| -@gerrit:opendev.org- Ian Wienand proposed: [zuul/nodepool] Dockerfile: use buster images https://review.opendev.org/c/zuul/nodepool/+/806508 | 03:36 | |
| -@gerrit:opendev.org- Ian Wienand proposed: [zuul/nodepool] Update Docker and bindep for Bullseye base images https://review.opendev.org/c/zuul/nodepool/+/806312 | 03:38 | |
| -@gerrit:opendev.org- Ian Wienand proposed: [zuul/nodepool] Update Docker and bindep for Bullseye base images https://review.opendev.org/c/zuul/nodepool/+/806312 | 04:23 | |
| -@gerrit:opendev.org- Ian Wienand proposed: [zuul/nodepool] Update Docker and bindep for Bullseye base images https://review.opendev.org/c/zuul/nodepool/+/806312 | 05:04 | |
| -@gerrit:opendev.org- Ian Wienand proposed: [zuul/zuul] Be more liberal with Depends-On: parsing https://review.opendev.org/c/zuul/zuul/+/806533 | 06:00 | |
| -@gerrit:opendev.org- Ian Wienand proposed: [zuul/nodepool] Update Docker and bindep for Bullseye base images https://review.opendev.org/c/zuul/nodepool/+/806312 | 06:12 | |
| -@gerrit:opendev.org- Ian Wienand proposed: [zuul/nodepool] Update Docker and bindep for Bullseye base images https://review.opendev.org/c/zuul/nodepool/+/806312 | 08:30 | |
| @mhuin:matrix.org | Does opendev own this channel: https://matrix.to/#/#freenode_#zuul:matrix.org ? This is the channel that came up when I searched for "zuul" in element - it took me longer than I want to admit to realize that it was way too quiet to be the official channel | 09:09 |
|---|---|---|
| @mhuin:matrix.org | my point being, if anyone owns this channel and if channels can be deleted, it'd be a good idea to get rid of this one, unless it's still used for something | 09:10 |
| @mhuin:matrix.org | (it didn't help that the topic was exactly the same as the "official" one) | 09:10 |
| @mhuin:matrix.org | > <@avass:vassast.org> anyone know what the status of the admin ui is? https://review.opendev.org/q/topic:%22fffaff%22+(status:open%20OR%20status:merged) | 09:21 |
| Lately I've finally removed the dependency to the unmaintained dependency redux-oidc, so I think it's ready for prime-time (ie reviews). There are some screengrabs on the reviews to illustrate what the changes look like (since the opendev preview does not have auth activated). | ||
| -@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] Example Docker compose: keycloak integration https://review.opendev.org/c/zuul/zuul/+/769943 | 09:23 | |
| @mhuin:matrix.org | I welcome more eyes and opinions on the changes, so if help is needed to set up a test env let me know. The change I just rebased ^ should deploy an all-in-one compose | 09:24 |
| -@gerrit:opendev.org- Simon Westphahl proposed: | 09:40 | |
| - [zuul/zuul] Add source interface for setting change attributes https://review.opendev.org/c/zuul/zuul/+/805836 | ||
| - [zuul/zuul] Reference change dependencies by key https://review.opendev.org/c/zuul/zuul/+/805844 | ||
| - [zuul/zuul] Implement ABC for caching changes in Zookeeper https://review.opendev.org/c/zuul/zuul/+/805835 | ||
| - [zuul/zuul] Cache Gerrit changes in Zookeeper https://review.opendev.org/c/zuul/zuul/+/805837 | ||
| - [zuul/zuul] Cache Github pull requests in Zookeeper https://review.opendev.org/c/zuul/zuul/+/805838 | ||
| - [zuul/zuul] Cache Pagure pull requests in Zookeeper https://review.opendev.org/c/zuul/zuul/+/806556 | ||
| - [zuul/zuul] Cache Gitlab merge requests in Zookeeper https://review.opendev.org/c/zuul/zuul/+/806557 | ||
| -@gerrit:opendev.org- Simon Westphahl proposed: | 09:53 | |
| - [zuul/zuul] Implement ABC for caching changes in Zookeeper https://review.opendev.org/c/zuul/zuul/+/805835 | ||
| - [zuul/zuul] Cache Gerrit changes in Zookeeper https://review.opendev.org/c/zuul/zuul/+/805837 | ||
| - [zuul/zuul] Cache Github pull requests in Zookeeper https://review.opendev.org/c/zuul/zuul/+/805838 | ||
| - [zuul/zuul] Cache Pagure pull requests in Zookeeper https://review.opendev.org/c/zuul/zuul/+/806556 | ||
| - [zuul/zuul] Cache Gitlab merge requests in Zookeeper https://review.opendev.org/c/zuul/zuul/+/806557 | ||
| @avass:vassast.org | mhu: cool, I'll see if I can take a look later :) | 10:18 |
| @avass:vassast.org | what capabilities are needed to run zuul-executor without it being a privileged pod? SYS_CHROOT? | 11:14 |
| @mordred:inaugust.com | avass: so far no one has done that full analysis | 13:39 |
| @mordred:inaugust.com | avass: it has come up a few times | 13:39 |
| @mordred:inaugust.com | it would be a great thing to actually learn :) | 13:40 |
| @avass:vassast.org | but opendev is at least running executors without root right? | 13:40 |
| @mordred:inaugust.com | nope: "privileged: true" | 13:41 |
| @mordred:inaugust.com | oh - wait - no, you're right: "user: zuul" | 13:42 |
| @avass:vassast.org | mordred: yeah :) | 13:42 |
| @mordred:inaugust.com | because it just needs to be able to run bubblewrap | 13:42 |
| @mordred:inaugust.com | https://opendev.org/opendev/system-config/src/branch/master/playbooks/roles/zuul-executor/files/docker-compose.yaml | 13:43 |
| @avass:vassast.org | working on deploying zuul in openshift and we're not allowed to run pods as root and not sure yet if I'm able to set privileged: true. | 13:43 |
| @mordred:inaugust.com | yeah. that's the exact context where this has come up before 🙂 | 13:44 |
| @mordred:inaugust.com | it's funny - because in this case the thing we want to use privileged: true for is to be able to run more safely and with more containment. | 13:45 |
| @mordred:inaugust.com | but - to your original question - knowing the *actual* capabilities needed to be able to run bubblewrap would be super awesome | 13:45 |
| @avass:vassast.org | I mean it's safer if you're entirely sure that it's not possible to exploit the executor in any way :) | 13:49 |
| @tobias.henkel:matrix.org | avass: if you have user namespaces enabled you might get it working without privileged, otherwise you cannot really get around privileged | 15:20 |
| @tobias.henkel:matrix.org | without userns bwrap needs at least mount, chroot and setuid (maybe/probably even more). All that together is likely (almost) equivalent to privileged | 15:25 |
| @avass:vassast.org | tobiash: got it. Hope I can convince the right people to allow it then because otherwise we're gonna have to deploy the executors outside openshift | 15:27 |
| @tobias.henkel:matrix.org | btw, that was the reason for us hosting zuul on a dedicated openshift... | 15:27 |
| @avass:vassast.org | tobiash: things were easier at Volvo when I had a dedicated EKS to work with :) | 15:30 |
| @tobias.henkel:matrix.org | you're moving from eks to onprem? | 15:31 |
| @avass:vassast.org | tobiash: no I've moved from Volvo to Zenseact :) | 15:32 |
| @tobias.henkel:matrix.org | ah :) | 15:32 |
| @tobias.henkel:matrix.org | one hint: make sure that the executors are on fast storage | 15:33 |
| @tobias.henkel:matrix.org | (e.g. avoid ceph for the root of the container and the work dirs) | 15:34 |
| -@gerrit:opendev.org- Jeremy Stanley proposed: | 15:35 | |
| - [zuul/zuul-jobs] Include tox_extra_args in tox siblings tasks https://review.opendev.org/c/zuul/zuul-jobs/+/806612 | ||
| - [zuul/zuul-jobs] Add tox_config_file rolevar to tox https://review.opendev.org/c/zuul/zuul-jobs/+/806613 | ||
| @avass:vassast.org | I think i heard talks about that the other day and I think we got our storage upgraded pretty recently. Heh :) | 15:40 |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] DNM: checking tox role tests for bitrot https://review.opendev.org/c/zuul/zuul-jobs/+/806614 | 16:01 | |
| @mhuin:matrix.org | Does anybody what is the API call sent to github to get events on a pull request? A SF user reported a problem with the gate and merge pipeline triggers. To sum it up, we configure the status condition as 'status: "{{ github_connection.app_name }}\\[bot\\]:{{ tenant_name }}/check:success"' | 16:25 |
| @mhuin:matrix.org | where the app_name is the name of the zuul application configured for github | 16:26 |
| @mhuin:matrix.org | indeed, we do see {appname}[bot] in the comments, like so: https://api.github.com/repos/wazo-platform/wazo-confd/issues/comments/880843164 | 16:27 |
| @mhuin:matrix.org | but then the gate and merge pipelines won't fire with the following error: RequiredStatuses ['wazo-community-zuul\[bot\]:local/check:success'] does not match ['wazo-community-zuul:local/check:success'] | 16:27 |
| @mhuin:matrix.org | (from https://opendev.org/zuul/zuul/src/tag/4.6.0/zuul/driver/github/githubmodel.py#L237 ) | 16:28 |
| @mhuin:matrix.org | looks like the [bot] tag is not present in the feed of the github connection? | 16:29 |
| @mhuin:matrix.org | (note that the user basically updated from zuul 3.19 to zuul 4.6) | 16:29 |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 16:53 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 17:07 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 17:11 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 17:35 | |
| @dmsimard:matrix.org | FYI, ansiblefest agenda is out: https://www.ansible.com/ansiblefest -> https://events.ansiblefest.redhat.com/widget/redhat/ansible21/sessioncatalog, contributor summit registrations are also open: https://ansiblecs202109.eventbrite.com/ | 17:43 |
| @jim:acmegating.com | dmsimard: \o/ thanks! | 17:44 |
| @jim:acmegating.com | looks like this is the link to my session: https://events.ansiblefest.redhat.com/widget/redhat/ansible21/sessioncatalog/session/16248953812130016Yue | 17:45 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 17:49 | |
| - [zuul/zuul] Remove nodeset from NodeRequest https://review.opendev.org/c/zuul/zuul/+/806063 | ||
| - [zuul/zuul] Make node requests persistent https://review.opendev.org/c/zuul/zuul/+/806280 | ||
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 17:52 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 18:06 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 18:19 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 19:18 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | 19:45 | |
| -@gerrit:opendev.org- Jeremy Stanley proposed: | 20:16 | |
| - [zuul/zuul-jobs] Support verbose showconfig in tox siblings https://review.opendev.org/c/zuul/zuul-jobs/+/806621 | ||
| - [zuul/zuul-jobs] Include tox_extra_args in tox siblings tasks https://review.opendev.org/c/zuul/zuul-jobs/+/806612 | ||
| - [zuul/zuul-jobs] Add tox_config_file rolevar to tox https://review.opendev.org/c/zuul/zuul-jobs/+/806613 | ||
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed on behalf of Felix Edel: [zuul/zuul] WIP NodeRequest watches https://review.opendev.org/c/zuul/zuul/+/804961 | 20:24 | |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] Add node request cache to zk nodepool interface https://review.opendev.org/c/zuul/zuul/+/806639 | 20:27 | |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] Update IRC nics with Matrix IDs https://review.opendev.org/c/zuul/zuul/+/806640 | 20:36 | |
| @spamaps:spamaps.ems.host | 👋 | 21:04 |
| -@gerrit:opendev.org- Jeremy Stanley proposed: [zuul/zuul-jobs] DNM: debug tox siblings config parsing https://review.opendev.org/c/zuul/zuul-jobs/+/806650 | 22:04 | |
| @fungicide:matrix.org | i'm thoroughly stumped by the failures on https://review.opendev.org/806612 | 22:32 |
| @fungicide:matrix.org | my best guess is that tox_extra_args is leaking into the playbook from an earlier playbook setting it | 22:32 |
| @fungicide:matrix.org | i added a debug change at https://review.opendev.org/806650 to dump a copy of the tox config it's seeing, and there's clearly no testenv:linters in it, looks like it's not using the tox.ini it expects | 22:35 |
| @fungicide:matrix.org | seems like maybe it's bleeding through from test-playbooks/python/tox.yaml but i'm getting all turned around trying to comprehend that paybook | 22:36 |
| @fungicide:matrix.org | er, playbook | 22:37 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 22:53 | |
| - [zuul/zuul] Add node request cache to zk nodepool interface https://review.opendev.org/c/zuul/zuul/+/806639 | ||
| - [zuul/zuul] Wrap nodepool request completed events with election https://review.opendev.org/c/zuul/zuul/+/806653 | ||
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed on behalf of Felix Edel: [zuul/zuul] WIP NodeRequest watches https://review.opendev.org/c/zuul/zuul/+/804961 | 22:53 | |
| @jim:acmegating.com | fungi: looking | 22:53 |
| @jim:acmegating.com | fungi: it may be set here? https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/tox/defaults/main.yaml#L4 | 23:10 |
| -@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] Update IRC nics with Matrix IDs https://review.opendev.org/c/zuul/zuul/+/806640 | 23:11 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!