| *** jamesmcarthur has quit IRC | 00:08 | |
| *** jamesmcarthur has joined #zuul | 00:38 | |
| *** jamesmcarthur has quit IRC | 00:59 | |
| *** jamesmcarthur has joined #zuul | 01:00 | |
| *** jamesmcarthur has quit IRC | 01:05 | |
| *** swest has quit IRC | 01:21 | |
| *** swest has joined #zuul | 01:35 | |
| *** jamesmcarthur has joined #zuul | 01:38 | |
| *** sanjayu__ has quit IRC | 01:45 | |
| *** jamesmcarthur has quit IRC | 01:46 | |
| *** msuszko has quit IRC | 02:12 | |
| *** msuszko has joined #zuul | 02:13 | |
| *** jamesmcarthur has joined #zuul | 02:33 | |
| *** jamesmcarthur has quit IRC | 02:40 | |
| *** jamesmcarthur has joined #zuul | 02:41 | |
| *** jamesmcarthur has quit IRC | 02:42 | |
| *** jamesmcarthur has joined #zuul | 02:47 | |
| *** jamesmcarthur has quit IRC | 02:55 | |
| *** jamesmcarthur has joined #zuul | 02:56 | |
| *** bhavikdbavishi has joined #zuul | 03:01 | |
| *** jamesmcarthur has quit IRC | 03:01 | |
| *** bhavikdbavishi1 has joined #zuul | 03:09 | |
| *** bhavikdbavishi has quit IRC | 03:11 | |
| *** bhavikdbavishi1 is now known as bhavikdbavishi | 03:11 | |
| *** jamesmcarthur has joined #zuul | 03:22 | |
| *** jamesmcarthur has quit IRC | 03:26 | |
| *** Goneri has quit IRC | 03:44 | |
| *** ysandeep|off is now known as ysandeep|rover | 04:07 | |
| *** bhavikdbavishi has quit IRC | 04:07 | |
| *** bhavikdbavishi has joined #zuul | 04:09 | |
| *** bhavikdbavishi has quit IRC | 04:15 | |
| *** Guest78227 has quit IRC | 04:23 | |
| *** bhavikdbavishi has joined #zuul | 04:32 | |
| *** evrardjp has quit IRC | 04:37 | |
| *** evrardjp has joined #zuul | 04:37 | |
| *** bhavikdbavishi has quit IRC | 04:45 | |
| *** bhavikdbavishi has joined #zuul | 04:46 | |
| *** sgw has joined #zuul | 04:56 | |
| *** bhavikdbavishi has quit IRC | 04:57 | |
| *** bhavikdbavishi has joined #zuul | 04:58 | |
| *** bhavikdbavishi has quit IRC | 05:02 | |
| *** sanjayu__ has joined #zuul | 05:05 | |
| *** msuszko has quit IRC | 05:06 | |
| *** msuszko has joined #zuul | 05:06 | |
| *** msuszko has quit IRC | 05:54 | |
| *** msuszko has joined #zuul | 05:55 | |
| *** gtema has joined #zuul | 06:28 | |
| *** gtema has quit IRC | 06:36 | |
| *** bhavikdbavishi has joined #zuul | 06:37 | |
| *** avass is now known as Guest50196 | 06:43 | |
| *** avass has joined #zuul | 06:43 | |
| *** avass has quit IRC | 07:03 | |
| *** bhavikdbavishi has quit IRC | 07:04 | |
| *** Guest50196 is now known as avass | 07:23 | |
| openstackgerrit | Albin Vass proposed zuul/zuul-operator master: Use ensure-* roles https://review.opendev.org/719401 | 07:25 |
|---|---|---|
| openstackgerrit | Albin Vass proposed x/pbrx master: Use ensure-* roles https://review.opendev.org/719402 | 07:32 |
| *** bhavikdbavishi has joined #zuul | 07:34 | |
| *** jpena|off is now known as jpena | 07:44 | |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Remove install-* roles https://review.opendev.org/719322 | 07:52 |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Remove install-* roles https://review.opendev.org/719322 | 07:52 |
| *** ysandeep|rover is now known as ysandeep|lunch | 08:07 | |
| *** bhavikdbavishi has quit IRC | 08:17 | |
| *** bhavikdbavishi has joined #zuul | 08:38 | |
| *** bhavikdbavishi has quit IRC | 08:50 | |
| *** bhavikdbavishi has joined #zuul | 08:53 | |
| *** ysandeep|lunch is now known as ysandeep|rover | 09:05 | |
| *** tosky has joined #zuul | 09:25 | |
| *** arxcruz is now known as arxcruz|off | 10:23 | |
| *** msuszko has quit IRC | 10:25 | |
| *** msuszko has joined #zuul | 10:37 | |
| *** armstrongs has joined #zuul | 10:38 | |
| armstrongs | What is the best way to find out which nodepool server created a vm. Is this info contained in any zuul variables? Was looking for something similar to zuul.executor.hostname | 10:41 |
| *** armstrongs has quit IRC | 10:50 | |
| *** ysandeep|rover is now known as ysandeep|coffee | 11:02 | |
| *** bhavikdbavishi has quit IRC | 11:16 | |
| *** bhavikdbavishi has joined #zuul | 11:23 | |
| *** ysandeep|coffee is now known as ysandeep|rover | 11:35 | |
| *** jpena is now known as jpena|lunch | 11:38 | |
| *** smyers_ has joined #zuul | 11:42 | |
| *** smyers has quit IRC | 11:42 | |
| *** smyers_ is now known as smyers | 11:42 | |
| *** rlandy has joined #zuul | 12:07 | |
| *** sugaar has quit IRC | 12:10 | |
| *** jpena|lunch is now known as jpena | 12:32 | |
| *** armstrongs has joined #zuul | 12:35 | |
| *** harrymichal has joined #zuul | 12:44 | |
| *** armstrongs has quit IRC | 12:46 | |
| avass | armstrongs: I don't think that's possible | 12:49 |
| *** rfolco has joined #zuul | 12:52 | |
| *** rfolco is now known as rfolco|bbl | 12:53 | |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Test base-test https://review.opendev.org/719457 | 13:13 |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Test base-test https://review.opendev.org/719457 | 13:14 |
| openstackgerrit | Albin Vass proposed zuul/zuul master: Enables whitelisting and configuring callbacks https://review.opendev.org/717260 | 13:18 |
| *** lseki has joined #zuul | 13:24 | |
| *** rfolco|bbl is now known as rfolco | 13:52 | |
| *** bhavikdbavishi has quit IRC | 13:54 | |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292 | 14:04 |
| corvus | tristanC, tobiash: i think the zk tls stack is ready -- https://review.opendev.org/712733 could use some +2s | 14:07 |
| corvus | tobiash: and https://review.opendev.org/713545 could use a +2 from from you | 14:07 |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292 | 14:10 |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292 | 14:11 |
| *** ysandeep|rover is now known as ysandeep|away | 14:12 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Increase scheduler wait to timeout and improve logs collection https://review.opendev.org/718162 | 14:18 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Increase scheduler wait timeout and improve logs collection https://review.opendev.org/718162 | 14:18 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 14:27 |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Test base-test https://review.opendev.org/719457 | 14:27 |
| avass | corvus: how do I prove that the cleanup phase works for that ^ ? since we don't save logs for the cleanup-run and it doesn't set the job result | 14:32 |
| tristanC | corvus: it seems like we need to better specify how a zuul-operator user would configure an external zk service. For database we set a secret with a `dburi` string value. | 14:32 |
| tristanC | for zk, should it be a list of secret tuple that contains ({`hostname`, `port`}, {`tls.crt`, `tls.key`, `ca.crt`}) ? | 14:34 |
| corvus | tristanC: i would think a single secret with structured information would be best; we only need/want one cert, so probably something that looks like the zuul zk connection info config structure? | 14:36 |
| tristanC | corvus: oh, so multiple zk service can use a common cert? | 14:38 |
| corvus | tristanC: a client needs only a single cert to talk to multiple zk servers. the zk servers each need their own cert, but in the case that an external zk is being used, we don't worry about that. | 14:39 |
| corvus | avass: that looks like a test of zuul rather than a test of any roles or jobs in zuul-jobs. zuul has a unit test that verifies that cleanup playbooks work. | 14:39 |
| corvus | avass: so in short, i don't think you need that change at all | 14:39 |
| corvus | avass: but if there were some role that was typically run in a cleanup playbook and we wanted to test that role in zuul-jobs, then i would suggest a test job that ran the role in the 'run' playbook | 14:40 |
| tristanC | corvus: oh i see, the `zookeeper-tls` configuration is global to all zookeeper servers | 14:40 |
| corvus | tristanC: yeah, so generally speaking, the secret should have a (list of host+ports) and one (cert, key, and ca-cert). | 14:41 |
| avass | corvus: it's for https://review.opendev.org/#/c/708871/4 | 14:41 |
| avass | Guess I should add that to the change heh :) | 14:41 |
| tristanC | corvus: ok perfect. It seems easier to request a secret per certificate with the default `tls.crt`, `tls.key` and `ca.crt` so that user can provide a direct reference to a secret created by cert-manager | 14:42 |
| tristanC | corvus: i did that for the registry where the user info and certificates are split in two secrets | 14:43 |
| corvus | avass: ack -- then yeah, if we want to test the add-remove ssh key roles, we should put those in a run playbook. i would test them together in the run playbook. | 14:43 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add schema validation error message https://review.opendev.org/718999 | 14:44 |
| openstackgerrit | Albin Vass proposed zuul/zuul-jobs master: Adds roles to install and run hashicorp packer https://review.opendev.org/709292 | 14:44 |
| avass | corcus: ah, but the test is not for the roles themselves, rather to make sure that moving remove-build-ssh key from post to cleanup doesn't break anything | 14:47 |
| *** cdearborn has joined #zuul | 14:49 | |
| corvus | avass: i don't think that's testable; and i think the existing tests for the "base" roles also don't rely on their being in any particular playbook (they're all tested in run) | 14:49 |
| avass | corvus: since cleanup-run doesn't really work for child jobs if you remove the build key during post :) | 14:49 |
| avass | corvus: yeah, that's why we merge base-test -> check that it works -> merge base | 14:49 |
| corvus | ++ | 14:50 |
| avass | corvus: so it's testable, but a bit hard to review without rechecking the change that using base-test as parent | 14:50 |
| corvus | yeah, i should have said i don't think it's testable in the framework we have in zuul-jobs :) | 14:51 |
| avass | ah :) | 14:51 |
| avass | how do we test that then? | 14:52 |
| corvus | avass: i don't think we can. i think we trust your local testing of the change :) | 14:54 |
| corvus | avass: i think the most we can do in zuul-jobs is test that a sequence of roles works as expected | 14:55 |
| avass | corvus: I guess rechecking and looking at the live logs is the way to review that then :) | 14:56 |
| corvus | avass: you already did that though, right? you made the move from post to cleanup using base-test, right? | 14:57 |
| corvus | ooooh | 14:58 |
| avass | corvus: yep, but I mean for making sure that it works before we merge: https://review.opendev.org/#/c/717827/ | 14:58 |
| corvus | i see | 14:58 |
| corvus | there is confusion here | 14:58 |
| corvus | nothing in opendev uses zuul-base-jobs | 14:58 |
| avass | corvus: now I'm confused | 14:59 |
| fungi | that repository was created initially as an example, because our documentation said you need a base job, and we wanted a minimal one to point to in the docs | 14:59 |
| corvus | yep. opendev overrides all of the jobs that are defined in zuul/zuul-base-jobs in the opendev/base-jobs repo. so changes to that repo have no effect on any jobs running in opendev. | 15:00 |
| avass | sure, but I mean, it would be good to make sure those examples are valid | 15:00 |
| fungi | i agree, testing the zbj repo sounds like a good idea | 15:01 |
| corvus | avass: indeed, though in order to do that, we would probably need a job (like zuul-quick-start) which set up an entire zuul system. | 15:01 |
| corvus | AJaeger: ^ fyi re 717827 | 15:04 |
| AJaeger | corvus: ah! Sorry, avass for the confusion! | 15:05 |
| corvus | (and even then, it would probably only be able to test a static fileserver log upload role) | 15:05 |
| *** zxiiro has joined #zuul | 15:07 | |
| avass | alright :) | 15:08 |
| avass | AJaeger: I think I migrated all of the install-* roles to ensure-* now. | 15:11 |
| AJaeger | avass: yes, looks like. We need to wait at least 2 weeks after the announcement before we merge this, maybe a bit longer this time | 15:11 |
| openstackgerrit | Merged zuul/zuul-base-jobs master: Remove ssh key in base cleanup run. https://review.opendev.org/717827 | 15:12 |
| avass | sure | 15:13 |
| avass | I guess we should announce that in zuul-discuss | 15:13 |
| fungi | deprecations usually also get announced to the zuul-announce ml, i think | 15:16 |
| fungi | (with followup discussion on the zuul-discuss ml) | 15:16 |
| avass | that's actually what I meant... guess it's time to get some coffee | 15:17 |
| openstackgerrit | Merged zuul/zuul master: Remove David Shrewsbury from Zuul Maintainers https://review.opendev.org/718712 | 15:19 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add a zuul-ensure-database-passwords role https://review.opendev.org/717880 | 15:21 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 15:22 |
| openstackgerrit | Merged zuul/zuul master: Add Albin Vass to zuul-jobs maintainers https://review.opendev.org/718713 | 15:30 |
| corvus | avass: can you join #opendev ? we're fixing up your gerrit account :) | 15:37 |
| corvus | avass: ping me there when you're around again | 15:40 |
| avass | corvus: I'm here! | 15:41 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add zuul-registry deployment https://review.opendev.org/710650 | 15:44 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add initial withCertManager input toggle https://review.opendev.org/718840 | 15:44 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add gearman tls secret provided by cert-manager https://review.opendev.org/719110 | 15:44 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add registry tls secret provided by cert-manager https://review.opendev.org/719185 | 15:44 |
| *** olaph has quit IRC | 15:45 | |
| corvus | avass: you should have +2 access in the zuul-jobs repos now :) | 15:46 |
| tristanC | avass: congrats! | 15:47 |
| AJaeger | avass: congrats - and thanks! | 15:48 |
| avass | I do! and thanks! :) | 15:55 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 15:58 |
| AJaeger | corvus: could you review 718284 again, please? avass left a comment... | 15:58 |
| corvus | great, lgtm; i think the only outstanding question is from tristanC about whether we should start documenting role outputs, bat that was a +2 question so i think we can merge and move forward | 16:01 |
| corvus | (i think maybe documenting role outputs is a good idea) | 16:01 |
| corvus | +3 | 16:02 |
| corvus | the container registry roles have some outputs too | 16:02 |
| AJaeger | thanks, corvus | 16:05 |
| AJaeger | any reviewers for the rest of the stack to change the way how we install pip, please? see https://review.opendev.org/#/c/717639 | 16:06 |
| AJaeger | any additional reviewer for a simple linter fix for zuul-jobs, please? https://review.opendev.org/719054 | 16:09 |
| openstackgerrit | Merged zuul/zuul-jobs master: ensure-tox: make idempotent and update testing https://review.opendev.org/718284 | 16:12 |
| *** y2kenny has joined #zuul | 16:16 | |
| *** harrymichal has quit IRC | 16:18 | |
| *** armstrongs has joined #zuul | 16:22 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/nodepool master: config: add environment variable substitution https://review.opendev.org/719599 | 16:30 |
| openstackgerrit | Merged zuul/zuul-jobs master: Fix check_jobs_documented linter https://review.opendev.org/719054 | 16:31 |
| avass | AJaeger: left a comment on 717639 | 16:34 |
| AJaeger | avass: thanks | 16:35 |
| avass | AJaeger: checking ansible_python.version looks inconsistent but I'm not sure if there's a reason for that | 16:35 |
| *** evrardjp has quit IRC | 16:37 | |
| *** evrardjp has joined #zuul | 16:37 | |
| AJaeger | let's see what ianw says once he's awake ^ | 16:40 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 16:46 |
| *** harrymichal has joined #zuul | 16:48 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/nodepool master: config: add environment variable substitution https://review.opendev.org/719599 | 16:51 |
| *** rlandy is now known as rlandy|biab | 16:52 | |
| *** armstrongs has quit IRC | 16:53 | |
| *** jpena is now known as jpena|off | 17:01 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/nodepool master: config: add environment variable substitution https://review.opendev.org/719599 | 17:05 |
| tristanC | zuul-maint: a two-liner change on zuul-registry is waiting for review to unlock a few other already approved changes: https://review.opendev.org/717767 | 17:12 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 17:20 |
| *** olaph has joined #zuul | 17:22 | |
| *** rlandy|biab is now known as rlandy | 17:51 | |
| *** harrymichal has quit IRC | 17:52 | |
| tristanC | mordred: thank you for the review! | 17:53 |
| *** rlandy is now known as rlandy|lunch | 17:57 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 17:58 |
| openstackgerrit | Merged zuul/zuul-registry master: Use explicit provides/requires for container jobs https://review.opendev.org/717767 | 18:03 |
| *** y2kenny has quit IRC | 18:12 | |
| *** igordc has joined #zuul | 18:13 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add zuul-registry deployment https://review.opendev.org/710650 | 18:13 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-registry master: config: add environment variable substitution https://review.opendev.org/710644 | 18:13 |
| *** y2kenny has joined #zuul | 18:17 | |
| *** rlandy|lunch is now known as rlandy | 18:19 | |
| tobiash | corvus, tristanC: tls zk stack lgtm | 18:27 |
| y2kenny | is the pipeline config for the OpenStack CI available on opendev somewhere? (I have seen opendev/system-config but I believe that is just the job definitions.) | 18:30 |
| y2kenny | I am curious about your deploy and periodic pipeline | 18:30 |
| clarkb | y2kenny: https://opendev.org/openstack/project-config/src/branch/master/zuul.d is the bulk of that data for openstack | 18:31 |
| tristanC | tobiash: i'm hoping to have successful tls setup again with the zuul-operator soon | 18:31 |
| clarkb | pipelines file in particular but some of the other bits may be useful too | 18:31 |
| y2kenny | clarkb: ah, under project-config. Great, thanks! | 18:32 |
| clarkb | (note that we'll eventually migrate those CD specific bits into opendev but its a long ish process of untangling things) | 18:32 |
| corvus | yeah, most of the "opendev/" repos are actually still in the openstack tenant because we haven't separated them out yet | 18:32 |
| corvus | when we do that, we'll probably move the 'deploy' pipeline into opendev/project-config instead of openstack/project-config | 18:33 |
| corvus | and i think we're close | 18:33 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: ci: pin minikube version to 1.8.2 https://review.opendev.org/715443 | 18:39 |
| tristanC | corvus: mnaser: not sure what is the exact frequencies, but install-kubernetes seems to be quite often not working (e.g. running kubectl get pods failing with timeout or connection failure) | 18:40 |
| mnaser | tristanC: do you have any logs or examples? i personally have almost never had issue with it ever | 18:41 |
| tristanC | mnaser: in a recent run, in the logs it says `Failed to list *v1.Pod: pods is forbidden: User "system:kube-scheduler" cannot list resource "pods"` : https://zuul.opendev.org/t/zuul/build/e5137f0ad29642bd8e9eeede5cb593be/log/docker/k8s_kube-scheduler_kube-scheduler-ubuntu-bionic-rax-ord-0015882324_kube-system_5795d0c442cb997ff93c49feeb9f6386_0.txt#17 | 18:43 |
| tristanC | and the build failed because kubectl was not able to connect to the api | 18:43 |
| mnaser | tristanC: it would be nice if you refactored your 'describe resources' task into collect-kubernetes-logs or whatever we neded up calling that role | 18:44 |
| corvus | tristanC: are you suggesting that running the latest means running unstable code (of k8s itself) and 1.8.2 will be more stable? | 18:44 |
| mnaser | we already do that for pods and i guess it would be useful for other resources | 18:44 |
| tristanC | i added a simple `kubectl get pods` to the pre-run of the zuul-operator, and it seems to prevent quite a few issue, in the current status page you can see a job on it's 3rd attempt to get a functionning k8s api | 18:45 |
| tristanC | corvus: i don't know the frequency of the failure as they are mostly prevented by the extra pre-run check, but it seems to be happening a lot more recently. | 18:46 |
| mnaser | http://zuul.opendev.org/t/vexxhost/builds?job_name=openstack-operator%3Afunctional | 18:46 |
| mnaser | all those failures are failures that are real failures | 18:46 |
| tristanC | mnaser: it is refactored in https://review.opendev.org/#/c/718162/ | 18:47 |
| tristanC | mnaser: yes, the retried failure are not reported in the builds interface | 18:47 |
| tristanC | mnaser: thanks to https://opendev.org/zuul/zuul-operator/src/branch/master/playbooks/zuul-operator-functional/pre-k8s.yaml#L16-L17 | 18:48 |
| mnaser | something seems to be restarting the whole stack fwiw | 18:48 |
| mnaser | all containers seem to be restarted | 18:48 |
| *** zxiiro has quit IRC | 18:48 | |
| tristanC | it used to happens once in a while, hence the addition of the pre task to limit the issue, but since this week end i see more and more job being retried once or twice before reaching the run phase | 18:49 |
| mnaser | also i wonder if minikube doesnt full wait for the cluster to settle before reporting ok | 18:49 |
| mnaser | and the fact that you're doing a kubectl get pods right away after is triggering a race | 18:50 |
| corvus | is it the use-buildset-registry role? | 18:50 |
| mnaser | because inside ensure-kubernetes, we actually don't "verify" if the cluster is up | 18:50 |
| mnaser | corvus: ooooh there you go that's a good lead | 18:51 |
| tristanC | corvus: that could be it indeed | 18:51 |
| mnaser | it does restart docker | 18:51 |
| corvus | so maybe we need that to wait a bit longer before returning? | 18:51 |
| corvus | (maybe it should do a kubectl get pod in a loop or something?) | 18:51 |
| mnaser | i think the better thing is to run use-buildset-registry *before* ensure-kubernetes | 18:52 |
| mnaser | aka docker should be settled before we get k8s on top of it (but yes, kubectl get pod doesn't hurt too) | 18:52 |
| mnaser | i think i added the abiltiy to run use-buildset-registry inside ensure-docker | 18:52 |
| mnaser | so you should be able to set that and be good t go | 18:53 |
| corvus | maybe i should have put this in the ubr role: https://opendev.org/zuul/zuul-jobs/src/branch/master/test-playbooks/registry/buildset-registry-k8s-crio.yaml#L13-L18 | 18:54 |
| tristanC | mnaser: do you remember the option name to activate that ability? | 18:55 |
| corvus | mnaser: i don't think we currently use ensure-docker (i think we let ensure-k8s handle it) | 18:55 |
| corvus | ah, ensure-k8s calls ensure-docker | 18:55 |
| corvus | so maybe we can add the same option to ensure-k8s and pass it through | 18:56 |
| corvus | mnaser, tristanC: use-buildset-registry does some work that only happens if k8s is already installed | 18:56 |
| corvus | https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/use-buildset-registry/tasks/user-config.yaml#L51-L62 | 18:57 |
| corvus | that depends on k8s already having been installed | 18:57 |
| mnaser | oh, so my change is probably broken then | 18:57 |
| mnaser | well, partly broken | 18:57 |
| mnaser | works if you use ensure-docker, broken if you try and use it with k8s including it | 18:58 |
| corvus | (essentially k8s has its own docker user config, so that puts it in place) | 19:00 |
| tristanC | corvus: fun fact, zookeeper java tls library doesn't work if the ca has the `.crt` extension (as provided by cert-manager), and it only works when the file has the `.pem` extension | 19:00 |
| corvus | tristanC: hrm, i think it uses the extension to detect whether it's a pcks8 or 11 file | 19:01 |
| corvus | tristanC, mnaser: quick fix: put that cluster-info loop in use-build-set-registry to run iff kubelet exists | 19:01 |
| mnaser | corvus: i wonder if we can wire minikube to put the right config from the get-go if we need to use the buildset registry | 19:01 |
| corvus | tristanC, mnaser: longer term fix: maybe make ensure-buildset-registry idempotent and call it twice in ensure-k8s? | 19:01 |
| corvus | mnaser: that would be even better | 19:02 |
| tristanC | shouldn't all zuul jobs use the buildset-registry unless specified otherwise? | 19:02 |
| mnaser | https://github.com/kubernetes/minikube/issues/6080 | 19:02 |
| corvus | tristanC: maybae so | 19:03 |
| mnaser | https://minikube.sigs.k8s.io/docs/handbook/filesync/ | 19:03 |
| mnaser | we could use that. | 19:03 |
| *** Goneri has joined #zuul | 19:03 | |
| mnaser | or we have this too: https://minikube.sigs.k8s.io/docs/handbook/registry/ | 19:05 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Increase scheduler wait timeout and improve logs collection https://review.opendev.org/718162 | 19:05 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 19:05 |
| tristanC | corvus: so, would you like me to port the kubectl get retry loop to zuul-jobs from https://review.opendev.org/#/c/718162/5..6/playbooks/zuul-operator-functional/pre-k8s.yaml ? | 19:06 |
| corvus | tristanC: yeah, let's try that; that should be easy/fast and we can look at the sync idea later | 19:21 |
| *** cloudnull has joined #zuul | 19:25 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-jobs master: use-buildset-registry: wait for kubernetes service to be available https://review.opendev.org/719673 | 19:27 |
| *** y2kenny has quit IRC | 19:32 | |
| *** sanjayu__ has quit IRC | 19:39 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 19:51 |
| *** irclogbot_1 has quit IRC | 19:51 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add initial withCertManager input toggle https://review.opendev.org/718840 | 19:52 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add gearman tls secret provided by cert-manager https://review.opendev.org/719110 | 19:52 |
| *** irclogbot_0 has joined #zuul | 19:53 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add registry tls secret provided by cert-manager https://review.opendev.org/719185 | 19:54 |
| tristanC | sorry for the gerritbot spam, it is tricky to get operator test works reliably with cert-manager and zookeeper tls... i hope this will be stable soon! | 19:56 |
| *** igordc has quit IRC | 19:58 | |
| *** olaph has quit IRC | 20:01 | |
| *** olaph has joined #zuul | 20:01 | |
| *** olaph has quit IRC | 20:02 | |
| openstackgerrit | Merged zuul/zuul-jobs master: use-buildset-registry: wait for kubernetes service to be available https://review.opendev.org/719673 | 20:19 |
| *** y2kenny has joined #zuul | 20:27 | |
| *** olaph has joined #zuul | 20:29 | |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add TLS configuration to ZooKeeper service https://review.opendev.org/712759 | 20:44 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add schema validation error message https://review.opendev.org/718999 | 20:45 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Add a zuul-ensure-database-passwords role https://review.opendev.org/717880 | 20:45 |
| *** sgw has quit IRC | 20:57 | |
| *** sgw has joined #zuul | 21:18 | |
| tristanC | corvus: tobiash: at last, zookeeper tls configuration passed the operator tests. It took longer than expected because the launcher service addition was merged after the initial tls change was proposed. | 21:18 |
| tristanC | here is the build: https://zuul.opendev.org/t/zuul/build/706551ec4881438f84a1b97636bb94e7 , in particular: https://zuul.opendev.org/t/zuul/build/706551ec4881438f84a1b97636bb94e7/log/docker/k8s_zk_zuul-zk-0_default_278f1d30-2270-4af9-9854-051bcf6a5079_0.txt#103 | 21:20 |
| openstackgerrit | Tristan Cacqueray proposed zuul/zuul-operator master: Increase scheduler wait timeout and improve logs collection https://review.opendev.org/718162 | 21:22 |
| *** y2kenny has quit IRC | 21:39 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!