#opendev-meeting log

19:01:05 <clarkb> #startmeeting infra
19:01:05 <opendevmeet> Meeting started Tue Feb  1 19:01:05 2022 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:05 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:01:05 <opendevmeet> The meeting name has been set to 'infra'
19:01:29 <ianw> o/
19:01:30 <frickler> o/
19:01:57 <fungi> ohai
19:02:15 <clarkb> #link http://lists.opendev.org/pipermail/service-discuss/2022-January/000316.html Our Agenda
19:02:39 <clarkb> #topic Announcements
19:02:45 <clarkb> Service coordinator nominations run January 25, 2022 - February 8, 2022  You have another week :)
19:02:56 <clarkb> As always let me know if you have questions about that and I'd be happy to answer them
19:03:02 <clarkb> OpenInfra Summit CFP needs your input: https://openinfra.dev/summit/
19:03:28 <clarkb> If you'd like to talk at the open infra summit there is a ci/cd track as well as other tracks you may be interested in proposing towards. I think you have until february 9 for that
19:03:53 <clarkb> And finally Zuul v5 released today! The culmination of much long term planning and effort. Thank you everyone who helped make that possible
19:04:09 <clarkb> side note our zuul isntall still says v4.12.something but we're running the same commits that were tagged v5
19:04:52 <clarkb> #topic Actions from last meeting
19:05:04 <clarkb> #link http://eavesdrop.openstack.org/meetings/infra/2022/infra.2022-01-25-19.01.txt minutes from last meeting
19:05:08 <clarkb> There were no actions recorded
19:05:25 <clarkb> #topic Topics
19:05:35 <clarkb> #topic Improving Opendev's CD throughput
19:05:41 <clarkb> #link https://review.opendev.org/c/opendev/infra-specs/+/821645 -- spec outlining some of the issues with secrets
19:05:47 <clarkb> #link https://review.opendev.org/c/opendev/system-config/+/821155 -- sample of secret writing; more info in changelog
19:06:05 <clarkb> Unfortunately the Gerrit upgrade and server patching had me far more distracted last week than I would've liked
19:06:14 <clarkb> I haven't had time to look at these yet. They are still on my todo list though...
19:06:23 <clarkb> maybe I should make an action for everyone to review those :)
19:06:49 <clarkb> #action infra-root Review OpenDev CD throughput related spec for secrets management: https://review.opendev.org/c/opendev/infra-specs/+/821645
19:06:58 <clarkb> ianw: is there anything else to add to this topic?
19:07:59 <ianw> no, no work has been done on this one
19:08:12 <clarkb> #topic Container Maintenance
19:08:17 <clarkb> #link https://etherpad.opendev.org/p/opendev-container-maintenance
19:08:26 <clarkb> My time for this last week was largely sidelined by server patching
19:08:40 <clarkb> I don't really have anything new to add to this unfortunately.
19:08:50 <clarkb> #topic Nodepool Image Cleanup
19:09:28 <clarkb> Changes to remove CentOS 8 have been pushed as promised by the end of January. However, at least one project (OSA) is still struggling with removing centos 8 so we can hold off until they are ready since they are actively workign to correct this
19:09:41 <clarkb> Once projects like OSA are ready we can land the chagnes in this order:
19:09:46 <clarkb> #link https://review.opendev.org/c/opendev/base-jobs/+/827181
19:09:50 <clarkb> #link https://review.opendev.org/c/openstack/project-config/+/827184
19:09:54 <clarkb> #link https://review.opendev.org/c/opendev/system-config/+/827186
19:10:46 <ianw> so we found yesterday that the centos mirror infrastructure stopped returning links
19:10:50 <clarkb> It looks like centos 8 upstream is starting to archive itself which is causing some issues here and there and people will be motivated to start moving
19:10:55 <clarkb> ya that
19:11:20 <ianw> yeah, so things are really only working because we run in a little mirror bubble
19:11:31 <fungi> bless this bubble
19:12:24 <ianw> i've stopped the image builds (https://review.opendev.org/c/openstack/project-config/+/827195) because they will fail
19:13:01 <ianw> if upstream modifies their mirror bits and we rsync that on an run, then we will be totally broken
19:13:47 <ianw> so tbh i feel like we could probably pull the images now, and if jobs fail people need to switch them to 8-stream and make them non-voting if it doesn't work ootb and fix it
19:14:35 <fungi> the problem with dropping our images is that if something happens we can't upload them again
19:14:38 <clarkb> ianw: do we know why the rsyncing hasn't broken yet?
19:15:10 <clarkb> I think I'm ok with leaving this up until projects migrate and removing sooner if the upstream infrastructure is no longer tenable
19:15:17 <fungi> oh, i see what you mean, drop the images in our providers and stop providing centos-8 nodes, full stop
19:15:46 <ianw> clarkb: when i last checked, they hadn't moved the 8/ directories into vault.centos.org
19:16:06 <ianw> but that may happen at any time i guess, which would make them disappear from the mirror and we'd pull that
19:16:25 <fungi> not that we should have to handhold anyone, but i know we've been focused mostly on openstack's use of centos-8 nodes... does anyone happen to know if starlingx is also impacted? (or did they never finish moving off centos-7?)
19:16:32 <frickler> mirror.centos dropped like 90G in size at around 11:30 today
19:17:26 <fungi> and yeah, this is probably good to make folks on openstack-discuss aware of. centos-8 is going away even if we do nothing. your jobs are breaking today, sorry!
19:18:25 <clarkb> fungi: ++ maybe the thing to do is respond to my thread that warned people about the removal. Indicate that centos-8 doesn't work if you talk to upstream anymore and as a result we're going to remove things?
19:20:06 <clarkb> jrosser isn't here but was one who wanted to keep them up
19:20:12 <ianw> ahh, yeah, http://mirror.iad.rax.opendev.org/centos/8/os isn't there ...
19:20:22 <ianw> so that might have happened overnight
19:20:31 <clarkb> ianw: I assume os/ includes important packages :)
19:20:37 <ianw> (or today, depending on how you look at it :)
19:20:38 <clarkb> I definitely think we should accelerate the removal given ^
19:22:23 <ianw> looks like from the logs it largely cleared itself out @ 2022-02-01T10:43:44,980764868+00:00
19:23:41 <clarkb> anyone want to volunteer to respond to the thread? The changes should be ready to go once we're ready
19:24:38 <ianw> i can chase up on it, reply and merge those things through today
19:24:41 <clarkb> thank you
19:24:48 <fungi> i've got a few other deadlines looming so probably can't give it the immediate attention it deserves
19:24:52 <fungi> thanks ianw!
19:25:01 <clarkb> #topic Cleaning up old reviews
19:25:08 <clarkb> #action clarkb to produce a list of repos that can be retired. We can then retire the repos and abandon their open reviews as step 0
19:25:32 <clarkb> I'll go ahead and record this now as an explicit action for my todo list. I think we still start with ^ which should take out a chunk of reviews then reevaluate when this is done
19:25:38 <clarkb> frickler: anything else to add to this topic?
19:25:53 <frickler> nope, didn't do anything on that yet
19:26:10 <clarkb> #topic Gerrit mergeability checking
19:26:42 <clarkb> When we upgraded to gerrit 3.4 we lost mergability checking by default. Gerrit disabled this functionality by default as it can use a disproportionate amount of resources to calculate merge conflicts
19:26:54 <clarkb> The functionality is still in Gerrit though and we can opt into it via a config switch
19:27:05 <clarkb> A few users have mentioned that the infromation was useful to them.
19:27:30 <fungi> particularly folks using it to omit unmergeable changes from their review dashboards, seems like
19:27:33 <clarkb> I'm not opposed to reenabling the functionality but do have some minor concerns. The biggest is that this will likelymake reindexing projects take longer now. But we were ok with that in the past.
19:28:18 <clarkb> Other concerns are that gerrit has a tendency to remove functionality entirely after disabling it by default so we may have to accept it going away one day. But no automated tooling relies on this functionality so the cost remains with humans. If they remove it entirely we should be fine other than having some sad users
19:28:41 <clarkb> There is also the potential that we'd be exposing ourselves to bugs in that functionality since few other users are going to use it. If that happens we can always disable it again
19:29:06 <frickler> maybe we could send them (gerrit devs) feedback that we would like not to loose that functionality?
19:29:07 <clarkb> All that to say I think despite my concerns there are good solutions should the concerns become a problem which means I'm ok with reenabling this
19:29:24 <clarkb> frickler: ya that is another option. Basically "we're toggling to non default here please keep it working"
19:29:57 <fungi> i'm also fine with bringing it back if someone proposes a patch
19:30:09 <ianw> ++ i agree with having it on, i always found it useful, and also agree with sending some feedback that we're turning it on
19:30:33 <frickler> I can look at doing a patch, since I'm one of the users who like to have it
19:30:34 <ianw> it seems like we could probably create conflicting changes and push them during the testing at least
19:30:39 <clarkb> I guess there is the msall matter of weather or not we need to offline reindex after enabling it. But I suspect that it will just start adding the info to new changes
19:30:44 <clarkb> frickler: thank you!
19:31:01 <clarkb> and ya our testing should alrgely cover major concerns with enabling it
19:31:04 <ianw> it would be super cool to check that with selenium but probably just seeing in a screenshot is enough
19:31:50 <frickler> clarkb: can you #action me on that or can I do that myself?
19:31:58 <frickler> just so I don't forget it
19:31:59 <clarkb> frickler: you should be able to do it yourself.
19:32:17 <frickler> #action frickler propose patch to re-enable Gerrit mergeability checking
19:32:25 <clarkb> (the bot doesn't give a lot of feedback though so I guess we'll find out after the meeting is done)
19:32:57 <clarkb> #topic Gerrit issues we are tracking
19:33:35 <clarkb> First up is the regression with gerrit ignoring signed tag acls for pushing tags. My patch to fix this which I tested manually on a held test node landed upstream and we have restarted Gerrit with that code and removed our workaround
19:33:53 <clarkb> We are just waiting on someone to push a signed tag and confirm it is happy now. Once that is done I'll merge the 3.4 fix into gerrit 3.5 as well
19:34:25 <clarkb> Next is url text substitution for gitweb links doesn't provide the hash value for ${commit} in all cases and gitea needs that
19:34:30 <clarkb> #link https://bugs.chromium.org/p/gerrit/issues/detail?id=15589
19:34:42 <clarkb> fungi and I are working to test a fix that I pushed upstream. Still no review comments though
19:35:08 <clarkb> One neat thing we are trying to do with our testing though is depends-on against upstream gerrit and running that code in our test jobs
19:35:11 <fungi> also i'm somewhat blocked on zuul-client autohold's --change option not working as advertised
19:35:13 <clarkb> It seems t owork from what I've seen so far
19:35:58 <fungi> i'm testing a workaround with --ref instead, but we're probably going to need to fix zuul-client to be able to continue doing change-specific autoholds (or go back to the rpc client in the meantime)
19:36:29 <clarkb> And finally yesterday we noticed that git pulls over ssh can backlog in gerrit where the tcp connection is made and gerrit recognizes there is a pull waiting but the tasks remain in waiting and are not processed by a thread
19:36:43 <clarkb> If this happens long enough and the backlog grows eventually it leads to Zuul being very backlogged with its mergers
19:36:49 <clarkb> #link https://bugs.chromium.org/p/gerrit/issues/detail?id=15649
19:37:04 <clarkb> Upstream asked for a thread dump which we have. We just need to audit it for any over exposure of sensitive info
19:37:22 <clarkb> I'll try to work on that I guess since I've been working upstream with Gerrit more and more
19:38:10 <clarkb> #topic Open Discussion
19:38:12 <clarkb> Anything else?
19:39:00 <frickler> not sure where to discuss, but lp is nearing the 2000000 bug count
19:39:15 <frickler> so overlap with storyboard ids will happen
19:39:41 <clarkb> fun. I'm not sure I personally grasp the impact of that. fungi would probably know better
19:39:48 <fungi> that's a good reminder
19:40:03 <frickler> we will loose the option to migrate existing bugs keeping their ids
19:40:10 <fungi> it basically means we can no longer migrate projects from lp to sb and expect a 1:1 correlation between imported bug numbers
19:40:16 <fungi> yeah, exactly
19:40:31 <clarkb> I see
19:40:43 <clarkb> solvable but with degraded ease of migration
19:40:52 <clarkb> (since we would have to map to new numbers)
19:40:58 <frickler> but then I also don't see a tendency to further do migrations to sb
19:41:12 <fungi> we can probably do some logic to uprev any imported bugs in the 20k+ range and continue to import earlier reports the way we did in the past
19:41:15 <clarkb> ya thats a good point
19:41:31 <clarkb> If anything it seems like projects are looking at github issues more than anything else
19:41:52 <fungi> and asking us to turn on gitea's issues feature, yeah
19:42:07 <clarkb> thank you for calling that out
19:42:16 <fungi> (but that means fixing the clustering problem, account management, and a host of other challenges)
19:42:41 <clarkb> As a general heads up my availability over the next week may be spotty. I'm going to do my best to be around but not sure what my availability will be like.
19:42:46 <clarkb> fungi: yup not an easy task.
19:43:47 <ianw> have upstream fixed the clustering issues?
19:43:53 <ianw> or not so much fixed, but added?
19:44:57 <clarkb> yes I think the elasticsearch backend is there. Not sure if it will work with opensearch though
19:45:27 <clarkb> unfortunate that the gitea effort happened while elasticsearch became less open but at least in theory we could run gitea with an opensearch cluster, a mariadb cluster, and a shared cephfs fs
19:45:57 <ianw> interesting ... another one for the todo list :)
19:46:18 <ianw> all that running together ... sounds like kubernetes might fit in ...
19:46:32 <fungi> that's what we tried to use the first time!
19:46:33 <clarkb> ya that was the original goal with gitea
19:46:52 <clarkb> but when we realized the indexes weren't distributed it wasn't tenable until that got fixed (and they addressed that with the elasticsearch backend option)
19:47:11 <fungi> i think that kubernetes cluster might still exist even, but we'd almost certainly want to rebuild it from scratch if we take it in that direction
19:47:52 <clarkb> ++
19:47:57 <fungi> if memory serves, we also ran into trouble with rook
19:48:05 <clarkb> figuring out how to manage a k8s cluster is probably step 0
19:48:06 <fungi> but that's almost certainly improved in the meantime
19:48:30 <fungi> yeah, managing ceph within kubernetes was a struggle back then
19:48:43 <clarkb> since there are many options and every option we tried perviously had its downsides (magnum didn't do upgrades via the api and you couldn't upgrade directly because there wasn't enough disk to grab two copies of the k8s images)
19:49:16 <clarkb> We don't need to solve that in this meeting though. But if people want to investigate that again now might be a good time to start looking into it
19:50:51 <clarkb> Sounds like we may be winding down. I'll give it a couple more minutes for any last minute items then call it a meeting
19:52:27 <clarkb> Thank you everyone!
19:52:33 <clarkb> #endmeeting