19:01:42 #startmeeting infra 19:01:43 Meeting started Tue Oct 22 19:01:42 2019 UTC and is due to finish in 60 minutes. The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:01:44 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 19:01:46 The meeting name has been set to 'infra' 19:01:48 Anyone else here for the meeting? 19:01:51 o/ 19:01:51 #link http://lists.openstack.org/pipermail/openstack-infra/2019-October/006501.html Our Agenda 19:01:53 sure 19:01:57 why not? 19:02:17 well it is lunch time :) 19:02:26 o/ 19:02:29 #topic Announcements 19:02:40 The openstack release is behind is and as far I know it went well 19:03:00 Also the summit and ptg are fast approaching. I expect this means we will not have a meeting on November 5 19:05:08 o/ 19:05:23 That was really all I had to announcements. I did get a visa finally so plan to be there 19:06:12 clarkb: \o/ 19:06:43 yay! 19:06:57 #topic Actions from last meeting 19:07:05 #link http://eavesdrop.openstack.org/meetings/infra/2019/infra.2019-10-15-19.01.txt minutes from last meeting 19:07:17 There are none. Let's keep moving 19:07:20 #topic Specs approval 19:07:27 #link https://review.opendev.org/#/c/683852/ Replace static.o.o spec 19:07:45 I think this one is very very close. corvus pointed out a detail we'll want to get correct with dns which is owrth a new patchset 19:08:11 assuming we can make that update soon how do people feel about putting this up for approval this week? 19:08:35 ++ 19:09:23 i'm cool with that 19:10:14 I'd like to get that in so that we can have converstaions with the openstack project in particular at the ptg to help push it along 19:10:19 (just pushed that update :) 19:10:20 ianw: ^ any concerns with that? 19:10:43 indeed, i'm waiting on my gertty to refresh so i can vote again 19:11:21 great lets put that up for approval this week then and I'll push it through at the end of the week assuming there are no new concerns that pop up 19:11:26 Thank you for putting that together ianw 19:11:32 no, i think that's ok. i'll do some preliminary work to get some related reviews into wip state, particularly i think we can test the openstack.org cert generation path (make sure i haven't somehow baked in .opendev.org) 19:12:22 that sounds awesome. thanks again! 19:13:38 #topic Priority Efforts 19:13:44 #topic OpenDev 19:13:51 #link https://etherpad.openstack.org/p/rCF58JvzbF Governance email kick off draft 19:14:32 There has been some input there over the last week. Do we want to try and answer these questions in the draft and then send it to the openstack tc et al or would you prefer we start with the draft and questions as is on the -infra list and hash out details there to produce the email for broader consumption 19:14:58 i confess i have been bad and not reviewed that 19:15:18 i don't recall if i've actually reviewed it yet 19:15:24 oh, looks like maybe i did 19:15:39 i confess i've been so distracted i can't remember what i have and haven't done 19:16:06 maybe we can start with people reviewing it as is and then we can decide how we'd like to proceed after that review? 19:16:13 i would like to, but feel bad asking for more time just because i forgot. but if more time is in the cards, i'd be happy :) 19:16:48 I think for this particular item taking our time to get some of the details right is worthwhile 19:17:05 i concur 19:17:05 I'd rather we consider the questions early than rush in 19:17:07 no need to rush it 19:19:57 sounds like that may be it on this topic. Please take a look as you hav etime 19:20:05 any other opendev business before we move on to config management? 19:20:30 none i'm aware of that isn't also tied to other agenda items coming up 19:20:55 #topic Config Management Updates 19:21:11 I think we've learned some things about our python docker images 19:21:17 yeah we have 19:21:26 specifically that our builder and base images need to be kept in sync to avoid differences in python versions 19:21:37 Also that upstream updates the python version in them when new pythons come out 19:21:39 and/or c libraries 19:21:43 so we have pinned them to 3.7 19:22:08 yeah - because the rehash library and 2.8 do not work so good 19:22:10 3.8 19:22:29 and apparently other ci systems make it hard to consume new software 19:22:37 Calling this out as it is a failure mode I think we should be aware of though we've addressed the current occurence of it 19:24:28 mordred: anything new to add with the gerrit images? 19:25:08 I've gotten to the point where it's time to start trying the ansible - the ansible change is green 19:25:14 so I'll be doing that today 19:25:32 this is on review-dev? 19:25:34 yeah 19:25:37 exciting 19:25:51 also - I put up a change for using podman instead of docker so we can discuss it 19:26:01 and review-dev is actually currently running from podman 19:26:18 that's groovy 19:26:43 i was thinking maybe we should make a mirror of the projectatomic ppa 19:26:43 podman-compose isn't as full featured as docker-compose - BUT - it is stricter and returns errors on mistakes more 19:26:53 corvus: yeah. not a bad idea 19:26:54 mordred: anything we're using it lacks? 19:27:05 not ignoring as many errors seems like an improvement 19:27:09 corvus: not that I can tell from the yaml file 19:27:13 (cool -- we try to keep our compose files simple) 19:27:17 but the CLI doesn't do as much 19:27:26 so, like, - there's no podman-compose log 19:27:45 or really anything other than up / down / stop / start / restart 19:27:47 tristanC noticed a potential issue with noninteractive apt-get commands in the zuul-quick-start change 19:27:50 does it provide similar info on stdout/stderr or something? 19:27:51 mordred: fwiw I tend to use the docker commands and not docker-compose commands for that stuff anyway 19:27:59 figure I can s/docker/podman/ and be happy 19:28:04 clarkb: awesome. then it shouldnt' be an issue :) 19:28:24 ahh, `podman-compose log` not being a cli command, got it 19:28:36 so need to use other tools to inspect the container logs 19:28:40 fungi: i think docker-compose logs does the thing where it interleaves logs from all containers -- useful in limited local development but probably not in prod 19:29:43 yeah. in prod that's probably way too much info 19:30:06 i mistakenly thought he meant it doesn't log its output 19:30:15 ah - no, that it does 19:30:22 okay, cool ;) 19:31:13 that's about all I've got there 19:31:40 ok lets move on then 19:31:43 #topic Storyboard 19:31:52 fungi: diablo_rojo anything to share? 19:32:04 there was some interesting commentary duringthe airship meeting this morning 19:32:21 Yeah.. 19:32:35 not sure when that conversation happened or who said it.. 19:32:43 i identified a couple of problems with the storyboard-webclient draft builds which have come about as a result of opendev's build log/artifact move to object storage 19:32:49 (for those of you that didn't dial in there was some hand waving around jira + storyboard integration) 19:33:02 I dont think we have plans to write a script to sync storyboard to jira and vice versa 19:33:11 Yeah.. 19:33:42 in short, the allowed_origins and valid_oauth_clients config options for the api server expect a list of all possible hostnames for webclients which we can no longer easily maintain for the drafts hosted in object storage 19:33:58 efried, also raised an issue with assigning tasks atm in the webclient this morning which I think SotK is currently working on. 19:34:47 i'm working on a change to make allowed_origins and valid_oauth_clients accept a wildcard, or a glob, or a regex... meant to have it done thursday or friday but time is an illusion 19:35:06 fungi: hrm, that's a tricky one -- we don't have anything like that with the similar zuul job, so i didn't see that 19:35:06 fungi: we probably could produce a list fwiw since its rax + fn + ovh currently 19:35:24 are the rax cdn hostnames deterministic? 19:35:28 oh except on rax the hostname is ya 19:35:32 looks like they include a uuid 19:35:36 fungi: they are deterministic but there are 4096 of them 19:35:49 that would be a very large config 19:35:50 fungi: its an hmac hash of the container and other stuff 19:36:05 ya I forgot about that cdn detail there 19:36:09 maybe it's worth digging into why this is necessary... 19:36:36 I believe it is a security measure to avoid xss? 19:36:47 do we actually want to restrict clients like this, or is there some technical reason...? 19:36:59 it's mostly safeguards against xss and to feed into the csrf middleware, yes 19:37:04 i bet there are other ways of doing that 19:37:11 i agree, there probably are 19:37:46 right now, ripping those options out is at least as much (of not more) work as allowing them to have a syntax which can match any value, effectively disabling them 19:39:27 and more backward-compatible for folks who might be relying on it blocking csrf/openid for untrusted frontends 19:40:01 i expect it's only a few lines of code, having mostly identified the code paths which rely on those settings. but haveb't tested yet 19:40:16 and I guess if we do that only with the dev server we reduce the possibility it will get exploited 19:40:43 yeah, the idea is we'd set this in the dev server's config since that's what the draft builds point at 19:40:57 that seems reasonable 19:41:54 thinking through the way the matching is done, adding glob or regex support is also basically as easy. i just need to decide on one and find a few minutes to code it up and test 19:42:34 that might be nice in case we want to do the same to prod in the future 19:42:41 yep 19:43:01 we could do something like *.opendev.org or regex equivalent 19:44:30 alright anything else? diablo_rojo sounds like sotk is handling that one issue and for the jira thing we may just need to hunt down airship and ask them for more dteails on what they meant? 19:44:59 that would be swell, if one of the airship opendev liaisons can elaborate 19:45:37 if they want a mechanism for importing stories from an abandoned jira project or whatever, it's probably in scope 19:45:52 similar to projects migrating in from launchpad 19:46:26 (granted launchpad is ostensibly open-source, confluence/jira is not afaik so that could be tough) 19:47:04 Yeah I guess we will need to talk to mattmceuen 19:47:16 k. lets move on I want to talk PTG since that is coming up real soon now 19:47:26 sounds good, thanks! 19:47:31 #topic General Topics 19:47:52 #link https://etherpad.openstack.org/p/OpenDev-Shanghai-PTG-2019 Planning Document 19:47:59 #link https://www.openstack.org/ptg/#tab_schedule PTG Schedule 19:48:06 I've been adding ideas there as I think of them 19:48:15 in particular I'm really interested in maximizing our time with the gitea team 19:48:28 one thing that may be good to discuss iwth them is this performance on large repos bug 19:48:33 (which has been very active this morning) 19:48:50 I get the sense that much of the code is done and its juts a matter of testing and cleanup 19:49:08 are there other gitea issues/items we'd like to bring up with them? 19:49:29 I don't think we'll all be in shanghai so please add ideas for gitea discussion to the etherpad and I'll do my best to bring them up 19:50:40 i'm not sure i got a confirmation from the gitea folks about attending -- can you see if they used the registration codes? 19:50:45 oh, care to #link for posterity? 19:51:03 (the performance on large repos issue url i mean) 19:51:34 #link https://github.com/go-gitea/gitea/issues/491 Gitea slow performance on large repos bug 19:51:41 corvus: I can ask 19:51:51 clarkb: thanks. looks like it's in the etherpad too 19:51:53 clarkb: cool, if not, maybe someone else should try sending a mail :) 19:52:14 for Opendev proper we have a day and a half of time blocked off from thurdsay afternoon through friday 19:52:17 and ill just go ahead and send another ping 19:52:35 corvus: ok 19:53:25 I think we expect the PTG to be different this time around so I don't really want to commit to getting too many specific things done 19:53:33 clarkb: ++ 19:53:35 and instead do our best to be flexible based on what we end up with there 19:53:45 ++ 19:53:49 But I'm still happy for ya'll to add topics to the therpad and we'llcover them as best we can 19:54:28 Things to keep in mind. Food and drink is apparently only a thing in hallways and not in the rooms 19:54:35 and much of the PTG is happening in a large shared room 19:54:41 i just read today's resurgence in discussion on the gitea performance issue, and looks very promising 19:55:53 we can have "standing meetings" in the ptg hallway for those of us who need to mainline amphetamine salts via hot brown liquid 19:56:30 Long story short I want to be flexible as I don't quite know what to expect yet 19:56:47 also I don't hav eto give any formal presentations so will likely travel light when it comes to technology 19:56:58 and with that we have ~4 minute sleft 19:57:02 #topic Open Discussion 19:57:05 now 3 apparently 19:57:21 supposedly there are very high ceilings, so conversations at different tables ought to not interfere acoustically, but i'm skeptical 19:57:50 clarkb: you'll have room in your luggage to bring a cone of silence 19:58:06 and a shoe phone? 19:58:17 * fungi missed it by that much 19:59:24 fungi: I am also skeptical - but will try to be optimistic 19:59:28 if anyone else is as excited to ride the maglev as I am I land saturday evening and fully intend to figure out that transit option 19:59:42 same here, assuming i'm cleared to enter china 19:59:51 (still waiting to hear 19:59:53 ) 20:00:13 and we are at time 20:00:15 #endmeeting