Wednesday, 2020-06-10

« Tuesday, 2020-06-09 Index Thursday, 2020-06-11 »
*** Goneri has quit IRC00:08
*** rlandy has quit IRC00:12
*** cloudnull has quit IRC00:23
*** cloudnull has joined #zuul00:24
*** Goneri has joined #zuul00:49
*** Goneri has quit IRC01:03
*** swest has quit IRC01:16
*** threestrands has joined #zuul01:19
*** swest has joined #zuul01:30
*** dennis_effa has joined #zuul01:44
*** saneax_AFK has joined #zuul02:14
*** rfolco|rover has joined #zuul02:41
*** saneax_AFK has quit IRC02:49
*** bhavikdbavishi has joined #zuul03:03
*** bhavikdbavishi1 has joined #zuul03:07
*** bhavikdbavishi has quit IRC03:09
*** bhavikdbavishi1 is now known as bhavikdbavishi03:09
*** bhavikdbavishi has quit IRC04:20
*** bhavikdbavishi has joined #zuul04:20
*** bhavikdbavishi1 has joined #zuul04:23
*** dennis_effa has quit IRC04:24
*** bhavikdbavishi has quit IRC04:24
*** bhavikdbavishi1 is now known as bhavikdbavishi04:24
*** evrardjp has quit IRC04:33
*** evrardjp has joined #zuul04:33
*** sgw has quit IRC04:34
*** y2kenny has quit IRC05:14
*** saneax_AFK has joined #zuul06:22
*** saneax_AFK is now known as saneax_07:00
*** hashar has joined #zuul07:04
*** jcapitao has joined #zuul07:08
*** iurygregory has quit IRC07:11
*** rpittau|afk is now known as rpittau07:21
*** tosky has joined #zuul07:29
*** iurygregory has joined #zuul07:33
*** bhavikdbavishi has quit IRC07:34
*** dustinc has quit IRC07:35
*** jpena|off is now known as jpena07:56
*** bhavikdbavishi has joined #zuul08:00
*** bhavikdbavishi has quit IRC08:46
*** bhavikdbavishi has joined #zuul08:47
*** hashar has quit IRC09:25
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477409:27
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477409:28
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477409:43
*** ysandeep is now known as ysandeep|lunch09:48
*** wuchunyang has joined #zuul09:51
*** sshnaidm|afk is now known as sshnaidm10:14
mhuhello tobiash, could I have reviews on https://review.opendev.org/#/q/status:open+project:zuul/zuul+branch:master+topic:CORS_OPTIONS (needed for UI dev) please?10:17
*** rpittau is now known as rpittau|bbl10:19
*** ysandeep|lunch is now known as ysandeep10:20
openstackgerritCarlos Goncalves proposed zuul/zuul-jobs master: configure-mirrors: add CentOS 8 Stream  https://review.opendev.org/73478710:27
*** wuchunyang has joined #zuul10:30
*** wuchunyang has quit IRC10:36
openstackgerritTobias Henkel proposed zuul/zuul master: Update access token url  https://review.opendev.org/73479310:48
*** jcapitao is now known as jcapitao_lunch10:56
*** bhavikdbavishi has quit IRC11:00
*** bhavikdbavishi has joined #zuul11:01
*** threestrands has quit IRC11:16
openstackgerritGuillaume Chauvel proposed zuul/zuul master: zuul_unreachable: Fix ansible callback exception  https://review.opendev.org/73479711:19
*** jpena is now known as jpena|lunch11:40
*** bhavikdbavishi has quit IRC11:50
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477412:05
*** rpittau|bbl is now known as rpittau12:05
*** bhavikdbavishi has joined #zuul12:07
*** rlandy has joined #zuul12:18
*** jcapitao_lunch is now known as jcapitao12:20
mordredtobiash: you have angered the indentation gods12:21
tobiashmordred: too easy to anger them...12:22
fungii sacrifice my spacebar to them, in hopes of a more fruitful coding season12:23
openstackgerritTobias Henkel proposed zuul/zuul master: Update access token url  https://review.opendev.org/73479312:23
mordredyah. the error in that patch is why I've stopped using visual indent in my code and always do a line break after a ( and a 4-space indent on the next line - it saves carnage in simple patches like that12:23
mordredyup. just like that )12:24
mordred:)12:24
tobiash:)12:24
fungisometimes it wants 8 space indent, if the line which would come after needs semantic indentation12:24
fungiso even for those who eschew visual indent, the rites of the indentation gods are not trivial12:25
*** olaph has quit IRC12:28
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477412:36
*** jpena|lunch is now known as jpena12:38
openstackgerritSagi Shnaidman proposed zuul/zuul-jobs master: Add jobs for testing ensure-ansible  https://review.opendev.org/73458412:40
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477412:46
*** hashar has joined #zuul12:46
*** Goneri has joined #zuul12:48
tobiashmhu: done12:49
mordredfungi: I've actually adopted the black approach: https://review.opendev.org/#/c/734810/1/plugins/modules/server.py@74912:53
mordredfungi: no need for occasional 8-space12:54
*** rlandy_ has joined #zuul12:54
*** harrymichal has joined #zuul12:56
*** rlandy has quit IRC12:58
*** rlandy_ is now known as rlandy12:59
fungiblasphemer12:59
*** sgw has joined #zuul13:03
openstackgerritSagi Shnaidman proposed zuul/zuul-jobs master: Add jobs for testing ensure-ansible  https://review.opendev.org/73458413:05
openstackgerritSorin Sbarnea (zbr) proposed zuul/zuul master: Enable display of failures inside zuul console  https://review.opendev.org/73483313:18
avassany zuul maintainer that wants to take a look at: https://review.opendev.org/#/c/722478/ ? pretty small change that adds some information to the mqtt driver13:45
zbravass: fungi: mordred: take a look at ^ -- finally making "failures" visible in the dashboard.13:49
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477413:55
avasszbr: that sounds like a pretty good feature actually13:56
zbrtell me... i was driven by pain, not desire to polish the ui.13:56
zbrpain is a great motivator13:57
openstackgerritMatthieu Huin proposed zuul/zuul master: web UI: allow a privileged user to dequeue a change  https://review.opendev.org/73485013:58
openstackgerritSagi Shnaidman proposed zuul/zuul-jobs master: Add jobs for testing ensure-ansible  https://review.opendev.org/73458414:04
*** rlandy is now known as rlandy|mtg14:08
*** bhavikdbavishi has quit IRC14:09
*** sshnaidm is now known as sshnaidm|bbl14:23
*** rlandy|mtg is now known as rlandy14:31
*** hashar has quit IRC14:39
corvuszbr: are you familiar with clicking the "FAILED" button on the console output?14:57
*** bhavikdbavishi has joined #zuul14:57
openstackgerritFabien Boucher proposed zuul/zuul master: gitlab - add the merge request updated test  https://review.opendev.org/73486915:00
zbrcorvus: tbh, i am not usually using it.15:02
zbri bet few users know that they can click the status labels to get more details15:02
corvuszbr: i ask because in your commit message you said that users were "forced" to look in the json file, but in actuality, all of the non-standard additional attributes (like "failure") are available there, so i thought maybe you didn't know about it.15:02
zbri also find confusing the fact that we have two different types of expansion: one per-line, and one per label inside that line.15:03
corvuszbr: it's a ui paradigm zuul shares with ara, so i thought it might be familiar to folks15:03
corvusmaybe we could do something to make it more obvious15:03
zbreach of them with different levels of expansion15:03
zbri can rewrite the commit message to remove the "forced part"15:03
corvuszbr: i don't quite follow the part about types of expansion; can you help me find what you're talking about?15:04
zbrok, let see one simple example https://review.rdoproject.org/zuul/build/8273b553847e4f0eba3caf6992ef1878/console15:04
dmsimardyeah clicking on the status in ara was reported to be non-obvious for certain users15:04
zbrif you chick the 2nd blue line, it will expand/contract15:04
corvuszbr: by 2nd blue line, you mean "Install docker-ce"?15:05
zbrlabel (from inside the same clickable area) opens a popup instead.15:05
zbryep15:05
zbrnesting clickable areas are not really very user friendly15:05
corvusi'm not sure i agree with that as a general rule.  but would you prefer to only have the caret clickable for expansion?15:06
avasscorvus: I had no idea you could do that :)15:06
corvusokay, so let's fix the problem that clicking the detail button is not obvious :)15:07
avassyeah15:07
zbri prefer the expandable version for multiple reasons: clickable are much wider, no motion sickness like on popup, not intrusive (can stills croll the page)15:07
zbri find the popup intrusive in multiple ways15:07
corvusi would rather do that before adding more non-standard output fields15:07
zbrfailures is pretty much standard, is not a "custom module"15:08
dmsimardzbr: historically the popup in ara 0.x was a huge hack that allowed for asynchronous fetching of results so it wouldn't all be rendered in a single (endlessly loading) page15:08
dmsimardit's literally a modal and an iframe15:08
corvuswhat's displayed is intended to be close to what you get on stdout/stderr when you just run ansible; then the detail button is there to show you all the extra info15:08
corvusoy. it looks like the package module behaves differently for different operating systems15:09
zbrguess what: ansible does display the failures on console too, stdout/stderr is something specific to process executions, but modules that run using API will likely not produce output on these.15:09
corvusunder debuntu, all of the error information is in 'msg' and there is no 'failures' attribute.  but under fedora, 'msg' is a general error message, and the specific package failure is under 'failures'.15:09
zbri did not investigate much, but my impression is that "failures" is not unique to package module.15:10
corvusis that just because failed tasks output the entire returned structure?15:11
corvusfatal: [localhost]: FAILED! => {"changed": false, "failures": ["No package aoeuaoueo available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}15:11
zbri am sure that "failures" is a critical information that should be displayed with priority.15:11
*** dustinc has joined #zuul15:11
corvusthat's what i see when running a test playbook15:11
avasscorvus: isn't 'package' just supposed to be a wrapper for yum/apt etc so I'm guessing it's just calling those modules and they behave differently15:12
zbran considering we would display it only when present, i do not see any issue.15:12
corvusavass: yeah, though i wonder what's different in the yum case for it to add an extra data return channel15:13
zbri did a grep on ansible source code, there is huge number of modules that return "failures".15:13
corvuszbr: can you point me at one other?15:14
dmsimardany module can return any fields, there's little to no standard :(15:16
corvusyeah, this is why getting folks to understand they can click on the details button is important15:17
corvusdmsimard: do you have any thoughts about improving that?15:17
corvusonly thing i'm coming up with right now is maybe a little banner at the top of the page letting folks know about it...15:17
corvusor maybe don't overload the status field, and just add a "Details..." link to each row15:18
corvusi do like how the current system avoids clutter, but if people aren't finding it then maybe it's worth a little clutter15:19
zbri was wrong, only dnf module returns failures (other usages of failures variable do not return them)15:21
zbrthis may explain the lack of interest in addressing this issue15:22
dmsimardcorvus: I don't have a strong opinion but I think it makes sense to iterate through a number of fields we know about and think might be relevant to the users and display them inline -- the main issue with this being that modules can return anything they want15:23
avasscorvus: looks like dnf is logging any package that couldn't be installed in failures and logging installed packages in results15:24
corvusdmsimard: hrm, i kind of want to lean into ansible's paradigm here -- that we can't know what fields will be useful, so we should make it easy for users to see them15:24
avassyum, apt, and dnf looks like they're behaving very differently and that's why :)15:26
dmsimardcorvus: so then next best thing is to show all the fields inline ? would be more cluttered but I guess it's not that bad because only the failed tasks are expanded15:27
corvusthe easiest thing to do would be to just do what the stdout plugin does and output everything on error, but we're not in a serial environment, we actually have interactive structured data.  it's really rich, so let's use it.  :)15:27
corvusdmsimard: no i don't want to do that15:27
corvusi want people to click on the details button15:27
corvusif the task didn't output enough information to stdout/stderr, the next thought for the user should be to dig deeper and see all the returned data to aid in debugging15:28
corvusso how do we get users to that point?15:28
dmsimardUI/UX is hard :)15:29
zbrcorvus: can you show me one real-world example where adding failures would lower the UX?15:29
corvusyes, which is why it's fun and rewarding :)15:29
corvuszbr: no, because there is only exactly one case where it appears15:30
corvusbut what's the next interesting key we should add?15:30
avasshow about instead of the button saying 'failure', 'changed' etc we could color code it and it could always say 'details'15:30
corvusare we going to evaluate each one on a case-by-case basis?15:30
*** ysandeep is now known as ysandeep|away15:30
avassor something like that15:30
zbrif we would not be talking about a core module, i would have said that the module should be updated. but is core and one of the top 10 most used ones.15:31
corvusdoesn't that argue all the more that it should be updated15:31
zbri can try to make PR to ansible to fix it, but even if approved, it will happen only on future versions, nothing that we would use by default for at least one more year from now.15:32
corvusavass: for accessibility purposes, it's important not to rely only on colors as a signal.  colors + words is usually best.15:33
avassright15:33
corvusso i think if we want the word "details" to show up there, it'll have to be a new field15:34
*** yoctozepto has quit IRC15:34
*** yoctozepto has joined #zuul15:35
corvusi wonder if we could do a toast message the first time someone visits a build page that says "click the result to see more details"....15:35
corvusor we could put a (?) icon next to the result -- maybe that would be obvious enough but not as cluttered as a new details button?15:36
avassI was thinking about the (?) or some sort of icon15:36
clarkbbinoculars15:37
corvusbetter15:37
corvus"FAILED (oo)" is better than "FAILED (?)"  :)15:37
corvus(did it fail?  click to find out!)15:37
avassI was thinking either a magnifying glass or a document icon15:38
corvusalso better than (?) :)15:38
avassbut yeah something like that15:39
avassI'd rather avoid one-time toast messages :)15:39
mhu"did it fail ? the results will SHOCK you!"15:40
avass"TEN REASONS this build FAILED"15:40
zbrlets first fix the failures issue in particular and evaluate the expand vs collapse issue later, as it would need proper user feedback15:40
zbrwe cannot rely only on own own experience when making UX decisions on zuul.15:41
corvusha :)  avass, yes, i think the one-time toast may be too annoying.  though i am starting to think that having a little "intro" on the main build landing page may not be a bad idea15:41
zbri have some ideas/theories, but without a user survey is pure speculation15:41
corvuszbr: we can do the best we can.15:41
zbrimho: we should have only one way to show more details on a task, the expansion one. but i can understand that may be oppionated.15:42
corvusi agree proper ux testing is great.  but we also definitely don't do this in a vacuum.  everything we do is heavily influenced by user feedback.15:43
corvuszbr: i see the attraction there, but that doesn't scale well in the case of some tasks which return massive amounts of data15:44
corvushttps://www.patternfly.org/v3/styles/icons/index.html15:44
zbrthe fact that detail section is expanded by default makes it more accesible: user does not have to do anything to see it (as opposed to the popup)15:44
corvuspficon-search is a magnifying glass15:44
zbrmaybe we can have the expansion at two levels, implicit one (like now, with cherry picked fields), and an all fields one.15:45
corvuszbr: how is that different?15:46
corvuszbr: do you just mean: get rid of the modal popup?15:46
zbrnot to clutter the interface with stuff that is unlikely to be useful?15:46
avassfa-plus could also work15:47
zbri would not mind ditching the modal, especially if we include the same information in expand.15:47
corvuszbr: the current state is: implicit with cherry-picked fields, and the modal popup is all fields.  so what's new in the proposal?  just folding the popup into the main page?15:47
zbrcorvus: yep15:47
zbrcorvus: i think you described it well, folding the information from modal into the main page (keeping its dynamic implementation)15:48
corvuszbr: so to summarize your proposal, it would be that when users land on the console tab, it looks mostly like it does now, except that instead of clicking on the result to open a modal popup, we would add something to the expanded area, so to get to details, a user would expand the task first, then click a button inside the expanded area which adds all of the fields into the expanded area.  that button would15:49
corvusbe a toggle, and clicking it again would reduce it to the cherry-picked fields.  that sound about right?15:49
zbryep, something very similar with the more/less implementation i did for stdout/stderr15:50
zbrsummary/details html elements are quite handy here.15:50
corvusthat sounds like an improved ux for dealing with failed tasks, though if someone wants to see details for successful tasks (which aren't expanded by default), we're adding a click to that workflow.  i use that quite often (i frequently need to see the results of successful tasks, in order to find the inputs for failed tasks later).15:51
zbrsummary contains the few notable fields, and details contains the rest (collapsed by default)15:52
corvusperhaps the more/less button could be on the collapsed task bar, so that if you click that, it auto-expands.  basically it would look identical to the "details" magnifying glass or whatever, but would not pop-up the modal, but rather fully expand the inline view.15:53
zbrcorvus: are you sure that the limited set does not help you with successful tasks? what percent of those would require an extra click?15:53
corvuszbr: i'm usually looking for list entries15:53
corvuslike "what were the with_" items for a task15:54
zbri am sure we could avoid two clicks for succesful tasks easily, but i am not sure about benefits, i need to look.15:54
zbranyway, it would be under our control to decide which is better15:54
zbrsometimes it needs few iterations to tune it15:55
zbrwhat would be extreamly useful for improving the dashboard experience would be to have pre-generated job result as a model.15:56
zbrnow we need to dig for examples of jobs that can exemplify the changed behavior15:56
zbralso we cannot share links to these15:56
zbrif we would build a static one, it would make it much easier to get feedback from average users (not zuul contributors)15:57
*** bhavikdbavishi has quit IRC15:59
corvusi'd like to summarize where i stand:  on zbr's patch to whitelist 'failures': i'm 45% in favor of it.  i would rather avoid it because i worry that if we add this one exception, people will start to expect more and more fields included by default.  yes, that's a slippery slope argument.  however, if other zuul maintainers think it's worth working around this niche use case in ansible (package module using16:01
corvusdnf doesn't return enough info) to special case it, i won't -2 it.  but the change does need some updates (i left inline comments).  i feel strongly that we should address the fact that the details link lacks an affordance (ie, it is not obvious to new users that it's available and what it does).  i think moving that to an icon should be easy and quick, and a non-intrusive change, and we should do it asap.16:01
corvusi think zbr's suggestion of folding the modal into the inline is worth considering, and after we've moved the details button to a dedicated icon, we'll have a bit more information about how we might want to set that up.  i'm not convinced we'll want to do it, but i'd rate my likelihood of approving something like that at 70% at this point, just based on imagining it.16:01
corvuszbr: if we change the reported preview link to use zuul-preview, we may be able to get sharable deep-links into preview builds.16:02
avassthere doesn't seem to be enough modules that use16:03
avass'failures' when looking at the ansible repositories to motivate whitelisting it16:04
*** rpittau is now known as rpittau|afk16:07
*** bhavikdbavishi has joined #zuul16:11
zbravass: dnf module affects anyone on rpm platforms, it is quite a common source of failures, sic.16:11
zbri can obviously change the implementation to make it work even with non list results, that is not the issue.16:11
openstackgerritFabien Boucher proposed zuul/zuul master: gitlab - add the merge request updated test  https://review.opendev.org/73486916:13
fungiit seems like either the dnf module should seek alignment with other core modules, or ansible should bless the mechanism and data structure used by the dnf module as a standard and start encouraging other modules to use it16:16
zbrfungi: what about modules that can return multiple errors? msg is clearly a single string afaik.16:20
zbransible team is these days deep into other more serious issues, so i doubt we would be able to get any useful reply on that.16:20
zbrcd me16:21
*** jcapitao has quit IRC16:21
fungiit seems like richer data structures for returned errors is something they might welcome a spec for16:21
*** dennis_effa has joined #zuul16:23
zbrlets test the water on #ansible-devel ...16:26
openstackgerritMatthieu Huin proposed zuul/zuul master: web UI: user login with OpenID Connect  https://review.opendev.org/73408216:55
openstackgerritJames E. Blair proposed zuul/zuul-jobs master: Allow upload-docker-image role to be used outside of promote  https://review.opendev.org/73489016:56
corvusmhu: what determines the value of signinRedirect() ?16:58
corvusmhu: is it this?   redirect_uri: API.getHomepageUrl() + 't/'+ tenant + '/auth_callback',16:59
mhucorvus, the redirect URI you mean? yes, it's from the userManager config16:59
mhuso, the thing is, usually when you add redux-oidc to your project, you're going to use a single realm with it17:01
mhuso you can instantiate your userManager nicely at the root of your app with a config file somewhere17:01
*** jpena is now known as jpena|off17:01
mhubut in our case, and most likely vexxhost's case too, we'd want to associate a realm to a tenant17:02
mhuso I had to do this little dance where I get the IdP info for a realm from the info API endpoint, and instantiate the userManager on the fly17:03
mhuand therefore you also want a redirect URI per tenant17:04
mhuwell, in all honesty, I know so little about react-redux and OIDC implementations for it that I might have got it all wrong17:05
mhubut "It works with my setup" (c)17:05
corvusmhu: and this is is the url for retrieving the oidc config right? https://zuul-ci.org/docs/zuul/discussion/components.html#attr-auth%20%3Cauthenticator%20name%3E.issuer_id17:08
mhucorvus, correct, see https://zuul-ci.org/docs/zuul/discussion/components.html#openidconnect17:09
mhutomorrow I can write a howto somewhere about setting up keycloak with zuul, if you'd like to test stuff17:10
corvusmhu: what do you think about expanding the docs to include an example of setting up auth with a public provider (eg github or google)?17:10
mhucorvus, or that :)17:10
corvusheh -- they keycloak howto sounds like a good idea too, but i was thinking that using a public provider might make it easier for folks to test17:11
mhuI'm using keycloak for my tests, and keycloak then federates with github17:11
corvusyou're doing the thing we want to do with opendev.  :)  cc infra-root ^17:11
mhubut I can have a look into how to plug yourself directly with gh17:11
fungineat!17:12
corvusmhu: if you have a spare moment, maybe you could look at https://review.opendev.org/731838  ?17:12
mhucorvus, well, more than happy to share that hard-earned knowledge, I only ask for reviews in exchange :)17:12
fungiand yeah, we're trying to describe our plans in that ^ though we have a bunch of productive discussion during the ptg last week which is not yet captured in the spec (see review comments for details)17:13
corvusmhu: you're getting reviews right now :)17:13
mhucorvus, thanks! I'd like the CORS_OPTIONS topic merged first if possible, because I'll have to rebase the rest on it17:14
corvusmhu: so yeah, i think at this point some kind of howto (at least one of: github, google, keycloak) would be very helpful in reviewing that, because i think that's probably the only way we're going to be able to test it, so we should get other zuul devs bootstrapped into an env where we can do that.17:14
mhuI mean I *could* just rebase the reviews but I'm starting to have a fairly long patch chain and I tend to mess up my cherry picks :D17:15
corvusmhu: i'll leave a comment on that change, but from what i can see so far, i think your approach looks good17:15
*** hashar has joined #zuul17:16
corvusmhu: i'll put those at the top of my list :)17:17
*** sugaar has quit IRC17:32
*** reiterative has quit IRC17:32
*** reiterative has joined #zuul17:34
*** reiterative has quit IRC17:34
*** reiterative has joined #zuul17:35
*** sshnaidm|bbl is now known as sshnaidm17:40
*** hashar has quit IRC17:57
corvustobiash: fyi i'm working on the docker release tag thing18:04
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477418:11
openstackgerritJames E. Blair proposed zuul/zuul master: Run upload-docker-image on release  https://review.opendev.org/73490218:25
corvustobiash, mordred, clarkb, fungi: ^ i think that should implement the simple version of what we discussed yesterday.18:26
corvusmnaser: ^ i think you were interested in that too18:26
corvusoh wait there's an error on that; sorry i changed approaches and forgot to correct18:27
*** y2kenny has joined #zuul18:28
openstackgerritJames E. Blair proposed zuul/zuul master: Run upload-docker-image on release  https://review.opendev.org/73490218:31
corvusthere we go18:31
y2kennyfor nodepool, how do you folks decide between a provider vs pool vs labels?  For example, is there any advantages to have multiple pool from the same provider vs having the pool sitting different provider of the same type?18:32
corvustobiash, clarkb: if you could look at https://review.opendev.org/734902 soon i'd appreciate it -- we may need a couple of iterations through the pipeline to get that right; i'll be happy to do that after it merges18:33
*** dennis_effa has quit IRC18:33
corvusy2kenny: it's usually based on whether you need to break up the quota in order to enable certain configurations18:33
corvusy2kenny: for example, if you have different networks, and you need some labels to provide nodes on network A, and some on network B, those may be 2 pools in a provider18:34
y2kennyok18:35
corvusy2kenny: another example might be setting the quota differently.  see the 2 pools for this provider: https://opendev.org/openstack/project-config/src/branch/master/nodepool/nl02.openstack.org.yaml#L16718:35
corvusthere's a larger main pool, and a smaller pool of larger nodes18:36
*** bhavikdbavishi has quit IRC18:36
y2kennycorvus: ok.  I am trying decide where to put some configuration for the driver I am writing.18:37
*** bhavikdbavishi has joined #zuul18:37
corvusy2kenny: i'm not sure there's a hard and fast rule.  sometimes it makes sense on a ProviderLabel; sometimes it makes sense in a ProviderPool.  some of them we've put on both.18:39
corvusi think networks is an example of one that's on both18:40
y2kennyok18:40
*** bhavikdbavishi has quit IRC18:42
y2kennycorvus: I am a bit unclear on the responsibility of a nodepool driver.  As far as I can tell, it gets the resources ready (with launches) but is it also responsible to record which resources are in use and quota?18:43
y2kennyor is the resource tracking done by nodepool itself?18:43
y2kennyI am looking at both the static driver and k8s/openshift driver and things seems to behave a bit differently.18:44
corvusy2kenny: it's a fuzzy cooperative arrangement and it's different for different drivers.  that's something i've started trying to address with the 'simple' driver interface (that the gce driver is built on)18:44
y2kennymay be because k8s's is more 'soft' whereas static driver is more 'hard'?18:45
corvusy2kenny: the static driver is the most 'special' because it's internal; i'd avoid using it for a reference unless necessary18:45
y2kennycorvus:... um... but it is actually closest in terms of characteristics (I am working on the cobbler/baremetal driver right now)18:46
y2kennyI looked at the gce driver as well but there are a lot of stuff that doesn't quite match for baremetal provisioning (like having a cloud-image, for example.)18:47
fungiinteresting that cobbler's bare metal provisioning doesn't normally use boot images. ironic's does18:48
y2kennymy current thinking is kind of a mix of k8s namespace type and static driver... essentially nodepool provision the baremetal node like a k8s namespace (in the sense that nodepool doesn't do much with it)18:48
y2kennyfungi: cobbler actually has concept of profile and such but I am not really using that18:49
corvusy2kenny: in all drivers, nodepool shouldn't do much with anything :)18:50
fungiironic basically boots a small ramdisk and then retrieves and provisions the server's filesystem using that, before rebooting into it, so more cloud-like in that regard i guess18:50
corvusy2kenny: the general approach is to interface to the cloud system.  so openstack requests a vm, k8s requests a pod or namespace.  and i'd expect cobbler to request a baremetal machine.18:50
y2kennyfungi: or... I am actually using it in a more dynamic fashion.  For my use case, I want to boot the system with a fairly dynamic image.  Like an image that contains an experimental kernel that zuul just build so I wouldn't be able to provision that image via nodepool config18:50
y2kennycrovus: yes, I am making it so that the cobbler driver essentially return the ipmi address of the baremetal machine18:51
y2kennycorvus: what I am trying to understand right now is how (or if) I need to register the machines with nodepool so that the provisioning is correct.18:52
corvusy2kenny: cobbler maintains its own inventory, right?18:52
y2kennycorvus: for k8s namespace, it's almost like there's no registration of the 'resource' with nodepool18:52
y2kennycorvus: yes on the inventory bit18:52
fungii would expect cobbler to tell nodepool about machines, not have nodepool track them independently18:52
corvusk i think i know what you're asking; 1 sec18:53
y2kennyfungi: but nodepool will have to track which machine is currently in use right?18:53
fungiyeah, i'm probably misunderstanding18:53
y2kennylooking at static drivier, looks like I need to 'register' the machine with a zk.Node()18:53
fungii would expect the nodepool driver to tell cobbler to boot something matching a set of parameters, and then cobbler to return the relevant connection information to the nodepool driver18:54
corvusy2kenny: for this part, try to keep to the k8s driver for reference -- this is where the static driver is going to behave too differently.18:54
y2kennywhereas k8s-namespace I just launch18:54
corvusy2kenny: look at the K8SLauncher class18:55
y2kennycorvus: ok18:55
y2kennycorvus: ok but that's kind of what I meant in my confusion18:55
y2kennycorvus: K8SLauncher pretty much just create the soft resources on the fly18:55
y2kennyI am also looking at listNodes for the k8s provider18:56
corvusy2kenny: i would imagine that's where you'd ask cobbler for a machine, then set the connection information on the 'node' object18:57
y2kennycorvus: I think I need to rephrase my question... something is calling launch and that something is nodepool right?18:59
corvusy2kenny: yes18:59
corvusthe nodepool launcher, specifically19:00
y2kennycorvus: how does nodepool descide which node to call launch(self, node) with?19:00
corvusy2kenny: it creates a new node for the request19:00
y2kennyum...19:00
corvusa node in nodepool is ephemeral19:01
fungifrom a logistics standpoint the driver should just ask cobbler "give me an available machine, i don't care which one" or maybe "give me an available machine with 16 cpu cores" but the driver shouldn't need to keep track of which machines are available to cobbler, cobbler should pick something suitable from its inventory and tell nodepool what to use19:01
y2kennyfungi: oooh... so it's up to cobbler to track if a server is in use or not?19:02
corvusyes19:02
funginodepool tracks whether nodes are in use, it doesn't need to know about nodes which are available though, just maybe how many are available so it can stop asking if there are none19:02
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477419:03
y2kennyok... but this is why I am looking at static driver as well... because for static nodes, nodepool track which is in use right?19:03
fungibasically nodepool wants to have a record of what nodes have been allocated which are in use by zuul, and then wants to tell the provider when it's done with a node so the provider can clean it up and add it back to the available pool19:04
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477419:04
avassso I've been spending a couple of hours trying to figure out why my tests for instance profiles didn't work....19:04
avassit looks like that's just not supported by moto... https://github.com/spulec/moto/blob/master/moto/ec2/models.py#L47419:04
fungias corvus said, the static driver is an anomaly, it's basically a workaround for "i'm going to manage my own nodes outside the nodepool launcher"19:04
avass:(19:04
*** rlandy is now known as rlandy|mtg19:05
corvusthe static driver is a one-off exception.  we do some really convoluted stuff in the static driver to map it into nodepool's worldview.  generally nodepool is an interface to a cloud system (doesn't have to be virtual -- baremetal clouds are cool)19:05
*** sshnaidm is now known as sshnaidm|afk19:05
avassunless I'm missing something patchset 9 of https://review.opendev.org/#/c/734774/ should work otherwise19:05
corvusbut we don't want to turn nodepool into its own cloud system -- we've seen how hard of a job that is to do :)19:06
avassif anyone has time, can you take a look at 734774, should be an easy enough for review19:07
corvusi have to run to lunch, biab19:07
y2kennyfungi, corvus: um... then I probably need to rethink this a bit.  Because until now, I basically see cobbler just a provider of some inventory and it doesn't track usage.19:11
fungiy2kenny: to summarize, if cobbler doesn't provide an api with functions like "tell me how many systems are available matching this set of parameters," "provision an available system matching this set of parameters and tell me how to connect to it," and "i'm done with this system you can clean it up now and make it available again" then there will probably need to be some service which sits between the nodepool19:17
fungiprovider driver and cobbler to provide that abstraction layer19:18
fungithat's basically what bare metal cloud services like ironic are designed to provide though19:18
y2kennyfungi: I think my use case is perhaps a bit too weird.  The level of provisioning I need in this case is really minimal, to the level of the k8s-namespace type.  All I want to make sure is the same node not being use by two different jobs.  Baremetal cloud is a bit overkill because I don't even want something else to load the base os image for me19:38
y2kenny(essentially just give me a baremetal system powered off and I will do the rest.)19:38
y2kennythis is because launching of the base os is part of the CI job that can potentially fail.19:39
y2kenny(custom kernel under test and all that.)19:42
fungigot it, so your jobs are talking ipmi (among other protocols) to these nodes19:47
y2kennyfungi: exactly19:47
y2kennyfungi: what I am hoping to get nodepool to really just to return the control interface to the machine and not necessary the machine itself19:49
fungiin that case i guess you need a service which provides the ipmi interface and other relevant network plumbing information from your "cloud" layer to the nodepool provider driver, though that service would ideally also take care of whatever cleanup steps are required (reflashing firmware/bios, wiping disks, et cetera) when nodepool tells it that the node is no longer in use19:49
y2kennyfungi: pretty much yes.  Although the clean up can be part of Zuul job's cleanup-run as well.19:52
fungiso the provider driver in nodepool would ask that service for relevant connection information for the server, that service would allocate it and return the info, then nodepool would aggregate it into whatever set is necessary to meet zuul's node request and pass along the information for all the fulfilling nodes. later when zuul finished with the node, nodepool would tell the intermediary "cloud" service it was19:53
fungidone with the node at which point nodepool would forget about it and the cloud would clean up the node and make it available for future requests19:53
fungiremember zuul can't guarantee cleanup will succeed (disconnects and other sorts of interruptions could leak those nodes back in a dirty state)19:54
fungizuul cleanup playbooks are best-effort19:54
y2kennyfungi: ok, right.19:55
fungiif that intermediate service can also report on availability counts (essentially "quota" available/used numbers) then the launcher can also refrain from requesting additional nodes when it knows are none available (or not enough to satisfy a given request)19:57
y2kennyfungi: is this 'quota' thing communicated to nodepool via listNode?19:58
y2kennylistNodes()19:58
fungithat's part of how it tries to work out available quota, yes19:58
fungiin part because some clouds have a bit of a delay updating used counts in their api responses19:59
fungiso it can get into a bit of a hysteresis around the full mark19:59
y2kennyI am actually not too clear on the schema of the Node to be return by listNodes().  For k8s, it seems to return FakeServer20:00
y2kennyum... I should take a look at gce driver.  Right now I am assuming the labels are part of the node return by listNodes but at this point I haven't found the relevant code for it.20:01
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477420:21
*** rlandy|mtg is now known as rlandy20:23
clarkbcorvus: why does the tagging change remove the pypi and docs updates?20:32
corvusclarkb: see last pgraph of commit msg20:32
corvus(which we want to do because it's important that we have version tags so ppl can pin to 3)20:34
corvus(and we have cut our last expected 3.x release already)20:34
clarkbcorvus: ++ I +2'd it with a note for a potential followup when those jobs are reenabled20:35
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477420:37
avassfixed the pep8 on that^, if anyone has a good idea on how to test that better without too much effort I'm open t suggestions :)20:38
openstackgerritAlbin Vass proposed zuul/nodepool master: aws: add support for attaching instance profiles  https://review.opendev.org/73477420:38
openstackgerritMerged zuul/zuul-jobs master: Allow upload-docker-image role to be used outside of promote  https://review.opendev.org/73489020:55
openstackgerritJames E. Blair proposed zuul/zuul master: Add descriptions to the different dashboard jobs  https://review.opendev.org/72977321:17
*** harrymichal has quit IRC21:17
*** rfolco|rover has quit IRC21:23
openstackgerritMerged zuul/zuul master: Replace deprecated Thread.isAlive() with Thread.is_alive()  https://review.opendev.org/73215721:36
*** threestrands has joined #zuul21:55
openstackgerritMerged zuul/zuul master: executor: Fix 'merge_jobs' configuration  https://review.opendev.org/73395822:03
*** armstrongs has joined #zuul22:05
openstackgerritMerged zuul/zuul master: GitHub Reporter: Fix `Reviewed-by` in Merge Commit Message  https://review.opendev.org/73458022:10
openstackgerritMerged zuul/zuul master: Update access token url  https://review.opendev.org/73479322:13
*** armstrongs has quit IRC22:13
openstackgerritMerged zuul/zuul master: zuul_unreachable: Fix ansible callback exception  https://review.opendev.org/73479722:14
openstackgerritMerged zuul/zuul master: Don't recreate parse context for every config file  https://review.opendev.org/72877422:22
openstackgerritMerged zuul/zuul master: gerrit: disable poller when no http authentication is defined  https://review.opendev.org/73065522:22
openstackgerritMerged zuul/zuul master: Add descriptions to the different dashboard jobs  https://review.opendev.org/72977322:22
*** tosky has quit IRC23:15
*** rlandy has quit IRC23:39
« Tuesday, 2020-06-09 Index Thursday, 2020-06-11 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!