Monday, 2020-02-17

« Sunday, 2020-02-16 Index Tuesday, 2020-02-18 »
*** Defolos has quit IRC00:10
*** Defolos has joined #zuul00:12
*** Defolos has quit IRC00:19
*** smyers has quit IRC00:49
*** smyers has joined #zuul00:56
*** rlandy has joined #zuul01:32
*** rlandy has quit IRC01:33
*** saneax has quit IRC02:58
*** bhavikdbavishi has joined #zuul03:02
*** bhavikdbavishi has quit IRC03:45
*** jamesmcarthur has joined #zuul04:44
*** jamesmcarthur has quit IRC04:46
*** jamesmcarthur has joined #zuul04:46
*** dpawlik has joined #zuul05:21
*** evrardjp has quit IRC05:34
*** evrardjp has joined #zuul05:34
*** saneax has joined #zuul05:57
*** jamesmcarthur has quit IRC06:22
*** felixedel has joined #zuul06:26
*** dpawlik has quit IRC06:31
*** dpawlik has joined #zuul06:31
*** dpawlik has quit IRC06:42
*** dpawlik has joined #zuul06:48
*** AJaeger has quit IRC06:57
*** gothicmindfood has quit IRC06:59
*** AJaeger has joined #zuul07:02
*** Defolos has joined #zuul07:41
openstackgerritTobias Henkel proposed zuul/zuul master: Add optional support for circular dependencies  https://review.opendev.org/68535408:15
openstackgerritTobias Henkel proposed zuul/zuul master: Optionally allow zoned executors to process unzoned jobs  https://review.opendev.org/67384008:18
openstackgerritTobias Henkel proposed zuul/zuul master: Optionally allow zoned executors to process unzoned jobs  https://review.opendev.org/67384008:21
mnaserappreciate reviews on very trivial https://review.opendev.org/#/q/topic:install-docker-compose :)08:50
*** felixedel has quit IRC08:50
*** tosky has joined #zuul08:51
*** jpena|off is now known as jpena08:52
*** avass has joined #zuul08:59
openstackgerritFabien Boucher proposed zuul/zuul master: Pagure: remove connectors burden and simplify code  https://review.opendev.org/69613409:05
openstackgerritFabien Boucher proposed zuul/zuul master: Pagure - Refresh token and recheck sign when token regenerated  https://review.opendev.org/69820809:05
openstackgerritFabien Boucher proposed zuul/zuul master: A Zuul reporter for Elasticsearch  https://review.opendev.org/64492709:15
openstackgerritFabien Boucher proposed zuul/zuul master: Add reference pipelines file for Github driver  https://review.opendev.org/67271209:17
mnaserdiscussion topic: we use swift for our logging right now and obviously things are uploaded in a public bucket.  i'd like to know if there's a "generic" way we can come up with to be able to expose signed tempurls inside the zuul webui (and really, this applies for s3/gcs/swift logs): https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-presigned-urls.html ,09:19
mnaserhttps://cloud.google.com/storage/docs/access-control/signed-urls , https://docs.openstack.org/swift/latest/api/temporary_url_middleware.html09:19
*** felixedel has joined #zuul09:23
openstackgerritFabien Boucher proposed zuul/zuul master: URLTrigger driver time based  https://review.opendev.org/63556709:38
openstackgerritFelix Edel proposed zuul/zuul master: Fix evaluation of range file_comments  https://review.opendev.org/70807609:44
openstackgerritMatthieu Huin proposed zuul/zuul master: Clarify RequirementError message  https://review.opendev.org/70762009:49
*** felixedel has quit IRC11:33
*** felixedel has joined #zuul11:39
zbrany change to get the build history link added https://review.opendev.org/#/c/705049/ ?11:44
openstackgerritFelix Edel proposed zuul/zuul master: Fix github app authentication to work with checks API endpoints (2)  https://review.opendev.org/70810911:59
*** rfolco has joined #zuul12:04
*** ianychoi has joined #zuul12:22
openstackgerritFelix Edel proposed zuul/zuul master: Report retried builds via sql reporter.  https://review.opendev.org/63350112:24
*** jpena is now known as jpena|lunch12:35
*** rlandy has joined #zuul12:55
*** jpena|lunch is now known as jpena13:34
*** saneax has quit IRC13:44
*** Goneri has joined #zuul13:53
fungimnaser: i assume the use case is for tenants/deployments which want to keep their log data private but served from a public object store?14:04
mnaserfungi: exactly14:04
mnaserfungi: or really we can figure out to make this something that can be replicated to even storing log files on a static server too, just an idea that encapsulates logs within zuul14:04
mnaseri mean, the more crazy wild idea would be to entirely pipe all logs through zuul and eliminate all object store access but that might be too much traffic through zuul14:05
fungia lower-tech alternative might be to assign "unguessable" tokens (e.g., type 4 uuid) in the urls themselves14:08
fungithat doesn't prevent an unauthorized user from getting access to a log if someone leaks url, but then again the same could be said of authentication credentials. however, individual credentials are easier to revoke than a single shared key14:20
fungiso i agree per-request tempurls would be the more secure option, though i expect that would require something to plumb tempurl creation creds through the web dashboard/rest api14:21
mnaserfungi: yeah i'm thinking it might be hard to fully decouple this14:22
mnaserfungi: thinking out loud i guess you could have the role create tempurl and return that to zuul, and then make sure zuul is behind $something_authenticated14:23
mnaseror we might need to write a zuul logserver :X14:24
fungiwhat role? the tempurl would have to be created when a user requests access to the log, right?14:24
funginot at job runtime14:24
mnaserfungi: the idea is that for example the swift logs role would return a url to zuul that contains a tempurl14:25
mnaserwith no expiry time14:25
fungihow does that help?14:25
mnaserin a way that's kinda like your idea of "very unguessable url"14:25
fungiyeah, it's really no better than embedding a shared secret in the log path14:25
fungieither way, if the url gets leaked, anyone can access that log14:25
mnaseri feel like a small static server microservice that integrates with zuul might really make sense here14:26
mnaserand then you'd just make sure everything inside zuul is authenticated (in my case using oauth2 to protect the tenant endpoint)14:26
fungithe main thing that loses is direct log serving from the object store. your authenticated proxy will end up as a funnel with all requests going through it14:26
mnaserfungi: unless said service could do something similar to how docker does, where it can serve stuff directly, but when using a block storage system, it will redirect14:27
fungibut if it redirects to a consistent url, you're back to the same problem again14:27
mnaserfungi: well i'm assuming this system has credentials and generates a tempurl for 2 minutes for example14:28
fungithe sensitive url becomes whatever you've redirected the client to14:28
fungiahh, yeah as long as it's a new tempurl per request that could work14:28
mordredyeah - the main issue is that by the time the url gets to zuul-web there's no longer any concept of swift or not - it's just a url14:28
mnaserwhats interesting is you can actually use tempurls for uploads too (also on s3 and gcs)14:28
mordredmnaser: in fact, we do!14:29
mnaserso if we come up with some sort of 'log server broker' that's zuul aware, we dont actually have to do all of the uploading/downloading through it, but it simplifies things, and zuul still gets "a url" to display14:29
mnasercause i think logging is one of those harder things to get right now as it's pretty decoupled (nice) but a little too much at times14:30
mnasermordred: TIL14:30
mordredmnaser: or - maybe we used to - or something14:30
mnasermy use case is "i have a user who wants to use a multi-tenant zuul that needs their log data not visible to the world"14:31
mnaseryou can hide everything but the logs are still out there14:31
mordredyeah. so - tobiash handles this use case with apache I believe14:31
mordredhe has _many_ tenants that have to be isolated from each other14:31
fungiright, if you control a web service fronting all your log access you can do it fairly trivially by just tacking on an auth layer14:31
mordredmnaser: (totally understand the use case - it's totally valid)14:32
mnaserhmm, yeah, i guess it can be worked14:32
fungithe challenge with object storage is that the zuul admin (usually) doesn't control the object store's webserver14:32
mnaseryeah, i mean, i could probably work around it by using a bucket per tenant, switch to private buckets, and then have a simple service that proxy's things14:33
mnaserbut i usually try to think on how we can reasonably solve this to make a lot more people's lives easier14:33
mnaseri wonder if there's a nice clean OSS project that provides something along these lines14:36
fungii like your lightweight tempurl indirection service idea. allows you to decouple the durable object store creds from the web dashboard code14:36
fungiand yeah, maybe someone's already written it14:37
mnaserfungi: and it can help simplify poc-ing for something where it can be configured with local storage too14:37
fungitrue14:38
mnasertrivial change: https://review.opendev.org/#/q/topic:install-docker-compose (it's blocking a merge locally here =p)14:44
corvusmnaser, mordred, fungi: a proxy (whether that's zuul-web or something else) makes deployment simpler in that you don't have to worry about cors.  otoh, we put a lot of work into not needing a proxy because the maintenance was annoying (i mean, the point of the object store is that someone else runs the highly scalable storage infrastructure)14:45
mnasercorvus: i agree, i dont want to see 30MB/s of traffic being sent pushed through zuul-web as folks are streaming logs/downloading artifacts/etc14:46
pabelangerwe have a proxy for zuul.a.c logs, currently disabled, but we might enabled it again to hid some logs14:53
pabelangerbut mostly ran it for more user friendly logs URLs14:53
*** jhesketh has quit IRC14:55
pabelangerwe just upgraded to zuul 3.16.1, looks great14:56
pabelangerreally like estimated time remaining tool tip feature14:56
*** jhesketh has joined #zuul14:56
fungicorvus: though the proxy mnaser is suggesting might be a reasonable middle ground in that it only serves redirects to tempurls (after generating them) and the client still retrieves the files from the object store directly14:57
fungiand of course it wouldn't be needed in deployments where all logs are expected to be public (like opendev)14:58
*** mhu has quit IRC15:02
corvusfungi: yes, though while a pass-through proxy may have performance considerations, a tempurl-based one may be more complex (and difficult to apply in all situations like static fileservers).  and perhaps mordred suggests, apache could be put in service here as the core of a pass-through proxy.  i don't know the right answer -- there are a bunch of trade-offs here.15:04
fungiabsolutely15:05
mordredcorvus: incidentally, one of the issues with the gerrit build job is that they added a new submodule which we didn't have (also something with directory permissions)15:10
corvusmordred: ah that'll do it15:11
corvusi'm curious about the dir perms part...15:11
mordredcorvus: me too. let me find a link15:12
felixedelHi, could I get another review on https://review.opendev.org/#/c/708109/ and https://review.opendev.org/#/c/633501/21 ?15:14
mordredcorvus: you know what - I think the permissions thing was a red herring15:21
mordredcorvus: it was all originally the repo - it just looked like that15:21
corvusaha15:22
mordredcorvus: I have updated the patch to remove the directory perms sledgehammer15:23
mordredcorvus: zuul double-commented on https://review.opendev.org/#/c/708018/ - is that a thing we expect?15:26
corvusmordred: yeah i think it's in 2 tenants.  i agree it's a little messy.15:27
*** chandankumar is now known as raukadah15:33
mordredah - nod15:35
mordredyeah - I remember that now15:35
avassthis is strange, for some reason the install-docker role fails because the user can't talk to the docker socket, it looks like the user isn't part of the docker group so I'm guessing meta: reset_connection isn't enough for some reason. Any ideas?15:42
avasshttps://review.opendev.org/gitweb?p=zuul/zuul-jobs.git;a=blob;f=roles/install-docker/tasks/docker-setup.yaml;h=e398c70eedd0652dbb62ea312f2ac92355fcb6e7;hb=refs/heads/master#l4715:42
clarkbavass: I would double check that your ansible_user is the user attempting to talk to the docker damon15:43
clarkb(and that the subsequent tasks aren't running as a different user, just to rule that out)15:43
avassYeah all tasks looks like they are runing as the same user15:44
clarkbI would also run the `groups` command to see group membership for the current user and probably ls -l /var/run/docker.sock to cross check15:46
clarkbif groups doesn't show the membership then likely the connection reset isn't sufficient for some reason15:47
avassdone that and it looks like it should (except for groups since the user isn't part of the docker group)15:47
avassdon't know if it matters but I'm using ansible 2.8.1 and not through zuul15:48
clarkbavass: you might try a newer 2.8.x in case this was a bug they fixed15:49
clarkbbut it should be ok to run this outside of zuul (as the connection reset construct is an ansible thing)15:49
*** felixedel has quit IRC15:49
avassI'll try that15:49
avassdidn't work with 2.8.0, 2.8.8 or 2.9.5 so it's probably something else16:05
tobiashmnaser, mordred, fungi, corvus: we use a proxy that authenticates the user and authenticates itself to the object store. Basically we're using a quite simple wsgi python script that serves the objects from the object store.16:09
tobiashthat's running with multiple replicas along zuul-web in openshift16:10
avassclarkb: and the user is part of the docker group according to /etc/group *shrug*16:12
tristanCfwiw, in sf we use a logserver (and logstash/classify models service) per tenant16:12
clarkbavass: I wonder if this requires control persistence to work properly16:12
clarkbavass: are you usign the control persist options with ansible outside of zuul? if not maybe try enabling that?16:12
mnasertobiash: yeah that is the simplest alternative16:13
clarkbhrm looks like control persist might be the default now16:14
clarkbso should be there automatically16:14
avassclarkb: not sure what that means16:14
mnasertobiash: do you serve any big files through that?16:14
clarkbavass: https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-ssh-args it is an ssh communication method16:15
tobiashmnaser: mostly not (most files are <100MB), but I tested streaming big files and it worked quite well16:15
pabelangeravass: when do you add user to docker group?16:15
pabelangerwhen jobs is running?16:15
avasspabelanger: using the install-docker role, outside of zuul16:15
avasstrying to build and AMI with Packer16:16
pabelangerdid you reset connection, and force ansible to log back in?16:16
pabelangermeta: reset_connection16:16
avassyep16:16
pabelangerk, out of ideas16:16
AJaegerconfig-core, zuul-jobs experts, couple of open reviews for your consideratoin, please: https://review.opendev.org/707902 https://review.opendev.org/681603 https://review.opendev.org/704414 https://review.opendev.org/68188216:16
mordredWEIRD16:16
avass:(16:16
AJaegerconfig-core and also https://review.opendev.org/#/c/704045/16:18
mnasertobiash: oh interesting, i assume this uses s316:18
tobiashmnaser: I'm using swift using openstacksdk16:18
tobiashthe only thing you need to make sure is that you do chunked streaming of data16:19
corvustobiash: pushed gear 0.15.016:22
tobiashcorvus: awesome, thanks!16:22
tobiashthen I'd only need https://review.opendev.org/707585 :)16:23
tobiash(for unit tests on macos)16:23
corvustobiash: i'm hesitant to alter zuul server code to make it "work" on macos (since it can not work on macos) -- is there some other way to implement 585 that only touches test code?16:26
corvustobiash: maybe add a little bit of indirection to the cpu time gathering that you then override in tests on macos?16:26
tobiashcorvus: we can also just catch the exception when askung for cpu usage, it's for logging only16:27
tobiashOr I can try to monkey patch during tests16:27
avass'transport = paramiko' crashes when trying to add the user to docker group instead *shrug*16:36
avassI think I'm going to quit for today, hopefully it's one of those bugs that only appear on mondays16:37
openstackgerritMerged zuul/zuul-jobs master: install-docker: option to install docker-compose  https://review.opendev.org/70790216:42
openstackgerritMerged zuul/zuul-jobs master: fetch-javascript-tarball: introduce zuul_use_fetch_output  https://review.opendev.org/68160316:42
openstackgerritMerged zuul/zuul-jobs master: Skip test-setup.sh in pep8 jobs  https://review.opendev.org/70441416:42
openstackgerritMerged zuul/zuul-jobs master: fetch-subunit-output: introduce zuul_use_fetch_output  https://review.opendev.org/68188216:42
*** avass has quit IRC16:43
sugaarHello again! So as a reminder I am trying to setup zuul running in k8s for the celduin project. For that I am having as a reference your docker-compose example and the zuul helm project. So far I have the executor, the scheduller, the database and zookepeer working. Here the MR if somebody wants to have a look:16:47
sugaarhttps://gitlab.com/celduin/infrastructure/celduin-infra/-/merge_requests/1216:47
sugaarNow I am trying to incorporate gerrit to the system, I managed to make gerrit work, but I am fighting to achieve a solution to create the zuul user on it. Here the MR: https://gitlab.com/celduin/infrastructure/celduin-infra/-/merge_requests/1516:48
sugaarSo my question is: My first idea was to create the zuul user using the "gerrit create-user" command, but turns out that the gerrit command is not included in the gerrit container. So I decided to create a script to run in  a executor container wraped in the same pod in which is running the gerrit container. This scrip will search for the "GERRIT IS16:51
sugaarREADY" string and when that happens would execute the ansible config that is included in your docker-compose16:51
sugaarhowever, I am aware that this might not be the best solution, so I wonder if you came across this problem and if you have any hints about how to solve it16:52
*** Defolos has quit IRC16:52
clarkbsugaar: zuul-deployment/playbooks.yaml seems to be your updated version of how docker-compose does it. It uses the rest api16:52
clarkbre the gerrit command, those are executed via ssh16:53
clarkbso you do `ssh -p 29418 gerrit-service gerrit create-user` rather than executing them directly on the host16:53
mnasertobiash: and how do you upload, using the role?16:53
mnasertobiash: and is that something that we can maybe work together on? if there $politics in play, i can write something again from scratch that you can use at your side to maintain?\16:56
*** jamesmcarthur has joined #zuul16:57
sugaarclarkb that sounds much easier and nicer than what I was going to do, thanks! But I still need a executor constantly checking if the gerrit container has been rebooted, so if that happens it ca create the user right?17:00
clarkbsugaar: the user should persist through the database17:02
clarkbsugaar: you should only need to do it when creating a new gerrit install17:02
sugaarmm nice, I was just reading about that in https://gerrit-review.googlesource.com/Documentation/dev-design.html#_infrastructure but thanks for confirming it.17:03
AJaegercorvus, thanks for reviews.17:12
AJaegeranybody to review https://review.opendev.org/704045 as well, please?17:12
clarkbAJaeger: do you know where that is tested in https://review.opendev.org/#/c/697683/ ?17:13
clarkbsystem-config run base maybe? /me looks17:13
clarkbyes https://zuul.opendev.org/t/openstack/build/b83b212f378449ad919f7f54d86a4548 has an ara report link17:14
mordredclarkb: yeah - if you click on run-base you'll see the artifact17:14
AJaegerfbo: see clarkb's question above17:18
AJaegerclarkb, I agree with mordred17:19
clarkbyup it seems to work17:19
clarkbit took me a minute to figure out where we ere running nested ara is all17:19
AJaegerclarkb: want to abandon https://review.opendev.org/#/c/697683/ now? not sure whether dmsimard|off is around to do it...17:20
AJaegerthanks, clarkb and mordred17:20
*** jamesmcarthur has quit IRC17:21
*** dpawlik has quit IRC17:22
openstackgerritMerged zuul/zuul-jobs master: Make ara-report role to zuul_return an artifact  https://review.opendev.org/70404517:27
clarkbAJaeger: change has been abandoned17:31
tobiashmnaser: I can push up something later17:32
*** evrardjp has quit IRC17:34
*** evrardjp has joined #zuul17:34
tobiashmnaser: and we're using the upstream role for upload (with multiple tries to different regions if something fails)17:35
*** SpamapS has quit IRC18:05
*** paulalbertella has quit IRC18:05
*** mordred has quit IRC18:06
*** reiterative has joined #zuul18:06
*** masterpe has quit IRC18:08
*** mordred has joined #zuul18:09
*** jpena is now known as jpena|off18:09
*** SpamapS has joined #zuul18:13
*** masterpe has joined #zuul18:19
*** at_work has quit IRC18:20
AJaegerthanks, clarkb18:21
*** jamesmcarthur has joined #zuul18:37
mnasertobiash: thank you, i think it would be super useful to get that somewhat integrated to zuul (or some sort of 'contrib' thing so we can maintain it there)18:43
mnaserdependency for https://review.opendev.org/#/c/707903/ has merged if anyone wants to push that through :)18:43
*** sshnaidm is now known as sshnaidm|afk18:57
corvusmnaser, tobiash: i'd be okay hosting that as part of the zuul project19:00
tobiashcorvus, mnaser: I'm preparing a change to add it to contrib. If there is more interest, it might even make sense to host it in its own repo19:00
corvusyeah, it sounds like building its own container image might be the best way to deploy it?19:01
mnaseryeah personally i was thinking of deploying it on it's own deployment (probably would push up a patch for zuul-helm for this)19:02
mnaserthat way that can scale independently, but yeah, having an image of that would be very neat, esp if we can very easily/simply configure it using environment variables.19:03
openstackgerritTobias Henkel proposed zuul/zuul master: Add swift proxy to contrib  https://review.opendev.org/70823319:03
corvusit might need/want to read the zuul-web jwt config eventually19:03
tobiashmnaser, corvus ^19:03
tobiashthis is like it's in our prod system atm19:03
tobiashit has some tweaks that are taylored to our system that might need some work to make that more generic19:04
mnasercorvus: yeah, i was thinking of that too, but i was also thinking that zuul-web jwt stuff might need to be split out to a per-tenant config but thats a whole another bag of worms to open :)19:04
tobiashe.g. it handles put for a specific subdir that is used to upload log analysis data from a third party project (that doesn't have access to swift)19:05
tobiashuser authentication is done in our system by an apache in front of that19:05
mnaseryes i agree for the first 'iteration' it would make sense to let the deployer handle authentication infront of that19:06
tobiashit also can take multiple clouds which it tries as fallback (which is used together with multi-cloud log upload)19:06
tobiashand it assumes that you choose one container per tenant19:09
tobiash(during log upload)19:09
mnasertobiash: are your object storages publicly accessible?19:10
tobiashmnaser: only for admins19:11
mnasertobiash: ah ok, so a tempurl based solution wouldn't really make sense to you19:11
tobiashthey have its own auth system so we needed a proxy that does swift auth towards the object store while authing the user itself19:11
mnasercause im thinking how to extend this to generate tempurls and redirect rather than proxy (which at least, in my case, is useful)19:12
tobiashif the tempurls are predictable by the proxy this should be fairly easy19:13
mnaseryes tempurls are generated via the swift api19:13
tobiashah ok19:14
tobiashon the fly?19:14
mnaserthe only thing is you need to have a connection to the swift endpoint19:14
clarkbyou can generate them completely on the client side iirc19:14
mnaseroh really19:14
mnaseri havent done as much19:14
mnaserhttps://docs.openstack.org/swift/latest/api/temporary_url_middleware.html19:14
clarkbit uses a shared secret and a known algorithm I think19:14
mnaseryes clarkb is right19:14
mnaserso in that case, instead of proxying it, you can generate the tempurl and send a 30119:14
tobiashah ok, so the connection is also a problem for us because some users only can route to some specific ip addresses (the object store is not among them)19:14
tobiashbut I don't think it's a problem to make this configurable19:15
mnasergotcha so that wouldn't make your life easier but that does cover one of my use cases so im sure its something i could add as a toggle in there19:15
tobiash++19:16
tobiashand it also doesn't have test cases yet apart from flake8 ;)19:16
mordredflake8 catches all important bugs19:16
tobiashmordred: yay, so we can drop py35 and py37 jobs in zuul?19:18
tobiash:)19:18
tobiashmake testing much faster19:18
*** Defolos has joined #zuul19:22
*** masterpe has quit IRC19:46
*** openstackstatus has quit IRC19:49
*** masterpe has joined #zuul20:17
*** felixedel has joined #zuul20:34
tobiashcorvus: looks like all py jobe timeout now with a >1gb log file20:43
tobiashI'm not at the computer right now so I cannot check the logs20:45
*** Goneri has quit IRC20:59
openstackgerritTobias Henkel proposed zuul/zuul master: Cleanup handlers defined in OS_LOG_DEFAULTS  https://review.opendev.org/70794221:05
tobiashcorvus: the log seems to be flooded by https://opendev.org/opendev/gear/src/branch/master/gear/__init__.py#L299421:20
tobiashoh no, from here: https://opendev.org/opendev/gear/src/branch/master/gear/__init__.py#L87821:22
corvustobiash: look like 942 fixes it?21:30
tobiashcorvus: 942 probably just hides it by suppressing that log21:30
tobiashcorvus: I think there is some behavior change in the poll change in gear21:31
corvustobiash: should we pin gear in zuul for now?21:31
clarkbdo we also need to update the tox.ini?21:31
tobiashcorvus: yes, that makes sense21:31
tobiashcorvus: when looking closely here: https://review.opendev.org/#/c/671674/9/gear/__init__.py I saw that it changes all poll(in/out) to epoll(in/out) regardless if epoll was requested or not21:32
openstackgerritJames E. Blair proposed zuul/zuul master: Avoid gear version 0.15.0  https://review.opendev.org/70825921:33
clarkboh the tox change is in a followup21:34
clarkbcorvus: https://review.opendev.org/#/c/707783/ is related to 492 and should probably be landed too21:36
tobiashremote: https://review.opendev.org/708261 Revert "Add BSD/Darwin support."21:37
clarkbdoes logging that large imply the zuul per job disk limits are not working?21:38
tobiashclarkb: disk limits are enforced by regularly running 'du'. If the job downloads faster than that run it will allow more than that21:40
openstackgerritTobias Henkel proposed zuul/zuul master: Don't set OS_LOG_DEFAULTS if unset  https://review.opendev.org/70778321:41
clarkbtobiash: corvus: that revert doesn't change the code that is causing the logging does it?21:50
tobiashclarkb: that revert changes the polling in gear. It looks like somehow the poll change changed one of those poll loops into a busy loop wich logs that log line21:52
clarkbI see so the log happens more frequently21:52
tobiashyes21:52
tobiashthe log should happen on every received packet I guess but is printed now constantly21:53
*** jamesmcarthur has quit IRC22:01
*** jamesmcarthur has joined #zuul22:02
clarkbI see the issue22:02
clarkbgetting a link22:03
*** Goneri has joined #zuul22:04
clarkbhttps://opendev.org/opendev/gear/src/commit/4fbb6d1a57de3ad1e6cb5207c2f4e09be9580a7a/gear/__init__.py#L2740 the poll(0) there means no timeout22:05
clarkbso its always returning22:05
clarkbregardless of events being present or not22:05
clarkbshould I push up an unrevert that removes the timeout entirely (the old code had no timeout)22:05
tobiashclarkb: I think that will break it because the poll change unintendetly changes all polls to epoll (it was suppost to change nothing on linux)22:07
*** jamesmcarthur has quit IRC22:07
clarkbtobiash: epoll is what it was using on linux before. Do you mean poll?22:07
tobiashclarkb: we're not using epollet everywhere as far as I saw22:08
clarkbtobiash: based on the early returns? that is due to the timeout22:08
clarkbI think the other parts of it are fine22:08
clarkbit uses epoll by default and checks if select.epoll is valid otherwise uses select.poll22:08
tobiashclarkb: https://review.opendev.org/#/c/671674/9/gear/__init__.py line 293622:09
clarkbah it isn't masking edge in there22:11
tobiashthe original uses select.POLLIN while the poller uses EPOLLIN22:11
clarkbso a couple bugs then22:11
tobiashyes22:11
clarkblet me get a patchset up so we don't foreget these things22:11
tobiashI guess that would block there if we remove the timeout (which probably was the reason for removing the timeout without my fully understanding of edge and level triggering at that time)22:12
clarkbright you want to block until there is work to be done22:14
clarkbthat should be true of edge or level triggering22:14
clarkbsetting the timeout to 0 means it always returned then we checked events and nothing was happening22:14
clarkbwell most of the time it would be a noop22:15
clarkbbut we would still trigger the log message22:15
tobiashcorrect22:15
tobiashand it's busy waiting which is not ideal either22:16
*** lennyb has quit IRC22:17
clarkboh and we shouldn't need to check for edge polling at 293622:18
clarkbbecause its checking the event mask not setting the listen mask22:18
*** lennyb has joined #zuul22:20
clarkbtobiash: remote:   https://review.opendev.org/708267 Revert "Revert "Add BSD/Darwin support.""22:20
clarkbI think that may do it22:20
tobiashclarkb: commented22:24
tobiashI think that's exactly the bug that made poll(0) neccessary so the tests work22:24
clarkboh I get it now22:26
clarkbya I think that is an easy fix22:26
clarkbtobiash: new patchset take care of that I think22:32
tobiashlgtm, I'm wondering if we can test against that faulty behavior somehow22:34
tobiashmaybe counting the polls during a simple test case by overriding poller._poll in the test case22:35
tobiashmaybe I'll look tomorrow how easy this is22:36
*** openstackstatus has joined #zuul23:02
*** ChanServ sets mode: +v openstackstatus23:02
*** igordc has joined #zuul23:03
openstackgerritMerged zuul/zuul master: Avoid gear version 0.15.0  https://review.opendev.org/70825923:25
*** Defolos has quit IRC23:40
*** tosky has quit IRC23:49
« Sunday, 2020-02-16 Index Tuesday, 2020-02-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!