@iwienand:matrix.org | corvus: https://review.opendev.org/c/zuul/zuul-jobs/+/878175/ and https://review.opendev.org/c/zuul/zuul-jobs/+/878176 are two quick old ones that just shuffle some var names and update docs from the initial container roles work | 00:01 |
---|---|---|
@iwienand:matrix.org | and https://review.opendev.org/c/zuul/zuul-jobs/+/878494 is one that just updates buildx docs | 00:02 |
@jjbeckman:matrix.org | Ah, didn't realize `oc rsync` supported vanilla k8s. Will consider switching to it, thank you. | 04:56 |
-@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [opendev/zone-zuul-ci.org] 880213: Set default ttl to one hour https://review.opendev.org/c/opendev/zone-zuul-ci.org/+/880213 | 05:45 | |
@jjbeckman:matrix.org | Hi folks. I have yet another question... would appreciate any advice. | 07:05 |
In `nodepool.yaml`, we are trying to set an node image that is hosted not on `docker.io`, but a private Docker image registry(Nexus in our case). | ||
How does one give credentials to nodepool so that it is able to authenticate with the docker registry? | ||
Example of our current `nodepool.yaml`": | ||
``` | ||
providers: | ||
- driver: kubernetes | ||
name: kubernetes | ||
pools: | ||
- labels: | ||
- image: docker.{redacted}.com/zuul-node-debian-bullseye:1.0.0 | ||
name: debian-bullseye | ||
type: pod | ||
name: main | ||
``` | ||
Node fails with `ImagePullBackOff`: | ||
``` | ||
$ kubectl -n main-0000000026 get po | ||
NAME READY STATUS RESTARTS AGE | ||
debian-bullseye 0/1 ImagePullBackOff 0 2m26s | ||
$ | ||
``` | ||
-@gerrit:opendev.org- Zuul merged on behalf of Clark Boylan: [zuul/zuul] 872226: Test with MariaDB instead of MySQL https://review.opendev.org/c/zuul/zuul/+/872226 | 13:00 | |
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 880303: Increase Github event processor thread pool https://review.opendev.org/c/zuul/zuul/+/880303 | 13:10 | |
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 880305: Log durations around Github event pre-processing https://review.opendev.org/c/zuul/zuul/+/880305 | 13:27 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 880322: Revert "Test with MariaDB instead of MySQL" https://review.opendev.org/c/zuul/zuul/+/880322 | 13:38 | |
@clarkb:matrix.org | > <@jjbeckman:matrix.org> Hi folks. I have yet another question... would appreciate any advice. | 13:42 |
> | ||
> In `nodepool.yaml`, we are trying to set an node image that is hosted not on `docker.io`, but a private Docker image registry(Nexus in our case). | ||
> | ||
> How does one give credentials to nodepool so that it is able to authenticate with the docker registry? | ||
> | ||
> Example of our current `nodepool.yaml`": | ||
> ``` | ||
> providers: | ||
> - driver: kubernetes | ||
> name: kubernetes | ||
> pools: | ||
> - labels: | ||
> - image: docker.{redacted}.com/zuul-node-debian-bullseye:1.0.0 | ||
> name: debian-bullseye | ||
> type: pod | ||
> name: main | ||
> ``` | ||
> | ||
> Node fails with `ImagePullBackOff`: | ||
> ``` | ||
> $ kubectl -n main-0000000026 get po | ||
> NAME READY STATUS RESTARTS AGE | ||
> debian-bullseye 0/1 ImagePullBackOff 0 2m26s | ||
> $ | ||
> ``` | ||
> | ||
You may need to use namespaces instead of pods so that the job(s) can manage registry secrets and set that metadata on the image pull spec | ||
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul-jobs] 878538: Update promote-container-image to copy from intermediate registry https://review.opendev.org/c/zuul/zuul-jobs/+/878538 | 15:13 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul-client] 880337: Use intermediate registry to promote container image https://review.opendev.org/c/zuul/zuul-client/+/880337 | 15:41 | |
@clarkb:matrix.org | corvus: not urgent if you are still looking at the nodepool thing. But was there a reason to not approve https://review.opendev.org/c/zuul/zuul-jobs/+/878175/2 when you approved its child earlier today? | 17:36 |
@jim:acmegating.com | Clark: no just wanted to give you a chance to look again | 17:48 |
@clarkb:matrix.org | ok I'll do that and approve if all still looks well | 17:48 |
@clarkb:matrix.org | oh I didn't realize it dropped my +2 | 17:49 |
@clarkb:matrix.org | sometimes the listings for votes aren't the clearets | 17:49 |
@jim:acmegating.com | Clark: regarding the nodepool deadlock... i basically have a change that fixes it by removing our extra thread-local locking and relying entirely on the zk lock object.... | 17:49 |
@jim:acmegating.com | Clark: but after double checking the zk implementation, i see that it has the exact same flaw we were working around | 17:50 |
@jim:acmegating.com | (it purports to fix it, but only by having a python thread lock in the acquire method; there's no lock in release, and release can overwrite an acquire in progress) | 17:50 |
@clarkb:matrix.org | if you always grab the locks in the same order we would avoid this problem. But I'm guessing that would mean holding the local lock for much longer periods of time than are desireable | 17:50 |
@jim:acmegating.com | Clark: yeah, the issue there is that we release the thread local lock while holding the zk lock. i think that may be the next thing to look at -- whether we can just hold the thread lock completely over the time we hold the zk lock (except, i guess, in the case where the zk lock is not ephemeral, like in metastatic; we'd need to release it then) | 17:53 |
-@gerrit:opendev.org- Zuul merged on behalf of Ian Wienand: [zuul/zuul-jobs] 878175: containers : update test variable https://review.opendev.org/c/zuul/zuul-jobs/+/878175 | 18:02 | |
-@gerrit:opendev.org- Zuul merged on behalf of Ian Wienand: [zuul/zuul-jobs] 878176: container role docs : clarify requirements https://review.opendev.org/c/zuul/zuul-jobs/+/878176 | 18:06 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/nodepool] 880354: Avoid python/zk lock deadlocks https://review.opendev.org/c/zuul/nodepool/+/880354 | 18:17 | |
@jim:acmegating.com | Clark: swest tobiash ^ that's take 2 on fixing that issue which we just observed in opendev | 18:18 |
@jim:acmegating.com | oh, flake8 errors, 1 sec | 18:18 |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/nodepool] 880354: Avoid python/zk lock deadlocks https://review.opendev.org/c/zuul/nodepool/+/880354 | 18:19 | |
@jim:acmegating.com | there that passes local tests | 18:19 |
@jim:acmegating.com | oh, i should have mentioned in the commit message -- or maybe the code -- that's a loose interpretation of the timeout since we apply the same timeout to both locks without any subtraction, but i think that's okay for our use. | 18:23 |
@clarkb:matrix.org | corvus: I left a question on that nodepool bugfix change | 19:21 |
@jim:acmegating.com | Clarkreplied | 19:48 |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/nodepool] 880354: Avoid python/zk lock deadlocks https://review.opendev.org/c/zuul/nodepool/+/880354 | 19:49 | |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: | 19:50 | |
- [zuul/zuul] 880322: Revert "Test with MariaDB instead of MySQL" https://review.opendev.org/c/zuul/zuul/+/880322 | ||
- [zuul/zuul-client] 880337: Use intermediate registry to promote container image https://review.opendev.org/c/zuul/zuul-client/+/880337 | ||
@jim:acmegating.com | Clark: ianw looks like success: https://zuul.opendev.org/t/zuul/build/1ca118b5fd1b4a89bbd32a023dc815ac/console | 19:52 |
@jim:acmegating.com | Clark: also sorry i accidentally resolved your comment; didn't mean to. | 19:53 |
@clarkb:matrix.org | thats ok your response answered my question | 19:58 |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul-client] 880363: Remove redundant job vars https://review.opendev.org/c/zuul/zuul-client/+/880363 | 20:00 | |
@jim:acmegating.com | Clark: ianw that change and its dependency should tidy things up a bit. | 20:00 |
@clarkb:matrix.org | corvus: does the build side need that info or only the promote side? | 20:06 |
-@gerrit:opendev.org- Zuul merged on behalf of Ian Wienand: [zuul/zuul-client] 879520: Switch to zuul-promote-nox-docs https://review.opendev.org/c/zuul/zuul-client/+/879520 | 20:10 | |
@jim:acmegating.com | Clark: i'm pretty sure it's only promote that needs it, but i want upload and promote to have the same vars regardless in case there's a future interaction in the upload role. and zuul project jobs have a pattern of putting the vars on the build job and using an anchor reference on the upload job so they're the same, and i'd like to mimic that. i suppose another way of looking at it is that i like having all 3 jobs have the same variable set. seems harder to mess up. | 20:15 |
@clarkb:matrix.org | works for me | 20:16 |
-@gerrit:opendev.org- Zuul merged on behalf of Dong Zhang: [zuul/nodepool] 878094: Handle NoNodeError in _assignHandlers https://review.opendev.org/c/zuul/nodepool/+/878094 | 22:21 | |
-@gerrit:opendev.org- Zuul merged on behalf of Simon Westphahl: [zuul/zuul] 878523: Log commit SHA when getting files from repo https://review.opendev.org/c/zuul/zuul/+/878523 | 22:55 | |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul-client] 880363: Remove redundant job vars https://review.opendev.org/c/zuul/zuul-client/+/880363 | 23:15 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!