-@gerrit:opendev.org- wangxiyuan proposed: [zuul/zuul-jobs] 830706: Add openEuler to iptalbe firewall persist https://review.opendev.org/c/zuul/zuul-jobs/+/830706 | 02:32 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 830707: Use a transaction for BuildCompletedEvent https://review.opendev.org/c/zuul/zuul/+/830707 | 03:04 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 03:26 | |
- [zuul/zuul] 830541: Only process pipelines if there are outstanding events https://review.opendev.org/c/zuul/zuul/+/830541 | ||
- [zuul/zuul] 830708: Add a "dirty" flag to pipeline processing https://review.opendev.org/c/zuul/zuul/+/830708 | ||
@jim:acmegating.com | Clark: tobiash ^ the original change required a non-trivial merge resolution; it's worth a re-review. | 03:27 |
---|---|---|
-@gerrit:opendev.org- Simon Westphahl proposed on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: | 07:10 | |
- [zuul/zuul] 830541: Only process pipelines if there are outstanding events https://review.opendev.org/c/zuul/zuul/+/830541 | ||
- [zuul/zuul] 830708: Add a "dirty" flag to pipeline processing https://review.opendev.org/c/zuul/zuul/+/830708 | ||
@westphahl:matrix.org | corvus: ^ just fixed a small linter issue | 07:10 |
-@gerrit:opendev.org- Simon Westphahl proposed on behalf of Felix Edel: [zuul/zuul] 830554: Look up worker_zone for log streaming from executor https://review.opendev.org/c/zuul/zuul/+/830554 | 07:21 | |
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 830744: Use worker zone for log streaming from component https://review.opendev.org/c/zuul/zuul/+/830744 | 08:10 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 08:20 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 09:54 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 10:07 | |
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 830744: Use worker zone for log streaming from component https://review.opendev.org/c/zuul/zuul/+/830744 | 10:24 | |
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 830744: Use worker zone for log streaming from component https://review.opendev.org/c/zuul/zuul/+/830744 | 10:34 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 10:48 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 11:52 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 12:47 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 14:00 | |
@jpew:matrix.org | With gearman, I could remote into the scheduler and run commands with the `zuul` command without needing to authenticate, but now I cant do anything because it says I need an auth token, which I have no idea how to setup.... Is there a simple way to get back the ability to run commands on the scheduler like that? | 14:29 |
@mhuin:matrix.org | You should set up an authenticator with the HS256 driver: https://zuul-ci.org/docs/zuul/latest/authentication.html#configuration | 14:32 |
@mhuin:matrix.org | Then you can generate a token (tenant-scoped) with the zuul CLI https://zuul-ci.org/docs/zuul/latest/client.html#create-auth-token | 14:33 |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 14:38 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 14:48 | |
@mhuin:matrix.org | otherwise, if you have authentication set up on the GUI, you should be able to see your current auth token in the user page | 14:54 |
@fungicide:matrix.org | > <@jpew:matrix.org> With gearman, I could remote into the scheduler and run commands with the `zuul` command without needing to authenticate, but now I cant do anything because it says I need an auth token, which I have no idea how to setup.... Is there a simple way to get back the ability to run commands on the scheduler like that? | 14:55 |
in opendev we stick an auth_token and url in /root/.config/zuul/client.conf and then pass --use-config on the zuul-client command line | ||
@fungicide:matrix.org | though in reality, we just call a wrapper script which has that always passed so we can simply ``zuul-client some command...`` | 14:55 |
@mhuin:matrix.org | > <@fungicide:matrix.org> in opendev we stick an auth_token and url in /root/.config/zuul/client.conf and then pass --use-config on the zuul-client command line | 14:56 |
that's with the new zuul-client right? Not the one that comes with the zuul repo | ||
@jpew:matrix.org | @mhu: Ya, I couldn't figure out how to get the auth token from the website into a format that the `zuul` command understands | 14:56 |
@fungicide:matrix.org | correct | 14:56 |
@mhuin:matrix.org | jpew: IIRC you also get a sample client config file with everything set up | 14:59 |
@mhuin:matrix.org | save it on your system then use the --use-config option | 14:59 |
@jpew:matrix.org | Ugh... OK. Our corperate policy doesn't allow unauthenticated web endpoints (even for internal servers), so I can't use any of the REST API because I can't enter my LDAP credentials :( | 15:03 |
@jpew:matrix.org | I'll have to setup the fixed auth so I can run the commands directly on the scheduler | 15:03 |
@mhuin:matrix.org | jpew: I'm not an apache specialist but this could maybe be fixed by having zuul proxified and let apache handle auth with LDAP | 15:05 |
@jpew:matrix.org | Ya, that's what we are doing | 15:06 |
@mhuin:matrix.org | you'd configure the web server to inject a long lived, pre generated JWT as the Authorization header | 15:06 |
@jpew:matrix.org | But I can't enter my credentials with `zuul-client` | 15:06 |
@mhuin:matrix.org | what identity provider are you using with zuul? Keycloak? | 15:07 |
@jpew:matrix.org | Ya | 15:07 |
@jpew:matrix.org | It's stupid, but we have both | 15:07 |
@jpew:matrix.org | apache does LDAP on everything *except* the API that is covered by keycloak | 15:08 |
@mhuin:matrix.org | the zuul client you created in keycloak has an option called "direct access grants enabled" | 15:11 |
@mhuin:matrix.org | if you can enable this, you can then curl the keycloak auth endpoint with your user and password to get a token | 15:11 |
@mhuin:matrix.org | see for example https://github.com/wpic/sample-keycloak-getting-token | 15:12 |
@fungicide:matrix.org | when logged into the server, can't you connect directly to the rest api over the loopback interface without having to go through your ldap'd apache reverse-proxy? | 15:13 |
@jpew:matrix.org | fungi: Yes | 15:13 |
@jpew:matrix.org | fungi: This is what I normally do, but now (post gearman) I need an auth token | 15:14 |
@fungicide:matrix.org | so in theory zuul-client could be used to get a token from the api that way, right? | 15:14 |
@mhuin:matrix.org | you'd still need a token though | 15:14 |
@jpew:matrix.org | Right | 15:14 |
@fungicide:matrix.org | you need a token to be able to create a token? | 15:14 |
@jpew:matrix.org | I was hoping for a quicker fix :) I'm really trying to track down an openstack intermittent issue and I need to programatically create 60 autoholds to try and catch it :( | 15:15 |
@mhuin:matrix.org | > <@fungicide:matrix.org> so in theory zuul-client could be used to get a token from the api that way, right? | 15:15 |
zuul-client doesn't get the token that way. It uses the zuul.conf's authenticator as it is defined in it | ||
@jpew:matrix.org | Also, zuul-client isn't in any of the docker images | 15:15 |
@mhuin:matrix.org | create-auth-token doesn't call the rest api | 15:15 |
@jpew:matrix.org | `zuul` is, `zuul-client` is not | 15:16 |
@fungicide:matrix.org | there's a zuul-client docker image we use in opendev | 15:16 |
@mhuin:matrix.org | jpew really? I'm pretty sure we use zuul-client containers regularly here | 15:16 |
@fungicide:matrix.org | our ``/usr/local/bin/zuul-client`` on the schedulers is just a shell script which calls ``docker run --rm -it --network=host -v /root/.config/zuul:/root/.config/zuul zuul/zuul-client --use-config opendev "$@"`` | 15:17 |
@jpew:matrix.org | K, I'll have to check that out | 15:18 |
@jpew:matrix.org | On a related note, it would be really nice if either A) a pipeline could run the same job multiple times, or B) autohold job match was a regex :) | 15:18 |
-@gerrit:opendev.org- Albin Vass proposed: [zuul/zuul] 830840: Add feature to fail without retry in pre-run https://review.opendev.org/c/zuul/zuul/+/830840 | 15:18 | |
@jpew:matrix.org | There are no tags on the zuul-client image | 15:22 |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 15:23 | |
@avass:vassast.org | corvus: re on: https://review.opendev.org/c/zuul/zuul/+/830333 | 15:39 |
I also had an idea of adding a 'job-defaults:' pragma instead but didn't have a clear usecase for that. I don't see it as a big problem but apparently people don't like repeating themselves over and over again :) | ||
@jim:acmegating.com | Albin Vass: honestly, i still think external automation is the best way to deal with that. the biggest lesson we learned from JJB is to keep the amount of magic to a minimum. so the design philosophy with zuul jobs is "explicit is better than implicit". | 15:43 |
@jim:acmegating.com | (yaml tags helps with some amount of repetition of complex data, though not so much for just a single literal value) | 15:44 |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 15:51 | |
@avass:vassast.org | corvus: yup i think i suggested it but it was preferable to not have to generate config that you then need to commit, but maybe we need to do exactly that then :) | 15:52 |
@jim:acmegating.com | we do that in the zuul-jobs repo where platform managment is too big to do by hand. having a check/gate job like we do there can mitigate the downsides of checking in generated code. | 15:54 |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830628: Items in extra paths should be loaded in dependent changes https://review.opendev.org/c/zuul/zuul/+/830628 | 15:59 | |
@fungicide:matrix.org | some projects (*cough* openstack *cough*) have jobs which generate patches to update the source code and automatically propose those for review, which are themselves self-testing... it can work when you need it | 15:59 |
-@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 830846: GUI: fix broken enqueue when buildset.newrev is null https://review.opendev.org/c/zuul/zuul/+/830846 | 16:07 | |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 830014: Add waiting status to queued https://review.opendev.org/c/zuul/zuul/+/830014 | 16:07 | |
@avass:vassast.org | fungi: been there, done that ;) | 16:09 |
@clarkb:matrix.org | Unrelated to the auth and config discussions the PTG is happening April 4-8 and Zuul can sign up for time during that over the next coupel of weeks. Might be worth considering since we did an impromptu meetup last time during the PTG | 16:19 |
@jpew:matrix.org | We use a script to generate our job.... "matrix" for each pipeline, then have a job that validates you didn't forget to run the script | 16:21 |
-@gerrit:opendev.org- Matthieu Huin https://matrix.to/#/@mhuin:matrix.org proposed: [zuul/zuul] 830846: GUI: fix broken enqueue when buildset.newrev is null https://review.opendev.org/c/zuul/zuul/+/830846 | 16:24 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 830849: Fix test_semaphore_handler_cleanup test race https://review.opendev.org/c/zuul/zuul/+/830849 | 16:46 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 830876: Fix multi-scheduler test races in waitUntilSettled https://review.opendev.org/c/zuul/zuul/+/830876 | 17:16 | |
@clarkb:matrix.org | tobiash: https://review.opendev.org/c/zuul/zuul/+/830708 is the followup to the pipeline processing short circuit that checks a dirty flag | 17:18 |
@clarkb:matrix.org | you approved the parent. Hoping you have time to review that one too :)_ | 17:18 |
@clarkb:matrix.org | * you approved the parent. Hoping you have time to review that one too :) | 17:19 |
@jim:acmegating.com | those test fixes are for the races that showed up on https://review.opendev.org/830707 -- i think it's actually good (i ran the full test suite locally, and neither of those races relate to the build completion event) | 17:27 |
@clarkb:matrix.org | I've approved the two test fixes and will look at 830707 after breakfast | 17:28 |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830628: Items in extra paths should be loaded in dependent changes https://review.opendev.org/c/zuul/zuul/+/830628 | 17:34 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/zuul] 830781: debug tests https://review.opendev.org/c/zuul/zuul/+/830781 | 17:35 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 829829: Don't reconfigure after every gitlab merge https://review.opendev.org/c/zuul/zuul/+/829829 | 17:57 | |
@jim:acmegating.com | the semaphore handler race just took out the pipeline processing optimization; i'll re-enque it now that the fixes are ahead | 18:12 |
@jim:acmegating.com | tobiash: https://review.opendev.org/830679 is one more test fix if you have a second... would be good to get that approved before the next time it rears up :) | 18:13 |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 830849: Fix test_semaphore_handler_cleanup test race https://review.opendev.org/c/zuul/zuul/+/830849 | 18:29 | |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 830876: Fix multi-scheduler test races in waitUntilSettled https://review.opendev.org/c/zuul/zuul/+/830876 | 18:40 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 830707: Use a transaction for BuildCompletedEvent https://review.opendev.org/c/zuul/zuul/+/830707 | 19:16 | |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 830541: Only process pipelines if there are outstanding events https://review.opendev.org/c/zuul/zuul/+/830541 | 19:19 | |
@tobias.henkel:matrix.org | Clark: https://review.opendev.org/c/zuul/zuul/+/826878/ would be a quick review to increase zuul-web efficiency by avoiding unneeded json serialization of the status json | 19:33 |
@tobias.henkel:matrix.org | and https://review.opendev.org/c/zuul/zuul/+/772695/ would reduce lock contention | 19:35 |
@clarkb:matrix.org | I'll take a look | 19:35 |
@tobias.henkel:matrix.org | thanks! | 19:39 |
@clarkb:matrix.org | tobiash: corvus can you check my comments on https://review.opendev.org/c/zuul/zuul/+/772695 ? | 19:50 |
-@gerrit:opendev.org- Tobias Henkel proposed on behalf of Felix Edel: [zuul/zuul] 830554: Look up worker_zone for log streaming from executor https://review.opendev.org/c/zuul/zuul/+/830554 | 19:52 | |
@tobias.henkel:matrix.org | Clark: good catch, fixing | 19:54 |
-@gerrit:opendev.org- Tobias Henkel proposed: [zuul/zuul] 772695: Perform per tenant locking in getStatus https://review.opendev.org/c/zuul/zuul/+/772695 | 19:58 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 830896: Use kazoo.retry in zkobject https://review.opendev.org/c/zuul/zuul/+/830896 | 20:00 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 830896: Use kazoo.retry in zkobject https://review.opendev.org/c/zuul/zuul/+/830896 | 20:03 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 830896: Use kazoo.retry in zkobject https://review.opendev.org/c/zuul/zuul/+/830896 | 20:20 | |
-@gerrit:opendev.org- Tobias Henkel proposed on behalf of Felix Edel: [zuul/zuul] 817518: Add an icon for each type of component to the components page https://review.opendev.org/c/zuul/zuul/+/817518 | 20:28 | |
@tobias.henkel:matrix.org | Clark: this would fix a race with executor pause: https://review.opendev.org/c/zuul/zuul/+/755765/ | 20:33 |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 830679: Increase mysql read timeout in tests https://review.opendev.org/c/zuul/zuul/+/830679 | 20:50 | |
-@gerrit:opendev.org- Tobias Henkel proposed: [zuul/zuul] 830902: Simplify _saveRepoState https://review.opendev.org/c/zuul/zuul/+/830902 | 20:59 | |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: | 21:10 | |
- [zuul/zuul] 828015: Clone from /a/ with authenticated Gerrit HTTP https://review.opendev.org/c/zuul/zuul/+/828015 | ||
- [zuul/zuul] 830668: Add a debug log entry about reconfiguration with no file list https://review.opendev.org/c/zuul/zuul/+/830668 | ||
-@gerrit:opendev.org- Zuul merged on behalf of Tobias Henkel: [zuul/zuul] 826878: Cache serialized tenant status https://review.opendev.org/c/zuul/zuul/+/826878 | 21:10 | |
@blaisep-sureify:matrix.org | (N00B here) I'm excited to have a chance to use Zuul at work. I got tasked to build out a new toolchain and it looks like Zuul will work well for us. | 21:13 |
@fungicide:matrix.org | Blaise Pabon: that's great to hear! feel free to ask questions if you have any | 21:19 |
@blaisep-sureify:matrix.org | I just discovered opendev.... I | 21:20 |
@blaisep-sureify:matrix.org | I will look around and see how far I can get. | 21:20 |
@fungicide:matrix.org | if you do end up using zuul and can get permission to talk about what you're doing with it, we're always happy to add more links to interviews or blog posts at https://zuul-ci.org/users.html | 21:25 |
@blaisep-sureify:matrix.org | Yes, I think we will be happy to talk about our work. | 21:27 |
-@gerrit:opendev.org- Clark Boylan proposed: [zuul/zuul-registry] 830905: Atomically concatenate blob objects https://review.opendev.org/c/zuul/zuul-registry/+/830905 | 21:52 | |
-@gerrit:opendev.org- Clark Boylan proposed: [zuul/zuul-registry] 830905: Atomically concatenate blob objects https://review.opendev.org/c/zuul/zuul-registry/+/830905 | 22:49 | |
@clarkb:matrix.org | corvus: ianw I found a second typo in ^ so decided to fix both | 22:49 |
@iwienand:matrix.org | Clark: it lgtm. probably wants monitoring as i don't think we've managed to hit the issue anywhere but production | 23:53 |
@clarkb:matrix.org | Ya though we only hit it with the buildset registry which makes me suspect it is sensitive to test node iops | 23:53 |
@clarkb:matrix.org | the actual insecure test registry is probably fine? But I agree worth monitoring | 23:53 |
@jim:acmegating.com | i think the insecure registry uses a swift backend? | 23:54 |
@clarkb:matrix.org | corvus: oh right it does so ya this should only affect buildset registries | 23:55 |
@clarkb:matrix.org | which means we can run some jobs that use the buildset registry after the chagne lands to make sure there isn't unexpected regression | 23:55 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!