19:01:14 <clarkb> #startmeeting infra
19:01:14 <opendevmeet> Meeting started Tue Feb 22 19:01:14 2022 UTC and is due to finish in 60 minutes.  The chair is clarkb. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:01:14 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:01:14 <opendevmeet> The meeting name has been set to 'infra'
19:01:21 <clarkb> #link http://lists.opendev.org/pipermail/service-discuss/2022-February/000322.html Our Agenda
19:01:26 <clarkb> #topic Announcements
19:01:46 <clarkb> The service coordinator nomination period ended last week and I was the only one who was crazy enough to jump on it :)
19:03:03 <clarkb> #topic Actions from last meeting
19:03:07 <clarkb> #link http://eavesdrop.openstack.org/meetings/infra/2022/infra.2022-02-15-19.01.txt minutes from last meeting
19:03:12 <clarkb> #link https://review.opendev.org/c/opendev/system-config/+/829882 Restore gerrit mergeability checking
19:03:33 <clarkb> frickler: got that chagne pushed up. I asked about doing some additional testing but after talkign to gerrit upstream over slack about it I think it is probably safe to proceed as is if we prefer
19:03:52 <clarkb> basically the behavior we should expect is that changes that are modified after the config update will get mergability checked. Changes that aren't updated won't have that info
19:05:34 <clarkb> Then we'll need to monitor for overall load induced by the chagne. THough we don't expect it to be a problem
19:05:40 <clarkb> #topic Topics
19:05:47 <clarkb> #topic Improving OpenDev's CD throughput
19:06:00 <clarkb> I didn't update this topic to reflect the gpg encryption of logs work, but I think that is realyl close now?
19:06:45 <ianw> yes, after a few mis-steps in templates it worked :)
19:06:47 <ianw> https://zuul.opendev.org/t/openstack/build/307b0e0e097c48daa959ee3b960f7ff5/logs
19:07:10 <ianw> what I plan to do now is write up a change with some documentation, and to switch it to apply to all prod jobs
19:07:13 <clarkb> cool. I guess infra-root should push up changes with their keys?
19:07:35 <ianw> yep, can either do that now to test if you like, or after i write up some docs
19:08:15 <clarkb> I'm not in a rush
19:08:19 <fungi> same
19:08:55 <clarkb> Anything else on this topic?
19:09:11 <ianw> i'm hopeful it can help us get some more people interested in helping with prod jobs ... build it and they will come :)  that's the theory anyway :)
19:09:35 <clarkb> if nothing else I think it continues to show how we can make use of zuul to help us operate things
19:09:39 <ianw> nope ... although waiting for the various prod jobs to finish has increased my interest in finishing this parallel work!
19:09:50 <ianw> oh, there were a few comments on the spec @
19:10:18 <ianw> #link https://review.opendev.org/c/opendev/infra-specs/+/821645
19:10:36 <ianw> something to read and ponder
19:10:39 <ianw> that's all, thanks
19:11:15 <clarkb> #topic Container maintenance
19:11:44 <clarkb> No real news on this other than I actually set time aside for looking at this later today with jentoio. No concrete time, but sometime this afternoon :) Hoping to start making progress on this
19:12:20 <clarkb> #topic Spring Cleaning of Old Reviews
19:12:28 <clarkb> #link https://review.opendev.org/q/topic:retirement+status:open Changes to retire all unused the repos.
19:12:44 <clarkb> This is where I'm at on that. I got all the repos running noop jobs and then pushed up retirement changes for them all.
19:13:04 <clarkb> If they still look retireable please approve and land those changes. Then I'll followup with a change that removes them from zuul and marks them retired in projects.yaml
19:13:12 <clarkb> And we can abandon changes at that point too
19:14:11 <fungi> abandoning should be done before approving the acl update, just a reminder
19:14:13 <clarkb> Please ping me somehow if you find something that shouldn't be retired that has been going through the process. I'll need to update some of my notes and rollback some updates
19:14:19 <clarkb> fungi: ++ good point
19:15:28 <clarkb> #topic Gitea 1.16.1
19:15:35 <clarkb> #link https://review.opendev.org/c/opendev/system-config/+/828184 Change to upgrade to 1.16.1 when we are ready
19:15:39 <clarkb> #link Test site via held node here
19:15:50 <clarkb> I think this is likely landable, but I was really hoping to get many eyes on this
19:16:01 <clarkb> Our testing should represent good coverage but the large changelog scares me :)
19:16:12 <clarkb> If you have time to take a look it is much appreciated
19:16:41 <clarkb> Cross checking the changelog against our expectations is likely a good idea too (in addition to general functioanltiy via the test site)
19:17:29 <clarkb> #topic Gerrit Gitea links
19:17:40 <clarkb> Hey this happened. Thank you to everyone who kept pushing it along
19:17:55 <fungi> thank you for the heavy lifting fixing gerrit upstream!
19:17:55 <clarkb> This required quite a bit more tweaking than I would've expected
19:18:01 <ianw> clarkb: heh, just on the previous, i'm seeing that jinja thing agains system-config again
19:18:38 <clarkb> ianw: interesting. If I had to guess they reindex things periodically (maybe as a new change) and depending on how complete it is per repo maybe yo uget back weird results. That may be worth asking upstream about
19:18:51 <clarkb> we can try filing an issue with them in github I guess
19:18:52 <fungi> as part of the gitea linking work, we aldo disabled gitiles links in the gerrit webui (because they're effectively redundant)
19:19:03 <fungi> s/aldo/also/
19:19:28 <clarkb> ya I think at this point we're mostly waiting for anyone to notice and if they notice hopefully without issues :)
19:19:28 <ianw> or, maybe it's just ... right - https://imgur.com/a/Yi79MSx
19:19:41 <fungi> i couldn't find any way to disable the gitiles plug-in because it's "core" to gerrit, but i have a change proposed to forbid access to /plugins/gitiles as a location in our apache proxy layer
19:19:49 <clarkb> ianw: heh it is a lot of nasible. But the flip flopping is curious
19:22:19 <clarkb> #topic Rocky Linux
19:22:47 <clarkb> Just a heads up that rocky images continue to be a work in progress. The most recent thing was we needed epel to install haveged
19:23:14 <clarkb> I updated dib's epel role to support rocky so that we can get that in our builds and ianw made a dib release. We've updated nodepool to include that dib release and are just waiting for images to build now
19:23:34 <clarkb> I think we're stuck behind all the other image builds right now so may be a bit. Might be nice to be able to prioritize a build in nodepool but I don't think that is currently possible
19:24:24 <ianw> yesterday i almost deleted the centos-8 wheel afs volumes, but then i paused thinking rocky could use them
19:24:34 <fungi> can't even cancel the other builds to move it up the queue, i don't think
19:24:41 <ianw> but then i realised it is better to start them fresh anyway
19:24:58 <ianw> if there is actually interest in that, because they have a lot of old stuff in them
19:25:15 <ianw> from before fungi updated us to only build wheels that aren't upstream, etc.
19:25:36 <ianw> so, unless there's objections, my plan is still to delete those volumes
19:25:45 <fungi> no objection from me
19:26:01 <clarkb> if things are signed the signatures are likely different too?
19:26:10 <clarkb> oh wheels ya those aren't signed
19:26:13 <clarkb> sorry I had in my head rpms
19:26:32 <clarkb> But ya I agree starting over is probably better
19:26:42 <clarkb> and I think rocky will be a good test case for mirroring less stuff and seeing how it goes
19:28:11 <clarkb> #topic Open Discussion
19:28:21 <clarkb> That was what we had on the agenda. Anything else?
19:28:40 <clarkb> I'm working on fixing Gerrit's server-sig-algs ssh key exchange extension support
19:28:52 <clarkb> Eventually Gerrit will be able to do modern rsa :)
19:29:16 <fungi> i've got openstack's release artifact signing key proposed for the zed cycle
19:29:31 <fungi> if anyone wants to update it with additional attestations, you can find it here:
19:29:43 <fungi> #link https://review.opendev.org/829933 Publish the Zed Cycle signing key for future use
19:30:22 <fungi> the process for exporting the signed key with your added signature is in a comment in the index.rst file at the top of the list of key entries
19:30:32 <clarkb> https://gerrit-review.googlesource.com/c/gerrit/+/331019 just pushed the gerrit fix for kex server sig algs
19:30:43 <fungi> awesome, thanks!
19:30:57 <fungi> i assume best case that will only be available in 3.5.something?
19:31:11 <fungi> seems like they're not backporting the mina-sshd update
19:32:15 <clarkb> I think 3.6
19:32:15 <ianw> clarkb's gitea stats are going to start flipping to "java" soon :)
19:32:34 <clarkb> ianw: its ok gitea stopped syncing the gerrit repo :)
19:32:47 <clarkb> well we stopped syncing the gerrit repo so gerrit stopped pushing updates to gitea :)
19:33:09 <fungi> did we ever retire that repo? should we?
19:33:23 <clarkb> I thought about retiring it but keeping it for now seems fine
19:33:45 <clarkb> I think my main concern is that we might need ti again for some reason. Though we have a good way to carry patches more distro packaging like in system-config if necessary
19:33:46 <ianw> i find it tends to come up with higher priority in searches than the actual gerrit repos
19:34:01 <fungi> that could be problematic
19:34:28 <ianw> i should add for esoteric things where the only reference is in the actual code
19:35:02 <ianw> or changelog
19:36:27 <clarkb> ianw: as you can probably tell I've just ended up with a local checkout :/
19:36:55 <clarkb> worth noting you need bazel 5.0 for gerrit master and I had to do a whole dance for that and ended up with a 5GB docker image in the process
19:37:32 <fungi> yikes
19:38:15 <fungi> reminds me of when i tried to `tox -e docs` in zuul/zuul recently and it died with enospc after consuming some 4gb of disk
19:39:30 <clarkb> ya similar situation. Turns out that build stuff is big
19:39:39 <clarkb> Anyway sounds like that may be all for the meeting?
19:39:45 <clarkb> thank you everyone. We'll see you here next week
19:39:53 <ianw> ++ thanks for hosting clarkb!
19:40:00 <clarkb> But then the week after I'll likely have to skip due to other engagements
19:40:01 <fungi> thanks clarkb!
19:40:08 <clarkb> #endmeeting