul master: WIP: Fix broken setRefs whith missing objects https://review.opendev.org/621667	14:30
*** shanemcd has quit IRC		14:39
*** shanemcd has joined #zuul		14:39
*** Goneri has joined #zuul		14:57
*** zxiiro has joined #zuul		15:00
openstackgerrit	James E. Blair proposed zuul/zuul master: Don't run jobs if only their file matchers are updated https://review.opendev.org/706399	15:16
corvus	tobiash: is simon around? i think https://77ae1e51b3f4a2799761-d0e460decd36ac4c0ab8bec57b27125e.ssl.cf1.rackcdn.com/706144/3/check/tox-py37/b538961/testr_results.html hit a race in a new test he wrote	15:20
corvus	(or maybe his test shows a zuul bug)	15:21
tobiash	swest: ^	15:21
tobiash	he might already be in weekend	15:23
corvus	swest: ohai :)	15:23
corvus	no prob, i'm looking into it	15:23
tristanC	plaurin: could you put a +1 on https://review.opendev.org/682044 ( fetch-output-openshift ) if that works for you?	15:23
corvus	i just didn't want to deprive swest of any fun	15:23
tristanC	zuul-maint : could you please review this zuul-jobs addition, we need this to improve zuul-jobs support running on k8s	15:24
corvus	tristanC: where did we end up on the name for that? it works against k8s too, right? (it just happens to use the oc client to do so)	15:27
mordred	If it does I'd prefer to name it k8s (the more generic) - leaving openshift naming to only be for things that are explicitly openshift and not k8s	15:30
tristanC	corvus: in case someone wants to propose an implementation using kubectl	15:30
corvus	mordred: that would be my inclination. but if we think there's a reason they might diverge, we could go ahead and do this but maybe also land a k8s role that just does an include_role for this one...	15:31
tristanC	corvus: and because it's consistent with the prepare-workspace-openshift	15:31
corvus	i agree consistency for both is good. so whatever we decide here, let's do for that as well.	15:32
mordred	I'm fine with the include_role thing - but I do want to say I don't think "impl using kubectl" should be a motivating factor (since oc works against k8s and is really just a better kubectl anyway)	15:33
corvus	yeah. i guess it comes down to how distasteful k8s people think it is to have to install 'oc'. of course, we can install oc on our zuul-executor image for them anyway (which is probably what they're running because they are k8s people) and they'll never know.	15:35
mordred	yeah	15:35
mordred	for the image build jobs, where podman is better at building images than docker is - I'd have no problem just making the jobs use podman and not telling people ... EXCEPT in that case testing that an image is built properly with the docker command might be important to the end user. In this case, this is a zuul deployment impl detail and should not have a meaningful intersection with end users	15:37
mordred	(that's mostly my brain stream of why I think it's ok for us to just say "zuul uses oc to talk to k8s")	15:37
corvus	++	15:37
*** igordc has joined #zuul		15:37
mordred	BUT - I don't feel strongly about it and would also happily support a fetch-output-k8s that include_role this	15:38
*** jamesmcarthur has quit IRC		15:38
*** jamesmcarthur has joined #zuul		15:38
tristanC	mordred: corvus: replied to your comment	15:38
corvus	i think we at least need fetch-output-kubernetes, because we've already seen confusion where people think we only support os. whether we should have both or just -kubernetes and assume that openshift people know that -k8s means openshift too is also an interesting question, one which i'm less sure of the answer of.	15:38
tristanC	mordred: i had issue pushing podman built image to dockerhub, it seems like docker was silently discarding oci format. the solution was to use quay.io instead	15:39
corvus	that is indeed the solution to multiple problems :)	15:39
mordred	++	15:39
corvus	tristanC, mordred: sounds like maybe include_role is the consensus answer?	15:39
mordred	kk. I'm happy with that	15:40
corvus	tristanC: do you mind writing that change, and also can you double check that we install oc in the zuul-executor image?	15:40
mordred	same change could probably make a prepare-workspace-k8s at the same time	15:41
corvus	++	15:41
corvus	swest, tobiash: that's a really simple test, and i doubt there is a race. it may be showing a bug, possibly the one pabelanger pointed out the other day with the stuck paused job	15:43
tobiash	hrm more fun	15:43
*** Goneri has quit IRC		15:46
tobiash	probably unrelated, but https://review.opendev.org/704328 also fixes a race	15:46
tobiash	apart from that we don't have a fix on top in our deployment that could cause hanging builds	15:47
tobiash	and I'm pretty sure that somewhere with paused jobs and unusual use cases and timings there is a bug lurking around	15:48
tobiash	aw also occasionally see such issues :/	15:49
tobiash	s/aw/we/	15:49
openstackgerrit	Tristan Cacqueray proposed zuul/zuul-jobs master: test-registry-buildset-registry-k8s-crio: increase wait timeout https://review.opendev.org/706551	15:51
mnaser	tristanC: would it be possible to share how you have 3pci for zuul/zuul-jobs at the moment? just trying to figure out the best way to go about this	15:51
tristanC	mnaser: here is our opendev tenant configuration: https://softwarefactory-project.io/cgit/config/tree/resources/third-party-ci-opendev.yaml#n12 and you can find the third-party-ci-config\|jobs project in https://softwarefactory-project.io/cgit/	15:53
mnaser	tyvm :D	15:54
openstackgerrit	Merged zuul/zuul-jobs master: fetch-output-openshift: initial role https://review.opendev.org/682044	16:01
tristanC	corvus: mordred: thank you for the review, i'll have a look to propose the -k8s equivalent. not sure i'll have time for that today though	16:07
*** jamesmcarthur has quit IRC		16:10
*** jamesmcarthur has joined #zuul		16:12
*** chkumar\|rover is now known as raukadah		16:14
tristanC	corvus: could you please have a look at https://review.opendev.org/706551 , it seems like the cri-o test could use a longer wait timeout, i commented a build log that took 90sec to start the pod (wait is only 60sec)	16:14
tristanC	oops, nevermind, that's not right	16:15
*** mattw4 has joined #zuul		16:16
*** jamesmcarthur has quit IRC		16:17
*** jamesmcarthur has joined #zuul		16:22
*** jamesmcarthur has quit IRC		16:27
SpamapS	corvus: FYI, I +2'd 705755.	16:29
corvus	SpamapS: thx!	16:30
corvus	i think it's gtg so i +3d it	16:30
*** carli has quit IRC		16:43
openstackgerrit	Merged zuul/zuul master: Offload setRefs to multiple processes https://review.opendev.org/706518	16:47
openstackgerrit	James E. Blair proposed zuul/zuul master: Fix test race with paused build https://review.opendev.org/706566	16:49
openstackgerrit	James E. Blair proposed zuul/zuul master: WIP: see if we can remove .paused from test fake build https://review.opendev.org/706567	16:49
corvus	tobiash, swest: ^ good news or bad news depending on your perspective -- i think it is a test-only race	16:49
mordred	corvus: oh "good"	16:50
openstackgerrit	James E. Blair proposed zuul/zuul-jobs master: WIP: add an ensure-tox test job https://review.opendev.org/706371	16:52
ttx	hrm. Is it normal that Zuul status shows things in the release-approval pipeline that are not coming from openstack/releases ? They disappear fast, but still	16:53
ttx	is it that things are briefly considered and then Zuul realizes there is no job defined in that pipeline for that repo?	16:54
mordred	ttx: yup	16:56
ttx	ok, hopefully that's not too costly :)	16:56
mordred	ttx: it's just python :)	16:58
*** mhu has quit IRC		16:58
SpamapS	I feel like the status page should display branch more prominently on queue items.	17:01
corvus	SpamapS: not a bad idea. also, the subject would be great. neither of those are currently in the status json, so we'll need to plumb them through.	17:04
SpamapS	I've had a few instances where folks were confused as things moved through the queue because of the lack of branch.	17:04
SpamapS	mostly me :)	17:05
SpamapS	We use branches kind of backwards from openstack, master is where everything goes, and then we promote releases through staging->prod	17:05
corvus	the subject of course will eat up a lot more data... i see that we have "owner" in there now, but i don't think the status page uses it. i wonder if we could drop that and save some bytes.	17:05
SpamapS	owner like, the person who owns the change?	17:05
corvus	yeah. i wonder if someone put owner in there in the past because they wanted to scrape their own changes out of the status.json...	17:06
SpamapS	hah probably	17:06
SpamapS	is status.json getting fat and eating up lots of BW?	17:06
SpamapS	I could see that	17:06
clarkb	I haven't looked at status.json but do we pretty format it? I discovered that eats up a lot of bytes with e-r	17:07
*** jamesmcarthur has joined #zuul		17:07
corvus	openstack's is 1.5MB	17:07
corvus	clarkb: no, it's ugly-printed	17:07
SpamapS	And has lots of watchers I"m sure	17:08
SpamapS	Does it cache at least?	17:08
SpamapS	I guess that wouldn't work	17:08
corvus	SpamapS: it does cache, but only for a few seconds	17:09
SpamapS	durn https invalidating all those lovely transparent caches that ISPs used to get away with.	17:09
corvus	but that's still really important, as it turns out	17:09
SpamapS	Yeah a few seconds is helpful I'm sure	17:09
corvus	that keeps the load off of zuul	17:09
SpamapS	I bet there's a way to stream diffs.	17:09
SpamapS	But seems like a boutique problem.	17:09
corvus	SpamapS: yeah, i think it would be possible, and a fun problem.	17:10
corvus	so yeah, apache on opendev's zuul is pumping out a pretty constant 1.6Mbps, probably mostly the status json	17:10
SpamapS	Our zuul has 3 items in queue right now, so, status.json is ~3KB	17:10
SpamapS	actually, 17K, 3KB is compressed.	17:11
SpamapS	so, this is definitely only a large scale problem. :)	17:11
corvus	ya	17:12
corvus	dims added the owner; he wasn't specific as to why :)	17:12
SpamapS	Another weird thing.. we have a gate with a single queue, and I have 2 items in it.. 1 is for branch A, and one for branch B.. they show as dependent on one another.	17:14
SpamapS	bug in the UI, or is there an actual dependency there?	17:14
openstackgerrit	Merged zuul/nodepool master: add ebs-optimized support for aws provider https://review.opendev.org/705755	17:15
mnaser	SpamapS: what manager is the queue using?	17:15
corvus	SpamapS: actual dependency -- it's designed for the 'stable branch' case where an upgrade may involve both branches. based on your description earlier i can see that may not apply. there isn't an option to separate branches though, that would be a substantial code change.	17:16
SpamapS	corvus: ah.. so even though they don't merge together, there's some thought that one may still need to precede the other. I can dig it.	17:17
SpamapS	mnaser: dependent	17:17
corvus	zactly	17:17
mnaser	i think that'll do it	17:17
mnaser	dependent will always chain (and test them together) but independent will do them seperately .. i think.. as far as i get it :)	17:18
clarkb	SpamapS: corvus in SpamapS' case it could be used to test prerelease branch before going to release branch	17:18
clarkb	dependecny in another way, but may still apply (and be useful)	17:18
SpamapS	I could see opening a PR to both staging and prod at the same time, with the prod one Depends-On: the staging one.	17:18
corvus	yeah, good point	17:19
*** jamesmcarthur has quit IRC		17:20
*** jamesmcarthur has joined #zuul		17:21
*** jamesmcarthur has quit IRC		17:27
*** Goneri has joined #zuul		17:28
*** jamesmcarthur has joined #zuul		17:29
*** rlandy is now known as rlandy\|brb		17:32
corvus	tristanC, mordred: speaking of the executor image ... do we even have kubectl installed there?	17:32
tobiash	corvus: oh good bacause just test race, bad because there is still a bug lurking ;)	17:33
*** jamesmcarthur has quit IRC		17:33
corvus	tristanC, mordred: oh, i guess we don't need it because ansible is using the python openshift modules	17:33
*** jamesmcarthur has joined #zuul		17:33
corvus	though we'll want it (and oc) for the things we talked about earlier	17:33
*** evrardjp has quit IRC		17:34
*** evrardjp has joined #zuul		17:34
mordred	corvus: do we need both kubectl and oc?	17:34
tobiash	corvus: re offloading, it improved our situation already in production, but I've spotted a second place that's limiting in the same way in resetrepo. I' think I'll offload that as well.	17:35
tobiash	I think that should be quite easy using the same process pool	17:36
corvus	tobiash: i'm wondering if we should think about refactoring the merger to do everything in a process?	17:38
*** jamesmcarthur has quit IRC		17:38
tobiash	I thought about that, but at least the clones and fetches need more thought because auth tokens that are supplied by the drivers which are not initialized in the process pool	17:39
*** tosky has quit IRC		17:40
tobiash	But I'll look into that if it's possible to do this outside already and maybe provide the remote url as input	17:40
tristanC	corvus: yes the executor image is missing the cli for the prepare-workspace and fetch-output role	17:41
corvus	yeah, might make for a cleaner separation in the code, but i haven't looked deeply	17:41
tobiash	Downside is logging, which needa to be done by passing messages back	17:41
*** jamesmcarthur has joined #zuul		17:41
corvus	tobiash: good point, the longer the process runs, the more logging is delayed... :/	17:41
corvus	(i wonder if there's an ipc construct we could use for passing messages back more quickly)	17:42
tobiash	I'll see what can be done. I fully agree that it would be beneficial to offload as much as possible	17:42
tobiash	Maybe if we use multiprocessing directly	17:43
*** jamesmcarthur has quit IRC		17:43
tobiash	But the executor has such a neat and simple interface :)	17:43
corvus	tobiash: we had a really bad experience with multiprocessing before. i would not recommend using anything that requires its special manager daemon.	17:43
corvus	(which it uses for some kinds of ipc)	17:44
tristanC	corvus: mordred: and i'm not sure how would you like to address this. would you like to add a `curl, sha256sum, tar, chmod, rm` run expression?	17:44
*** jamesmcarthur has joined #zuul		17:44
tristanC	(in software-factory, we are using the origin-clients provided by PaaS sig of CentOS)	17:45
corvus	i don't suppose there's debian repo somewhere?	17:45
tristanC	is the zuul image based of debian now?	17:46
corvus	tristanC: i believe so	17:46
corvus	Debian GNU/Linux 10 \n \l	17:46
corvus	(i think it's based on the upstream python images)	17:46
*** jamesmcarthur has quit IRC		17:48
tristanC	it doesn't seems to be available as .deb file, thus we'd have to use https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz	17:49
*** bhavikdbavishi has quit IRC		17:51
corvus	i guess if curl/sha/tar/chmod/rm is the way that the the vendor recommends installing it then i guess that's what we'll do.	17:52
*** bhavikdbavishi has joined #zuul		17:52
corvus	(sort of a shame the python lib doesn't provide a cli -- we could just pip install it)	17:52
*** jamesmcarthur has joined #zuul		17:53
fungi	corvus: in the process of adding an afs volume for a new site i've noticed that /afs/.openstack.org/project/zuul-ci.org is at 91% used for its quota of 100000kb. would you like me to increase it while i'm in there?	17:54
corvus	fungi: yes please	17:55
corvus	we're probably growing as we add additional docs for tagged releases	17:55
fungi	looks like /afs/.openstack.org/project/starlingx.io is set to 1000000 so i'll up zuul's to match	17:55
fungi	and it's now at 9% used	17:56
openstackgerrit	James E. Blair proposed zuul/nodepool master: WIP: Add ability to specify pod service accounts https://review.opendev.org/706596	17:57
corvus	tristanC: ^ can you take a quick look at that	17:57
corvus	tristanC: i'm looking into having nodepool be able to supply a special pod to zuul so that zuul can use it to deploy itself on its own k8s cluster	17:58
corvus	tristanC: i'm thinking if i add the ability in nodepool to specify a serviceaccount, then i can have nodepool launch that pod with that serviceaccount, so that the job can then "kubectl apply" on the k8s cluster running zuul+nodepool	17:59
corvus	tristanC: obviously that change needs a lot of stuff plumbed through, but that patch is the crux, i think. does that sound like it should work?	17:59
corvus	(and obviously, this is a dangerous pod, so it would be a special label and disallowed-labels would prevent it from being used except in a special tenant)	18:01
tristanC	corvus: that may not be enough, iirc sa are ns scoped, and the kubernetes driver create a new ns per build	18:02
*** jamesmcarthur has quit IRC		18:02
tristanC	corvus: why not storing the kube.config in a project secret instead?	18:02
*** jpena is now known as jpena\|off		18:02
corvus	hrm, so i may not be able to specify an SA from a different namespace...	18:03
tristanC	corvus: that's my understanding, but i can be wrong	18:03
tristanC	i find the rbac system of k8s quite confusing	18:04
*** jamesmcarthur has joined #zuul		18:04
*** rlandy\|brb is now known as rlandy		18:05
*** bhavikdbavishi has quit IRC		18:06
corvus	tristanC: yep, i think you're right about that. both things, in fact. you can't launch a pod with a service account outside of the pod's namespace, and that k8s rbac is confusing. :)	18:15
corvus	tristanC: so yeah, it sounds like 'make a deployment service account, save its token, encrypt it as a zuul secret, then use that to self-deploy' is the way to go.	18:16
corvus	(i think if we wanted to pursue the other way, we could add more options to nodepool to create pods without creating dedicated namespaces, but that's a lot of work for a niche use-case)	18:16
pabelanger	mordred: for zuul meet up at ansiblefest, you shared slides about different types of testing (and how zuul handles them). Is that online any place?	18:17
*** igordc has quit IRC		18:18
*** armstrongs has joined #zuul		18:19
*** armstrongs has quit IRC		18:19
*** jamesmcarthur has quit IRC		18:27
*** jamesmcarthur has joined #zuul		18:33
mordred	yes ...	18:37
*** tjgresha has joined #zuul		18:38
mordred	pabelanger: it's either https://opendev.org/inaugust/inaugust.com/src/branch/master/src/zuulv3/gus2019.rst or https://opendev.org/inaugust/inaugust.com/src/branch/master/src/zuulv3/tutorial.rst (those are the two most recent decks)	18:38
pabelanger	thanks!	18:39
*** jamesmcarthur has quit IRC		18:44
*** plaurin has quit IRC		18:44
*** igordc has joined #zuul		18:49
*** igordc has quit IRC		19:19
*** rfolco has quit IRC		21:12
*** sshnaidm\|afk has quit IRC		21:18
*** sshnaidm\|afk has joined #zuul		21:23
*** rlandy has quit IRC		22:05
*** smyers has quit IRC		22:30
*** tosky has joined #zuul		22:31
*** avass has quit IRC		22:54
*** sshnaidm\|afk has quit IRC		23:16
corvus	mordred, tristanC, paladox\|UKInEU: https://gerrit-review.googlesource.com/c/zuul/ops/+/252316/5/playbooks/deploy.yaml	23:17
corvus	that's a playbook for deploying/configuring/updating gerrit's zuul. i've just manually run it to verify it works. just a little more work to set up a post pipeline, and it should be something we can run in post job to make gerrit's zuul self-deploying	23:18
paladox\|UKInEU	\o/	23:18

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!